Is RHEL7 supported?

[aka0]

While RHEL7 rpm is posted, has anyone installed it successfully? RHEL7 bundles glibc 2.17 therefore dependencies check will fail.

$ rpm -Uvh sysinternalsebpf-1.0.0-1.x86_64.rpm 
error: Failed dependencies:
libc.so.6(GLIBC_2.22)(64bit) is needed by sysinternalsebpf-1.0.0-1.x86_64
libc.so.6(GLIBC_2.26)(64bit) is needed by sysinternalsebpf-1.0.0-1.x86_64
libjson-glib-1.0.so.0()(64bit) is needed by sysinternalsebpf-1.0.0-1.x86_64

$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.7 (Maipo)

$ rpm -qa|grep glibc
glibc-2.17-292.el7.x86_64
glibc-common-2.17-292.el7.x86_64
glibc-devel-2.17-292.el7.x86_64
glibc-headers-2.17-292.el7.x86_64

If it's not supported then perhaps reference to RHEL7 (and CentOS7) should be removed.

[jordaneyres]

I'm also having this issue installing from rpm package on Centos 7.

[jordaneyres]

@aka0 I was able to make from source on Centos 7. However, If you're looking to use this with Sysmon for Linux, I'm hitting issues getting sysmon for linux to compile. eBPF was backported to the 3.10 kernel, but apparently it's not the full deal. Will be opening an issue over at the Sysmon for Linux repo if of interest.

[aka0]

I was able to make from source on Centos 7.

I'll give it a try.

Will be opening an issue over at the Sysmon for Linux repo if of interest.

Please do. Thanks.

[fluidum]

#  rpm -Uvh sysinternalsebpf-1.0.0-1.x86_64.rpm
error: Failed dependencies:
        libc.so.6(GLIBC_2.22)(64bit) is needed by sysinternalsebpf-1.0.0-1.x86_64
        libc.so.6(GLIBC_2.26)(64bit) is needed by sysinternalsebpf-1.0.0-1.x86_64
        libjson-glib-1.0.so.0()(64bit) is needed by sysinternalsebpf-1.0.0-1.x86_64
# rpm -qa|grep glibc
glibc-devel-2.17-323.0.1.el7_9.x86_64
glibc-common-2.17-323.0.1.el7_9.x86_64
glibc-utils-2.17-323.0.1.el7_9.x86_64
glibc-2.17-323.0.1.el7_9.x86_64
glibc-headers-2.17-323.0.1.el7_9.x86_64
glibc-2.17-323.0.1.el7_9.i686
#  cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)

Also can't build from source.

[robingarner-scu]

We logged a Premier Support call with Microsoft, and this is the reply,

Support for Red Hat 7 is limited currently and the inclusion in the INSTALL.md was mainly for future versions. They plan on updating the doc to reflect this. Please note that Red Hat 8 support is also experimental at this point.

[kesheldr]

RHEL 7 and 8 support are on the list. RHEL 8 will be easier and quicker as the problems are minor. RHEL 7 might be tricky depending on how much eBPF is available in their backport.

[MarioHewardt]

I've pushed a fix that should resolve the issue on RHEL8. You will have to run getOffsets (https://github.com/Sysinternals/SysinternalsEBPF/tree/main/getOffsets) to get this to work.