We’re migrating product documentation to docs.vmware.com, starting with Carbon Black Cloud. Learn more.

VMware Carbon Black EDR Introduces Open Source Linux Code

VMware Carbon Black EDR Introduces Open Source Linux Code

VMware Carbon Black EDR Linux is proud to announce our kernel module and eBPF code is now available as open source software under the GPLv2 license at https://github.com/vmware/cbsensor-linux-kmod and https://github.com/vmware/cbsensor-linux-bpf/ respectively. 

The distributions supported by the kernel module are RedHat 6 and 7 and derivatives that use the same RedHat kernels (CentOS, Oracle Linux). eBPF supports RedHat/CentOS 8+ as well as SUSE 12 and 15, and Ubuntu 18.04 and 20.04. Also included with our eBPF code is an example script that runs basic Linux telemetry under a BSD 2-Clause.

Open sourcing these parts of our sensor enables us to work more closely with the security community to produce a better product. Community contributions will be included in future development of our VMware Carbon Black EDR Linux sensor.

 

Sensor operating systems

CB EDR sensors operate with multiple operating systems. For the current list of supported operating systems, see  https://community.carbonblack.com/docs/DOC-7991.

 

Documentation

Click here to search the full library of CB EDR user documentation on the Carbon Black User Exchange.

Labels (4)
Comments

it really need a "/usr/sbin/cb_ebpftool/cbebpfdaemon.sh status" or some way to check from the linux agent side if all is ok.

Article Information
Author:
Creation Date:
‎09-21-2020
Views:
1055
Contributors