The Cortex XDR agent for Linux has the following requirements:
Processor 2.3 GHz dual-core processor
4GB; 8GB recommended
Hard disk space
x86_64 (x86 64bit)
For aarch64 (ARM 64 bit) see Cortex XDR Agent for Linux Requirements for details.
Operating system versions
See the Cortex XDR Agent Compatibility Matrix.
Version - minimum 2.6.32
To perform malware analysis of ELF files, and collect data for EDR and behavioral threat analysis, the Cortex XDR agent for Linux requires a supported kernel version of 2.6.32-573 or later, as listed in the Kernel Module Version Support.
If you deploy the Cortex XDR agent on a Linux server that is not running one of the kernel versions required for these additional protection capabilities, the agent will operate in asynchronous mode.
User Space Mode
Version - 5.0 and above
New Cortex XDR agents and Cortex XDR agents running on versions earlier than 7.8, create and deploy the latest YAML installer for Kubernetes based installations.
Verify you have standard Unix programs installed.
openssl 1.0.0 or a later release
Distributions with SELinux in enforcing or permissive mode:
Red Hat Enterprise Linux 6, CentOS 6, and Oracle Linux 6—policycoreutils-python
Red Hat Enterprise Linux 7, CentOS 7, and Oracle Linux 7—policycoreutils-python and selinux-policy-devel
Red Hat Enterprise Linux 8/9, CentOS 8, Oracle Linux 8/9, Alma Linux 8/9 and Rocky Linux 8/9: policycoreutils-python-utils and selinux-policy-devel
Amazon Linux: policycoreutils-python and selinux-policy
Amazon Linux 2: policycoreutils-python and selinux-policy-devel
SUSE and OpenSuse: policycoreutils-python and selinux-policy-devel
Debian and Ubuntu—policycoreutils and selinux-policy-dev
glibc—Required for exploit protection of containerized processes using the ROP Mitigation and Brute Force Protection modules. If glibc is not installed, the modules are disabled but all other exploit and malware protection functionality work as expected.
CentOS 6.10—Enable the dynamic CA instead of the legacy CA:
Enable the dynamic CA configuration:
Import the certificates:
cp XDR-certificate.crt /etc/pki/ca-trust/source/anchors/.
Rebuild the certificate database:
Allow communication on the TCP port from the Cortex XDR agent to the server (the default is port 443).
Allow the Cortex XDR management console and agent to communicate with external and internal resources required for enforcing endpoint protection.