Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

how do you cope without the Azure Sentinel Agant MMA available for Centos 8.0?

Copper Contributor

How do you work around or cope with the fact that the Microsoft Management Agent is NOT available for CentOS 8.0?

 

And of course, the other question, does anybody have a crystal ball as to when the Agent might become available?

 

And how is this MMA agent requirement of having to have a python ver. 2.x system or os default python version playing out on other Linux distro? Surely no recent distro still has a python ver 2.x os or system python version?

 

Afterall Python 2.x has now been EOL for several months and everybody had plenty of warning to prepare for this. 

 

 

9 Replies

@TheBigBear  Not sure if this will fix your issue but y

ou can use python 3 for the MMA agent.  You would need to run:

sudo alternatives --set python /usr/bin/python3

to map Python 3 as the default python version.  You can then run the wget command that you get from Azure Sentinel to install the MMA.

 

@Gary Bushey Hi, Thanks, but I had already tried that - as it is the default on centos 8.0 but the MMA installer caught that and said it actually required the os system python to be python ver 2.x and asked me to run the alternatives setting the centos 8 system python to version "2", which of course is untenable. They have a note on the MMA agent download page that says same thing that you absolutely. do need python 2.x as main system and os python. Even reached out to MS and was told yes, we know centos 8 is not a supported system ... ;-(

@TheBigBear : this page suggests that you can install Python 2 on a system that does not include Python 2 by default and also how to symlink it to Python using alternatives. Did you try it? It is very uncommon that something that runs on a RHEL version does not run on a correspnding CentOS version (and RHEL also does not have version-less "python" by default and recommend using alternatives). 

@Ofer_Shezaf thanks for your reply, but it would seem you only know Linux "in theory", sorry for saying?

 

Yes, I know Python 2.x can be installed BUT that is simply not acceptable as the main os python since python 2.x is now EOL. The main os Python now needs to be 3.x. 

 

The point of such an 'alternative' system in Linux is to point the 'os' to one - the main - selected system ( one alternative out of a few for a task ), and NOT to introduce yet another alternative - word has more than one meaning and therefore leads to more than one interpretation. 

 

My point was and still is. That python 2.x is now EOL and python is used by some parts of a Linux os install and as such an up to date installation that is PCI DSS compliant and compatible to current company policies, now clearly mandates and requires the os python version ( the one pointed to by the alternatives system ) to be the current python 3.x. 

 

So that is what I find hard to take in that MS still uses an MMA that depends on python 2.x , but only calls it as 'python' thereby necessitating the main os python to be python 2.x, when it could nearly as easily have chosen to simply call python2 instead of the only python, and magically it would call up python 2.x . 

 

Most (all?) Linux distributions support having multiple parallel versions of python installed and the calling app simply calls python ( pointing to python 3.x these days ) or python3 or python2. 

 

 

 

@TheBigBear, So, to summarize, the challenge is not CentOS 8 support by itself. RHEL 8, which is officially supported, would still be an issue because running the agent requires making Python 2 the default. In other words, just certifying CentOS 8, without moving to Python 3, would not help here. Correct?  

@TheBigBear : one more thought: would keeping to Python 2 for now but ensruring the agent runs without requiring python 2 to be the system default be a reasonable interim solution? 

Hi @Ofer_Shezaf, yes, well summarised.

Or alternatively, as a time-limited workaround, until the MMA code is upgraded to python 3.x 'simply' change the MS MMA to be more specific and actually use python2 and not just python. 

 

That way the Linux os can do the right thing. And all Linux distros I know off do support having more than one version of python installed in parallel, but in order to get to an older version one simply has to be more precise and call on it by issuing 'python2' and not just 'python'

But medium and longer-term the MS MMA should be based on python 3 and not on python 2 which is EOL now. 

@Ofer_Shezaf yes, that is a more succinct way of saying what I just replied, Messages crossed over. In mine, I just also spelled out one way I think this should work 'easily' ... 

@TheBigBear : I had a chat with the agent PM and he told me that supporing systems with Python 3 is being worked on as we speak.