The Deep Security Agent enabled with Relay function enables the Nginx service as an HTTP server which allows the agents to download the software via this HTTP server.
When the Deep Security Agent is trying download the software from this HTTP server, it may get response with error code "403 Forbidden".
It has been identified that Nginx service has insufficient permission to access the working directory.
This issue was observed to be occurring on Deep Security Relay which is deployed on Ubuntu platform.
The issue has been fixed in DSA version 20.0.0-2971 and later versions.
To resolve the Issue, there are two options.
Option 1: Clean installation of DSA version 20.0.0-2971
- Deactivate the existing agent and uninstall it completely.
- Install the agent to version 20.0.0-2971 or later
- Activate the Agent
- From the manager console, Go to Administration > Updates > Software > Relay Management and enable the agent as relay.
Option 2: Manually Grant the permission
- SSH to the target DSA.
- Grant the read and execute permission for the Nginx working directory.
- Run command “chmod 755 /var/opt/ds_agent”
- Verify that the permission have been updated