To manually check for <OS Distro> before or after sensor installation, perform the following steps.

Procedure

  1. Determine whether the kernel includes BTF metadata.

    To check for the Linux kernel file, run the following command:

    $ ls /sys/kernel/btf/vmlinux
  2. Review the boot configuration file settings to determine whether the kernel has BPF features enabled.
    1. To determine whether all of the following flags are set to equal to y: CONFIG_BPF, CONFIG_BPF_SYSCALL, CONFIG_BPF_JIT, CONFIG_BPF_EVENTS, run the following command: 
      $ egrep '(CONFIG_BPF|CONFIG_BPF_SYSCALL|CONFIG_BPF_JIT|CONFIG_BPF_EVENTS)=' /boot/config-$(uname -r)
    2. One of the following flags must be set equal to y: CONFIG_HAVE_BPF_JIT or CONFIG_HAVE_EBPF_JIT: 
      $ egrep '(CONFIG_HAVE_BPF_JIT|CONFIG_HAVE_EBPF_JIT)=' /boot/config-$(uname -r)
  3. To check whether the kernel headers are preconfigured into the kernel, run the following command. If they are preconfigured, you do not have to install the packages. 
    $ cat /boot/config-$(uname -r) | grep CONFIG_IKHEADERS
    Note: On Oracle UEK, there might be no output from running this command.

    A result of either CONFIG_IKHEADERS=m or CONFIG_IKHEADERS=y indicates that you should not need to install any headers for BPF. Any other result means that you must manually install the kernel header packages.

    If the kernel headers are preconfigured, a kernel module creates a directory with the headers under /tmp.

    To check for the existence of this header directory, run the following command:

    $ ls -ld /tmp/kheaders-$(uname -r)*
  4. For Debian OS, add IPtables as a prerequisite for using the Quarantine feature.

What to do next

Perform the following Linux variant instructions to check for kernel headers and to install them if necessary.
Note:
  • You might need to activate subscriptions or configure package repositories to install packages.
  • Linux distributions regularly update the kernel package and do not always keep the old kernel headers package in their repositories. If you cannot find the associated header packages for your kernel, update the system to a newer supported kernel, install the associated kernel header packages, and then boot the new kernel. Only update the kernel as much as needed, and to a version that the sensor supports. See Linux Operating Systems and Respective Sensors for reference.
  • When you update the kernel, you must also update the kernel header package before you reboot.