Intrusion Prevention engine appears as offline in Deep Security Manager on Solaris 10 Sparc. After trying to uninstall the Deep Security Agent and re-installing it in the global zone, the process fail and the following errors appear in the logs:
2019-02-07 14:34:50.391945: [Error/1] | dsi open failed: No such file or directory | ...RIS10_SPARC/src/dsa/plugins/fw.dpi/dsp/fwdpi/service.lua:141:main | 2CA:7:dsp.fwdpi.service 2019-02-07 14:34:50.000000: [Error/1] | dsi_open(): No such file or directory | /export/home/build/workspace/Sustain/10.0/Build_DSA_10_SOLARIS10_SPARC/src/dsa/plugins/fw.dpi/SSLCertThread.cpp:261:OnRun | 2CA:A:CSSLCertThread
The issue occurred because the previous installation or uninstallation had left some remnants of dsa_filter module (i.e. the module was unloaded, but some module-related files were still present). This was preventing the module from being loaded.
To confirm the cause of the issue:
- Check if the assigned policy has Firewall or Intrusion Prevention enabled with rules assigned.
- Run "modinfo |grep ds". It should show the module is not loaded.
- Go to cat /var/svc/log/application-ds_agent:default.log. It should contain a section similar below:
[ Feb 3 00:32:34 Executing stop method ("/opt/ds_agent/ds_agent.init stop") ]
Stopping Deep Security Agent
stop: Stopping /opt/ds_agent/ds_agent (will wait up to 60 seconds) kill -TERM 675
stop: /opt/ds_agent/ds_agent stopped.
Stopping Trend Micro Deep Security Drivers
Driver (dsa_filter) not installed.
Driver failed to be removed: rc=1
Stopping Deep Security Drivers (svcadm)
[ Feb 3 00:32:37 Method "stop" exited with status 0 ]
To resolve the issue:
- Run the following commands:
svcadm disable svc:/application/ds_agent:default
svcadm enable svc:/application/ds_agent:default
- Execute "svcs -a |grep ds". It should show the ds_9up, ds_filter, and ds_agent services as online similar below:
bash-3.2# svcs -a |grep ds
online 13:09:56 svc:/application/ds_9up:default
online 13:09:59 svc:/network/ds_filter:default
online 13:10:06 svc:/application/ds_agent:default
- Run "modinfo |grep ds". The dsa_filter module is now loaded.
- Verify on the Deep Security Manager that the Firewall and Intrusion Prevention features are enabled and online.