Email or username:

Password:

Forgot your password?
Matthew's posts Post Back to profile
Top-level
growse ❎

@mjg59 are crowdstrike actually using that yet?

I've heard (seventeenth-hand) that they're not supporting Ubuntu 24.04 yet because of eBPF, but am sure it's probably more complicated than that.

In any case, great job on writing the correct interface / abstraction KP!

20 July at 0:43 | Wall-to-wall | Open on hachyderm.io
8 comments
Matthew Garrett

@growse I believe so as of recent versions!

20 July at 0:46 | Open on nondeterministic.computer
ticho

@mjg59 @growse That sounds great! We had several production Linux servers crashing just last year because of silent kernel memory corruption by the CS Falcon kernel module, so it's good to know this will cease to be an issue going forward.

20 July at 7:38 | Open on mas.to
growse ❎

@mjg59 i will go hassle the people who owe me a 24.04 image and are using crowdstrike as a reason that it doesn't exist yet. Thanks!

20 July at 8:41 | Open on hachyderm.io
smolwaffle

@growse
They definitely still claim not to support Ubuntu 24.04. That's the same reason why my current employer is insisting that we all migrate to Ubuntu 22.04 rather than 24.04.

I haven't looked at the actual script that checks kernel versions to see if it lists the one used in 24.04.
@mjg59

20 July at 11:39 | Open on union.place
growse ❎

@smolwaffle @mjg59 i mean, security vendor doesn't support current LTS of major OS distribution is a smell in itself...

20 July at 11:52 | Open on hachyderm.io
Matthew Garrett

@smolwaffle @growse ebpf doesn't entirely abstract you from kernel internals - you still need to deal with internal API and ABI changes, so there's still some work in supporting newer kernels. It just means you'll fail to work rather than taking the entire thing down with you.

20 July at 15:36 | Open on nondeterministic.computer
growse ❎

@mjg59 @smolwaffle fair, and arguably the important bit.

When it comes to an agent that (typically) another group is foisting on a service, "working" is not a primary concern. "Not taking the box down" is much more significant:)

20 July at 16:45 | Open on hachyderm.io
Nicolas SAPA
@growse @mjg59 Yes they use eBPF on Linux host.
I was pleasantly surprised to see their agent didn't taint the kernel on RHEL 8 and Debian Bookworm.
20 July at 3:30 | Open on ublog.byme.at
Go Up