Harmony Endpoint for Linux Overview

Check Point Harmony Endpoint for Linux protects Linux Endpoint devices from malware, and provides Threat Hunting / Endpoint Detection and Response capabilities. The solution is centrally managed and can be used as a Management-as-a-Service or deployed on a local on-premises server.

Note - Starting in R81, the on-premises Endpoint Security Server supports Harmony Endpoint for Linux. To enable Harmony Endpoint for Linux, you must enable the Linux installation package flag as described in sk177250.

Prerequisites

  • Available Internet access for the protected device.

  • For RHEL/CentOS, it is necessary to have access to EPEL (Extra Packages for Enterprise Linux) repository.

  • If the device has no internet access, you must enable access to certain URLs. For more information, see sk116590.

Minimum Hardware Requirements

  • x86 processor, 64-bit (32-bit is not supported)

  • 2 GHz Dual-core CPU

  • 4 GB RAM

  • 10 GB free disk space

Key Threat Prevention Technologies

Anti-Malware

Endpoint Detection and Response (EDR) / Threat Hunting

  • Harmony Endpoint for Linux, updates Threat Cloud with Indicator of Compromise (IoC) and Indicator of Attack (IoA) events.

  • The Threat Hunting technology lets the administrators proactively search for cyber threats that made it through the first line of defense to the Linux Endpoint device.

  • Threat Hunting uses advanced detection capabilities, such as queries and automation, to find malicious activities and extract hunting leads of data.

  • Supporting events:

    • Process - start / stop

    • Files - create / delete / rename / open

    • Network - local connections, ports, DNS

Behavioral Guard

  • Dynamic analysis of malware executed on the Endpoint Client is performed based on the behavioral patterns of various attack types, including ransomware, cryptominers, and trojans.

  • Centrally managed via the web management platform.

  • Leverages a large set of constantly updated signatures to detect, prevent, and remediate modern attacks.

  • Features automatic signature updates powered by the latest intelligence, ensuring adaptation to emerging threats

Anti-Ransomware

Scans the endpoint for any encryption actions and blocks the action before encryption.

Forensics

Generates detailed analytics and interactive reports from threats and incidents, providing a comprehensive view of attack flows and actionable insights for effective remediation.

Note - It is available from version 1.20.7 and you must enable it manually. To do that, run:

  • For fresh installation:

    SBA_ENABLE_EFR=1./install-sbox.sh install

  • For already installed client:

    sudo cpla install_blade -b efr

    sudo systemctl restart cpla

Minimum Hardware Requirements

  • x86 processor, 64-bit (32-bit is not supported)

  • 2 GHz Dual-core CPU

  • 4 GB RAM

  • 10 GB free disk space

Supported Linux Versions

Distribution/OS Version

1.20.7

1.18.16

1.18.12

1.15.10

1.15.7

1.13.3

1.13.2

Ubuntu 24.04 (64-bit)

Supported

Unsupported Unsupported Unsupported Unsupported Unsupported Unsupported

Ubuntu 22.04 (64-bit)

(Supported versions: 22.04 - 22.04.3)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Ubuntu 20.04 (64-bit)

(Supported versions: 20.04 - 20.04.6)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Ubuntu 18.04* (64-bit)

(Supported versions: 18.04 - 18.04.6)

Supported Supported Supported Supported Unsupported Unsupported Unsupported
Ubuntu 16.04 (64-bit) Supported Supported Supported Supported Unsupported Unsupported Unsupported

Debian Linux 12 (64-bit)

(Supported versions: 12.0 - 12.5)

Supported

Unsupported Unsupported Unsupported Unsupported Unsupported Unsupported

Debian Linux 11* (64-bit)

Supported Supported Supported Supported Unsupported Unsupported Unsupported
Debian Linux 10* (64-bit) Supported Supported Supported Supported Unsupported Unsupported Unsupported
Debian Linux 9* (64-bit) Supported Supported Supported Supported Unsupported Unsupported Unsupported

Red Hat Enterprise Linux
(RHEL) 9¹ (64-bit)

(Supported versions: 9.0 - 9.5)

Supported Supported Supported Supported Supported Supported Supported

Red Hat Enterprise Linux
(RHEL) 8 (64-bit)

