search

Sysinternals / SysmonForLinux

MIT License
1.68k stars 180 forks source link

Fedora instructions use a repo that does not have sysmonforlinux #141

Closed sourceXORapprentice closed 10 months ago

sourceXORapprentice commented 10 months ago

Describe the bug Instructions for Fedora 37 and 38 point to a Microsoft repo that does not contain sysmon for linux.

To Reproduce Steps to reproduce the behavior.

  1. Open instructions for installing on Fedora 37 or 38 from a Fedora 37 or 37 system: https://github.com/Sysinternals/SysmonForLinux/blob/main/INSTALL.md
  2. Do this command successfully: sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc sudo wget -q -O /etc/yum.repos.d/microsoft-prod.repo https://packages.microsoft.com/config/fedora/37/prod.repo
  3. Do this command and have an install fail: sudo dnf install sysmonforlinux $ sudo dnf update && sudo dnf install sysmonforlinux packages-microsoft-com-prod 49 B/s | 1.5 kB 00:32 Dependencies resolved. Nothing to do. Complete! Last metadata expiration check: 0:00:02 ago on Wed Sep 20 16:45:37 2023. No match for argument: sysmonforlinux

Checking the repository confirms the latest release files are missing here: https://packages.microsoft.com/fedora/37/prod/Packages/

Expected behavior Following the instructions would lead to sysmonforlinux installing on Fedora 37 and 38.

Additional context Manually downloading from RHEL9's repository and installing sysinternalsebpf-1.2.0-0.el8.x86_64.rpm sysmonforlinux-1.3.0-0.el8.x86_64.rpm results in successful installation (https://packages.microsoft.com/rhel/9.0/prod/Packages/s/). I have not tested how this works in practice and while theoretically this should be fine I'm not sure what instability may result from using the whole RHEL9 repo.

MarioHewardt commented 10 months ago

Thanks for reporting this @sourceXORapprentice. Can you try the Fedora repo again?

sourceXORapprentice commented 10 months ago

Thanks for the quick reply! Sorry I didn't specify the dependency, sysmonforlinux-1.3.0-0.el8.x86_64.rpm also requires sysinternalsebpf-1.2.0-0.el8.x86_64.rpm pushed to the 37/38 folders https://packages.microsoft.com/fedora/38/prod/Packages/s/ which ought to do the trick.

MarioHewardt commented 10 months ago

SysinternalsEBPF should now be out there as well. Can you give it another try?

sourceXORapprentice commented 10 months ago

Excellent! Yes it ran perfectly, tested on a clean VM as well.