EDR: Is /usr/share/cb/cb-force-shutdown a command that requires sudo permissions?
book
Article ID: 287427
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
After upgrade, when attempting to start services, either using systemctl cb-enterprise start or /usr/share/cb/cbcluster, the following error is received :
Incomplete sudo permissions configured for user 'carbonblacksvc' on host <EDR_hostname>. The user is missing the following 1 sudo privileges:
1) sudo -n /usr/share/cb/cb-force-shutdown
Environment
EDR Server: 7.1.1+ Versions
Resolution
Yes, this is expected. This functionality was built into the 7.1.1 EDR server due to previous issues with systemctl getting caught in a failed state if services do not start cleanly.
Using the /usr/share/cb/cb-force-shutdown command will terminate all EDR services and reset systemctl for the cb-enterprise service unit.