Traps for Linux Requirements - Cortex XDR - Cortex XDR Agent - Advanced Endpoint Protection - Cortex - Security Operations

Traps Agent Administrator Guide
Product
Cortex XDR
Cortex XDR Agent
Version
5.0
Creation date
2022-09-01
Last date published
2023-01-04
Category
Administrator Guide

The Traps agent for Linux has the following requirements:

Requirement

Minimum Specification

Processor

2.3 GHz

RAM

4GB; 8GB recommended

Hard disk space

10GB

Architecture

x86 64-bit

Operating system versions

See Where Can I Install the Cortex XDR Agent? in the Palo Alto Networks® Compatibility Matrix.Where Can I Install the Cortex XDR Agent?

Kernel version

2.6.32

Software packages

  • ca-certificates

  • openssl 1.0.0 or a later release

  • Distributions with SELinux in enforcing or permissive mode:

    • Red Hat Enterprise Linux 6, CentOS 6, and Oracle Linux 6—policycoreutils-python

    • Red Hat Enterprise Linux 7, CentOS 7, and Oracle Linux 7—policycoreutils-python and selinux-policy-devel

    • SUSE—policycoreutils-python and selinux-policy-devel

    • Debian and Ubuntu—policycoreutils and selinux-policy-dev

  • CentOS 6.10—Enable the dynamic CA instead of the legacy CA:

    1. Enable the dynamic CA configuration: update-ca-trust force-enable

    2. Import the certificates: cp XDR-certificate.crt /etc/pki/ca-trust/source/anchors/.

    3. Rebuild the certificate database: update-ca-trust extract

Networking

  • Allow communication on the TCP port from the agent to server (the default is port 443).

  • Allow the Cortex XDR management console and agent to communicate with external and internal resources required for enforcing endpoint protection. See the Cortex XDR Administrator Guide for your license type.

Traps for Linux Limitations

The following table describes limitations on Linux endpoints.

Security Product

Description

Implications and Required Actions

Chrooted and containerized processes

Chrooted and containerized processes collide with the Traps injection mechanism.

Chrooted and containerized processes are not protected by injection-based security modules (ROP Mitigation and Brute Force Protection). All other exploit and malware protection functionality works as expected. No user action is required.