This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Kernel Module is Disabled - Status STOPPED - help installing

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Kernel Module is Disabled - Status STOPPED - help installing

PWCMSS
L1 Bithead

‎07-11-2024 10:46 PM

I followed the instructions on the website,and there was a problem

root@jordan-server:~/tmp# dpkg -i cortex-8.2.0.118335.deb 
Selecting previously unselected package cortex-agent.
(Reading database ... 83347 files and directories currently installed.)
Preparing to unpack cortex-8.2.0.118335.deb ...
Active kernel LSM: lockdown,capability,landlock,yama,apparmor
[ 1] Checking prerequisites
Verifying Ubuntu 24 (dpkg) packages:
  * openssl ... OK
  * ca-certificates ... OK
Done
Unpacking cortex-agent (8.2.0.118335) ...
Setting up cortex-agent (8.2.0.118335) ...
Active kernel LSM: lockdown,capability,landlock,yama,apparmor
[ 1] Installing Cortex XDR [8.2.0.118335] at /opt/traps
Detected glibc v2.39 via getconf
Using system libraries
Done
[ 2] Creating runtime directory
Done
not a dynamic executable
[ 3] Verifying iptables prerequisite
Done
[ 4] Defining Cortex XDR local services (systemd)
Created symlink /etc/systemd/system/multi-user.target.wants/traps_pmd.service → /etc/systemd/system/traps_pmd.service.
Done
[ 5] Creating/Verifying Cortex XDR auxiliary user
Done
[ 6] Configuring connection to server
Done
[ 7] Starting Cortex XDR security services
              Name       PID           User                Status Command
               pmd      3837           root               Running /opt/traps/bin/pmd
              clad       N/A            N/A               STOPPED N/A
              dypd       N/A            N/A               STOPPED N/A
              spmd       N/A            N/A               STOPPED N/A
              lted       N/A            N/A               STOPPED N/A
              pyxd       N/A            N/A               STOPPED N/A
Done

root@jordan-server:/opt/traps/bin# ./cytool status
Agent version: 8.2.0.118335
Content version:

Bpf is Disabled Kernel Module is Disabled Fallback is Disabled
Bpf is Not Running Kernel Module is Not Loaded
Event collection current status is: according to policy

Facility Policy State
Event Collection Disabled Disabled
EDR Disabled Disabled
DSE Disabled Disabled
ECL Disabled Disabled
File Scan Disabled Disabled
File Prevalence Disabled Disabled
LTEE Disabled Disabled
---------------------
EDR Disk Quota Status
---------------------
Quota Status: Ok
Current Disk Usage (MB): 0.00
High Watermark (MB):200.00
Low Watermark (MB):160.00

Operational Status:
General : No Content Received
Anti Exploit : Functional
Anti Malware : Anti Malware Flow Is Async
EDR : Functional
DSE : Functional
Anti LPE : AntiLPE Is Async


Last Successful Check-In time (UTC): 1970-01-01T00:00:00Z
Last Successful Check-In time (local): 1970-01-01T00:00:00Z

PID USER STIME RSS TIME COMMAND
3837 root 02:53 97060 00:00:52 pmd

 

Cortex XDR server show that.

 

PWCMSS_0-1720763075599.png

 

What went wrong, or was something not done?

 

kernel version:  6.8.0-38-generic

0 Likes Likes
4 REPLIES 4

jmazzeo
L4 Transporter

‎07-12-2024 08:46 AM

Hi @PWCMSS, thanks for reaching us using the Live Community.

 

I can see in the logs that this is an Ubuntu 24 distro. This is not supported at the moment, that's why the agent can't start the services.

Please check here the distros and kernel versions supported: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Linux-Kernel-Versions/Ubuntu-18-aarch64

It gets updated every time a new Content Update supports a new distro or kernel.

 

If this post answers your question, please mark it as the solution.

JM
0 Likes Likes

PWCMSS
L1 Bithead

‎07-14-2024 07:18 AM

PWCMSS_0-1720966648590.png

It does not seem to be a kernel version problem

0 Likes Likes

jmazzeo
L4 Transporter
In response to PWCMSS

‎07-15-2024 05:53 AM - edited ‎07-15-2024 05:54 AM

The documentation recommends 8.5 agent for this kernel version as the minimal version: 

jmazzeo_0-1721048039660.png

 

Anyway, I'll recommend you to open a TAC case to have better log investigation with the support team.

JM
0 Likes Likes

PWCMSS
L1 Bithead

‎07-15-2024 06:31 PM

My kernel core version is 5.15.0-113-generic #123-Ubuntu SMP Mon Jun 10 08:16:17 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

PWCMSS_0-1721093366592.png

refer to:https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Linux-Kernel-Versions/Ubuntu-22-x86_64

PWCMSS_1-1721093429380.png

 

0 Likes Likes
  • 488 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks