What are the Supported Operating Systems & Kernels?

Operating Systems:

Threat Stack has been tested on and designed for support on the following 64-bit systems:

  • Amazon AMI versions 2012-03 and higher (3.x kernel required for file integrity monitoring support on Amazon Linux)
  • CentOS 6.x, 7
  • RHEL 6.x
  • Ubuntu 14.04 LTS, and 16.04 LTS
  • Debian 7
  • Windows 2012 R2

On CentOS, RHEL and Ubuntu distros, we require kernel v2.6.36 or greater for file integrity monitoring.

Important Kernel Compatibility Information:

We've detected conflicts with the audit framework and auditd on the following versions of the Linux kernel:

  • 3.13.0-50/51/52
  • 3.16.0-36
  • 2.6.32-412

Please check your kernel version before running our agent or installing the auditd package. Threat Stack agent v1.4.0 or greater will detect these kernel versions and abort agent startup.


We require glibc version to be greater than 2.7.


For Operating Systems not listed:

Threat Stack tests against a variety of Linux distributions but if your distro isn't listed above, our agent may still work. However, we do not officially support the operating system and cannot guarantee a resolution of an issue reported. We have several customers running our agent on non-supported operating systems successfully.   We test unsupported systems on a period basis to determine if any major issues exist.

The following distos are unsupported but have been tested and meet the following criteria:

  • Agent installs, registers, and starts properly
  • A smoke test of events triggering alerts works as expected


Linux Distribution
Version Details
Agent Version Tested
Centos 7.1 Linux version 3.10.0-229.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Fri Mar 6 11:36:42 UTC 2015 1.4.0  
Debian 8 Linux version 3.16.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04)


Fedora 23 Linux version 4.4.3-300.fc23.x86_64 (mockbuild@bkernel01.phx2.fedoraproject.org) (gcc version 5.3.1 20151207 (Red Hat 5.3.1-2) (GCC) ) #1 SMP Fri Feb 26 18:45:40 UTC 2016 1.4.8 Due to logs being managed as journals and viewed using journalctl we're unable to gather publickey denials because we have no access to those logs. 
Ubuntu 16.04 Linux version 4.4.0-22-generic (buildd@lgw01-41) (gcc version 5.3.1 20160413 (Ubuntu 5.3.1-14ubuntu2) ) #40-Ubuntu SMP Thu May 12 22:03:46 UTC 2016 1.4.9 In 16.04 Apt is upgraded to version 1.2 which means that the unprivileged user "_apt" is now used when making outgoing network connections and parsing the results.


Please feel free to open a support request with questions related to these or other versions and we will do our very best to support you. 

Have more questions? Submit a request


Article is closed for comments.