Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Configure the Linux Agent for Secure Boot

App Control: How to Configure the Linux Agent for Secure Boot

Environment

  • App Control Linux Agent: All Supported Versions

Objective

How to configure the Linux agent to work when the Secure Boot option is enabled?

Resolution

The App Control agent has no built-in support for secure boot at this time, so the following options exist:

Option 1: Disable UEFI Secure Boot
  1. Reboot the computer > Enter into the UEFI firmware / BIOS configuration
  2. Find the secure boot option (possibly under the security menu) and set it to disabled
  3. Save the change and reboot
Option 2: Sign the App Control kernel modules
  1. Generate a public private key pair for signing the App Control kernel modules
    • This Red Hat article provides steps to generate a public private key pair (Step 4.3)
    • Store the key pair in some directory e.g.
       /var/tmp/signing/my_signing_keys
  2.  Sign the App Control kernel modules using the keys generated in the above step.
    • Take backup of all the file from "/opt/bit9/bin/kernel” directory
    • Sign both the App C kernel modules with the following commands:
      # uname -r
      4.18.0-80.el8.x86_64
      
      # cd /opt/bit9/bin/kernel
      # pwd
      /opt/bit9/bin/kernel
      
      # /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 /var/tmp/signing/my_signing_key.priv /var/tmp/signing/my_signing_key_pub.der b9k_87611.ko.4.18.0-80
      
      # /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 /var/tmp/signing/my_signing_key.priv  /var/tmp/signing/my_signing_key_pub.der cbproxy_cbp_876_20211111.ko.4.18.0-80
      
      # chmod +x b9k_87611.ko.4.18.0-80
      
      # chmod +x cbproxy_cbp_876_20211111.ko.4.18.0-80
    • Sign all the cbproxy and b9k kernel modules present in the "/opt/bit9/bin/kernel” directory
    • This will ensure that the App C agent works with secure boot enabled even if the system is upgraded/downgraded to newer/older kernel version


     
  3. Register the public key on the App C endpoint:

Additional Notes

Support for Secure Boot will be added to the Linux App Control agent in a future agent release

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-13-2022
Views:
130
Contributors