Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR Server: How To Manually Stop Service When Stopping cb-enterprise Fails

EDR Server: How To Manually Stop Service When Stopping cb-enterprise Fails

Environment

  • EDR Server: 7.x

Objective

Manually stop cb-services in the correct order in situations where partial services may have come up and restarting fails

Resolution

  1. Check the status of running services
    • service cb-enterprise status
  2. Manually stop each running services in order of this list
    • /usr/share/cb/cbservice cb-nginx stop
      /usr/share/cb/cbservice cb-enterprised stop
      /usr/share/cb/cbservice cb-allianceclient stop
      /usr/share/cb/cbservice cb-liveresponse stop
      /usr/share/cb/cbservice cb-datastore stop
      /usr/share/cb/cbservice cb-sensorservices stop
      /usr/share/cb/cbservice cb-coreservices stop
      /usr/share/cb/cbservice cb-solr stop
      /usr/share/cb/cbservice cb-rabbitmq stop
      /usr/share/cb/cbservice cb-redis stop
      /usr/share/cb/cbservice cb-datagrid stop
      /usr/share/cb/cbservice cb-pgsql stop
  3. Once services are confirmed to be stopped, kill any additional running services such as epmd
    • killall -KILL -u cb
  4. Clear any failed status in systemctl 
    • systemctl reset-failed cb-enterprise
       

Additional Notes

  • To check for any orphaned cb services use:
    • ps -ef | grep cb
    • NOTE: cbdaemon and event-forwarder services should not affect the startup and shutdown of server services
  • killall -KILL -u cb kills any processes owned by the cb user. A similar effect can be achieved by manually killing any pids returned with the above ps command

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-29-2021
Views:
1870
Contributors