How To
Summary
This article covers the checks to verify whether your kernel headers match the exact version of the kernel running by the Linux system on which you are currently installing the QRadar EDR (formerly ReaQta) Linux agent version 0.60.0.
Objective
In order to compile the kernel version-specific eBPF object, Falco needs some specific Linux kernel headers.
Steps
Depending on the Linux distribution, there are different ways to get the Kernel and header version.
Ubuntu, Debian:
To check current kernel version type: uname-a
To check kernel header version type: apt list linux-headers-$(uname -r)
CentOS, RHEL, and OpenSUSE:
To check current kernel version type: uname-a
To check kernel header version type: rpm -q kernel-devel
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSZAA2","label":"Agent-\u003EInstallation-\u003ELinux"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.10.0"}]
Product Synonym
ReaQta
Was this topic helpful?
Document Information
Modified date:
16 May 2023
UID
ibm16843059