Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Response Sensors & CB Protection Agents: Linux

CB Response Sensors & CB Protection Agents: Linux


Attention:

Support information for each App Control Agent or EDR Sensor is published on VMware Docs as distinct OERs. This UEX page will no longer be updated.

Please use the links in the following table to go directly to the respective OER.

App Control Agent OERs on VMware Docs EDR Sensor OERs on VMware Docs
Windows Agent (on Windows Desktop) Windows Sensor (on Windows Desktop)
Windows Agent (on Windows Server) Windows Sensor (on Windows Server)
Windows Agent (Embedded) Windows Sensor (Embedded)
Linux Agent Linux Sensor
macOS Agent macOS Sensor

These Carbon Black Linux Server sensors and agents are currently supported as Standard or Extended. Standard support includes maintenance releases and technical support. Extended provides technical support only.

For more information, see the CB Response and CB Protection Product Support Policy and the Carbon Black Product Release Lifecycle Status.

Labels (3)
Comments

I dont see here if which version supports latest kernel 2.6.32.696.30.1 on centos 6

I asked twice because I was wondering the same thing, once directly and once to support. They do (RHEL/CentOS 6.9). Good question, I wish they updated the guide to be unambiguous.

We're waiting on RHEL/CentOS 6.10 support now.

Looks like we are in that boat too now.  We have about 12 machines on RHEL 6.10 that just broke Agent 6.1.5.  Looks like RHEL 6.10 was released about a month ago based on this site: Red Hat Enterprise Linux Release Dates - Red Hat Customer Portal.

Please see Controlled Distribution Releases for v6.1.7 and v5.2.17 that include RHEL/Cent 6.10 support.

[Cb Response] Announcing Controlled Distribution of v6.1.7 and v5.2.17 Linux Sensor

Any progress on Carbon Black Protect (I see that's for CbR)?

We are targeting support of RHEL 6.10 with a CbP 7.2.4 Patch 6 release in mid-August.

Tim

Any updates to RHEL 6.10 CbP support (mid-August)?

The CbP 7.2.4 Patch 6 agent containing support for RHEL 6.10 is targeting release by the end of this week.

Hello, would you know if agent v7.2.4 P6 is released yet for RHEL 6.8 / 6.9?   To support specifically OS 2.6.32.696.30.1.   We are currently holding back deployment until this is available.   Thank you.

Hi Robert,

We released 7.2.4 Patch 6 last Thursday with support for your specified RHEL Versions. Here is a link to the download page:Cb Protection - Linux Agent files (v7.2.4)


Thanks,Isaiah

Has anyone installed CbResponse on a CentOS 6.x running a 4.4 kernel? Am assuming it should be supported based on the CentOS 6.10 line above, but am thinking some confirmation is in order...

Amazon Linux support would be nice to see

+1 on Amazon AMI Support, plus Suse Linux.

Where is Ubuntu on the Roadmap?  The lack therein is a major issue for my org for PCI compliance and is an impediment to possibly expanding our licensed count.  

Hi,

I'm going to assume that this question is in relation to Cb Protection because you mention PCI compliance.

As I'm sure you're aware, CbP has a kernel module as part of our linux agent solution. Preventing a system KP in critical Linux systems is our number one priority and being in the kernel always has the potential of causing a KP. As such, with each release we have to test betas, make code changes, and then test with GA prior to release. As our number of linux flavors expands, the testing and support matrix also expands.

We are looking at changes to linux that may make it possible to reduce our footprint in the kernel which in turn may reduce the testing matrix. We are researching this now.

Currently, Ubuntu is not on the short term roadmap. However, this could change as our research continues.

Tim

The agent built against a specific set of kernel versions. So response will not work with a 4.4 kernel.

I get it but really...it's not like Ubuntu is a some homegrown voodoo OS.

Supporting *only *Redhat seems a bit asinine, from a business

perspective...but perhaps Cb doesn't see it that way. Their loss if we're

required to jump ship as a result. Amazing product but this is a terrible

response.

Lance Auman

Senior IT Security Engineer

15535 Sand Canyon Ave

Irvine CA 92618

Office: (951) 616-3600

*Mobile: *(949) 337-8177

The holdup in porting is the difference between the 3.10.x kernel (RHEL7 and friends) and 4.x kernel which has moved some security hooks out of the kernel (or made usage more restricted) and into userspace through eBPF. It's a good move on the kernel developers part, but means a significant changes in the agent. It has to be done though b/c RHEL 8 will also be on a 4.x kernel.

Once 4.x kernel support is done, the path to SUSE, Ubuntu, and other distros becomes much easier and I expect those distros to start showing up even before RHEL 8.

OK, now that makes solid sense. Thanks for taking the time to

respond...I'll try to fend off of the wolves here in terms of missing FIM

capability on our PCI In Scope Linux boxes this year. Hopefully that'll

buy enough time for the 4.x Kernel build.

