Jump to content

ESET File Security Error: Syscall init_module returns error: Device or resource busy

seb2020
 Share

Recommended Posts

seb2020

seb2020 1

Posted
Posted (edited)

Hi,

For one of my server, I have an error when installing ESET File Security for linux (7.1.561.0-1). My server is CentOS 7.8 and  kernel: Linux 3.10.0-1127.18.2.el7.x86_64

In the server log, I have : 

kernel: eset_rtp(ertp_register_execve_handlers): Cannot register ftrace hook function for execve
kernel: WARNING: CPU: 0 PID: 5180 at kernel/trace/ftrace.c:479 __unregister_ftrace_function+0x17d/0x190
[...]
oaeventd[5180]: ESET File Security Error: Syscall init_module returns error: Device or resource busy
oaeventd[5180]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs.

I have already see this https://help.eset.com/efs/7/en-US/realtime-protection-cannot-start.html

What can I do ? I have installed for some other server with no problem

Edited by seb2020
Link to comment
Share on other sites
seb2020

seb2020 1

Posted
  • Author
Posted

Maybe this error can give an hint ?

eset_rtp: module verification failed: signature and/or required key missing - tainting kernel

Link to comment
Share on other sites
  • ESET Moderators
Peter Randziak

Peter Randziak 1,130

Posted
  • ESET Moderators
Posted

Hello @seb2020,

I checked similar cases and there might be some crashes happening causing such issues.

Allow creation of core dumps (also enable dumping on unsigned packages) 

Get the core dump files and log created as described at https://help.eset.com/efs/7/en-US/?collect-logs.html ,upload them to a safe location and send me a private message with download details and a reference to this forum topic, I will have them checked for you.

Peter

Link to comment
Share on other sites
  • ESET Moderators
Peter Randziak

Peter Randziak 1,130

Posted
  • ESET Moderators
Posted
23 hours ago, seb2020 said:

eset_rtp: module verification failed: signature and/or required key missing - tainting kernel

the "tainting" message – is about loading a proprietary kernel driver (which eset_rtp is) so no need to worry about it.

Peter

Link to comment
Share on other sites
seb2020

seb2020 1

Posted
  • Author
Posted

If someone has the same issue, maybe you are using auditbeat from Elastic. You cannot use at the same time ESET and auditbeat

From @Peter Randziak : auditbeat sets kernel probe on SyS_exeve what prohibits us to hook on this syscall and scan executed files...

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...