Linux Workstation Standards

Managing University of Dayton computers is an important part of UDit's overall "defense-in-depth strategy" (a cybersecurity approach that uses multiple layers of security for holistic protection).  In addition to using Active Directory (AD) on the Microsoft side, we are able to manage Windows and Apple computers through Ivanti and JAMF. While Linux doesn’t have the same numbers across campus, there’s no single preferred distribution. Linux users tend to be our most technical users and in some instances manage our infrastructure. Therefore we want to apply similar standards across all three operating system platforms.

Configuration standards

Registration requirement

Appendix A - CrowdStrike Supported Linux Distributions

Appendix B - Ivanti Supported Linux Distributions
 

Configuration standards

The following configuration standards are for users wanting to use a Linux operating system computer at UD.

NOTE: These standards apply to workstations and are insufficient for server operations and maintenance.


Distribution

There are a variety of ways to differentiate Linux distributions - system architecture, kernel, vendor, etc.  We recommend using one that allows use of our CrowdStrike and Ivanti agents.  Supported distributions will be attached as appendices to this document.  In the event an individual wishes to run a distribution that won’t run, use a distribution that is currently supported by the vendor (with updates) and supports the remainder of the requirements.  In those cases where even this isn’t possible, the workstation should not be used on the network.
 

Asset Management

Ivanti clients are available for a number of different Linux distributions. You’ll find a list in Appendix A. Unlike Windows, Ivanti may not be sufficient to maintain the operating system and installed software.  Ivanti will be used for hardware tracking only. Software updates are covered separately.
 

Antivirus (AV) / Endpoint Detection and Response (EDR)

CrowdStrike sensors are available for a number of different Linux distributions. You’ll find a list in Appendix B. In the event a user wishes to run a distribution that does not support CrowdStrike, the user will install ClamAV or an approved alternative, keep its signature databases current and run monthly scans at a minimum.
 

Software Updates

Users are responsible for updating their Linux distributions at least monthly.
 

Encryption / Key Escrow

Users running Linux on laptops will encrypt all disks/volumes with preboot authentication functionality using LUKS or an approved alternative.  An encryption key shall be escrowed with the Linux user’s supervisor.
 

Local Administrator

Privileged accounts such as root will not be used on a day-to-day basis. Use of SU and SUDO is encouraged.
 

Passwords

Passwords for all local accounts shall be strong and will be 8 or more characters. They will not contain common words (whole or part) or parts of the user’s name or University ID (UDID) and will follow the general guidelines outlined at password.udayton.edu.  All passwords, to include root, shall be changed annually.
 

Firewall

Host firewalls shall be enabled and any ports required to be opened will be documented in the Linux Workstation Registration Form.

NOTE: Labs are a special case.  Exceptions to the guidelines may be required and shall be documented.

 

Registration requirement

Users are expected to maintain Linux workstations to the standards listed above.

Complete the Linux Workstation Registration Form. A workstation record is placed into our asset inventory.

 

Appendix A - CrowdStrike Supported Linux Distributions

This information is not publicly available on CrowdStrike’s website, but is current as of June 30, 2023.  We will periodically update this appendix to keep it current, but feel free to reach out to the IT Risk Management Office if you have questions or want the very latest.

This section discusses Linux operating systems only. Linux support is highly dependent on the kernels used, support of which is updated frequently with new Sensor releases. Therefore, while we can list here the general distributions we are supporting, you will need to consult the Falcon Sensor for Linux Deployment Guide's section, Appendix A – Supported Kernels, to ensure your kernel is supported; find this guide in your Falcon console at Support → Documentation → Sensor Deployment and Maintenance. A sensor running on a supported Linux distribution but an unsupported kernel will enter Reduced Functionality Mode (RFM); Linux sensors in RFM will only send SensorHeartBeat events at this time.
 

Supported

We support x86_64 and Graviton 64 versions of the Linux OSes listed below, with supported kernels. We also support ARM64 on RHEL/Alma/CentOS/Rocky 8.5-8.6 and on Ubuntu 18.04, 20.04, and 22.04.

