Issue
Installing Linux EDR and the agent keeps going into Safe Mode on its own and is failing to send telemetry and check-in to Red Canary.
In cf_system_log.csv
, seeing errors related to an inability for the endpoint to connect to Outpost.
Error is something like:
Error encountered while invoking functor in InvokeIfConnected::invoke. It's probably just transient network failure. Context: Network(Error uploading to External Outpost: error sending request for url=telemetry&object [.....] unable to get local issuer certificate
Environment
RHEL 6,7,8
Linux EDR package 1.2-1.4
Resolution
PLEASE NOTE: any upgrades will affect the below change, which is simply a workaround for an outdated openssl version.
Edit the service file to point specifically to the SSL certs in the openssl-certs directory.
For 1.2, the file will be named cwp.service.
For 1.4, the file will be named cfsvcd.service
1. Either nano or vi to edit the service file:
For version 1.2:
/usr/lib/systemd/system/cwp.service
/usr/lib/systemd/system/cfsvcd.service
Environment=SSL_CERT_DIR=/opt/redcanary/openssl-certs
3. Afterward do asystemctl daemon-reload
to recognize the changes.
4. Finally, restart the service.
For 1.2: systemctl restart cwp.service
For 1.4: systemctl restart cfsvcd.service
And we’ll want to check the logs to see that we didn’t get the certificate error again.
Comments
0 comments
Please sign in to leave a comment.