search cancel

Data Center Security (DCS) Agent Real-Time File Integrity Monitoring (RTFIM) Detection stops working after upgrading Red Hat Linux

book

Article ID: 164156

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

After RHEL (Red Hat Enterprise Linux) is upgraded from release 6.7 to 6.8, the DCS Agent Real-Time File Integrity Monitoring Detection stops and a detection warning message is reported to the DCS:SA console.

FWC_0029: Failed to initialize Real-Time File Integrity Monitoring

 

Environment

  • RHEL 6.8 Kernel 2.6.32-642.el6.x86_64 #1
  • DCS:SA Agent build 6.6.0.605

Cause

The kernel upgrade causes a DCS:SA RTFIM detection malfunction.

Resolution

  • Upgrade DCS:SA Agent to release 6.7 or later that supports kernel 2.6.32-642.el6.x86_64
  • Restart the IDS Agent with this command:

       /etc/init.d/sisidsagent restart 

  • Verify the RTFIM driver has been loaded and the FWC_0028: Real-Time File Integrity Monitoring successfully initialized event has been generated
  • DCS:SA Unix Agents are kernel dependent. Please review the document DCSSA_Platform_Feature_Matrix.pdf included in the DCS:SA ISO image and make sure that the appropriate agent version is installed prior to upgrading the RHEL release.

Attachments