EDR Ubuntu Live Response Fails to Complete Sensordiag
search cancel

EDR Ubuntu Live Response Fails to Complete Sensordiag

book

Article ID: 372519

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Ubuntu endpoints with 7.3.0-lnx installed may fail to complete a sensordiag within a Live Response session.

Environment

  • Carbon Black Linux Sensors:  7.3.0
  • Ubuntu:  All Supported Versions

Cause

Due to a bug identified in the Linux sensor (CB-44628), some Ubuntu Live Response sessions hang after requesting a sensordiag.

Resolution

A fix is expected in a future release.

A possible workaround would require the multiple commands from the sensordiag script to be run in the Live Response session.

Additional Information

The file sdiag.sh is available which runs the basic commands needed to get a partial sensordiag. 

In Live Response run:

	put /tmp/  (prompt for sdiag from local computer)
	execfg sh /tmp/sdiag.sh
	get /var/opt/carbonblack/response/sensordiag.tgz

 

Powered by Wolken Software