![]() ![]() The kernel-devel package required for realtime filesystem and network activity monitoring is missing and the connector policy has either 'Monitor File Copies and Moves' or 'Enable Device Flow Correlation' enabled. The kernel-devel package installs the needed kernel development header files in the /usr/src/kernels directory, organized according to their kernel version. The fault will typically be raised after a fresh Secure Endpoint Linux connector install or after updating the system kernel. This compilation requires that kernel development header files corresponding to the currently running kernel be installed. When realtime filesystem and network monitoring is enabled the connector will compile the eBPF modules each time the connector is started, or in realtime when these features are enabled as part of a policy update. ![]() For Ubuntu 18.04 and later as well as Debian 10 and later, eBPF modules are native.įor widest compatibility the connector will automatically compile the eBPF modules used by the connector before loading and running them on the system. The eBPF modules replace the Linux Kernel Modules used when running on RHEL 6, RHEL 7, Oracle Linux 7 RHCK, Oracle Linux 7 UEK 5 and earlier, and Amazon Linux 2 kernel 4.14 or earlier. Starting with RHEL 8, Oracle Linux 8 RHCK, Oracle Linux 7 and 8 UEK 6, and Amazon Linux 2 kernel 4.19 or newer the connector will use eBPF modules for realtime file system and network monitoring. For Debian and Ubuntu this fault may be raised when the linux-headers package is missing. On Red Hat Enterprise Linux (RHEL) 8 and variants, Oracle Linux 8 Red Hat Compatible Kernel (RHCK), Oracle Linux 7 and 8 Unbreakable Enterprise Kernel (UEK) 6, as well as Amazon Linux 2 running on a 4.19 or newer system kernel, the Cisco Secure Endpoint Linux connector will not be able to monitor file moves or enable Device Flow Correlation (network monitoring) when the kernel-devel package, or kernel-uek-devel package on Oracle Linux UEK, is missing for the currently running kernel. The connector will raise fault ID 11 " Required kernel-devel package is missing" in this situation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |