Body
Managing University of Dayton computers is an important part of UDit's overall "defense-in-depth strategy" (a cybersecurity approach that uses multiple layers of security for holistic protection). In addition to using Active Directory (AD) on the Microsoft side, we are able to manage Windows and Apple computers through Ivanti and JAMF. While Linux doesn’t have the same numbers across campus, there’s no single preferred distribution. Linux users tend to be our most technical users and in some instances manage our infrastructure. Therefore we want to apply similar standards across all three operating system platforms.
Configuration standards
Registration requirement
Appendix A - CrowdStrike Supported Linux Distributions
Appendix B - Ivanti Supported Linux Distributions
Configuration standards
The following configuration standards are for users wanting to use a Linux operating system computer at UD.
NOTE: These standards apply to workstations and are insufficient for server operations and maintenance.
Distribution
There are a variety of ways to differentiate Linux distributions - system architecture, kernel, vendor, etc. We recommend using one that allows use of our CrowdStrike and Ivanti agents. Supported distributions will be attached as appendices to this document. In the event an individual wishes to run a distribution that won’t run, use a distribution that is currently supported by the vendor (with updates) and supports the remainder of the requirements. In those cases where even this isn’t possible, the workstation should not be used on the network.
Asset Management
Ivanti clients are available for a number of different Linux distributions. You’ll find a list in Appendix A. Unlike Windows, Ivanti may not be sufficient to maintain the operating system and installed software. Ivanti will be used for hardware tracking only. Software updates are covered separately.
Antivirus (AV) / Endpoint Detection and Response (EDR)
CrowdStrike sensors are available for a number of different Linux distributions. You’ll find a list in Appendix B. In the event a user wishes to run a distribution that does not support CrowdStrike, the user will install ClamAV or an approved alternative, keep its signature databases current and run monthly scans at a minimum.
Software Updates
Users are responsible for updating their Linux distributions at least monthly.
Encryption / Key Escrow
Users running Linux on laptops will encrypt all disks/volumes with preboot authentication functionality using LUKS or an approved alternative. An encryption key shall be escrowed with the Linux user’s supervisor.
Local Administrator
Privileged accounts such as root will not be used on a day-to-day basis. Use of SU and SUDO is encouraged.
Passwords
Passwords for all local accounts shall be strong and will be 8 or more characters. They will not contain common words (whole or part) or parts of the user’s name or University ID (UDID) and will follow the general guidelines outlined at password.udayton.edu. All passwords, to include root, shall be changed annually.
Firewall
Host firewalls shall be enabled and any ports required to be opened will be documented in the Linux Workstation Registration Form.
NOTE: Labs are a special case. Exceptions to the guidelines may be required and shall be documented.
Registration requirement
Users are expected to maintain Linux workstations to the standards listed above.
Complete the Linux Workstation Registration Form. A workstation record is placed into our asset inventory.
Appendix A - CrowdStrike Supported Linux Distributions
This information is not publicly available on CrowdStrike’s website, but is current as of May 28, 2025. We will periodically update this appendix to keep it current, but feel free to reach out to the IT Risk Management Office if you have questions or want the very latest.
This section discusses Linux operating systems only. Linux support is highly dependent on the kernels used, support of which is updated frequently with new Sensor releases. Therefore, while we can list here the general distributions we are supporting, you will need to consult the Falcon Sensor for Linux Deployment Guide's section, Appendix A – Supported Kernels, to ensure your kernel is supported; find this guide in your Falcon console at Support → Documentation → Sensor Deployment and Maintenance. A sensor running on a supported Linux distribution but an unsupported kernel will enter Reduced Functionality Mode (RFM); Linux sensors in RFM will only send SensorHeartBeat events at this time.
Supported
We support x86_64 and Graviton 64 versions of the Linux OSes listed below, with supported kernels. We also support ARM64 on RHEL/Alma/CentOS/Rocky 8.5-8.6 and on Ubuntu 18.04, 20.04, and 22.04.
|
Linux Distribution
|
Version
|
Minimum Sensor Version
|
Docker Support?
|
| Alma Linux |
9.6 (supported kernels same as RHEL) |
User Mode: 7.23.17607 |
No |
| |
9.5 (supported kernels same as RHEL) |
Kernel Mode:7.23.17607
User Mode: 7.20.17306
|
No |
| |
9.4 (supported kernels same as RHEL) |
7.16.16903 |
No |
| |
9.3 (supported kernels same as RHEL) |
7.07.16206 |
No |
| |
9.2 |
7.03.15803 |
No |
| |
9.1 (User Mode Support Only) |
User Mode: 6.54.15110
Kernel Mode: N/A |
No |
| |
9.0 |
all supported versions |
No |
| |
8.10 (supported kernels same as RHEL) |
Kernel Mode: 7.17.17005
User Mode: 7.16.16903
|
No |
| |
8.9 (supported kernels same as RHEL) |
7.07.16206 |
No |
| |
8.8 |
6.56.15309 |
No |
| |
8.7 |
6.48.14504+ |
No |
| |
8.6 |
all supported versions |
No |
| |
8.5 |
all supported versions |
No |
| |
8.4 |
all supported versions |
TBD |
| Amazon Linux |
2023 |
Kernel Mode: 7.10.16303
User Mode: All supported versions
|
Yes |
| |
2 (with Cloud ML support on Graviton1 and Graviton2 ARM processors) |
all supported versions |
Yes |
|
AWS Bottlerocket
(DaemonSet deployment only)
|
1.11.1+
|
6.58.15508
|
No
|
| CentOS Stream |
9 |
User Mode: 7.16.16903 |
|
| CentOS |
8.5 |
all supported versions |
No |
| |
8.0 - 8.4 |
all supported versions |
No |
| |
7.4 - 7.9 |
all supported versions |
Yes |
|
Debian
|
12
|
Kernel Mode: 7.10.16303
User Mode: 7.06.16108
|
No |
| |
11 |
all supported versions |
No |
| |
10 |
all supported versions |
No |
| |
9 |
all supported versions |
Yes |
| ELRepo |
7.x-8.x LT |
all supported versions |
No |
|
Fedora CoreOS for OKD
(DaemonSet deployment only)
|
4.10 and later
|
User Mode: 7.02.15705
|
No
|
Flatcar Container Linux
(DaemonSet deployment only) |
3227.2.4 and later for ARM64 architecture, 3139.2.2 and later
for x86_64 architecture |
all supported versions |
No |
Google Container-Optimized OS (COS)
(DaemonSet deployment only) |
COS 5.10.176 kernels and later |
6.54.15110+ |
No |
| Oracle Linux |
9, UEK 7 |
all supported versions |
No |
| |
8, UEK 7 |
6.58.15508 |
No |
| |
8, UEK 6 |
all supported versions |
No |
| |
7, UEK 5 and UEK 6 |
all supported versions |
No |
| |
7, UEK 3 and UEK 4 |
all supported versions |
No |
| |
6, UEK 3 and UEK 4 |
all supported versions |
No |
| |
Red Hat Compatible Kernel (RHCK)
(supported RHCK kernels are the same as RHEL) |
all supported versions |
No |
| OpenSUSE Leap |
15.6 (supported kernels same as SLES 15 SP6) |
User Mode: 7.19.17219 |
No |
| |
15.5 (supported kernels same as SLES 15 SP5) |
7.04.15907 |
No |
| |
15.4 (supported kernels same as SLES 15 SP4) |
all supported versions |
No |
| |
15.3 (supported kernels same as SLES 15 SP3) |
all supported versions |
No |
| Photon OS |
5 |
User Mode: 7.20.17306 |
No |
|
Red Hat CoreOS for OpenShift
Note: For DaemonSet deployment only
|
4.11 and later
|
User Mode: 7.02.15705
|
No
|
| Red Hat Enterprise Linux (RHEL) |
9.6 |
User Mode: 7.23.17607 |
No |
| |
9.5
|
Kernel Mode:7.23.17607
User Mode: 7.20.17306
|
No
|
| |
9.4 |
7.16.16903 |
No |
| |
9.3 |
7.07.16206 |
No |
| |
9.2 |
7.03.15803 |
No |
| |
9.1 (User Mode Support Only)
|
User Mode: 6.54.15110
Kernel Mode: 7.01.15604
|
No
|
| |
9.0 |
all supported versions |
No |
| |
8.10
|
Kernel Mode: 7.17.17005
User Mode: 7.16.16903
|
|
| |
8.9 |
7.07.16206 |
No |
| |
8.8 |
6.56.15309 |
No |
| |
8.7 |
all supported versions |
No |
| |
8.6 |
all supported versions |
No |
| |
8.5 |
all supported versions |
