RedHat Enterprise Linux and SuSE Linux Enterprise Server Assets.
Control Compliance Suite bv-Control Agent 10.5-33
Note: Agent-less Linux assets are not affected.
When looking for file attributes of the files in /dev directory - the bv-Control Agent triggers a system call that (depending on the check/query configuration) opens the file /dev/watchdog. If the watchdog file is opened but not written to within 60 seconds - the system will reboot. This behavior is as per design of the watchdog facility and native to Linux. The watchdog facility is enabled by default on SuSE Linux Enterprise Server but not on RedHat Enterprise Linux - therefore this issue if more likely to show on SuSE Linux Enterprise Server systems yet could show on RedHat Enterprise Linux too.
Create CCS checks and RMS queries that avoid opening the /dev/watchdog file. If you have a need to query for file attributes in the /dev directory - only target block devices. Add a find option in the CCS or RMS check; ‘-type b’ to limit the initial search to only ‘block special’ files. This will prevent opening the /dev/watchdog file which is a character file.