Linux kernel compatibility

Deep Security supports the following Linux kernel scopes:

  • General kernel, which includes general-purpose Linux kernels available to all customers. These kernels are provided by supported operating system partners listed in Deep Security Agent platform compatibility.
    A kernel is not considered within the general scope if it is related to experimental (for example, CentOS Stream), appliances (for example, Exadata), community (for example, ELRepo), customized, and so on.
  • Select extended support kernel, which includes the following:
    If a kernel is not within the preceding support scope, Deep Security cannot provide a kernel support package.

Supported Linux kernels vary by the agent version:

You can also use a JSON list of Linux kernels that the agent supports with scripts and automated workflows.

Disable optional Linux kernel support package updates

In previous agent versions, the kernel driver update process always downloaded the latest kernel support package from the relay when an agent was restarted or the computer rebooted. However, unless you have upgraded the kernel, the agent often does not need to update its kernel support package. Therefore for Deep Security Agent 20.0.0-3067+ with Deep Security Manager 20.0.503+, you can disable optional kernel support package updates to improve performance. For details, see Supported features by platform.

Disable kernel support package updates on one computer

  1. In Deep Security Manager, go to Computers.
  2. Double-click the computer where you want to disable kernel support package updates (or select the computer and then select Details).
  3. Select Settings. From Automatically update kernel package when agent restarts, select No.
  4. Save your changes.

Disable kernel support package updates on multiple computers

  1. In Deep Security Manager, go to Policies.
  2. Double-click the policy that protects multiple computers where you want to disable kernel support package updates (or select the policy and then Details).
  3. Select Settings. From Automatically update kernel package when agent restarts, select No.
  4. Save your changes.