Realtime File Integrity Monitor (FIM) Support by Operating System
Realtime FIM is included with the System Monitor Lite License for desktop operating systems only. Standard or Realtime FIM on a server operating system requires a System Monitor Pro Agent.
LogRhythm System Monitor Agents Realtime FIM Support Levels | ||
---|---|---|
Operating System | 32-bit/64-bit | Realtime FIM |
Windows | ||
Windows 7 | 32-bit |
LS
|
Windows 7 | 64-bit |
CS
|
Windows 8 | 32-bit, 64-bit |
US
|
Windows 8.1 | 32-bit, 64-bit |
CS
|
Windows 10 | 32-bit, 64-bit |
CS
|
Windows Server 2008 | 32-bit, 64-bit |
US
|
Windows Server 2008, 2008 R2 (Server Core Installation) | 64-bit |
US
|
Windows Server 2012, 2016 (Server Core Installation) | 64-bit |
CS
|
Windows Server 2019 | 64-bit |
CS
|
Windows Server 2019 (Server Core Installation) | 64-bit |
CS
|
AIX | ||
AIX 7.1 | 64-bit |
CS
|
Debian | ||
Debian 6.07 (kernel version 2.6.32)1 (audit version 1.7.18)2 | 32-bit, 64-bit |
CS
|
Debian 7.11 (kernel version 3.2)1 (audit version 1.7.18)2 | 32-bit, 64-bit |
CS
|
Debian 8.10 (kernel version 3.16.0-5)1 (audit version 2.4)2 | 64-bit |
LS3
|
Debian 9 (kernel version 4.9.0-6)1 (audit version 2.6.7-2)2 | 64-bit |
CS
|
Debian 10 (kernel version 4.19.0)1 (audit version 2.8.4)2 | 64-bit |
CS
|
Ubuntu | ||
Ubuntu 12.1 (kernel version 3.5)1 (audit version 1.7.18)2 | 64-bit |
CS
|
Ubuntu 14.04 and 14.10 (kernel version 3.13 and 3.16)1 (audit version 2.3.2)2 | 64-bit |
CS
|
Ubuntu 16.04 and 16.10 (kernel version 4.4 and 4.8)1 (audit version 2.4.5)2 | 64-bit |
CS
|
Ubuntu 18.04 (kernel version 4.15.0-91-generic)1 (audit version 2.8.2)2 | 64-bit |
CS
|
SUSE | ||
openSUSE 11.0 (kernel version 2.6.25)1 (audit version 1.6.8)2 | 64-bit |
CS
|
openSUSE 11.2 - 11.4 (≥ kernel version 2.6.31)1 (≥ audit version 1.7.13)2 | 64-bit |
CS
|
openSUSE 12.1 - 12.3 (≥ kernel version 2.6.37)1 (≥ audit version 2.1.1)2 | 64-bit |
CS
|
openSUSE 13.1 and 13.2 (kernel version 3.11.6 and 3.16.6)1 (audit version 2.2.3 and 2.4)2 | 64-bit |
CS
|
Oracle Hardened Linux | ||
Oracle Hardened Linux 5 (kernel version 2.6.39-400.209.1.el5uek)1 (audit version 1.8-2.0.1)2 | 32-bit, 64-bit |
CS
|
Oracle Hardened Linux 6 (kernel version 2.6.39-400.17.1.el6uek)1 (audit version 2.2)2 | 64-bit |
CS
|
Oracle Hardened Linux 7.0 - 7.4 (≥ kernel-uek-3.8.13-35.3.1.el7uek)1 (≥audit version 2.3.3)2 | 64-bit |
CS
|
Red Hat Enterprise Linux/CentOS | ||
Red Hat Enterprise Linux/CentOS 5.3 onwards (≥ kernel version 2.6.18-128.el5)1 (≥ audit version 1.7.7)2 | 32-bit, 64-bit |
CS
|
Red Hat Enterprise Linux/CentOS 6.0 onwards (≥ kernel version 2.6.32-71.el6)1 (≥ audit version 2.0.4)2 | 32-bit, 64-bit |
CS
|
Red Hat Enterprise Linux/CentOS 7.0 - 7.4 (≥ audit version 2.3.3)2 | 32-bit |
CS
|
Red Hat Enterprise Linux/CentOS 7.5 - 7.8 (audit version 2.8.5)2 | x86_64-bit |
CS
|
Red Hat Enterprise Linux 8.1 - 8.2 (≥ kernel version 4.18.0-147.5.1.el8)1 (≥ audit version 3.0)2 | 64-bit |
CS
|
1 When kernel versions are noted, indicates that Realtime FIM is only supported on the specified kernel versions. To check the kernel version, run the 'uname -r' command.
2 When audit versions are noted, indicates that Realtime FIM is only supported on the specified audit versions. To check the audit version, run the ‘auditctl -v' command.
3 At the time of release, Debian had a bug causing support to be limited. Support will begin as soon as the bug is addressed.