Upgrading PAM SC without a reboot

book

Article ID: 211244

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

How to upgrade to PAMSC  without rebooting the server

 

 

Cause

 

I am trying to update the pamsc package with the latest one even if the product fails to unload the kernel modules and even if syscall is active, because there is a new feature that allows you to do so.

I tried it on our test server and this is the output:

 

[[email protected] /tmp]# secons -sk
CA Privileged Access Manager Server Control secons v14.10.0.1494 - Console utility
Copyright (c) 2018 CA. All rights reserved.
secons(0x1516): CA Privileged Access Manager Server Control is not running

[[email protected] /tmp]# secons -scl
CA Privileged Access Manager Server Control secons v14.10.0.1494 - Console utility
Copyright (c) 2018 CA. All rights reserved.
Active system calls:

-Syscall   43 - PID:  65734  PPID:      0 UID:      0 TIME:  54m-30s PROGRAM NAME:
[[email protected] /tmp]#

 

[[email protected] /tmp]# SEOS_load -u
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_int.always -pre
Ports - nothing to do ...
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_unab.always -pre
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_int.always -post
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_unab.always -post

 

[[email protected] /tmp]# issec
CA Privileged Access Manager Server Control version 14.1 installed in /opt/CA/PAMSC
VeRsIoN: 14.10-0 (1494) Compiled On:Sep 28 2020 18:30:49  Kernel: 3.10.0-862.el7.x86_64-RH75 _LINUX70-3100-862-RHELX86_64.X86_64 STOP 30034
CA Privileged Access Manager Server Control kernel extension is loaded.
CA Privileged Access Manager Server Control daemons are not running.
CA Privileged Access Manager Server Control security daemon is not running.
CA Privileged Access Manager Server Control watchdog daemon is not running.
CA Privileged Access Manager Server Control agent daemon is not running.
CA Privileged Access Manager Server Control serevu daemon is not running.
CA Privileged Access Manager Server Control selogrd daemon is not running.
CA Privileged Access Manager Server Control selogrcd daemon is not running.
CA Privileged Access Manager Server Control eacws daemon is not running.
CA Privileged Access Manager Server Control ReportAgent daemon is not running.
CA Privileged Access Manager Server Control AgentManager daemon is not running.
CA Privileged Access Manager Server Control policyfetcher daemon is not running.
CA Privileged Access Manager Server Control KBLAudMgr daemon is not running.
CA Privileged Access Manager Server Control auxiliary daemon is not running.
CA Privileged Access Manager Server Control uxauthd daemon is running, pid=103726 (uxauthd )
CA Privileged Access Manager Server Control sepmdd daemon is not running.
CA Privileged Access Manager Server Control sersvd daemon is not running.

 

[[email protected] /tmp]# rpm -U CAeAC-1410-0-0.1566.x86_64.rpm
CA Privileged Access Manager Server Control is loaded.
CA Privileged Access Manager Server Control needs to be unloaded first in order for install to complete.
error: %pre(CAeAC-1410-0.1566.x86_64) scriptlet failed, exit status 1
error: CAeAC-1410-0.1566.x86_64: install failed
error: CAeAC-1410-0.1494.x86_64: erase skipped

Environment

Release : 14.1

Component : PRIVILEGED ACCESS MANAGEMENT SERVER CONTROL

Resolution

Run the following steps :

# cd /opt/CA/PAMSC/bin

# ./issec

# ./secons -ik

# ./seload

# ./issec

# ./secons -ik

# ./secons -sk

# ./SEOS_load -u

# ./issec

# ./secons -ik

 

Check the output of the last issec run to see if it is "kernel extension is not loaded".  If the kernel extension is not loaded, then you can upgrade PAMSC.