To perform malware analysis of ELF
files, and collect data for EDR and behavioral threat analysis,
the Cortex XDR agent for Linux requires a supported kernel version
of 2.6.32-573 or later, as listed in Latest Kernel Module Version
Support.
If you deploy the Cortex XDR agent on a Linux
server that is not running one of the kernel versions required for these
additional protection capabilities, the agent will operate in asynchronous mode.
Software packages
Verify you have standard Unix programs installed.
ca-certificates
openssl 1.0.0 or a later release
Distributions with SELinux in enforcing or permissive mode:
Red Hat Enterprise Linux 6, CentOS 6, and Oracle Linux 6—policycoreutils-python
Red Hat Enterprise Linux 7, CentOS 7, and Oracle Linux 7—policycoreutils-python
and selinux-policy-devel
SUSE—policycoreutils-python and selinux-policy-devel
Debian and Ubuntu—policycoreutils and selinux-policy-dev
glibc—Required for exploit protection of containerized processes
using the ROP Mitigation and Brute Force Protection modules. If
glibc is not installed, the modules are disabled but all other exploit
and malware protection functionality work as expected.
CentOS 6.10—Enable the dynamic CA instead of the legacy CA:
