Data Center Security Server (DCS) Linux Agents stuck in 'Update Pending' due to Polkit Hardening
search cancel

Data Center Security Server (DCS) Linux Agents stuck in 'Update Pending' due to Polkit Hardening

book

Article ID: 406505

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

Agents are stuck in 'update pending' due to issue with the SISIDS service crashing

Environment

Linux RHEL 7 and 8

DCS 6.10+

Cause

The error is related to the sisipsdaemon unable to determine running status of sisidsdaemon because of hidepid=2

Polkit was hardened starting in polkit-0.112-18.el7 and this hardening impacts the DCS IDS service.

https://access.redhat.com/solutions/5005111 

As per documentation, the CVE-2018-1116 is resolved with Polkit package version "polkit-0.112-26"
https://access.redhat.com/errata/RHSA-2020:1135 

Also, RedHat's recommendation is to remove hidepid=2, please refer below KB
https://access.redhat.com/solutions/6704531 

Resolution

mount proc -o remount,hidepid=0 && systemctl restart polkit.service

Restart DCS:  /usr/lib/Symantec/start.sh

Update /etc/fstab so that the change persist after system reboots
      cp /etc/fstab /etc/fstab.backup
      vi /etc/fstab
      in "/proc" entry, change hidepid=2   to   hidepid=0

Reboot system

Powered by Wolken Software