Lance Auman

Senior IT Security Engineer

15535 Sand Canyon Ave

Irvine CA 92618

Office: (951) 616-3600

*Mobile: *(949) 337-8177

I just noticed the '2.0.0 beta' for PSC Linux sensor listed.

Is there any place that I can test this beta version of sensor or any Beta program running that I can apply to?

Regards,

  Haro

can we get a downloadable format for this ? a pdf maybe?

 

When do you plan to support RHEL 7.6 (3.10.0-957.el7.x86_64)

Hi Paul, 

We are planning to release Cb Protection Patch 7 with RHEL 7.6 Support near the end of this month on or before 11/30.

Thanks!

@paul_khavkine We also plan to release RHEL 7.6. Support for Cb Response at the end of the month. See post here to follow: RHEL 7.6 Support

@mlinde @ibrown is it possible to add in the version numbers for each patch version. For example, instead of 7.2.4 P7, can it read like 7.2.4.2301 (P7). That might help clear up some confusion.

@mlinde @ibrown is it possible to add in the version numbers for each patch version. For example, instead of 7.2.4 P7, can it read like 7.2.4.2301 (P7). That might help clear up some confusion.

Is RHEL 5.x supported?

@sagarnayak The protection, response and PSC linux sensors do not support RHEL 5.x or CentOS 5.x

Is there an updated table with CBR 6.2? Thank you.

Is amazon linux supported? 

revisiting response above from dheater on ‎09-21-2018 ... "Once 4.x kernel support is done, the path to SUSE, Ubuntu, and other distros becomes much easier and I expect those distros to start showing up even before RHEL 8." ... 

Is there any update on Ubuntu support for Cb Protection?

@azevedofs There is no Linux 6.2.x sensor for CB Response. 

@ahmed_elsayed Amazon Linux is not supported at this time on CB Response or CB Protection. We are working towards a PSC Linux Sensor with Amazon Linux support starting with Live Response capabilities. 

@mdutton4 For Ubuntu support we are planning to start looking into it for 2020. 

Thanks - I assume that means the plan is to work on it this year in readiness for 2020 release (any more specific such as which quarter?), rather than starting work in 2020? 

Is there a segment for Carbon Black Defense?

Hi @Channew,

For Cb Defense, there are only limited support  as of  now:

PSC sensor: Linux sensor support

 

But it seems they are looking  to broaden the support in the future:

PSC Linux Early Access Program - Looking for Participants!

 

Is Archlinux/Manjaro able to be supported?

@mlinde 

Can you elaborate on your reply "There is no Linux 6.2.x sensor for CB Response."?

Our CB cluster is running 6.2.4 and has rpm download options for linux, however the install script does not appear to have anything close to the compatibility cited in this table.  Is there something more up to date?

@__invited__cmo2  

From my understanding you are running the CB Response Server version 6.2.4. This page is for the supported linux sensor versions. 

The compatibility for the CBR Server can be found in the release notes here: CB Response 6.3.0 Server Release Notes

 

It would be great if there was a single downloadable file that contained the supported agent information for all operating systems.  

Will there be support for Debian based Linux?

We need Debian based agents.

@walt Debian support is not on the short term roadmap for CBR. 

We have added Ubuntu support to our PSC Linux sensor: PSC Linux Sensor Support

The current functionality is limited to Live Response. LiveOps Linux support will follow. I would definitely reach out to your Carbon Black representative if you are interested. 

Does someone know what the status on RHEL8 support is?

@pai_open for CBR I'm keeping this page updated with progress on our RHEL 8 support: https://community.carbonblack.com/t5/Announcements/CB-Response-Linux-Sensor-RHEL-8-General-Availabil...

If you have any other questions, feel free to reach out.

@drenaud thank you for the quick response!

Does the CentOS 7 kernel 3.10.0-957.21.3 supports CentOS 7 (7.2.4.2301-P7) agent?

If not, what is the supported version of CentOS agent for the kernel?

@drenaud In response to your comment about RHEL8 support. We came across an issue in which we wanted to install the Response Server on RHEL8 but then noticed that the corresponding CB-Enterprise repository is not available.

The baseurl created for RHEL8 is https://yum.distro.carbonblack.io/enterprise/stable/8/x86_64/. We manually have overwritten the baseurl to https://yum.distro.carbonblack.io/enterprise/stable/7/x86_64/ and then the installation worked.

I'd say, that would be something to be fixed to make the installation work also for other customers. The actual question I have is if what we have done is correct and that the repo in /7/x86_64/ is the same repo to be used for RHEL8?

 

@rafiqanwar  It is supported and this document was just updated to reflect that.  Sorry for the delay.

Is there an ETA for RHEL 7.7 / Kernel 3.10.0-1062 ?

Article Information
Author:
Creation Date:
‎01-15-2021
Views:
131938