Linux Distribution

Version

Minimum Sensor Version

Docker Support?5

Alma Linux 9.1 (User Mode Support Only) User Mode: 6.54.15110
Kernel Mode: N/A
No
  9.0 all supported versions No
  8.8 6.56.15309 No
  8.7 6.48.14504+ No
  8.6 all supported versions No
  8.5 all supported versions No
  8.4 all supported versions TBD
Amazon Linux 2023 (User Mode Support Only) 6.56.15309 Yes
  2 (with Cloud ML support on Graviton1 and Graviton2 ARM processors)6 all supported versions Yes
  AMI 2018.03 all supported versions Yes
  AMI 2017.09 all supported versions No
CentOS 8.5 all supported versions No
  8.0 - 8.4 all supported versions No
  7.4 - 7.9 all supported versions Yes
  6.7 - 6.10 all supported versions No
Debian 11 all supported versions No
  10 all supported versions No
  9.1 - 9.4 all supported versions Yes
ELRepo 7.x-8.x LT all supported versions No
Flatcar Container Linux
(DaemonSet deployment only)
3227.2.4 and later for ARM64 architecture, 3139.2.2 and later
for x86_64 architecture
6.49.14064+ No
Google Container-Optimized OS (COS)
(DaemonSet deployment only)
COS 5.10.176 kernels and later 6.54.15110+ No
Oracle Linux 9, UEK 7 6.50.14712+ No
  8, UEK 6 all supported versions No
  7, UEK 5 and UEK 6 all supported versions No
  7, UEK 3 and UEK 4 all supported versions No
  6, UEK 3 and UEK 4 all supported versions No
  Red Hat Compatible Kernel (RHCK)
(supported kernels are the same as SLES 15 SP3)
all supported versions No
OpenSUSE Leap 15.3 (supported kernels same as SLES 15 SP3) all supported versions No
Red Hat Enterprise Linux (RHEL) 9.1 (User Mode Support Only) User Mode: 6.54.15110
Kernel Mode:  N/A
No
  9.0 all supported versions No
  8.8 6.56.15309 No
  8.7 6.48.14504+ No
  8.6 all supported versions No
  8.5 all supported versions No
  8.0 - 8.4 all supported versions No
  7.7 - 7.9 all supported versions Yes
  7.4 - 7.7 all supported versions Yes
  6.7 - 6.10 all supported versions No
Red Hat Enterprise Linux CoreOS (RHCOS)
(DaemonSet deployment only)
4.12 6.54.15110+ No
  4.7 - 4.11   No
Rocky Linux 9.1 (User Mode Support Only) User Mode: 6.54.15110
Kernel Mode:  N/A
No
  9.0 all supported versions No
  8.8 6.56.15309 No
  8.7 6.48.14504+ No
  8.6 all supported versions No
  8.5 all supported versions TBD
  8.4 (supported kernels are the same as RHEL) all supported versions TBD
SUSE Linux Enterprise Server (SLES) 15.4 6.47.14408+ TBD
  15 - 15.3 all supported versions Yes
  12.2 - 12.5 all supported versions Yes
  12.1 (distro supported on IBM s390X only) unsupported No
  11.4 (you must also install OpenSSL version 1.0.1e or greater) all supported versions No
Ubuntu 22.04 LTS all supported versions No
  20.04 LTS all supported versions No
  18-AWS all supported versions No
  18.04 LTS all supported versions Yes
  16.04 LTS and 16.04.5 LTS all supported versions No on 16.04.5
Yes on 16.04
  16-AWS all supported versions No
  14.04 LTS all supported versions No
Windows Subsystem for Linux 2 (WSL2) WSL2 6.51.14810 ---

5 Docker is supported only on the Linux distributions and versions indicated above.
6 We support the Graviton versions of these Linux server OSes. Cloud Machine Learning (ML) is supported on the Graviton1 and Graviton2 ARM processors beginning with sensor version 6.19.11610+.
 

Unsupported

All other Linux distributions and versions are unsupported, including but not limited to:

  • Amazon 2017.03 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
  • CentOS 8 Stream, all versions
  • CentOS 9 Stream, all versions
  • CentOS 7.1-7.3 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
  • CentOS 6.5-6.6 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
  • RHEL 7.1-7.3 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
  • RHEL 6.5-6.6 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
  • SLES 12.1 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
  • We support Linux servers and desktops running supported long term support (LTS) kernels. Other kernel versions, such as custom or hardware enablement (HWE) are unsupported.
  • No other operating systems or containers are currently supported.
  • Desktop OSes are not supported.
  • CrowdStrike does not support community or custom kernels. Only kernels released by the OS vendors, which are currently supported by the OS vendors, are supported.
     

Additional Notes

As noted in the 6.39.13601 release notes, On-Sensor ML does not work for files/executables running in non-init user namespaces when Security-Enhanced Linux is enabled and enforcing. This applies to all supported sensor versions.

On RHEL and SLES hosts that are not licensed, it becomes difficult to install any software (such as Falcon) on the host, or successfully perform upgrades. This can also be the case where the distribution or kernel falls out of support by the vendor.

 

Appendix B - Ivanti Supported Linux Distributions

For the most current list, click this link:

https://help.ivanti.com/res/help/en_US/IA/2021/GS/46300.htm

Was this helpful?
0 reviews
Print Article

Details

Article ID: 137188
Created
Tue 3/22/22 2:29 PM
Modified
Mon 5/6/24 3:09 PM

Related Services / Offerings (1)

Register your University-owned Linux workstation