Packet Capture fails to start on Linux due to SELinux

book

Article ID: 160222

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

Packet Capture won't start on Linux. In the PacketCapture.log file, there are error entries that state "PacketCapture could not elevate it's privileges".

Resolution

One of the causes for this is if SELinux is enforcing. Symantec DLP requires that SELinux be disabled to be able to function properly. You can check if SELinux is running with the following command:

/usr/sbin/getenforce

If it responds with: Disabled

SELinux is already disabled and is not causing this issue.

However if it says "Enforcing", SELinux is running and must be disabled

To disable Selinux, edit this file:

/etc/selinux/config

Change the entry "SELINUX=" to "disabled". This is case sensitive. This change requires a reboot of the linux box after making this change.