Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
1
Replies

Secure Endpoint connector for Linux (Debian-based) Kernel 6.0+

fcave
Level 1
Level 1

‎02-21-2023 04:11 AM

As I understand it (and my understanding is quite likely flawed), with newer versions of the connector for Linux the file and network kernel modules are no longer used and the function is offloaded to eBPF.  When I install the linux connector the ./ampcli status command shows Fault ID 16 indicating an unsupported kernel version.  

Can anyone tell me if this is specifically because of kernel version 6.0+ or if there is something that I can do to enable the realtime network and file monitoring to use eBPF?

I don't mind recompiling the kernel if necessary, but the only instructions I have found so far are for RedHat/SUSE based systems and don't seem to apply to Debian-based distros.

Any info at all is appreciated.  Thanks!

Labels:
0 Helpful
1 Reply 1

Troja007
Cisco Employee
Cisco Employee

‎03-08-2023 01:50 AM

Hello @fcava ,
qq, which version of the connector you are using and which Linux distribution including the kernel are you using?? is it listed here??
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215163-amp-for-endpoints-linux-connector-os-com.html
Greetings,
Thorsten

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents