McAfee HISCDE-AB-IA Product Guide - Page 98
Troubleshooting the Linux client, schook: module not supported by Novell, setting
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 98 highlights
Working with Host Intrusion Prevention Clients Overview of the Linux client • When the Host IPS 8.0 Linux kernel modules are loaded, the SUSE kernel is reported to be tainted. The kernel log indicates this flag: schook: module not supported by Novell, setting U taint flag; hipsec: module not supported by Novell, setting U taint flag. Novell requirements for third-party modules are causing the Host IPS kernel to be marked tainted. Because the Host IPS 8.0 Linux kernel modules are GPL-licensed, this message should be ignored. McAfee is working with Novell to resolve this issue. Troubleshooting the Linux client If a problem was caused while installing or uninstalling the client, there are several things to investigate. These can include ensuring that all required files were installed in the correct directory, uninstalling and reinstalling the client, and checking process logs. In addition, you might encounter problems with the operation of the client. You can check whether the client is running, and stop and restart the client. The Linux client has no user interface for troubleshooting operation issues. It does offer a command-line troubleshooting tool, hipts, located in the opt/McAfee/hip directory. To use this tool, you must provide a Host Intrusion Prevention client password. Use the default password that ships with the client (abcde12345), or send a Client UI policy to the client with an administrator's password or a time-based password set with the policy, and use this password. Use the troubleshooting tool to: • Indicate the logging settings and engine status for the client. • Turn message logging on and off. • Turn engines on and off. Log on as root and run the following commands to aid in troubleshooting: To... Run... Obtain the current status of the client indicating which hipts status type of logging is enabled, and which engines are running. Turn on logging of specific messages types. hipts logging on Turn off logging of all message types. Logging is off by hipts logging off default. Display the message type indicated when logging is set to hipts message :on "on." Messages include: • error • warning • debug • info • violations Hide the message type indicated when logging is set to hipts message :off "on." Message error is off by default. Display all message types when logging is set to "on." hipts message all:on Hide all message types when logging is set to "on." hipts message all:off Turn on the engine indicated. Engine is on by default. Engines include: • MISC • FILES • HTTP hipts engines :on 98 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5