Data Loss Prevention : RHEL Services will not auto start on reboot
search cancel

Data Loss Prevention : RHEL Services will not auto start on reboot


Article ID: 220770


Updated On:


Data Loss Prevention Enforce


DLP Services will not auto-start on reboot


Release : 15.x, 16.x

Component :Enforce Servers, Detection Servers running on RHEL 7.x, 8.x 


This is caused by systemd calling stat () on the any services when the DLP services is a symlink to /opt/Symantec/.......

In the dmesg log you will see the following error:

systemd-sysv-generator[586]: stat() failed on /etc/rc.d/init.d/SymantecDLPDetectionServerService: No such file or directory

Since the DLP services are symlinks to /opt/Symantec/DataLossPrevention/EnforceServer/Services/<servicename>.sh, if the /opt is on its own mount point, the systemd call happens before the /opt is mounted in the log.


The services are symlinks to the /opt/Symantec directories, 

In the fstab we see

  # cat /etc/fstab
  /dev/apps_vg/vol1 /opt/Symantec xfs defaults    0   0

To ensure the non-root filesystem is mounted before systemd-sysv-generator runs:

Edit the /etc/fstab file and add x-initrd.mount to the /opt/Symantec entry options as shown below:

/dev/apps_vg/vol1   /opt/Symantec xfs defaults,x-initrd.mount 0   0

Make sure the logical volume apps_vg/vol1 hosting /opt/Symantec is activated in the initramfs by appending to the GRUB_CMDLINE_LINUX entry in /etc/default/grub as shown below:

NOTE: In this example, the apps_vg is the volume group and the vol1 is the logical volume name. You volume group/logical volume will be different from this article. 

GRUB_CMDLINE_LINUX="crashkernel=auto rhgb"

To find the volumegroup/logicalvolume name you need to run the lvscan command. In this screenshot drop the /dev/ when entering in the grub.conf

Rebuild the GRUB menu and initramfs for changes to be taken into account:

# grub2-mkconfig -o /etc/grub2.cfg
# dracut -f


If rebuilding the grub is not an option you can run the following as a workaround. 

To enable Data Loss Prevention services to start automatically (after a reboot), complete the following:

These steps work on RHEL 6 and RHEL 7 with 15.5 and 15.7:

Log onto the Enforce server and SU as root, then run the following:

systemctl enable SymantecDLPManagerService

systemctl enable SymantecDLPIncidentPersisterService

systemctl enable SymantecDLPDetectionServerControllerService

systemctl enable SymantecDLPNotifierService

Log onto to Detection server and su as root, then run the following:

systemctl enable SymantecDLPDetectionServerService


The following has been tested on 15.5 and RHEL7:

1. Create systemd script as root:

=> vi /etc/systemd/system/dlpSymantec_startup.service





2. Create the and add the services startup commands. 

=> vi /usr/local/bin/

Enforce services 

#DLP startup scripts###
service start SymantecDLPManagerService
service start SymantecIncidentPersisterService
service start SymantecDLPNotifierService
service start SymantecDLPDetectionServerControllerService

exit 0

Detection Services on Detection servers.

#DLP v15.5
service SymantecDLPDetectionServerService start
exit 0


3. Set the permissions of the systemd script and the bash script

=> chmod 744 /usr/local/bin/

=> chmod 664 /etc/systemd/system/dlpSymantec_startup.service

4. Enable the systemd service.

=> systemctl daemon-reload

=> systemctl enable dlpSymantec_startup.service

NOTE: Symantec DLP 15.1 will be named without the service at the end of each service name for example SymantecDLPManagerService will be named SymantecDLPManager.

Test Configuration

Now we can test our configuration by rebooting the server and checking the services

$ reboot
$ service --status-all | grep Sym

RHEL 8.x and above 


1. create file DLP-DetectionServer.service in /etc/systemd/system

ExecStart=/etc/rc.d/init.d/SymantecDLPDetectionServerService start
ExecStop=/etc/rc.d/init.d/SymantecDLPDetectionServerService stop

2. chmod 644 /etc/systemd/system/DLP-DetectionServer.service

3. cd /etc/systemd/system

4.  systemctl enable DLP-DetectionServer.service

5. systemctl daemon-reload

6. the services should be able to start and stop at this point. 

NOTE: also the .sh file is no longer needed since systems script is  calling the Services directory in ExecStart and ExecStop lines. 


Additional Information

refer to

NOTE: if the grub cannot be rebuilt and the workaround is not working, contact RHEL support since this is a limitation of the Linux OS.