--- title: Setting up Cloud Security on Linux description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Cloud Security > Setting up Cloud Security > Deploying Cloud Security on the Agent > Setting up Cloud Security on Linux --- # Setting up Cloud Security on Linux Use the following instructions to enable Misconfigurations and Vulnerability Management. {% alert level="info" %} Collecting events using Cloud Security affects your billing. For more information, see [Datadog Pricing](https://www.datadoghq.com/pricing/?product=cloud-security-management#products). {% /alert %} ## Prerequisites{% #prerequisites %} - Datadog Agent version `7.46` or later. ## Installation{% #installation %} For a package-based deployment, [install the Datadog package](https://docs.datadoghq.com/agent.md?tab=Linux) with your package manager, and then update the files listed below. In the `/etc/datadog-agent/datadog.yaml` file: ```bash compliance_config: ## @param enabled - boolean - optional - default: false ## Set to true to enable CIS benchmarks for Misconfigurations. # enabled: true host_benchmarks: enabled: true # Vulnerabilities are evaluated and scanned against your containers and hosts every hour. sbom: enabled: true # Set to true to enable Container Vulnerability Management container_image: enabled: true # Set to true to enable Host Vulnerability Management host: enabled: true ``` In the `/etc/datadog-agent/security-agent.yaml` file: ```bash compliance_config: ## @param enabled - boolean - optional - default: false ## Set to true to enable CIS benchmarks for Misconfigurations. # enabled: true host_benchmarks: enabled: true ``` **Notes**: - You can also use the following [Agent install script](https://docs.datadoghq.com/getting_started/agent.md#installation) to automatically enable Misconfigurations and Threat Detection: ```shell DD_COMPLIANCE_CONFIG_ENABLED=true DD_API_KEY= DD_SITE="datadoghq.com" bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)" ``` - If you use the Agent install script to enable Misconfigurations and Vulnerability Management, you must manually update the `datadog.yaml` file to enable `host_benchmarks` for Misconfigurations, and `sbom` and `container_image` for Vulnerability Management. ```shell sudo cp /etc/datadog-agent/security-agent.yaml.example /etc/datadog-agent/security-agent.yaml sudo chmod 640 /etc/datadog-agent/security-agent.yaml sudo chgrp dd-agent /etc/datadog-agent/security-agent.yaml ```