The F5 Distributed Cloud App Infrastructure Protection (AIP) Agent uses fanotify to collect additional information about Linux File Integrity Monitoring (FIM) events. Red Hat has chosen not to backport fanotify to Red Hat Enterprise Linux (RHEL) 6. This may cause you to see less context (the user and command information in the FIM event) on events generated from RHEL 6-based Linux distributions. Because of the lack of the context information, Distributed Cloud AIP will not generate alerts for those specific events.
How This Affects You
File Integrity Monitoring (FIM) on RHEL 6-based machines yields (FIM) events with less context than those from other systems. This impacts RHEL 6 and CentOS 6. It does not affect Amazon Linux.
The lack of additional context impacts how you configure alerting for RHEL 6-based machines. Please contact your Customer Success Manager for assistance (email@example.com).