EDR: Sensor cbdaemon cannot be stopped due to selinux enabled
search cancel

EDR: Sensor cbdaemon cannot be stopped due to selinux enabled

book

Article ID: 285102

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Cannot stop or start cbdaemon when selinux is enabled

Environment

  • EDR sensor: All supported versions
  • Linux: All supported OS

Cause

Selinux will control services status and lead to cbdaemon stop/start failure

Resolution

1. Check selinux status and make sure it is enabled:
$ /usr/sbin/getenforce
Enforcing
2. Disable selinux temporarily:
$ sudo setenforce 0

3. Check selinux status and make sure it is disabled:
$ /usr/sbin/getenforce
Permissive

4. Stop/start cbdaemon:
$ sudo service cbdaemon stop
$ sudo service cbdaemon start

5. Enable selinux back:
$ sudo setenforce 1

Additional Information

  • Selinux can be permanently disabled by editing /etc/sysconfig/selinux
    SELinux=enforcing or SELinux=disabled
  • Systemctl command will be used to stop/start cbdaemon in new Linux versions: 
    $ sudo systemctl stop cbdaemon.service
    $ sudo systemctl start cbdaemon.service