EDR Sensor Does not Install with FIPS Mode Enabled
Article ID: 285956
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- After running the sensor install script it displays cannot start the cbdaemon.service
- The /opt/carbonblack/ directory is not created
- The sensor does not show up in the EDR Serve Console
Environment
- EDR Sensor: All Supported
- Linux: All Supported
Cause
One possible cause is that FIPS Mode is enabled on the server
Resolution
1. Run the following command to see if FIPS Mode is enabled
#fips-mode-setup --check
If the above returns
FIPS mode is enabled
2. Then run the following command
# echo "%_pkgverify_level none" >/etc/rpm/macros.verify
3. Run the sensor install script
4. Run the following command
# echo "%_pkgverify_level signature" >/etc/rpm/macros.verify
#fips-mode-setup --check
If the above returns
FIPS mode is enabled
2. Then run the following command
# echo "%_pkgverify_level none" >/etc/rpm/macros.verify
3. Run the sensor install script
4. Run the following command
# echo "%_pkgverify_level signature" >/etc/rpm/macros.verify
Additional Information
These steps disable signature verification so the sensor can be installed and then enable it again afterwards
Feedback
Yes
No
Powered by
