Test Configuration
Now we can test our configuration by rebooting the server and checking the services
$ reboot $ service --status-all | grep Sym
Data Loss Prevention : RHEL Services will not auto start on reboot
Article ID: 220770
Updated On:
Products
Data Loss Prevention Enforce
Issue/Introduction
DLP Services will not auto-start on reboot
Environment
Release : 15.x
Component :Enforce Servers, Detection Servers running on RHEL 7.x, 8.x
Cause
This is caused by systemd calling stat () on the DLP services when the DLP services is a symlink to /opt/Symantec/.......
In the dmesg log you will see the following error:
systemd-sysv-generator[586]: stat() failed on /etc/rc.d/init.d/SymantecDLPDetectionServerService: No such file or directory
Since the DLP services are symlinks to /opt/Symantec/DataLossPrevention/EnforceServer/Services/<servicename>.sh, if the /opt is on its own mount point, the systemd call happens before the /opt is mounted in the log.
Resolution
The services are symlinks to the /opt/Symantec directories,
In the fstab we see
# cat /etc/fstab
...
/dev/apps_vg/vol1 /opt/Symantec xfs defaults 0 0To ensure the non-root filesystem is mounted before systemd-sysv-generator runs:
Edit the /etc/fstab file and add x-initrd.mount to the /opt/Symantec entry options as shown below:
/dev/apps_vg/vol1 /opt/Symantec xfs defaults,x-initrd.mount 0 0Make sure the logical volume apps_vg/vol1 hosting /opt/Symantec is activated in the initramfs by appending rd.lvm.lv=apps_vg/vol1 to the GRUB_CMDLINE_LINUX entry in /etc/default/grub as shown below:
NOTE: In this example, the apps_vg is the volume group and the vol1 is the logical volume name. You volume group/logical volume will be different from this article.
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=system_vg/swap_lv rd.lvm.lv=system_vg/root_lv rd.lvm.lv=system_vg/usr_lv rd.lvm.lv=apps_vg/vol1 rhgb"To find the volumegroup/logicalvolume name you need to run the lvscan command. In this screenshot drop the /dev/ when entering in the grub.conf
Rebuild the GRUB menu and initramfs for changes to be taken into account:
# grub2-mkconfig -o /etc/grub2.cfg
# dracut -fWORKAROUND 1:
If rebuilding the grub is not an option you can run the following as a workaround.
To enable Data Loss Prevention services to start automatically (after a reboot), complete the following:
These steps work on RHEL 6 and RHEL 7 with 15.5 and 15.7:
Log onto the Enforce server and SU as root, then run the following:
systemctl enable SymantecDLPManagerService
systemctl enable SymantecDLPIncidentPersisterService
systemctl enable SymantecDLPDetectionServerControllerService
systemctl enable SymantecDLPNotifierService
Log onto to Detection server and su as root, then run the following:
systemctl enable SymantecDLPDetectionServerService
The following has been tested on 15.5 and RHEL7:
1. Create systemd script as root:
=> vi /etc/systemd/system/dlpSymantec_startup.service
[Unit]
After=network-online.target
[Service]
ExecStart=/usr/local/bin/dlpSymantec_startup.sh
[Install]
WantedBy=default.target
2. Create the dlpSymantec_startup.sh and add the services startup commands.
=> vi /usr/local/bin/dlpSymantec_startup.sh
Enforce services
#!/bin/bash
#DLP startup scripts###
service start SymantecDLPManagerService
service start SymantecIncidentPersisterService
service start SymantecDLPNotifierService
service start SymantecDLPDetectionServerControllerService
exit 0
Detection Services on Detection servers.
#!/bin/bash
#DLP v15.5
service SymantecDLPDetectionServerService start
exit 0
3. Set the permissions of the systemd script and the bash script
=> chmod 744 /usr/local/bin/dlpSymantec_startup.sh
=> chmod 664 /etc/systemd/system/dlpSymantec_startup.service
4. Enable the systemd service.
=> systemctl daemon-reload
=> systemctl enable dlpSymantec_startup.service
NOTE: Symantec DLP 15.1 will be named without the service at the end of each service name for example SymantecDLPManagerService will be named SymantecDLPManager.
Additional Information
refer to https://access.redhat.com/solutions/3094591
Attachments
Feedback
Yes
No
Powered by
