On 2024-07-22 10:23, Dan Ritter wrote:
Rich Pieri wrote:
While the CrowdStrike (not to be confused with CloudFlare) fiasco
Friday affected millions of Windows computers, Linux is not immune to
such an event. I'm not familiar with CrowdStrike Falcon, but my
employer uses competing PaloAlto Networks' Cortex XDR. It's a similar
service with similar capabilities, and there are Linux endpoint
packages. These hook themselves into the kernel at a low level via
modules so they can do things like isolate individual machines when
they exhibit suspicious or malicious behavior.
They also could, with the right -- or wrong -- updates, crash or hang
the kernel at startup.
Recovery under such conditions would be nearly identical to the process
that 8.5 million Windows computers are undergoing: boot some form of
recovery media, mount the filesystem where the endpoint software or
data are installed, delete or replace the relevant files, and reboot.
In fact, CrowdStrike Falcon has a Linux version; it also
requires a kernel module; and it exhibited a similar -- but
different crash back in March.
I wonder if their QA department is hiring.... Dan G
_______________________________________________
Discuss mailing list
Discuss@driftwood.blu.org
https://driftwood.blu.org/mailman/listinfo/discuss
