Is SELinux required for Cortex XDR Agent Installation?

• Can Cortex XDR Agent be installed on machines which have SELinux disabled?

• Cortex XDR Agent
• Linux OS

• SELinux is not a requirement for XDR Agent to be installed.
• Cortex XDR can be deployed on machines without SELinux and without the need to install any SElinux devel packages.
• However, If the SELinux component is enabled on the Linux machine, the "selinux-policy-devel/selinux-policy-dev" package must be installed.
• Cortex XDR Agent requires following packages to be installed on the server : Cortex® XDR™ Agent for Linux Requirements
• Verify SElinux status by running the following commands:-

sestatus

Or

getenforce

• If SELinux is present and running, and the output does not indicate it is "Disabled", it is assumed that the server has SELinux enabled and requires the selinux-policy-devel package to compile a custom policy for the agent during installation
• If you still require assistance, open a TAC Support Case.

• If you intend to use SELinux, make sure to enable it before you proceed with the Cortex XDR agent installation.
• This ensures that the agent disables any injection-based modules that cause compatibility issues.
• If you later enable SELinux or change its operation mode, you must reinstall the agent to avoid any compatibility issues.
• Because SELinux collides with the agent injection mechanism, injection-based security modules (ROP Mitigation and Brute Force Protection) are disabled when SELinux is enabled.
• All other exploit and malware protection functionality works as expected. No user action is required.