We’re migrating product documentation to docs.vmware.com, starting with Carbon Black Cloud. Learn more.

Carbon Black Cloud sensor: Linux sensor support

Carbon Black Cloud sensor: Linux sensor support

Below is a list of all current and previous Linux Carbon Black Cloud sensors. Please see the Carbon Black Cloud Sensor Support Policy and the Carbon Black Product Release Life Cycle Status pages for more information on sensors currently in Standard or Extended support.

To view all Carbon Black Cloud sensor versions, see Carbon Black Cloud sensor support.

All Linux sensors run on an x64 architecture. 

Audit and Remediation &  Workloads Supported Distributions 

Note: All kernel versions are supported on Audit and Remediation

Distribution Distribution Version

Audit and Remediation

Workloads

Vulnerability Assessment

RHEL 8 8.0-8.4 2.4.0-2.12 2.9.0-2.12 2.9.0-2.12
CentOS 8 8.0-8.1 2.4.0-2.12 2.9.0-2.12 2.9.0-2.12
Oracle 8 8.0-8.2 2.8.1-2.12 2.9.0-2.12 None
RHEL 7 7.0-7.9 2.4.0-2.12 2.9.0-2.12 2.9.0-2.12
CentOS 7 7.0-7.9 2.4.0-2.12 2.9.0-2.12 2.9.0-2.12
Oracle 7 7.0-7.9 2.8.1-2.12 2.9.0-2.12 None
RHEL 6 6.6-6.10 2.4.0-2.11.3 2.9.0-2.11.3 2.9.0-2.11.3
CentOS 6 6.6-6.10 2.4.0-2.11.3 2.9.0-2.11.3 2.9.0-2.11.3
Oracle 6 6.6-6.10 2.4.0-2.11.3 2.9.0-2.11.3
None
SUSE 12 12.2-12.5 2.4.0-2.11.3
2.9.0-2.11.3
2.9.0-2.11.3
SUSE 15 15.0-15.1 2.4.0-2.12
2.9.0-2.12
2.9.0-2.12
OpenSUSE 42 42.2-42.3 2.4.0-2.11.3
2.9.0-2.11.3
None
OpenSUSE 15 15.0-15.1 2.4.0-2.12 2.9.0-2.12 None
Amazon Linux 2   2.4.0-2.12 2.9.0-2.12
None
Ubuntu 16 16.04 LTS 2.4.0-2.12
2.9.0-2.12
2.9.0-2.12
Ubuntu 18 18.04 LTS, 18.10 2.4.0-2.12
2.9.0-2.12
2.9.0-2.12
Ubuntu 19 19.04 LTS, 19.10 2.4.0-2.12 2.9.0-2.12 2.9.0-2.12
Ubuntu 20 20.04 LTS 2.4.0-2.12 2.9.0-2.12 2.9.0-2.12
Ubuntu 21 21.04 2.11.3-2.12 2.11.3-2.12 2.11.3-2.12
Debian 9 9.0-9.9 2.11.0-2.12 2.11.0-2.12 None
Debian 10 10.0-10.11 2.11.0-2.12 2.11.0-2.12 None

Note: We dropped support for RHEL/CentOS/Oracle 6.5 and below in 2.9.1. We recommend those on these operating system versions update to a more recent version of RHEL/CentOS/Oracle.  

Enterprise EDR Supported Distributions and Kernel Versions

Note: Kernel version 4.4+ is required for RHEL8+, CentOS8+, Oracle 8+, Oracle UEK, Amazon, SUSE, and Ubuntu

Distribution Kernel Version Sensor Version
RHEL/CentOS    
6.6 2.6.32-504-* 2.7.0-2.11.3
6.7 2.6.32-573-* 2.7.0-2.11.3
6.8 2.6.32-642-* 2.7.0-2.11.3
6.9 2.6.32-696-* 2.7.0-2.11.3
6.10 2.6.32-754-* 2.7.0-2.11.3
7.0 3.10.0-123-* 2.7.0-2.12
7.1 3.10.0-229-* 2.7.0-2.12
7.2 3.10.0-327-* 2.7.0-2.12
7.3 3.10.0-514-* 2.7.0-2.12
7.4 3.10.0-693-* 2.7.0-2.12
7.5 3.10.0-862-* 2.7.0-2.12
7.6 3.10.0-957-* 2.7.0-2.12
7.7 3.10.0-1062-* 2.7.0-2.12
7.8 3.10.0-1127-* 2.7.1-2.12
7.9 3.10.0-1160-* 2.9.1-2.12
8.0 4.18.0-80-* 2.10.1-2.12
8.1 4.18.0-147-* 2.10.1-2.12
8.2 4.18.0-193-*

