App Control Agent: Linux Servers Not Rebooting Properly When Tamper Protection Is Enabled
Article ID: 286529
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Rebooting a Linux server via command line using the shutdown command with an Agent installed results in Events similar to:
Carbon Black App Control Agent detected a problem: Carbon Black App Control Agent detected an unclean shutdown. This can potentially lead to data loss or corrupt databases. Options[00000003] TotalFailures[1] FailureId[163] FailureId[163] Carbon Black App Control Agent blocked an attempt to send signal[19:SIGSTOP] to the process '/opt/bit9/bin/b9daemon' by process 'killall5'.
- In some cases, the server does not shut down normally, refusing to unmount partitions causing unclean reboots that take 4-5 times longer than a similar server without App Control Agent installed.
Environment
- App Control Agent: All Supported Versions
- Linux: All Supported Versions
Cause
Agent Config setting kernelEnableShutdownScript was disabled i.e. set to value 0
Resolution
Steps to check the value set for kernelEnableShutdownScript property :
- Navigate to <serverurl>\agent_config.php
- Click on Show Filters
- From Add Filter dropdown, select value contains "kernelEnableShutdownScript"
- Check the value set for the property. A value of "kernelEnableShutdownScript=0" indicates the property is disabled
- Navigate to <serverurl>\agent_config.php
- Add Config
- Set property name as "Set kernelEnableShutdownScript"
- Set the HostID by browsing to selected agent host or set to 0 to apply to all hosts
- Set value to "kernelEnableShutdownScript=1"
- Set Status to Enabled
- Set Create For to the policy to be applied for
Feedback
Yes
No
Powered by
