Open twelsh-aw opened 1 day ago
redhatrises
commented
1 day ago @twelsh-aw for your awareness, we are moving all linux systems that support eBPF away from kernel mode starting with version 7.16, and they will primarily be user mode by default.... which means querying kernel versions no longer maps to the kernel api when eBPF is in use. For older OSes, this feature will still be relevant for OSes that do not support eBPF.
twelsh-aw
commented
1 day ago Ack. Thanks for the info.
These were all Amazon Linux 2 hosts (4.14 kernel stream), but this has prompted us to just upgrade everything still behind to AL2023 so we can run CS in user mode.
Probably much lower priority than other resources that can be added to the provider so feel free to close this issue out. We'd might still make use of this datasource in a pinch, but not as strong as a desire as originally thought this morning :)
We currently manage some falcon sensor deployments on AWS. We try to select the latest AMI possible but occasionally run into issues with selecting a new version with kernel falcon doesn't currently support.
We currently have our own terraform wrapper to call this API https://falcon.us-2.crowdstrike.com/documentation/page/cf432222/sensor-update-policy-apis#t6a20418, and pass the results into an AMI filter.
A provider-supported resource that is officially maintained would be even more helpful to us.
Let me know if this isn't the right provider for such a request. Just stumbled upon this provider and glad to see this exist!