Rich Pieri wrote: > While the CrowdStrike (not to be confused with CloudFlare) fiasco > Friday affected millions of Windows computers, Linux is not immune to > such an event. I'm not familiar with CrowdStrike Falcon, but my > employer uses competing PaloAlto Networks' Cortex XDR. It's a similar > service with similar capabilities, and there are Linux endpoint > packages. These hook themselves into the kernel at a low level via > modules so they can do things like isolate individual machines when > they exhibit suspicious or malicious behavior. > > They also could, with the right -- or wrong -- updates, crash or hang > the kernel at startup. > > Recovery under such conditions would be nearly identical to the process > that 8.5 million Windows computers are undergoing: boot some form of > recovery media, mount the filesystem where the endpoint software or > data are installed, delete or replace the relevant files, and reboot.
In fact, CrowdStrike Falcon has a Linux version; it also requires a kernel module; and it exhibited a similar -- but different crash back in March. -dsr- _______________________________________________ Discuss mailing list Discuss@driftwood.blu.org https://driftwood.blu.org/mailman/listinfo/discuss
