Root Cause
The issue occurred because the previous installation or uninstallation had left some remnants of dsa_filter module (i.e. the module was unloaded, but some module-related files were still present). This was preventing the module from being loaded.
To confirm the cause of the issue:
- Check if the assigned policy has Firewall or Intrusion Prevention enabled with rules assigned.
- Run "modinfo |grep ds". It should show the module is not loaded.
- Go to cat /var/svc/log/application-ds_agent:default.log. It should contain a section similar below:
[ Feb 3 00:32:34 Executing stop method ("/opt/ds_agent/ds_agent.init stop") ]
Stopping Deep Security Agent
stop: Stopping /opt/ds_agent/ds_agent (will wait up to 60 seconds) kill -TERM 675
...
stop: /opt/ds_agent/ds_agent stopped.
Stopping Trend Micro Deep Security Drivers
Driver (dsa_filter) not installed.
Driver failed to be removed: rc=1
Stopping Deep Security Drivers (svcadm)
[ Feb 3 00:32:37 Method "stop" exited with status 0 ]
Resolution
To resolve the issue:
- Run the following commands:
svcadm disable svc:/application/ds_agent:default
/usr/sbin/rem_drv dsa_filter
cd /usr/kernel/drv
rm dsa_filter.conf
cd sparcv9
rm dsa_filter
rm /dev/dsa
rm /dev/dsa_ssl
svcadm enable svc:/application/ds_agent:default - Execute "svcs -a |grep ds". It should show the ds_9up, ds_filter, and ds_agent services as online similar below:
bash-3.2# svcs -a |grep ds
online 13:09:56 svc:/application/ds_9up:default
online 13:09:59 svc:/network/ds_filter:default
online 13:10:06 svc:/application/ds_agent:default
bash-3.2# - Run "modinfo |grep ds". The dsa_filter module is now loaded.
- Verify on the Deep Security Manager that the Firewall and Intrusion Prevention features are enabled and online.