How to Disable a Critical System Protection/Data center Security agent running on a Linux system.
search cancel

How to Disable a Critical System Protection/Data center Security agent running on a Linux system.

book

Article ID: 181561

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Data Center Security Server Advanced

Issue/Introduction

Disable a Critical System Protection (CSP) /Data center Security(DCS) agent running on a Linux system

Resolution

  • Apply the Null policy on the agent via the DCS/CSP manager 

OR

  • Login to machine as 'root' and run the following commands:

 

./sisipsconfig.sh –r (this forces the agent to run the built-in policy that is the equivalent of the NULL policy)

OR

  • Login to machine as 'root' and run the following commands:

 

Disable IPS and RT-FIM drivers:

      • su - sisips
      • ./sisipsconfig.sh –i (in 5.2.9 and later you can use -ips off instead so you do not have to worry about the toggle affect)
        As this is a toggle, make sure output shows that you have disabled the prevention driver
      • ./sisipsconfig.sh –rtfim off
      • exit

 

Stop the daemons (as root):

      • /etc/init.d/sisipsagent stop
      • /etc/init.d/sisidsagent stop
      • /etc/init.d/sisipsutil stop

Disable Agent startup scripts:

    • Rename the agent scripts, which temporarily breaks any symbolic links in the rc#.d startup scripts:
      • mv /etc/init.d/sisipsagent /etc/init.d/sisipsagentOFF
      • mv /etc/init.d/sisidsagent /etc/init.d/sisidsagentOFF
      • mv /etc/init.d/sisipsutil /etc/init.d/sisipsutilOFF

 

    • Reboot system to cause drivers to be disabled.
Powered by Wolken Software