No |
| |
8.0 - 8.4 |
all supported versions |
No |
| |
7.7 - 7.9 |
all supported versions |
Yes |
| |
7.4 - 7.7 |
all supported versions |
Yes |
Red Hat Enterprise Linux CoreOS (RHCOS)
(DaemonSet deployment only) |
4.12 |
6.54.15110+ |
No |
| |
4.7 - 4.11 |
all supported versions |
No |
| Rocky Linux |
9.4 (supported kernels same as RHEL) |
7.16.16903 |
No |
| |
9.3 (supported kernels same as RHEL) |
7.07.16206 |
No |
| |
9.2 |
7.03.15803 |
No |
| |
9.1 (User Mode Support Only) |
User Mode: 6.54.15110
Kernel Mode: N/A |
No |
| |
9.0 |
all supported versions |
No |
| |
8.10 (supported kernels same as RHEL)
|
Kernel Mode: 7.17.17005
User Mode: 7.16.16903
|
No
|
| |
8.9 (supported kernels same as RHEL) |
7.07.16206 |
No |
| |
8.8 |
6.56.15309 |
No |
| |
8.7 |
6.48.14504+ |
No |
| |
8.6 |
all supported versions |
No |
| |
8.5 |
all supported versions |
TBD |
| |
8.4 |
all supported versions |
TBD |
| SUSE Linux Enterprise Server (SLES) |
15.6 |
User Mode: 7.19.17219 |
Yes |
| |
15.5 |
7.04.15907 |
Yes |
| |
15.4 |
all supported versions |
Yes |
| |
15 - 15.3 |
all supported versions |
Yes |
| |
12.2 - 12.5 |
all supported versions |
Yes |
| |
12.1 (distro supported on IBM s390X only) |
N/A |
No |
| Ubuntu |
24.04 LTS |
User Mode: 7.19.17219 |
--- |
| |
22.04 LTS |
all supported versions |
No |
| |
20.04 LTS |
all supported versions |
No |
| |
18-AWS |
all supported versions |
No |
| |
18.04 LTS |
all supported versions |
Yes |
| |
16.04 LTS and 16.04.5 LTS |
all supported versions |
No on 16.04.5
Yes on 16.04 |
| |
16-AWS |
all supported versions |
No |
|
Windows Subsystem for Linux 2 (WSL2)
|
WSL2
|
all supported versions
7.11 is last supporting version
|
---
|
Unsupported
All other Linux distributions and versions are unsupported, including but not limited to:
- Amazon 2017.03 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
- Amazon 2017.09 and 2018.03 – last supported on LNX sensor 7.6.16108
- CentOS 8 Stream, all versions
- CentOS 7.1-7.3 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
- CentOS 6.7-6.10 – last supported on LNX sensor 7.6.16108
- CentOS 6.5-6.6 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
- RHEL 7.1-7.3 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
- RHEL 6.7-6.10 – last supported on LNX sensor 7.6.16108
- RHEL 6.5-6.6 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
- SLES 12.1 – last supported on sensor 5.43.10807 through EOS on May 8, 2021
- SLES 12.1 – last supported on LNX sensor 5.43.10807 through EOS on May 8, 2021
- Ubuntu 14.04 LTS – last supported on LNX sensor 7.6.16108
- No other operating systems are currently supported.
- We support Linux servers and desktops running supported long term support (LTS) kernels. Other kernel versions, such as custom or hardware enablement (HWE) are unsupported.
- CrowdStrike does not support community or custom kernels. Only kernels released by the OS vendors, which are currently supported by the OS vendors, are supported.
Additional Notes
As noted in the 6.39.13601 release notes, On-Sensor ML does not work for files/executables running in non-init user namespaces when Security-Enhanced Linux is enabled and enforcing. This applies to all supported sensor versions.
On RHEL and SLES hosts that are not licensed, it becomes difficult to install any software (such as Falcon) on the host, or successfully perform upgrades. This can also be the case where the distribution or kernel falls out of support by the vendor.
Appendix B - Ivanti Supported Linux Distributions
For the most current list, click this link:
https://help.ivanti.com/res/help/en_US/IA/2021/GS/46300.htm