2.10.1-2.12

8.3 4.18.0-240-* 2.10.1-2.12
8.4 4.18.0-305-* 2.11.0-2.12
     
SUSE    
12.2 4.4.21-* 2.10.1-2.11.3
12.3 4.4.73-* 2.10.1-2.11.3
12.4 4.12.14-* 2.10.1-2.12
12.5 4.12.14-* 2.10.1-2.12
     
15 4.12.14-* 2.10.1-2.12
15.1 4.12.14-* 2.10.1-2.12
15.2 5.3.18-* 2.10.1-2.12
     
OpenSUSE    
42.2 4.4.21-* 2.10.1-2.11.3
42.3 4.4.73-* 2.10.1-2.11.3
     
15.0 4.12.14-* 2.10.1-2.12
15.1 4.12.14-* 2.10.1-2.12
15.2 5.3.18-* 2.10.1-2.12
     
Ubuntu    
16.04 4.4-* 2.10.1-2.11.3
18.04 4.8-* 2.10.1-2.12
18.10 4.18-* 2.10.1-2.12
19.04 5.0-* 2.10.1-2.12
19.10 5.3-* 2.10.1-2.12
20.04 5.4-* 2.10.1-2.12
21.04 5.11-* 2.10.1-2.12
     
Amazon Linux    
2 4.14-* 2.10.1-2.12
     
Oracle RHCK UEK  
6.6 2.6.32-504-* Not Supported 2.8.0-2.11.3
6.7 2.6.32-573-* Not Supported 2.8.0-2.11.3
6.8 2.6.32-642-* Not Supported 2.8.0-2.11.3
6.9 2.6.32-696-* Not Supported 2.8.0-2.11.3
6.1 2.6.32-754-* Not Supported 2.8.0-2.11.3
7.0 3.10.0-123-* Not Supported 2.8.0-2.12
7.1 3.10.0-229-* Not Supported 2.8.0-2.12
7.2 3.10.0-327-* Not Supported 2.8.0-2.12
7.3 3.10.0-514-* Not Supported 2.8.0-2.12
7.4 3.10.0-693-* Not Supported 2.8.0-2.12
7.5 3.10.0-862-* Not Supported 2.8.0-2.12
7.6 3.10.0-957-* 4.14.35-* 2.8.0-2.12***
7.7 3.10.0-1062-* 4.14.35-* 2.8.0-2.12***
7.8 3.10.0-1127-* 4.14.35-* 2.8.0-2.12***
7.9 3.10.0-1160-* 5.4.17-* 2.9.1-2.12***
8.0 4.18.0-80-* NONE 2.10.1-2.12
8.1 4.18.0-147-* NONE 2.10.1-2.12
8.2 4.18.0-193-* 5.4.17-* 2.10.1-2.12
8.3 4.18.0-221-* 5.4.17-* 2.10.1-2.12
       
Debian      
9.0-9.9 4.9-*   2.11.0-2.12
10.0-10.11 4.19-*   2.11.0-2.12

*** UEK kernel is only support in 2.10.1+

Endpoint Standard Distributions and Kernel Versions

Note: Kernel version 4.4+ is required for RHEL8+, CentOS8+, Oracle 8+, Oracle UEK, Amazon, SUSE, and Ubuntu

Distribution Kernel Version Sensor Version
RHEL/CentOS    
6.6 2.6.32-504-* 2.7.0-2.11.3
6.7 2.6.32-573-* 2.7.0-2.11.3
6.8 2.6.32-642-* 2.7.0-2.11.3
6.9 2.6.32-696-* 2.7.0-2.11.3
6.10 2.6.32-754-* 2.7.0-2.11.3
7.0 3.10.0-123-* 2.7.0-2.12
7.1 3.10.0-229-* 2.7.0-2.12
7.2 3.10.0-327-* 2.7.0-2.12
7.3 3.10.0-514-* 2.7.0-2.12
7.4 3.10.0-693-* 2.7.0-2.12
7.5 3.10.0-862-* 2.7.0-2.12
7.6 3.10.0-957-* 2.7.0-2.12
7.7 3.10.0-1062-* 2.7.0-2.12
7.8 3.10.0-1127-* 2.7.1-2.12
7.9 3.10.0-1160-* 2.9.1-2.12
8.0 4.18.0-80-* 2.10.1-2.12
8.1 4.18.0-147-* 2.11.0-2.12
8.2 4.18.0-193-*