(Supported versions: 8.0 - 8.9)

Supported Supported Unsupported Unsupported Unsupported Unsupported Unsupported

Red Hat Enterprise Linux
(RHEL) 8.10 (64-bit)

Supported Unsupported Unsupported Unsupported Unsupported Unsupported Unsupported

Red Hat Enterprise Linux
(RHEL) 7 (64-bit)

(Supported versions: 7.8 and 7.9)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Alma Linux 9 (64-bit)

(Supported versions: 9.0 - 9.3)

Supported Supported Supported Supported Supported Unsupported Unsupported

Alma Linux 8 (64-bit)

(Supported versions: 8.9 and 8.10)

Supported Supported Supported Supported Supported Unsupported Unsupported

CentOS 8* (64-bit)

(Supported versions : 8.0 - 8.5)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

CentOS 7 (64-bit)

(Supported versions: 7.8 - and 7.9)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Oracle Linux 8 (64-bit)

(Supported versions: 8.0 - 8.10)

Supported Supported Supported Supported Supported Supported Supported

Oracle Linux 7.9 (64-bit)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Amazon Linux 2 (64-bit)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

SUSE Linux Enterprise Server (SLES) 15 (64-bit)

(Supported versions: 15SP2 and 15SP3)

Supported Supported Supported Supported Supported Supported Supported

SUSE Linux Enterprise Server (SLES) 12 (64-bit)

(Supported versions: 12SP5)

Supported Supported Supported Supported Unsupported Unsupported Unsupported

OpenSUSE 15.4 and OpenSUSE 15.5

Supported Supported Supported Supported

OpenSUSE 42.3

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Fedora 39¹

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Fedora 38¹

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Fedora 37

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Fedora 36

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Fedora 35

Supported Supported Supported Supported Unsupported Unsupported Unsupported

Fedora 34

Supported Supported Supported Supported Unsupported Unsupported Unsupported

¹Only Anti-Malware support.

Linux Kernel Support

Harmony Endpoint for Linux supports the general-purpose Linux kernels included in standard Linux distributions. These kernels come by default with Linux distribution.

This excludes kernels that are:

  • Non default kernels

  • Unbreakable kernels

  • Appliance, for example, Exadata

  • Community based, for example, ELRepo

  • Custom Compiled kernels

  • Desktop and Gaming kernels

Installation on Semi-Isolated Environments with Super Node Proxy

Prerequisite

  1. Make sure that Harmony Endpoint for Linux version 1.22.x or higher is installed in a semi-isolated environment.

  2. Make sure that Harmony Endpoint for Windows version E88.70 or higher is installed on super-node devices.

  3. The Linux devices must be able to resolve the Fully Qualified Domain Name (FQDN) of the Windows super-node machine. This can be achieved through an organizational name server.

Notes:

  • Before exporting the package, make sure that a Windows super-node is properly configured in the server policy for each virtual group of Linux devices. For more information, see General.

Installation Procedure

  1. Export and Download the Offline Package: Download the appropriate universal offline package (rpm or deb) that matches your distribution. Transfer the package to all endpoint devices.

  2. For Red Hat Enterprise Linux (RHEL), run this command before installing the package:

    subscription-manager config --rhsm.manage_repos=0

  3. Run the installation package.

  4. Verify communication with the Management Server:

    1. To verify the status, run:

      cpla info

      The output displays:

      Connection status: Connected - Supernode

      The client appears in the server's asset information.

Troubleshooting

If communication is not established, perform these:

  1. Verify Windows device FQDN is resolvable from the Linux device and that super-node device proxy functionality is working, for example, curl --proxy http://<super-node fqdn>:3128 https://www.checkpoint.com

  2. Verify super-node policy is configured and installed prior to exporting a package.

  3. Verify SBA_SEMI_ISOLATED_ENV environment variable is correctly applied:

    The file /etc/checkpoint/cpla/env should contain the line SBA_SEMI_ISOLATED_ENV=1

  4. Verify that the default policy is detected during installation. If not, contact Check Point Support and verify that the support for semi-isolated environment is active. See step 4 in Prerequisites:

    If the default policy is processed correctly, these lines should appear in /var/log/checkpoint/common/sbalinux-install.log: