rsyslog and many other frameworks only work for programs that also output to rsyslog. For programs that do log to rsyslog, structured logging support is rarely available. There’s a reason tools like LogBeat exist; rsyslog is but one log aggregation tool.
SELinux is easy for trivial setups, but its tooling is clunky (and who the hell uses a binary format to store permissions anyway?). I much prefer AppArmor myself.
I don’t think CrowdStrike’s target audience is Linux shops. I get the feeling they have Linux support because some of their customers asked about it, and maybe it’ll work on some loosely configured end user systems, but enterprise Linux doesn’t seem to be their focus.
What do you use for live threat protection on Linux? If there’s a way to avoid these closed source trash fires I’ll gladly take it, but the best I’ve come across has been ClamAV and that’s not that great.
rsyslog and many other frameworks only work for programs that also output to rsyslog. For programs that do log to rsyslog, structured logging support is rarely available. There’s a reason tools like LogBeat exist; rsyslog is but one log aggregation tool.
SELinux is easy for trivial setups, but its tooling is clunky (and who the hell uses a binary format to store permissions anyway?). I much prefer AppArmor myself.
I don’t think CrowdStrike’s target audience is Linux shops. I get the feeling they have Linux support because some of their customers asked about it, and maybe it’ll work on some loosely configured end user systems, but enterprise Linux doesn’t seem to be their focus.
What do you use for live threat protection on Linux? If there’s a way to avoid these closed source trash fires I’ll gladly take it, but the best I’ve come across has been ClamAV and that’s not that great.