A new BaseGuard update (1.0.482) and a new FSBG update (1.0.471) have been released. BaseGuard and FSBG are part of Linux Security 64. This update includes the following changes:
- CSLP-3722: Rapid Detection and Response functionality was added (see below).
- CSLP-3542: Optimized performance when on-access scanning and integrity checking are turned off.
- CSLP-3780: Fixed an issue where large number of mount points could cause product to stop working.
- CSLP-3661: Fixed an issue where system could get stuck during shutdown if a particular autofs & NFS configuration was used.
- Miscellaneous enhancements and bug fixes.
Rapid Detection and Response Support
Requirements
RDR functionality requires the auditd service to be installed and running on the system. Please, see known issues below.
Licensing
Please, use "PSB Server Protection Premium + RDR" subscription in order to deploy Linux Protection with RDR.
Supported systems
The compatibility list is the same as for Linux Protection with exclusions. The following Linux distributives are not supported due to RDR sensor incompatibility:
- SLES 12 SP 5
- SLES 15
- Ubuntu 20.04
- Oracle Linux with UEK kernel
Known issues
- It is required to install, enable and start the auditd package on your system before installing Linux Protection with RDR. Without auditd, RDR sensor installation will fail. If RDR sensor installation fails, an error like this will be printed to the system journal:
"Sep 29 14:07:37 localhost fsbg[6692]: update installation failed: /sensor/1601277158"
It is possible to fix the failed sensor installation by installing auditd and running the command
"/opt/f-secure/baseguard/bin/update $(/opt/f-secure/baseguard/bin/update --list | grep sensor | cut -d ' ' -f 1)";
- On Debian 10 with SELinux enabled the RDR sensor and auditd can fail in some configurations
- It is recommended to test the RDR sensor on the expected workload before deploying it into production, especially in network-heavy applications
