How to Disable a SCSP DCS agent running on a Linux system.


Article ID: 181561


Updated On:


Critical System Protection Data Center Security Server Data Center Security Server Advanced





  1. Apply the Null policy via the manager
  2. or
  3. Login to machine as 'root' and run the following commands:
  4. ./ –r (this forces the agent to run the built-in policy that is the equivalent of the NULL policy)
  5. Then
  6. Login to machine as 'root' and run the following commands:
    1. Disable IPS and RT-FIM drivers:
      • su - sisips
      • ./ –i (in 5.2.9 and later you can use -ips off instead so you do not have to worry about the toggle affect)
        As this is a toggle, make sure output shows that you have disabled the prevention driver
      • ./ –rtfim off
      • exit
  7. Stop the daemons (as root):
    1. /etc/init.d/sisipsagent stop
    2. /etc/init.d/sisidsagent stop
    3. /etc/init.d/sisipsutil stop
  8. Disable Agent startup scripts:
    Rename the agent scripts, which temporarily breaks any symbolic links in the rc#.d startup scripts:
    1. mv /etc/init.d/sisipsagent /etc/init.d/sisipsagentOFF
    2. mv /etc/init.d/sisidsagent /etc/init.d/sisidsagentOFF
    3. mv /etc/init.d/sisipsutil /etc/init.d/sisipsutilOFF
  9. Reboot system to cause drivers to be disabled.