2.11.0-2.12

8.3 4.18.0-240-* 2.11.0-2.12
8.4 4.18.0-305-* 2.11.0-2.12
     
SUSE    
12.2 4.4.21-* 2.11.0-2.11.3
12.3 4.4.73-* 2.11.0-2.11.3
12.4 4.12.14-* 2.11.0-2.12
12.5 4.12.14-* 2.11.0-2.12
     
15 4.12.14-* 2.11.0-2.12
15.1 4.12.14-* 2.11.0-2.12
15.2 5.3.18-* 2.11.0-2.12
     
OpenSUSE    
42.2 4.4.21-* 2.11.0-2.11.3
42.3 4.4.73-* 2.11.0-2.11.3
     
15.0 4.12.14-* 2.11.0-2.12
15.1 4.12.14-* 2.11.0-2.12
15.2 5.3.18-* 2.11.0-2.12
     
Ubuntu    
16.04 4.4-* 2.11.0-2.11.3
18.04 4.8-* 2.11.0-2.12
18.10 4.18-* 2.11.0-2.12
19.04 5.0-* 2.11.0-2.12
19.10 5.3-* 2.11.0-2.12
20.04 5.4-* 2.11.0-2.12
21.04 5.11-* 2.11.0-2.12
     
Amazon Linux    
2 4.14-* 2.11.0-2.12
     
Oracle RHCK UEK  
6.6 2.6.32-504-* Not Supported 2.8.0-2.11.3
6.7 2.6.32-573-* Not Supported 2.8.0-2.11.3
6.8 2.6.32-642-* Not Supported 2.8.0-2.11.3
6.9 2.6.32-696-* Not Supported 2.8.0-2.11.3
6.10 2.6.32-754-* Not Supported 2.8.0-2.11.3
7.0 3.10.0-123-* Not Supported 2.8.0-2.12
7.1 3.10.0-229-* Not Supported 2.8.0-2.12
7.2 3.10.0-327-* Not Supported 2.8.0-2.12
7.3 3.10.0-514-* Not Supported 2.8.0-2.12
7.4 3.10.0-693-* Not Supported 2.8.0-2.12
7.5 3.10.0-862-* Not Supported 2.8.0-2.12
7.6 3.10.0-957-* 4.14.35-* 2.8.0-2.12***
7.7 3.10.0-1062-* 4.14.35-* 2.8.0-2.12***
7.8 3.10.0-1127-* 4.14.35-* 2.8.0-2.12***
7.9 3.10.0-1160-* 5.4.17-* 2.9.1-2.12***
8.0 4.18.0-80-* NONE 2.11.0-2.12
8.1 4.18.0-147-* NONE 2.11.0-2.12
8.2 4.18.0-193-* 5.4.17-* 2.11.0-2.12
8.3 4.18.0-221-* 5.4.17-* 2.11.0-2.12
       
Debian      
9.0-9.10 4.9-*   2.11.0-2.12
10.0-10.11 4.19-*   2.11.0-2.12

*** UEK kernel is only support in 2.11.0+

Comments

Hi

 

For Amazon Linux 2 and Ubuntu* distributions, any reason that CB Defense listed as '2.2.0' and not '2.2.0 - 2.4.0' ?

 

@haro Thanks for pointing this out. It has been updated. 

Hi,

 

By 'CB Defense (Live Response only)'  do you mean that we won't be able to apply prevention policies, for example to terminate known malware, and we wont see events for Linux machines under Investigate page?

 

That's correct @gszajwaj - the Linux Sensors currently do not enforce an policy actions, and you will not see any events, as we are not tracking them. It is purely so actions can be taken via Live Response.

Here's a KB Article on this point...
CB Defense: Can the Linux Sensor be assigned to a policy?
https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-Can-the-Linux-Sensor-be-assigned-to-a...

