Cortex XDR Agent for Linux Requirements - 7.9 - 7.8 - 7.7 - Cortex XDR - Cortex XDR Agent - Cortex - Security Operations

Cortex XDR Agent Administrator Guide

Product
Cortex XDR
Cortex XDR Agent
Version
7.7
Creation date
2022-08-31
Last date published
2023-01-04
End_of_Life
EoL
Category
Administrator Guide

The Cortex XDR agent for Linux has the following requirements:

Requirement

Minimum Specification

Processor

Processor 2.3 GHz dual-core processor

RAM

4GB; 8GB recommended

Hard disk space

10GB

Architecture

x86 64-bit

Operating system versions

See the Palo Alto Networks® Compatibility Matrix.

Kernel version

Kernel Mode

Version - minimum 2.6.32

To perform malware analysis of ELF files, and collect data for EDR and behavioral threat analysis, the Cortex XDR agent for Linux requires a supported kernel version of 2.6.32-573 or later, as listed in the latest Kernel Module Version Support..

If you deploy the Cortex XDR agent on a Linux server that is not running one of the kernel versions required for these additional protection capabilities, the agent will operate in asynchronous mode.

User Space Mode

Version - 5.0 and above

New Cortex XDR agents and Cortex XDR agents running on versions earlier than 7.8, create and deploy the latest YAML installer for Kubernetes based installations.

Software packages

  • Verify you have standard Unix programs installed.

  • ca-certificates

  • openssl 1.0.0 or a later release

  • Distributions with SELinux in enforcing or permissive mode:

    • Red Hat Enterprise Linux 6, CentOS 6, and Oracle Linux 6—policycoreutils-python

    • Red Hat Enterprise Linux 7, CentOS 7, and Oracle Linux 7—policycoreutils-python and selinux-policy-devel

    • SUSE—policycoreutils-python and selinux-policy-devel

    • Debian and Ubuntu—policycoreutils and selinux-policy-dev

  • glibc—Required for exploit protection of containerized processes using the ROP Mitigation and Brute Force Protection modules. If glibc is not installed, the modules are disabled but all other exploit and malware protection functionality work as expected.

  • CentOS 6.10—Enable the dynamic CA instead of the legacy CA:

    1. Enable the dynamic CA configuration: update-ca-trust force-enable

    2. Import the certificates: cp XDR-certificate.crt /etc/pki/ca-trust/source/anchors/.

    3. Rebuild the certificate database: update-ca-trust extract

Networking

  • Allow communication on the TCP port from the Cortex XDR agent to the server (the default is port 443).

  • Allow the Cortex XDR management console and agent to communicate with external and internal resources required for enforcing endpoint protection.