CB Response: What are the CB Response Linux Sensors names of kernel module and the list of RPMs that install those modules?
search cancel

CB Response: What are the CB Response Linux Sensors names of kernel module and the list of RPMs that install those modules?

book

Article ID: 290890

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What are the CB Response Linux Sensors names of kernel module and the list of RPMs that install those modules?

Environment

  • CB Response Linux Sensors: 6.1.8
  • Red Hat Enterprise Linux 6.x

Resolution

  • cbsensor has a single module.
% lsmod | grep cbsensor

cbsensor 95106 1 

% find /lib | grep cbsensor

/lib/modules/2.6.32-754.el6.x86_64/kernel/lib/cbsensor.ko
/lib/modules/2.6.32-754.9.1.el6.x86_64/kernel/lib/cbsensor.ko
/lib/modules/2.6.32-754.10.1.el6.x86_64/kernel/lib/cbsensor.ko
  •  RPM modules can be listed with the rpm -qa command:  
% rpm -qa | grep cbsensor

cbsensor-v6.1.8.10098-1.x86_64

% rpm -ql cbsensor-v6.1.8.10098-1.x86_64

/etc/init.d/cbdaemon
/etc/sysconfig/modules/cbresponse.modules
/opt/cbsensor
/opt/cbsensor/cbsensor.ko.2.6.32-504
/opt/cbsensor/cbsensor.ko.2.6.32-573
/opt/cbsensor/cbsensor.ko.2.6.32-642
/opt/cbsensor/cbsensor.ko.2.6.32-696
/opt/cbsensor/cbsensor.ko.2.6.32-754
/opt/cbsensor/sensor_top.sh
/opt/cbsensor/sensordiag.sh
/opt/cbsensor/sensoruninstall.sh
/usr/sbin/cbdaemon

Additional Information

There is a startup script that copies the modules/drivers from /opt/cbsensor to the /lib/modules/<kernel-version> /etc/rc.d/init.d/cbdaemon
Powered by Wolken Software