Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Linux agent not able to connect to kernel

App Control: Linux agent not able to connect to kernel

Environment

  • App Control Agent: 7.x and higher
  • Red Hat:7.x  and higher

Symptoms

  • After installing  App Control Agent  agents are not able to connect to kernel 
  • the output of command /opt/bit9/bin/b9cli --status shows: 
Kernel:    Not Connected
  • the command systemctl status b9daemon shows the following error:
    b9daemon.service - LSB: Start daemon at boot time
    Loaded: loaded (/etc/rc.d/init.d/b9daemon; bad; vendor preset: disabled)
    Active: active (running) since Mon 2020-11-09 13:06:11 CST; 24min ago
    Docs: man:systemd-sysv-generator(8)
    Process: 1885 ExecStart=/etc/rc.d/init.d/b9daemon start (code=exited, status=0/SUCCESS)
    Main PID: 2455 (b9daemon)
    CGroup: /system.slice/b9daemon.service
    └─2455 /opt/bit9/bin/b9daemon
    
    Nov 09 13:06:07 systemd[1]: Starting LSB: Start daemon at boot time...
    Nov 09 13:06:07 b9daemon[1885]: b9daemon called by start
    Nov 09 13:06:07 b9daemon[1885]: Checking b9k_852177 Driver
    Nov 09 13:06:07 b9daemon[1885]: Looking if modules directory is updated
    Nov 09 13:06:11 b9daemon[1885]: modprobe: ERROR: could not insert 'cbproxy_cbp_852_20201002': Required key not available
    Nov 09 13:06:11 b9daemon[1885]: insmod /lib/modules/3.10.0-1160.2.1.el7.x86_64/kernel/lib/cbproxy_cbp_852_20201002.ko
    Nov 09 13:06:11 b9daemon[1885]: modprobe: ERROR: could not insert 'b9k_852177': Required key not available
    Nov 09 13:06:11 b9daemon[1885]: insmod /lib/modules/3.10.0-1160.2.1.el7.x86_64/kernel/lib/cbproxy_cbp_852_20201002.ko
    Nov 09 13:06:11 b9daemon[1885]: Starting b9daemon: [ OK ]
    Nov 09 13:06:11 systemd[1]: Started LSB: Start daemon at boot time.

Cause

App Control Linux agents does not support secure boot. 

Resolution

Disable UEFI Secure Boot in the end point's UEFI Firmware Settings/ BIOS:
  1. Reboot the computer 
  2. Enter into the UEFI firmware / BIOS configuration screen by pressing the UEFI /BIOS entry key during the boot process
  3. Find the secure boot option  (possibly found under the security menu)  and set it to disable 
  4. Save the change 

Additional Notes

The UEFI / BIOS settings are different across different vendors and hence the configuration menus and navigations paths may be different. This resolution is a reference.

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-18-2020
Views:
949