search cancel

How to disable the driver on a Solaris system that you can't remove the IPS policy on.

book

Article ID: 163249

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced Cloud Workload Protection

Issue/Introduction

It is possible to have a policy in place and not be able to su to sisips or be able to make changes to the agent install directory and you have a policy in place that you do not want and as such can't remove it.

Cause

These are some of the condition that can lead to have to reboot an agent to block the loading of the IPS driver on Solaris.

  1. Mistuning a policy by blocking the sisips user from accessing the agent install directories.
  2. Not allowing root as a trusted user so you can't su to sisips
  3. Misconfiguring the manager list 

Resolution

  1.   Boot -as
  2.   Point to /etc/system-pre-sisips (it may be necessary to "exclude: drv/sisips" to the end of the /etc/system-pre-sisips file depending on how you have configured your system)
  3.   Continue and boot the server
  4.   Login as root
  5.   su - sisips
  6.   sisipsconfig.sh -r