logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: service / systemctl Commands Ineffective After EDR 7.4 Upgrade

EDR: service / systemctl Commands Ineffective After EDR 7.4 Upgrade

Environment

  • EDR Server: 7.4.0 and Higher

Symptoms

The service and systemctl commands are ineffective at controlling 'child' services after the 7.4.0 EDR upgrade.

Cause

  • This was an intentional change to help control services in the CentOS/RHEL environments.
    • Service example:
[user@cbserver ~]$ sudo service cb-pgsql status
cb-pgsql: unrecognized service
[user@cbserver ~]$ service cb-solr status
cb-solr: unrecognized service
  • Systemctl example: 
[user@cbserver ~]$ systemctl status cb-nginx
Failed to stop cb-nginx.service: Unit cb-nginx.service not loaded.
  • This change only effects the EDR 'child' services, not the cb-enterprise and cb-unifiedview parent services.  Start and stop with service and systemctl will still function as intended with the parent services.

Resolution

  • The individual services can be controlled via the /usr/share/cb/cbservice script in EDR installations 7.4.0 and greater.
  • Syntax: /usr/share/cb/cbservice <service-name> <start | stop | restart | status>
  • Example: 
[user@cbserver ~] ~]$ sudo /usr/share/cb/cbservice cb-pgsql status
cb-pgsql              pid 26943, uptime 6 days, 19:23:54   RUNNING

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎01-26-2021
Views:
916
Contributors
logo