Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

VMware Carbon Black EDR Introduces Open Source Linux Code

VMware Carbon Black EDR Introduces Open Source Linux Code

VMware Carbon Black EDR Linux is proud to announce our kernel module and eBPF code is now available as open source software under the GPLv2 license at https://github.com/vmware/cbsensor-linux-kmod and https://github.com/vmware/cbsensor-linux-bpf/ respectively. 

The distributions supported by the kernel module are RedHat 6 and 7 and derivatives that use the same RedHat kernels (CentOS, Oracle Linux). eBPF supports RedHat/CentOS 8+ as well as SUSE 12 and 15, and Ubuntu 18.04 and 20.04. Also included with our eBPF code is an example script that runs basic Linux telemetry under a BSD 2-Clause.

Open sourcing these parts of our sensor enables us to work more closely with the security community to produce a better product. Community contributions will be included in future development of our VMware Carbon Black EDR Linux sensor.


Sensor operating systems

CB EDR sensors operate with multiple operating systems. For the current list of supported operating systems, see  https://community.carbonblack.com/docs/DOC-7991.



Click here to search the full library of CB EDR user documentation on the Carbon Black User Exchange.

Labels (4)

it really need a "/usr/sbin/cb_ebpftool/cbebpfdaemon.sh status" or some way to check from the linux agent side if all is ok.

Article Information
Creation Date: