Jump to content

Problem selinux - Eraagent 7.1.367.0


Recommended Posts

Hi,

I have installed Era Agent 7.1.367.0 in CentOS 7, it was working.

Since i have installed the last updates on CentOS, the service doesn't want start. After a research, if i disable Selinux "setenforce 0", I can start the service.

I tried to reinstall and i see that the selinux policy are the same on another server which wasn't update.

(For information, i had this second server on CentOS 7 which was functional and not update. After i updated it, i have the same problem)

Thanks for your help.

Link to post
Share on other sites
  • ESET Staff

Could you please provide output of command:

ausearch -m avc --raw -se eraagent | audit2allow

to check what SELinux permissions are missing? It would be ideally to let AGENT to run for some time.

Also as an workaround which might help, try to extend SELinux policy of AGENT:

cd /opt/eset/RemoteAdministrator/Agent/setup/selinux/
./eraagent.sh --update
<review missing permission that will be added to SLEinux policy>

and once done, SELinux policy of this installation will be extended. Just be aware that repair or upgrade of ESMC Agent installation will revert these changes.

Edited by MartinK
Link to post
Share on other sites

Hi,

The result of the ausearch :

Quote

#============= eraagent_t ==============
allow eraagent_t eset_efs_logd_file_t:dir { getattr search };

The command

./eraagent.sh --upgrade

didn't work, result :

Quote

./eraagent.sh [ --update ] [ --uninstall ]

Maybe the option is "update" and not "upgrade" ?

Thanks

 

 

Link to post
Share on other sites
  • ESET Staff
42 minutes ago, Acc-Eset said:

Hi,

The result of the ausearch :

The command


./eraagent.sh --upgrade

didn't work, result :

Maybe the option is "update" and not "upgrade" ?

Thanks

 

 

Indeed it was supposed to be update, but unfortunately no SELinux policy violations that would affect startup were detected (than one detected is non-fatal and does not even affect communication between ESET products). This indicates there might be problem on higher layers, for example systemd itself (service manager) is not able to start our service. Maybe there are AVC denials for this process reported?

Link to post
Share on other sites

With the command :

Quote

ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i

 

Result (just the end) :

 

Quote


type=PROCTITLE msg=audit(24/09/2019 13:23:46.885:1067) : proctitle=/opt/eset/RemoteAdministrator/Agent/ERAAgent --daemon --pidfil                      e /var/run/eraagent.pid
type=SYSCALL msg=audit(24/09/2019 13:23:46.885:1067) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission non accordée) a                      0=0x555a79376780 a1=0x7ffe4fb0a360 a2=0x7ffe4fb0a360 a3=0x3 items=0 ppid=1 pid=15822 auid=unset uid=root gid=root euid=root suid=                      root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ERAAgent exe=/opt/eset/RemoteAdministrator/Agent/ERAAgen                      t subj=system_u:system_r:eraagent_t:s0 key=(null)
type=AVC msg=audit(24/09/2019 13:23:46.885:1067) : avc:  denied  { search } for  pid=15822 comm=ERAAgent name=eset dev="dm-1" ino                      =5144 scontext=system_u:system_r:eraagent_t:s0 tcontext=system_u:object_r:eset_efs_logd_file_t:s0 tclass=dir permissive=0

 

 

The status of the service :

 

Quote

● eraagent.service - ESET Management Agent
   Loaded: loaded (/etc/systemd/system/eraagent.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since mar. 2019-09-24 13:23:46 CEST; 1h 5min ago
  Process: 15821 ExecStart=/opt/eset/RemoteAdministrator/Agent/ERAAgent --daemon --pidfile /var/run/eraagent.pid (code=exited, status=0/SUCCESS)
 Main PID: 15822 (code=exited, status=70)

sept. 24 13:23:46 app systemd[1]: Starting ESET Management Agent...
sept. 24 13:23:46 app systemd[1]: Can't open PID file /var/run/eraagent.pid (yet?) after start: No such file or directory
sept. 24 13:23:46 app systemd[1]: Started ESET Management Agent.
sept. 24 13:23:46 app systemd[1]: eraagent.service: main process exited, code=exited, status=70/n/a
sept. 24 13:23:46 app systemd[1]: Unit eraagent.service entered failed state.
sept. 24 13:23:46 app systemd[1]: eraagent.service failed.

 

The error for the PID file isn't present if i disable selinux and the service starts.

 

[EDIT]

It's works with the command

./eraagent.sh --update

 

Edited by Acc-Eset
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...