When attempting to install Symantec Endpoint Protection for Linux (SEPFL) on a machine using a supported kernel and operating system, you see the following error, "Kernel release not specified" when Auto-Protect is compiled.
Reviewing logs you find the following, located at /root.
sepfl-install.log:
Starting autoprotect (via systemctl): Job for autoprotect.service failed because the control process exited with error code. See "systemctl status autoprotect.service" and "journalctl -xe" for details.
[FAILED]
Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code
Auto-Protect source code package does not exist
Starting symcfgd (via systemctl): [ OK ]
symcfgd is started successfully.
Starting rtvscand (via systemctl): [ OK ]
rtvscand is started successfully.
Succeed to enable ap
AP status: Malfunctioning
sepfl-kbuild.log:
starting to build kernel modules of SEP for Linux
Kernel release not specified. Build kernel modules for current kernel version 4.1.12-112.14.11.el7uek.x86_64
/lib/modules/4.1.12-112.14.11.el7uek.x86_64/build does not exist
Build failed
/usr/src/kernels points to a different kernel version then reported by the operating system or is blank.
Commonly this is because a system reboot is required for the new kernel version to update correctly and point /usr/src/kernels to the proper kernel version. During install the SEPFL install script looks to the kernel version located at the /usr/src/kernels directory. If the directory is blank and/or does not match the output from the uname -r command, this could be a likely cause for this issue.