deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 23:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

clean linter warnings

Browse Source
This commit is contained in:
MatiG 2021-01-04 19:00:20 +02:00
parent 9b2fccc262
commit 180cad0aa3
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
View File

@ -24,7 +24,6 @@ ms.topic: conceptual
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
**Applies to:** **Applies to:**
- [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md) - [Microsoft Defender for Endpoint for Linux](microsoft-defender-atp-linux.md)
@ -36,9 +35,11 @@ An error in installation may or may not result in a meaningful error message by
```bash ```bash
sudo journalctl | grep 'microsoft-mdatp' > installation.log sudo journalctl | grep 'microsoft-mdatp' > installation.log
``` ```
```bash ```bash
grep 'postinstall end' installation.log grep 'postinstall end' installation.log
``` ```
```Output ```Output
microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216 microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
``` ```
@ -54,6 +55,7 @@ Check if the mdatp service is running:
```bash ```bash
systemctl status mdatp systemctl status mdatp
``` ```
```Output ```Output
● mdatp.service - Microsoft Defender for Endpoint ● mdatp.service - Microsoft Defender for Endpoint
Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled) Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
@ -69,47 +71,59 @@ systemctl status mdatp
## Steps to troubleshoot if mdatp service isn't running ## Steps to troubleshoot if mdatp service isn't running
1. Check if "mdatp" user exists: 1. Check if "mdatp" user exists:
```bash ```bash
id "mdatp" id "mdatp"
``` ```
If theres no output, run If theres no output, run
```bash ```bash
sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
``` ```
2. Try enabling and restarting the service using: 2. Try enabling and restarting the service using:
```bash ```bash
sudo systemctl enable mdatp sudo systemctl enable mdatp
``` ```
```bash ```bash
sudo systemctl restart mdatp sudo systemctl restart mdatp
``` ```
3. If mdatp.service isn't found upon running the previous command, run: 3. If mdatp.service isn't found upon running the previous command, run:
```bash ```bash
sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path> sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path>
``` ```
where ```<systemd_path>``` is where ```<systemd_path>``` is
```/lib/systemd/system``` for Ubuntu and Debian distributions and ```/lib/systemd/system``` for Ubuntu and Debian distributions and
```/usr/lib/systemd/system``` for Rhel, CentOS, Oracle and SLES. ```/usr/lib/systemd/system``` for Rhel, CentOS, Oracle and SLES.
Then rerun step 2. Then rerun step 2.
4. If the above steps dont work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details. 4. If the above steps dont work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
5. If `/opt` directory is a symbolic link, create a bind mount for `/opt/microsoft`. 5. If `/opt` directory is a symbolic link, create a bind mount for `/opt/microsoft`.
6. Ensure that the daemon has executable permission. 6. Ensure that the daemon has executable permission.
```bash ```bash
ls -l /opt/microsoft/mdatp/sbin/wdavdaemon ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
``` ```
```Output ```Output
-rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon -rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
``` ```
If the daemon doesn't have executable permissions, make it executable using: If the daemon doesn't have executable permissions, make it executable using:
```bash ```bash
sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
``` ```
and retry running step 2. and retry running step 2.
7. Ensure that the file system containing wdavdaemon isn't mounted with "noexec". 7. Ensure that the file system containing wdavdaemon isn't mounted with "noexec".
@ -117,24 +131,31 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
## If mdatp service is running, but EICAR text file detection doesn't work ## If mdatp service is running, but EICAR text file detection doesn't work
1. Check the file system type using: 1. Check the file system type using:
```bash ```bash
findmnt -T <path_of_EICAR_file> findmnt -T <path_of_EICAR_file>
``` ```
Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned. Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned.
## Command-line tool “mdatp” isn't working ## Command-line tool “mdatp” isn't working
1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command: 1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command:
```bash ```bash
sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
``` ```
and try again. and try again.
If none of the above steps help, collect the diagnostic logs: If none of the above steps help, collect the diagnostic logs:
```bash ```bash
sudo mdatp diagnostic create sudo mdatp diagnostic create
``` ```
```Output ```Output
Diagnostic file created: <path to file> Diagnostic file created: <path to file>
``` ```
Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs. Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.