search cancel

Data Center Security Server Advanced - UNIX agent kernel panic or system hangs when Centrify DirectAudit auditing package is installed.

book

Article ID: 164049

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced

Issue/Introduction

You have recently installed Symantec Data Center Security Server Advanced 6.x or Symantec Critical System Protection 5.2.9 agents on various UNIX type systems. The systems are unstable and crash, with or without an IPS policy applied but with the IPS driver loaded. In addition, and specific to this article and solution, the UNIX system has the Centrify DirectAudit auditing package installed.

 

No specific error message recorded by the CSP or DCS agent, however the Operating System freezes, hangs and/or stops with a kernel panic.

 

Environment

Symantec Data Center Security Server Advanced 6.x

Symantec Critical System Protection 5.2.9

Centrify DirectAudit 5.2

Linux, Solaris, AIX

 

Cause

Dump analysis showed the system crash occurred when dereferencing an object in one of the process objects maintained by the SISIPS Kernel module. This crash occurred under low memory conditions. On the impacted Linux servers, Bash.daudit (Centrify Direct Audit) process's behavior of switching between multiple users triggered a buffer overrun problem in the SISIPS kernel module's Root Accountability Feature implementation, leading to the crash.

 

Resolution

Hot fixes have been and are being released.

  • RHEL6 & SLES11 => 6.5  MP1 HF10 (6.5.0.500)
  • Solaris 10 => 6.5  MP1 HF10 (6.5.0.501)
  • AIX 6 => 6.5  MP1 HF10 (6.5.0.501)
  • RHEL5 & SLES10 => Due december 2016.

Please contact you local technical support representative and refer to this technote to obtain the hotfix for your platform.