Skip to content

Installing Sophos Linux Sensor via Package Manager

Installation via the Sophos package repository

Sophos maintains an external package repository where deb and rpm packages are managed so that any user with an access token can install the correct packages for their system.

Access Token

To start, ask your Sophos rep for an access token to the Sophos Linux Sensor (SLS) package repository. This will be a read-only token that is used to authenticate with PackageCloud. Access tokens are alphanumeric strings with no punctuation.

Once you receive your access token, the local system must be updated to enable package installation. This is performed through the following script, in which you should substitute your access token at the beginning of the url (after https:// and before :@packagecloud.io)

curl -s https://abcdef012314f29dc850878c6747b70f5b3ff01234567891092f0:@packagecloud.io/install/repositories/capsule8/capsule8/script.deb.sh | sudo bash

Package Installation

Once the local system is updated to pull the packages, installation can be done through the system's native package installer. Before proceeding, make note of which package manager is being used to start and manage running packages on your system, as well as which version of Capsule8 you desire.

The service and package manager of the system is required when installing a SLS package. The most recent version available will be installed by default, although you may optionally provide your desired version. As an example, the following is a command that would install SLS version 4.10.0 for a system using systemd as its service manager on a machine using apt-get as its package manager:

sudo apt-get install capsule8-sensor-systemd=4.10.0

The sensor doesn't ship with any detections enabled by default, but a recommended set of detections is available by installing the content package:

sudo apt-get install capsule8-content=4.10.0

Upgrading the Sensor

The sensor can be upgraded by installing the desired SLS package with your package manager. The package is installed with the name Capsule8 Sensor with the service manager (eg. sysV, systemd, upstart or runit) as a hyphenated suffix, such as:

sudo apt-get install capsule8-sensor-systemd
Back to top