Server Services fail to start with cb-redis
search cancel

Server Services fail to start with cb-redis

book

Article ID: 289718

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Services fail to start at cb-redis
  • /var/log/cb/redis/startup.log shows the following message 
    • *** FATAL CONFIG FILE ERROR *** 
Reading the configuration file, at line 69 
>>> 'logfile /var/log/cb/redis/redis.log' 
Can't open the log file: Permission denied 

Environment

  • EDR Server: 6.2.3 and higher
  • CentOS: 7.5 and higher
  • SELinux enabled

Cause

The SELinux permissions on the file/directory has changed.

Resolution

  1. Run the cbcheck utility to identify SELinux security context mismatches:  
    /usr/share/cb/cbcheck selinux -m
  2. Apply the correct SELinux security contexts:  
    /usr/share/cb/cbcheck selinux -a

 

Files copied from one server to another may experience correct labels but selinux picks up incorrect labels. Creating a policy and restoring the context. 

  1. Create a fcontext policy  
    semanage fcontext -a -t redis_log_t "/var/log/cb/redis(/.*)?"
  2. Restore the policy  
    restorecon -rv /var/log/cb/redis/

     

 

Additional Information

  • SELinux permissions can be checked on the files by running: 
    • sudo ls -lZ /var/log/cb/redis
  • To check the status of SELinx, run: 
    • sudo sestatus
Powered by Wolken Software