Error opening file for writing; filename='/opt/Symantec/scspagent/IDS/system/ids_syslog.pipe', error='Permission denied

book

Article ID: 158989

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced

Issue/Introduction

 SLES11 generates above mentioned error when CSP Agent is installed & rebooted the system. Prevention policy is not applied. 

 Error opening file for writing; filename='/opt/Symantec/scspagent/IDS/system/ids_syslog.pipe', error='Permission denied 

Cause

 It seemed like Apparomor was getting installed when ReiserFS file System was used & it was blocking access to this pipe. Found following logs in /var/log/audit/*

 
type=APPARMOR_DENIED msg=audit(1392949802.140:63619259): operation="open" pid=3515 parent=1 profile="/sbin/syslog-ng" requested_mask="rw::" denied_mask="rw::" fsuid=0 ouid=0 name="/opt/Symantec/scspagent/IDS/system/ids_syslog.pipe"

Resolution

 1. Migrate to Ext3 file System 

 
Or 
 
2.Change Apparomor settings to allow write access to this pipe by following these Steps:
 
1. Login to SUSE11. Open Terminal
2. Type:vi /etc/apparmor.d/sbin.syslog-ng.Hit Enter.
3.  Go to the end of line /etc/hosts.allow r,
4. Hit Insert ( Or i key). Hit Enter.
5. Enter Following Text 
/opt/Symantec/scspagent/IDS/system/ids_syslog.pipe rw,
6. Now Press Esc, Enter :wq. Hit Enter.
7. Type:   ./etc/init.d/boot.apparmor restart
8. Type:  service syslog restart
 

Applies To

 1. SLES11 64-bit. 

2. The issue was only with SLES with ReiserFS File System. 
3. It was working fine with EXT3 file system.