System requirements
For more information on BEST for Linux installation requirements refer to security agent requirements on Linux.
Hardware requirements
Configure the guest operating systems where you are deploying BEST as follows:
General
Resource | Minimum | Recommended |
|---|---|---|
Processor | 2 vCPUs | 4 vCPUs |
Memory (RAM) | 2 GB RAM | 4 GB RAM |
Free Disk Space | 2.5 GB (up to 4 GB disk with debug logs enabled) | 4 GB |
Public Cloud
Cloud Service Provider (CSPs) | Minimum (instance type) | Recommended (instance type) |
|---|---|---|
Amazon Web Services (AWS) | T3 small | Any instance ≥ 4 vCPUs, 4 GB RAM, min 4 GB SSD |
Microsoft Azure | Standard B2s | Any instance ≥ 4 vCPUs, 4 GB RAM, min 4 GB SSD |
Google Cloud Platform (GCP) | E2 small or custom | Any instance ≥ 4 vCPUs, 4 GB RAM, min 4 GB SSD |
Fully Supported Linux Modern Distributions
Distribution | Kernel versions |
|---|---|
RHEL 7.x & 8.x | 3.10.0-957 – 4.18.0 |
Oracle Linux 7.x (UEK +RHCK) | 3.10.0-957 – 4.18.0 |
Oracle Linux 8.x (UEK +RHCK) | 3.10.0-957 – 4.18.0 |
CentOS 7.x | 3.10.0-957 – 4.18.0 |
CentOS 8.x | 3.10.0-957 – 4.18.0 |
Debian 9 | 4.9.0 |
Debian 10 | 4.19 |
Debian 11 | 5.10 |
Ubuntu 16.04.x | 4.4.x |
Ubuntu 18.04.x | 5.0/5.3 |
Ubuntu 20.04.x | 5.4 |
Ubuntu 21.04.x | 5.11 |
Ubuntu 21.10.x | 5.13 |
SLES 12 SP4 | 4.12.14-x |
SLES 12 SP5 | 4.12.14-x |
SLES 15 SP1 | 4.12.14-x |
SLES 15 SP2 | 5.3.18-x |
SLES 15 SP3 | 5.3.18-x |
openSUSE Leap 15.2 | 5.3.18 |
AWS Bottlerocket 2020.03 | 5.4.x, 5.10.x |
Amazon Linux v2 | 4.14.x / 4.19.x |
Google COS Milestones 77, 81, 85 | 4.19.112 / 5.4.49 |
Azure Mariner | 5.4, 5.10 |
Fedora 31 – 34 | Supported until it expires. |
AlmaLinux 8.x | 4.18.0 |
Rocky Linux 8.x | 4.18.0 |
CloudLinux 8.x | 4.18.0 |
CloudLinux 7.x | 3.10 |
Pardus 21 | 5.10 |
Supported Linux Legacy Distributions
Distribution | Kernel versions |
|---|---|
RHEL 6.x | 2.6.32-x |
Oracle Linux 6.x (6.3 or newer) | 2.6.32-x |
Ubuntu 14.04 LTS | 4.4.x (14.04.5) |
SLES 11, SP4 | 3.0.x |
Amazon Linux v1 2018.03 | 4.14.x |
Software requirements
GravityZone requirements
BEST for Linux is compatible with GravityZone Cloud and GravityZone On-Premises versions 6.13.1-1 or newer.
Additional software requirements
On-access scanning is available for supported operating systems as follows:
Kernel 2.6.38 or higher – Supports all Linux distributions. The fanotify kernel option must be enabled.
Kernel 2.6.32 – 2.6.37 – CentOS 6.x Red Hat Enterprise Linux 6.x – Bitdefender provides support via DazukoFS with prebuilt kernel modules.
You need auditd as a fallback mechanism in case kProbes are not available for your Kernel version.
You need to disable Selinux before installing BEST for Linux.
Licensing
Linux operating systems are considered Server operating systems by Bitdefender agent and will use server license seats from your pool of licenses.
Although deploying the software has no direct license requirement, depending on your license some functionality might not be available. For protection layers availability refer to Features by endpoint type
Installing
For more information on stalling BEST for Linux refer to Install security agents – standard procedure
There are several options to install BEST on a Linux machine:
An installation task from the GravityZone Control Center > Network inventory section.
Manual installation via a installation package downloaded from the Control Center.
Example:
Go to Network > Packages and select the install package to be downloaded.
Select Send Download Links to expand the provided links.
Copy the Linux string and paste it into the shell on your target endpoint to download the installation package.
Unpack the installation file:
# tar -xvf Bitdefender_for_Linux.tarChange permissions to the installation file so that you can execute it:
# chmod +x installerRun the installation file:
# ./installer
To check that the agent has been installed on the endpoint, run this command:
$ systemctl status bdsecScanning
Bitdefender Endpoint Security Tools for Linux provides on-access scanning for a number of preconfigured system directories. To review this list or add other directories to be scanned:
Choose a policy from the Control Center Policies page.
