Acc-Eset 0 Posted September 24, 2019 Share Posted September 24, 2019 Hi, I have installed Era Agent 7.1.367.0 in CentOS 7, it was working. Since i have installed the last updates on CentOS, the service doesn't want start. After a research, if i disable Selinux "setenforce 0", I can start the service. I tried to reinstall and i see that the selinux policy are the same on another server which wasn't update. (For information, i had this second server on CentOS 7 which was functional and not update. After i updated it, i have the same problem) Thanks for your help. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted September 24, 2019 ESET Staff Share Posted September 24, 2019 (edited) Could you please provide output of command: ausearch -m avc --raw -se eraagent | audit2allow to check what SELinux permissions are missing? It would be ideally to let AGENT to run for some time. Also as an workaround which might help, try to extend SELinux policy of AGENT: cd /opt/eset/RemoteAdministrator/Agent/setup/selinux/ ./eraagent.sh --update <review missing permission that will be added to SLEinux policy> and once done, SELinux policy of this installation will be extended. Just be aware that repair or upgrade of ESMC Agent installation will revert these changes. Edited September 24, 2019 by MartinK Link to comment Share on other sites More sharing options...
Acc-Eset 0 Posted September 24, 2019 Author Share Posted September 24, 2019 Hi, The result of the ausearch : Quote #============= eraagent_t ============== allow eraagent_t eset_efs_logd_file_t:dir { getattr search }; The command ./eraagent.sh --upgrade didn't work, result : Quote ./eraagent.sh [ --update ] [ --uninstall ] Maybe the option is "update" and not "upgrade" ? Thanks Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted September 24, 2019 ESET Staff Share Posted September 24, 2019 42 minutes ago, Acc-Eset said: Hi, The result of the ausearch : The command ./eraagent.sh --upgrade didn't work, result : Maybe the option is "update" and not "upgrade" ? Thanks Indeed it was supposed to be update, but unfortunately no SELinux policy violations that would affect startup were detected (than one detected is non-fatal and does not even affect communication between ESET products). This indicates there might be problem on higher layers, for example systemd itself (service manager) is not able to start our service. Maybe there are AVC denials for this process reported? Link to comment Share on other sites More sharing options...
Acc-Eset 0 Posted September 24, 2019 Author Share Posted September 24, 2019 (edited) With the command : Quote ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i Result (just the end) : Quote type=PROCTITLE msg=audit(24/09/2019 13:23:46.885:1067) : proctitle=/opt/eset/RemoteAdministrator/Agent/ERAAgent --daemon --pidfil e /var/run/eraagent.pid type=SYSCALL msg=audit(24/09/2019 13:23:46.885:1067) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission non accordée) a 0=0x555a79376780 a1=0x7ffe4fb0a360 a2=0x7ffe4fb0a360 a3=0x3 items=0 ppid=1 pid=15822 auid=unset uid=root gid=root euid=root suid= root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ERAAgent exe=/opt/eset/RemoteAdministrator/Agent/ERAAgen t subj=system_u:system_r:eraagent_t:s0 key=(null) type=AVC msg=audit(24/09/2019 13:23:46.885:1067) : avc: denied { search } for pid=15822 comm=ERAAgent name=eset dev="dm-1" ino =5144 scontext=system_u:system_r:eraagent_t:s0 tcontext=system_u:object_r:eset_efs_logd_file_t:s0 tclass=dir permissive=0 The status of the service : Quote ● eraagent.service - ESET Management Agent Loaded: loaded (/etc/systemd/system/eraagent.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since mar. 2019-09-24 13:23:46 CEST; 1h 5min ago Process: 15821 ExecStart=/opt/eset/RemoteAdministrator/Agent/ERAAgent --daemon --pidfile /var/run/eraagent.pid (code=exited, status=0/SUCCESS) Main PID: 15822 (code=exited, status=70) sept. 24 13:23:46 app systemd[1]: Starting ESET Management Agent... sept. 24 13:23:46 app systemd[1]: Can't open PID file /var/run/eraagent.pid (yet?) after start: No such file or directory sept. 24 13:23:46 app systemd[1]: Started ESET Management Agent. sept. 24 13:23:46 app systemd[1]: eraagent.service: main process exited, code=exited, status=70/n/a sept. 24 13:23:46 app systemd[1]: Unit eraagent.service entered failed state. sept. 24 13:23:46 app systemd[1]: eraagent.service failed. The error for the PID file isn't present if i disable selinux and the service starts. [EDIT] It's works with the command ./eraagent.sh --update Edited September 24, 2019 by Acc-Eset Link to comment Share on other sites More sharing options...
Recommended Posts