ENSLTP doesn't restart after upgrading to McAfee Agent 5.7.4

Technical Articles ID: KB94891
Last Modified: 2022-02-24 13:59:03 Etc/GMT

Environment

McAfee Agent (MA) 5.7.0–5.7.4
Endpoint Security for Linux Threat Prevention (ENSLTP) 10.x

Red Hat Linux 8
Security-Enhanced Linux (SELinux)

Problem 1

The ENSLTP service doesn’t restart after you upgrade to MA 5.7.4.

You see this issue on systems that have the following installed before the upgrade:

MA 5.7.0–5.7.3
ENSLTP 10.x
SELinux security module is enabled

Problem 2

The following is recorded in the Audit.log when SELinux is in permissive mode:

NOTE: The ENSLTP service starts, but denied errors are recorded:

type=AVC msg=audit(1629206048.957:208): avc: denied { execute } for pid=3130 comm="sh" name="mfetpd-control.sh" dev="dm-0" ino=69536799 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:mfe_ens_t:s0 tclass=file permissive=1

type=AVC msg=audit(1629206048.957:208): avc: denied { read open } for pid=3130 comm="sh" path="/opt/McAfee/ens/tp/init/mfetpd-control.sh" dev="dm-0" ino=69536799 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:mfe_ens_t:s0 tclass=file permissive=1

type=AVC msg=audit(1629206039.181:198): avc: denied { getattr } for pid=3086 comm="sh" path*="/usr/sbin/dmidecode*" dev="dm-0" ino=898249 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:dmidecode_exec_t:s0 tclass=file permissive=1

The following is recorded in the Audit.log when SELinux is in enforcing mode:

NOTE: You see the same errors, but the ENSLTP process doesn’t restart.

type=AVC msg=audit(1629205035.559:227): avc: denied { execute } for pid=3424 comm="sh" name="mfetpd-control.sh" dev="dm-0" ino=34854683 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:mfe_ens_t:s0 tclass=file permissive=0

type=AVC msg=audit(1629205035.560:228): avc: denied { getattr } for pid=3424 comm="sh" path="/opt/McAfee/ens/tp/init/mfetpd-control.sh" dev="dm-0" ino=34854683 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:mfe_ens_t:s0 tclass=file permissive=0

Solution

This issue is resolved in ENSLTP 10.7.7.

Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

Workaround

On a system where the SELinux module is enabled, you must manually start the ENSLTP service.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

ENSLTP doesn't restart after upgrading to McAfee Agent 5.7.4

Environment

Problem 1

Problem 2

Solution

Workaround

Affected Products

Languages:

Title

Title

Knowledge Center

ENSLTP doesn't restart after upgrading to McAfee Agent 5.7.4

Environment

Problem 1

Problem 2

Solution

Workaround

Affected Products

Languages:

Choose your region

Title

Title