EDR: service / systemctl Commands Ineffective After EDR 7.4 Upgrade

EDR: service / systemctl Commands Ineffective After EDR 7.4 Upgrade

search cancel

EDR: service / systemctl Commands Ineffective After EDR 7.4 Upgrade

book

Article ID: 285814

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

The service and systemctl commands are ineffective at controlling 'child' services after the 7.4.0 EDR upgrade.

Environment

EDR Server: 7.4.0 and Higher

Cause

This was an intentional change to help control services in the CentOS/RHEL environments.
- Service example:

[user@cbserver ~]$ sudo service cb-pgsql status
cb-pgsql: unrecognized service
[user@cbserver ~]$ service cb-solr status
cb-solr: unrecognized service

Systemctl example:

[user@cbserver ~]$ systemctl status cb-nginx
Failed to stop cb-nginx.service: Unit cb-nginx.service not loaded.

This change only effects the EDR 'child' services, not the cb-enterprise and cb-unifiedview parent services. Start and stop with service and systemctl will still function as intended with the parent services.

Resolution

The individual services can be controlled via the /usr/share/cb/cbservice script in EDR installations 7.4.0 and greater.
Syntax: /usr/share/cb/cbservice <service-name> <start | stop | restart | status>
Example:

[user@cbserver ~] ~]$ sudo /usr/share/cb/cbservice cb-pgsql status
cb-pgsql              pid 26943, uptime 6 days, 19:23:54   RUNNING

Feedback

thumb_up Yes

thumb_down No