Jump to content

Problem selinux - Eraagent 7.1.367.0

Acc-Eset

By Acc-Eset
in ESET Products for Linux Servers

 Share

Recommended Posts

Acc-Eset

Acc-Eset 0

Posted
Posted

Hi,

I have installed Era Agent 7.1.367.0 in CentOS 7, it was working.

Since i have installed the last updates on CentOS, the service doesn't want start. After a research, if i disable Selinux "setenforce 0", I can start the service.

I tried to reinstall and i see that the selinux policy are the same on another server which wasn't update.

(For information, i had this second server on CentOS 7 which was functional and not update. After i updated it, i have the same problem)

Thanks for your help.

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 378

Posted
  • ESET Staff
Posted (edited)

Could you please provide output of command: 

ausearch -m avc --raw -se eraagent | audit2allow

to check what SELinux permissions are missing? It would be ideally to let AGENT to run for some time.

Also as an workaround which might help, try to extend SELinux policy of AGENT: 

cd /opt/eset/RemoteAdministrator/Agent/setup/selinux/
./eraagent.sh --update
<review missing permission that will be added to SLEinux policy>

and once done, SELinux policy of this installation will be extended. Just be aware that repair or upgrade of ESMC Agent installation will revert these changes.

Edited by MartinK
Link to comment
Share on other sites
Acc-Eset

Acc-Eset 0

Posted
  • Author
Posted

Hi,

The result of the ausearch :

Quote

#============= eraagent_t ==============
allow eraagent_t eset_efs_logd_file_t:dir { getattr search };

The command 

./eraagent.sh --upgrade

didn't work, result :

Quote

./eraagent.sh [ --update ] [ --uninstall ]

Maybe the option is "update" and not "upgrade" ?

Thanks

 

 

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 378

Posted
  • ESET Staff
Posted
42 minutes ago, Acc-Eset said:

Hi,

The result of the ausearch :

The command 


./eraagent.sh --upgrade

didn't work, result :

Maybe the option is "update" and not "upgrade" ?

Thanks

 

 

Indeed it was supposed to be update, but unfortunately no SELinux policy violations that would affect startup were detected (than one detected is non-fatal and does not even affect communication between ESET products). This indicates there might be problem on higher layers, for example systemd itself (service manager) is not able to start our service. Maybe there are AVC denials for this process reported?

Link to comment
Share on other sites
Acc-Eset

Acc-Eset 0

Posted
  • Author
Posted (edited)

With the command :

Quote

ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i

 

Result (just the end) :

 

Quote


type=PROCTITLE msg=audit(24/09/2019 13:23:46.885:1067) : proctitle=/opt/eset/RemoteAdministrator/Agent/ERAAgent --daemon --pidfil                      e /var/run/eraagent.pid
type=SYSCALL msg=audit(24/09/2019 13:23:46.885:1067) : arch=x86_64 syscall=stat success=no exit=EACCES(Permission non accordée) a                      0=0x555a79376780 a1=0x7ffe4fb0a360 a2=0x7ffe4fb0a360 a3=0x3 items=0 ppid=1 pid=15822 auid=unset uid=root gid=root euid=root suid=                      root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ERAAgent exe=/opt/eset/RemoteAdministrator/Agent/ERAAgen                      t subj=system_u:system_r:eraagent_t:s0 key=(null)
type=AVC msg=audit(24/09/2019 13:23:46.885:1067) : avc:  denied  { search } for  pid=15822 comm=ERAAgent name=eset dev="dm-1" ino                      =5144 scontext=system_u:system_r:eraagent_t:s0 tcontext=system_u:object_r:eset_efs_logd_file_t:s0 tclass=dir permissive=0

 

 

The status of the service :

 

Quote

● eraagent.service - ESET Management Agent
   Loaded: loaded (/etc/systemd/system/eraagent.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since mar. 2019-09-24 13:23:46 CEST; 1h 5min ago
  Process: 15821 ExecStart=/opt/eset/RemoteAdministrator/Agent/ERAAgent --daemon --pidfile /var/run/eraagent.pid (code=exited, status=0/SUCCESS)
 Main PID: 15822 (code=exited, status=70)

sept. 24 13:23:46 app systemd[1]: Starting ESET Management Agent...
sept. 24 13:23:46 app systemd[1]: Can't open PID file /var/run/eraagent.pid (yet?) after start: No such file or directory
sept. 24 13:23:46 app systemd[1]: Started ESET Management Agent.
sept. 24 13:23:46 app systemd[1]: eraagent.service: main process exited, code=exited, status=70/n/a
sept. 24 13:23:46 app systemd[1]: Unit eraagent.service entered failed state.
sept. 24 13:23:46 app systemd[1]: eraagent.service failed.

 

The error for the PID file isn't present if i disable selinux and the service starts.

 

[EDIT]

It's works with the command 

./eraagent.sh --update

 

Edited by Acc-Eset
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...