Limitations for Device Posture support
- Auto updates of Operating System (OS)
If you're using Device posture on Ubuntu, automatic detection of OS upgrades is possible only if configured with apt unattended-upgrades package
See AutomaticSecurityUpdates in Ubuntu documentation.
- Device Certificates
Device certificates are detected for certificate profiles only if they are configured in these two forms:
-
Using the NSS-Shared DB in Linux Cert Management.
a.The private key must be added as an identity and must show up when you runcertutil -d sql:$HOME/.pki/nssdb -K
b. A certificate must exist with the same alias as the private key from the above command. -
Certificates are stored as flat files in a directory.
a. Only$HOME/.certs
directory is supported.
b. Only container formats with these extensions are supported, .p12, .pfx
c. If the organization manages certs and keys separately, EAA supports the following formats - .key for private keys and .crt for certificates
d. For private keys, EAA only supports PKCS1 and PKCS8 private keys encoded in PEM format. EAA supports rsa, ecdsa, and ed25519 private keys
e. For certificates, EAA supports any PEM encoded valid x509 certificate.
-
SIA integration is not supported.
-
Anti-malware support
On Ubuntu, anti-malware products that are managed by systemd, and can be queried using systemctl command are supported. Supported systemctl command and systemd services are:
systemctl command | systemd service |
---|---|
Eset | esets.service |
Sophos | sav-protect.service |
ClamAV | clamav-freshclam.service, clamav-daemon.service |
Comodo | cmdavd.service |
CrowdStrike | falcon-sensor.service |
Sentinel | sentinelone.service |
CarbonBlack | cbagentd.service |
-
Firewall status - On Ubuntu, Uncomplicated Firewall (UFW) is supported. See UncomplicatedFirewall in Ubuntu documentation. Uncomplicated firewall manages IP table rules. IP table rules can be added independently bypassing Uncomplicated Firewall.
-
Installed browsers - For Ubuntu, browsers are detected only if they are installed with dpkg or snap. Other installation methods including moving a binary into the path or manual configuration is not detected.
Dpkg detection is possible for the following:
Browser | Package name |
---|---|
Google Chrome | google-chrome-stable |
Firefox | firefox |
Chromium | chromium |
Opera | opera-stable |
Snap detection is possible for the following:
Browser | Package name |
---|---|
Firefox | firefox |
Chromium | chromium |
Opera | opera |
Updated almost 2 years ago