Need help to unload AC from kernel
search cancel

Need help to unload AC from kernel

book

Article ID: 253637

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Need help to unload AC from kernel 

We did

  1. secons -sk
  2. verify this by unloading the kernel extension with: SEOS_load -u,
  3. if AC daemons are also loaded then stop AC daemons with: secons -s

But problem persist . It still been there loaded on kernel.

 

Environment

Release : 14.0, 14.1

Cause

Running an issec we can see that even after stopping seos, we still see kernel loaded 

[root@XXXXXXXX ~]# issec
CA Privileged Access Manager Server Control version 14.1 installed in /opt/CA/PAMSC
VeRsIoN: 14.10-40 (17) Compiled On:Jan 09 2022 23:34:52  Kernel: 3.10.0-229.el7.x86_64-RH71 _LINUX70-3100-229-42-RHELX86_64.X86_64 STOP 30034
CA Privileged Access Manager Server Control kernel extension is loaded.
CA Privileged Access Manager Server Control daemons are not running.
CA Privileged Access Manager Server Control security daemon is not running.
CA Privileged Access Manager Server Control watchdog daemon is not running.
CA Privileged Access Manager Server Control agent daemon is not running.
CA Privileged Access Manager Server Control serevu daemon is not running.
CA Privileged Access Manager Server Control selogrd daemon is not running.
CA Privileged Access Manager Server Control selogrcd daemon is not running.
CA Privileged Access Manager Server Control eacws daemon is not running.
CA Privileged Access Manager Server Control ReportAgent daemon is not running.
CA Privileged Access Manager Server Control AgentManager daemon is not running.
CA Privileged Access Manager Server Control policyfetcher daemon is not running.
CA Privileged Access Manager Server Control KBLAudMgr daemon is not running.
CA Privileged Access Manager Server Control auxiliary daemon is not running.
CA Privileged Access Manager Server Control uxauthd daemon is not running.
CA Privileged Access Manager Server Control sepmdd daemon is not running.
CA Privileged Access Manager Server Control sersvd daemon is not running.

 

[root@XXXXXXXXX ~]# SEOS_load -u
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_int.always -pre
Ports - nothing to do ...
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_unab.always -pre
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_int.always -post
SEOS_load: Executing un/load exit file,  /opt/CA/PAMSC/exits/LOAD/SEOS_unload_unab.always -post

Resolution

Sometimes it happens that unloading the kernel extension is not possible due that any process stuck on it

You can do the following :

#secons –sc

(syscall monitor, it say the system calls and give you the pid) for instance the pid 10506

#ps –ef|grep 10506    -> you look at the process

#kill -9 10506   --> you kill it

#seos_load –u

This time the module is going to be unloaded as there is no active process.

Powered by Wolken Software