Data Center Security (DCS) Agent Real-Time File Integrity Monitoring (RTFIM) Detection stops working after upgrading Red Hat Linux
book
Article ID: 164156
calendar_today
Updated On:
Products
Data Center Security Server Advanced
Issue/Introduction
After RHEL (Red Hat Enterprise Linux) is upgraded from release 6.7 to 6.8, the DCS Agent Real-Time File Integrity Monitoring Detection stops and a detection warning message is reported to the DCS:SA console.
FWC_0029: Failed to initialize Real-Time File Integrity Monitoring
Environment
RHEL 6.8 Kernel 2.6.32-642.el6.x86_64 #1
DCS:SA Agent build 6.6.0.605
Cause
The kernel upgrade causes a DCS:SA RTFIM detection malfunction.
Resolution
Upgrade DCS:SA Agent to release 6.7 or later that supports kernel 2.6.32-642.el6.x86_64
Restart the IDS Agent with this command:
/etc/init.d/sisidsagent restart
Verify the RTFIM driver has been loaded and the FWC_0028: Real-Time File Integrity Monitoring successfully initialized event has been generated
DCS:SA Unix Agents are kernel dependent. Please review the document DCSSA_Platform_Feature_Matrix.pdf included in the DCS:SA ISO image and make sure that the appropriate agent version is installed prior to upgrading the RHEL release.