While the CrowdStrike (not to be confused with CloudFlare) fiasco Friday affected millions of Windows computers, Linux is not immune to such an event. I'm not familiar with CrowdStrike Falcon, but my employer uses competing PaloAlto Networks' Cortex XDR. It's a similar service with similar capabilities, and there are Linux endpoint packages. These hook themselves into the kernel at a low level via modules so they can do things like isolate individual machines when they exhibit suspicious or malicious behavior.
They also could, with the right -- or wrong -- updates, crash or hang the kernel at startup. Recovery under such conditions would be nearly identical to the process that 8.5 million Windows computers are undergoing: boot some form of recovery media, mount the filesystem where the endpoint software or data are installed, delete or replace the relevant files, and reboot. -- \m/ (--) \m/ _______________________________________________ Discuss mailing list Discuss@driftwood.blu.org https://driftwood.blu.org/mailman/listinfo/discuss
