Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
549
Views
0
Helpful
1
Replies

Secure Endpoint connector for Linux (Debian-based) Kernel 6.0+

fcave
Level 1
Level 1

‎02-21-2023 04:11 AM

As I understand it (and my understanding is quite likely flawed), with newer versions of the connector for Linux the file and network kernel modules are no longer used and the function is offloaded to eBPF.  When I install the linux connector the ./ampcli status command shows Fault ID 16 indicating an unsupported kernel version.  

Can anyone tell me if this is specifically because of kernel version 6.0+ or if there is something that I can do to enable the realtime network and file monitoring to use eBPF?

I don't mind recompiling the kernel if necessary, but the only instructions I have found so far are for RedHat/SUSE based systems and don't seem to apply to Debian-based distros.

Any info at all is appreciated.  Thanks!

Labels:
0 Helpful
1 Reply 1

Troja007
Cisco Employee
Cisco Employee

‎03-08-2023 01:50 AM

Hello @fcava ,
qq, which version of the connector you are using and which Linux distribution including the kernel are you using?? is it listed here??
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215163-amp-for-endpoints-linux-connector-os-com.html
Greetings,
Thorsten

0 Helpful
Customers Also Viewed These Support Documents
Top