We’re migrating product documentation to docs.vmware.com, starting with Carbon Black Cloud. Learn more.

CB Response Sensors & CB Protection Agents: Linux

CB Response Sensors & CB Protection Agents: Linux

These Carbon Black Linux Server sensors and agents are currently supported as Standard or Extended. Standard support includes maintenance releases and technical support. Extended provides technical support only.

For more information, see the CB Response and CB Protection Product Support Policy and the Carbon Black Product Release Lifecycle Status.

For all supported CB Response sensors and CB Protection agents, see CB Response sensors & CB Protection agentsFor PSC Linux sensor support, see PSC sensor: Linux sensor support.

All Linux sensors and agents run on an x64 architecture.

Operating system OS version Kernel(s)

CB Protection agent

(P = Patch)

CB EDR (Response) sensor

(P = Patch)

Oracle RHCK 8.5

4.18.0-348 

 8.7.6

 
  8.4 

4.18.0-305

8.7.2+

7.0.3
  8.3

4.18.0-221

8.5.4+

 7.0.2 – 7.03
  8.2

4.18.0-193

7.4.6+

6.3.4, 7.0.0 – 7.0.3
  8.1

4.18.0-147+

7.4.2+ 

6.3.0-6.3.4, 7.0.0 – 7.0.3
  8

4.18.0-147.5.1

7.4.2+

6.3.1-6.3.4, 7.0.0 – 7.0.3
  7.9

3.10.0-1160

8.5.2+

6.3.4, 7.0.0 – 7.0.3
  7.8

3.10.0-11273.10.0-1127.26.1

7.4.4+

6.3.2 – 6.3.4, 7.0.0 – 7.0.3
  7.7

3.10.0-1062.37.1

7.4.2+

6.3.1-6.3.4, 7.0.0 – 7.0.3
  7.6

3.10.0-9573.10.0-957.58.2

7.2.4.2301 (P7), 7.4.0+

5.2.18, 6.1.10, 7.0.0 – 7.0.3
  7.5 3.10.0862+

7.2.4.2245 (P5) + 

5.2.16 – 5.2.17, 6.1.5 – 6.1.10, 7.0.0 – 7.0.3
  7.4 3.10.0-693.60.1

7.2.4.1611 (P4) +

5.2.15 – 5.2.17, 6.1.10, 7.0.0 – 7.0.3
  7.4 3.10.0-6933.10.0-957.27.2+

7.2.4.1611 (P4) +

5.2.15 – 5.2.17, 6.1.3 – 6.1.10, 7.0.0 – 7.0.3
  7.3 3.10.0-514.70.1

7.2.4+

5.2.15 – 5.2.17, 6.1.3 – 6.1.10, 7.0.0 – 7.0.3
  7.2 3.10.0-327+

7.2.4+

5.2.15 – 5.2.17, 6.1.3 – 6.1.10, 7.0.0 – 7.0.3
  7.1 3.10.0-229+

7.2.4+

5.2.15 – 5.2.17, 6.1.3 – 6.1.10, 7.0.0 – 7.0.3
  7.0 3.10.0-123+

7.2.4+

5.2.15 – 5.2.17, 6.1.3 – 6.1.10, 7.0.0 – 7.0.3
  6.10 2.6.32-7542.6.32-754.35.1

7.2.4.2252 (P6) +

5.2.17 and 6.1.7 – 6.1.10
  6.9 2.6.32-696.23.1+

7.2.4.1611 (P4) +

5.2.15 – 5.2.17, 6.1.4 – 6.1.10
  6.9 2.6.32-696-2.6.32-696.20.1+

7.2.4+

5.2.15 – 5.2.17, 6.1.3 – 6.1.10
  6.8 2.6.32-642+

7.2.4+

5.2.15 – 5.2.17, 6.1.3 – 6.1.10
RHEL 8, CentOS 8 
8.5

 

4.18.0-348

 

8.7.6

 
RHEL 8, CentOS 8 
8.4

4.18.0-305

8.7.2+

7.0.3
  8.3

4.18.0-240, 4.18.0-221

8.5.4+

 7.0.2 – 7.03
  8.2

 4.18.0-193- 4.18.0-193.28.1

7.4.6+ 

6.3.0 – 6.3.4, 7.0.0 - 7.0.3
  8.1

4.18.0-147+

7.4.4+

6.3.0 – 6.3.4, 7.0.0 – 7.0.3
  8.0

4.18.0-147.13.2

7.4.2+

6.2.1 (RHEL 8 only), 6.2.2 – 6.3.4, 7.0.0 – 7.0.3

RHEL 7, CentOS 7

7.9

3.10.0-1160

8.5.2+ 6.3.4, 7.0.0 – 7.0.3

 

7.8

3.10.0-11273.10.0-1127.26.1

7.4.4+

6.3.1 – 6.3.4, 7.0.0 – 7.0.3

 