I hope that helps clarify this for you.

~David

I'm running PSC sensor and my environment has only ThreatHunter, enabled.

I'm still not able to download Linux sensors, just Windows. Any clue on the date it will became available?

 

Best,

Jefferson

Any future support for Oracle Enterprise Linux?

@pipesbi We are actively working on Oracle Linux support.

A couple things to mention here:

LiveOps (Audit and Remediation) will support Oracle Linux 6, 7, 8 with both the UEK and RHCK kernel. 

For ThreatHunter (Enterprise EDR) and Defense (Endpoint Standard), Oracle Linux 6/7 with the RHCK kernel will be the only distributions/kernels supported upon initial release. 

What is the timing for Cb ThreatHunter (Cloud EDR) support for SLES12 and 15?  I still see them listed above as only supporting LiveOps (still).

 

Also, what about support for CbTH and CbD for RHEL/CentOS 8?  It's listed under LiveOps and it's been out for 6+ months.

 

when can we expect active protection( CB Defense & Threat Hunter) for ubuntu servers ?

Are there any updates to the availability of seeing events?  This feature was promised by the end of 2019 and we are more than halfway through 2020.  

@hhendrickson @cullom @maheshn89 

We are actively working on 4.x+ kernel support on RHEL8, SUSE, CentOS8, Oracle8, Amazon Linux and Ubuntu. The first milestone we are looking towards is Enterprise EDR support (formerly CB ThreatHunter) at the end of the year. Endpoint Standard (formerly CB Defense) will follow. 

@mlinde  - that's good to hear, but what about all my existing SUSE servers running kernel 3.10 that I really want to get consolidated under a single portal and agent (CbTH)?  Or are you saying that you will never have CbTH support for SUSE 12 and 15?

Hi

In Release Note for 2.8.0 , support for Audit and Remediation is mentioned as "Oracle Linux 6.0-8.2 on both the RHCK kernel and UEK kernel."

However, the above "CB LiveOps Supported Distribution" only has "8.0-8.1" for Orcale Linux 8.

Which is correct for Oracle Linux 8.2 support status?

@hhendrickson we will be adding support for SLES 12 and 15, but only on the 4.x+ kernels. Both SLES 12 and SLES 15 have shipped with kernels 4.x+ for the past couple years. As we move towards using an eBPF-based solution so we can support more distributions, a requirement will be on the newer kernel versions. 

 

@haro Oracle 8.2 is supported on LiveOps, updating this table now. 

What're the chances of getting Arch support added? I get that you would have to limit kernel versions and that's semi anti arch, but would still love to see it as a supported distro so I could use things like Manjaro.

is there an ETA for ubuntu 20 sensor kit on cb defense? right now i only see 16/18

Is there a specific estimated time of arrival for CB Defense Linux support Debian/Ubuntu ?

Hi,

we had patched our linux servers from 7.8 - 7.9 and all sensors went on to bypass mode due to "unsupported OS" is there a timeline on having this addressed in future sensor releases? if so, any ETA?


Thanks,

Venkat.

any updates on the Linux 7.9 support?

Looks like they just put it out.

We found a possible backend/console bug as we updated some it's across any version - seems to be general ui bug
query by agent version "2.10.1.373013"
"query asset" icon under action does not show
 
query by name of endpoint "hostname"
"query asset" icon under action displays properly
 

Anyone facing some issues on Ubuntu 16.04 after sensor upgrade to 2.10.1?

@ittommi and @mdeschenes I would advise opening a case if you are still having issues. That will be the fastest path to resolution. 

Thanks for the consolidated view for agent support. What is the timeline for Endpoint Standard support on Ubuntu and Amazon Linux?

Following up on da878t's comment, any word on when Endopint Standard support for Ubuntu and Centos 8 will be available?

The table here makes for a confusing read what does 5.4-* mean? 5.4 and above?
Could the page be updated to make this clearer?

Why no EDR column like for the Windows OSs? What versions of Linux is EDR supported on? 

@jpenrod This matrix is specifically for the Carbon Black Cloud products.

For the EDR and App Control Linux version support you can view them here: https://community.carbonblack.com/t5/Documentation-Downloads/CB-Response-Sensors-amp-CB-Protection-A...

Hope this helps.

Article Information
Author:
Creation Date:
‎12-22-2020
Views:
47047