Go to the Antimalware > On-Access section.
Next to On-access Scanning, click Settings.
Click Advanced.
Configure which folders the agent should scan constantly.
Additionally, you can schedule Full / Custom / Quick Scan tasks by using these steps:
Choose a policy from the Control Center Policies page.
Go to the Antimalware > On-Demand section.
Click the +Add button.
Select a scan type. With the Custom Scan type you can configure scan options and folders to be scanned in detail.
Configure the scan task scheduling options as needed.
Configure scan options and target as needed.
Click the Save button.
To manually scan Linux endpoints:
Run the task from the Control Center Network inventory, by right-clicking the target machine and selecting Tasks > Scan.
Start the scan task locally using the command line interface. For more information, refer to Scanning for malware
Troubleshooting
You can check Bitdefender Endpoint Security Tools services by running the following commands:
bd status – to check services status
bd start – to start services
bd stop – to stop services
bd restart – to restart services
Other commands:
To detect any system proxy:
/opt/BitDefender/bin/bdconfigure getsystemproxy
To check all of the versions that were previously installed on the machine as well as the current one, open vhist.dat:
/opt/BitDefender/etc/vhist.dat
Deploying EDR using Linux AuditD
Note
We recommend this method to be used only when neither KProbes nor eBPF methods are not available. The AuditD subsystem was not designed to be used in this manner and may cause increased CPU usage.
Some operating systems require you to take additional steps before deployment. These changes ensure that AudtiD will perform on par with previously available methods. Follow the steps below:
OS | Version | Required steps |
|---|---|---|
Alma Linux 8 | X86 | N/A |
X64 | Edit the Ensure that | |
Alma Linux v1 | X86 | N/A |
X64 | Edit the Edit the /etc/audit/auditd.conf file and set log_format to RAW. | |
Alma Linux v2 | X86 | N/A |
X64 | Edit the Ensure that Copy Run Restart the | |
Centos 6 | X86 | Edit the Edit the |
X64 | Edit the Edit the | |
Centos 7 | X86 | Edit the |
X64 | Edit the | |
Centos 8 | X86 | N/A |
X64 | Edit the | |
Cloud Linux 7 | X86 | N/A |
X64 | Edit the Ensure that | |
Cloud Linux 8 | X86 | N/A |
X64 | Edit the Ensure that | |
Debian 9 | X86 | Edit the Edit the Ensure that |
X64 | Edit the Edit the Ensure that | |
Debian 10 | x86 | Edit the Edit the Ensure that |
X64 | Edit the Edit the Ensure that | |
Debian 11 | X86 | Edit the Edit the Ensure that |
X64 | Edit the Edit the Ensure that | |
Fedora 31 | X86 | N/A |
X64 | Edit the Ensure that | |
Fedora 34 | X86 | N/A |
X64 | Edit the Ensure that | |
OpenSUSE 15.2 | X86 | N/A |
X86 | Edit the Ensure that Copy Run Restart the | |
Oracle 6 | X86 | N/A |
X64 | Edit the Edit the | |
Oracle 7 | X86 | N/A |
X64 | Edit the | |
Oracle 8 | X86 | N/A |
X64 | Edit the | |
Pardus 21 | X86 | N/A |
X64 | Edit the Edit the Ensure that | |
RHEL 6 | X86 | Edit the Edit the |
X64 | Edit the Edit the | |
RHEL 7 | X86 | N/A |
X64 | Edit the | |
RHEL 8 | X86 | N/A |
X64 | Edit the | |
Rocky Linux 8 | X86 | N/A |
X64 | Edit the | |
SLES 15 SP1 | X86 | N/A |
X64 | Edit the Ensure that Copy Run Restart the | |
SLES 15 SP2 | X86 | N/A |
X64 | Edit the Ensure that Copy Run Restart the | |
SLES 15 SP3 | X86 | N/A |
X64 | Edit the Ensure that Copy Run Restart the | |
SLES 12 SP4 | X86 | N/A |
X64 | Edit the Ensure that Copy Run Restart the | |
SLES 12 SP5 | X86 | N/A |
X64 | Edit the Ensure that Copy Run Restart the | |
Ubuntu 14.04 | X86 | Edit the Edit the Set Copy / Run Restart the |
X64 | Edit the Edit the Set Copy Run Restart the | |
Ubuntu 16.04 | X86 | Edit the Edit the Set Copy Run Restart the |
X64 | Edit the Edit the Set Copy Run Restart the | |
Ubuntu 18.04 | X86 | N/A |
X64 | Edit the Edit the Ensure that | |
Ubuntu 20.04 | X86 | N/A |
X64 | Edit the Edit the Ensure that | |
Ubuntu 21.04 | X86 | N/A |
X64 | Edit the Edit the Ensure that | |
Ubuntu 21.10 | X86 | N/A |
X64 | Edit the Edit the Ensure that |
Warning
EDR requests information from the operating system that is not available via the AuditD subsystem. Expect a decreased detection rate.