What are the Supported Operating Systems & Kernels?


As of June 2017, Threat Stack supports CoreOS Stable channel v1353.8.0 and later.

As of July 1, 2017, Threat Stack no longer supports Ubuntu 12.04.

Operating Systems

Threat Stack tested and supports on the following 64-bit systems:

  • Amazon AMI versions 2012-03 and higher (3.x kernel required for file integrity monitoring support on Amazon Linux)
  • CentOS 6.x, 7
  • CoreOS, Stable channel v1353.8.0 and later
  • RHEL 6.x
  • Ubuntu 14.04 LTS, and 16.04 LTS
  • Debian 7
  • Windows 2012 R2 

NOTE: On CentOS, RHEL, and Ubuntu distributions, we require kernel v2.6.36 or greater for file integrity monitoring.

Kernel Compatibility Information

Important! Threat Stack detected conflicts with the audit framework and auditd on the following versions of the Linux kernel:

  • 3.13.0-50/51/52
  • 3.16.0-36
  • 2.6.32-412

Check your kernel version before running our agent or installing the auditd package. Threat Stack agent v1.4.0 or greater will detect these kernel versions and abort agent startup.

We require glibc version 2.7 or greater.

Unsupported Operating Systems

Threat Stack tests against a variety of Linux distributions, if your distribution isn't listed above, our agent may still work. We have several customers running our agent on non-supported operating systems successfully.

We have tested the following unsupported distributions, they meet the following criteria:

  • Agent installs, registers, and starts properly
  • A smoke test of events triggering alerts works as expected
Linux Distribution
Version Details
Agent Version Tested
Centos 7.1 Linux version 3.10.0-229.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Fri Mar 6 11:36:42 UTC 2015 1.4.0  
Debian 8 Linux version 3.16.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04)


Fedora 23 Linux version 4.4.3-300.fc23.x86_64 (mockbuild@bkernel01.phx2.fedoraproject.org) (gcc version 5.3.1 20151207 (Red Hat 5.3.1-2) (GCC) ) #1 SMP Fri Feb 26 18:45:40 UTC 2016 1.4.8 Due to logs being managed as journals and viewed using journalctl we're unable to gather publickey denials because we have no access to those logs. 

You can submit a support request with questions related to these or other versions and we will do our very best to support you.

We test unsupported systems on a periodic basis to determine if any major issues exist. However, we do not officially support the operating system and cannot guarantee a resolution of an issue reported.

Have more questions? Submit a request


Article is closed for comments.