7.7

3.10.0-1062.37.1

7.4.2+

6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.6

3.10.0-957—3.10.0-957.58.2

7.2.4.2301 (P7), 7.4.0+

5.2.18, 6.1.9 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.5 3.10.0-862.51.1

7.2.4.2245 (P5) + 

5.2.16 – 5.2.17, 6.1.5 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.4 3.10.0-693.60.1

7.2.4.1611 (P4) +

5.2.15 – 5.2.17, 6.1.4 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.4 3.10.0-693 —3.10.0-957.27.2+

7.2.4.1611 (P4) +

5.2.12 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.3 3.10.0-514.70.1

7.2.4+

5.2.12 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.2 3.10.0-327+

7.2.4+

5.2.7 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.1 3.10.0-229+

7.2.4+

5.2.7 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
  7.0 3.10.0-123+

7.2.4+

5.2.7 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4, 7.0.0 – 7.0.3
RHEL 6, CentOS 6 6.10

2.6.32-7542.6.32-754.35.1

7.2.4.2252 (P6) +

5.2.17 and 6.1.7 – 6.1.11, 6.2.1 – 6.3.4
  6.9 2.6.32-696.23.1+

7.2.4.1611 (P4) +

5.2.15 – 5.2.17, 6.1.4 – 6.1.11, 6.2.1 – 6.3.4
  6.9 2.6.32-696 — 2.6.32-696.20.1+

7.2.4.1611 (P4) +

5.2.7 – 5.2.17, 6.1.4 – 6.1.11, 6.2.1 – 6.3.4
  6.8 2.6.32-642+

7.2.4+

5.2.7 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4
  6.7 2.6.32-573+

7.2.4+

5.2.7 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4
  6.6 2.6.32-504+

7.2.4+

5.2.7 – 5.2.17, 6.1.3 – 6.1.11, 6.2.1 – 6.3.4
  6.5 2.6.32-431.96.1+

7.2.4+

5.2.7 – 5.2.9
  6.4 2.6.32-358+

7.2.4+

5.2.7 – 5.2.9
  6.3 2.6.32-279+

7.2.4+

None
  6.2 2.6.32-220+

7.2.4+

None
SUSE 15 (SP1-SP2) 4.12+ (kernel + kernel-devel)

N/A

6.2.1, 6.3.0 – 6.3.4, 7.0.0 – 7.0.3
  12 (SP2-SP5) 4.4+ (kernel + kernel-devel)

N/A

6.2.1, 6.3.0 – 6.3.4, 7.0.0 – 7.0.3
Ubuntu 20.04 5.4+ (linux-headers + linux-headers-devel)

N/A

7.0.0 – 7.0.3
  18.04 4.15+ (linux-headers + linux-headers-devel)

N/A

7.0.0 – 7.0.3

 

Note: The — indicates through and inclusive of; for example, 6.1.3 6.1.7 indicates 6.1.3 through and inclusive of 6.1.7.

 See also CB Response sensors & CB Protection agents: Unsupported Linux.

Limitations and Requirements for CB Protection

  • Requires installation of gawk, unzip (for upgrades), libicu, libuuid, and gtk2 (if graphical CB Protection Notifier is desired) rpms.
  • Custom kernels are not supported, including Oracle UEK kernels.
  • Support for LSM is required.
  • At least 2Gb of physical memory

Limitations and Requirements for CB EDR (Response)

  • Oracle is supported via RHCK kernel only, not UEK.
  • eBPF sensors must have matching kernel + kernel-devel/linux-headers + linux-headers-devel packages installed to work properly.
  • A fresh install of 7.0.3-lnx on RHEL 8.4 may require a reboot to ensure all services are running correctly.
Labels (3)
Comments

Hi,

Can you advise when we will have support for Oracle RHCK 8.5 and RHEL 8.5 ?

Thanks

Tim

Is there an ETA for kernel v5 on CentOS 7+?

Hi,

Is there any statement about Centos Stream 8?

regards.

Fabrizio

@dalfarra That's an excellent question regarding VMWare's strategy.  As far as high availability systems go, my company is moving away from Centos to other products (cost vs reliability is always a factor).  I have had similar queries running through my mind.

Will the availability of RHEL EDR sensors and App Control agents be quicker when CentOS stream becomes the precursor to the RHEL release? 

The current delay in providing App Control agents and EDR Sensors for new Linux based kernels breaks our patching strategy, and for a cyber security product, it is quite annoying to have.  Businesses have to make the choice of either staying on the outdated kernel and not realising the benefit of the latest kernel patches to ensure compatibility with Cb App Control, or they have to update the kernel, thus breaking the agent, losing Cb protection, and most often results in a need to reinstall/upgrade the agent manually because of the kernel incompatibility.

Article Information
Author:
Creation Date:
‎01-15-2021
Views:
69385