English | 简体中文
Automated deployment of Elkeid tools
ssh root@x.x.x.x
without password to any backend server~/.elkeidup
dirIn this open-source version, we have integrated a service to provide auto-download capabilities for kernel driver files of those kernel versions that are missing from pre-compiled lists.
Service background: Elkeid Driver works in the kernel state. Since the kernel module loaded by the kernel is strongly bound to the kernel version, the kernel driver would have to match the correct kernel version. We cannot occupy the resources of the client's computer to compile ko files on the client's host machines when installing the agent. Therefore, we precompiled kernels for major Linux system distributions in the release package to fit general cases. Currently, there are a total of 3435 precompiled ko, but there are still two problems that cannot be solved. One is that it cannot be updated in real-time. After the Major Linux system distributions release new updates to the kernel, we cannot and do not have enough manpower to catch up with those changes in time. The other problem is that you may use your own Linux kernel distribution. To this end, we provide the function of automatically downloading the missing precompiled kernel drivers. This function is mainly to inform our relevant engineer that some specific kernel versions are being used by users, and the release version should be updated as soon as possible. If you choose to agree and enable this service, we need to collect some basic operating information at the same time, so that we can customize priority scheduling according to users with different needs, and give a reasonable evaluation of resource occupation. The email information filled in is only used to distinguish the identity of the source, real email or any nickname can be used. Specific information is as follows:
If you do not agree to enable this service, you can still have access to all pre-compiled ko included in the release package, and all other functions will not be affected.
The specific operation is to download ko_1.7.0.9.tar.xz
on the release interface, and then replace package/to_upload/agent/component/driver/ko.tar.xz
. During deployment, ko will be decompressed to /elkeid/nginx/ElkeidAgent/agent/component/driver/ko
directory.
You may simply enable related functions during the elkeidup deployment progress. The relative config could also bee found inside elkeidup_config.yaml
file in the conf directory where the manager is running based upon. If you enable this service during deployment, but need to disable it in the subsequent process, you can set report.enable_report in the elkeidup_config.yaml
file to false, and then restart the manager.
The codes for collecting information and downloading KO files from Elkeid services are all in the open-sourced code. The relevant functions are listed as follows.
internal/monitor/report.go
.internal/monitor/report.go
.biz/handler/v6/ko.go
.此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。