Failed to remove PAMSC rpm
search cancel

Failed to remove PAMSC rpm

book

Article ID: 282370

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

You need to uninstall the PAMSC endpoint but while running the "rpm -e CAeACxxxx" command the kernel module cannot be unloaded. 

Environment

Pamsc 14.x

Cause

There are several reasons a kernel module cannot be unloaded.

1. Another third party kernel module was loaded after the seos module. Since all kernel modules need to be unloaded in the reverse order of loading to ensure the kernel stability is maintained. PAMSC will not unload our module until the additional kernel modules are unloaded.

2. At least one system call is still waiting to complete or is hung. if additional processing needs to occur the system module cannot be unloaded.

Resolution

First follow this document to attempt to cleanly unload the kernel module.   https://knowledge.broadcom.com/external/article?articleNumber=267616

If you cannot unload the other third party software or for some additional reason the module cannot be fully unloaded the next best way is to disable the automated startup of seos services and reboot the OS. This method will ensure the seos kernel module is not loaded and the rpm uninstall can complete.

[root@hostname ~]# systemctl disable seos
[root@hostname ~]# systemctl status seos
● seos.service - CA Privileged Access Manager Server Control
   Loaded: loaded (/etc/systemd/system/seos.service; disabled; vendor preset: disabled)
   Active: inactive (dead)[root@hostname ~]# systemctl disable seos
[root@hostname ~]# systemctl status seos
● seos.service - CA Privileged Access Manager Server Control
   Loaded: loaded (/etc/systemd/system/seos.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@hostname ~]# reboot  

 

If you cannot reboot and need simply to uninstall you can manually uninstall while the services are stopped. The kernel module would still need to be removed through a reboot but no additional steps would be required. While services are stopped you can run.

Note: If you also have uxauth installed you should use the rpm command to uninstall uxauthd prior to continuing as some files are shared.

First stop, disable and remove  systemctl services

   systemctl stop seos
   systemctl disable seos
   rm /etc/systemd/system/seos.service

   systemctl stop seosload.socket
   systemctl disable seosload.socket
   rm /etc/systemd/system/seosload.socket
   rm /etc/systemd/system/[email protected]

Next, remove the seos.so module from the current PAM authentication stack.

   cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak
   sed -i '/seos.so/d'  /etc/pam.d/system-auth

Finally, remove the files installed before removing the package name. 

   rm -rf /opt/CA/PAMSC
   rm -rf /opt/CA/PAMSCShared 
   rm /etc/seos.ini
   rm /etc/accommon.ini

   rpm -e -noscripts CAeACxxxxx

Note: The /opt/CA folder will contain /opt/CA/SharedComponents folder along with possibly other CA products. You should confirm if this folder is still required by any other products prior to removing the base /opt/CA folder.

Powered by Wolken Software