The Deep Security Agent enabled with Relay function enables the Nginx service as an HTTP server which allows the agents to download the software via this HTTP server.
When the Deep Security Agent is trying download the software from this HTTP server, it may get response with error code "403 Forbidden".
Click the image to enlarge.
It has been identified that Nginx service has insufficient permission to access the working directory.
This issue was observed to be occurring on Deep Security Relay which is deployed on Ubuntu platform.
Click the image to enlarge.
To resolve the Issue, there are two options.
Option 1: Clean installation of DSA version 20.0.0-2971
- Deactivate the existing agent and uninstall it completely.
- Install the agent to version 20.0.0-2971 or later
- Activate the Agent
- From the manager console, Go to Administration > Updates > Software > Relay Management and enable the agent as relay.
Option 2: Manually Grant the permission
If the DSA is installed or upgraded to version 20.0.0-2971, you must grant the permission manually to fix the issue since the working directory was created by earlier version of DSA and would have the same permission.
- SSH to the target DSA.
- Grant the read and execute permission for the Nginx working directory.
- Run command “chmod 755 /var/opt/ds_agent”
- Verify that the permission have been updated
Click the image to enlarge.