Falcon sensor fails to start the agent - security

I am trying to install falcon-sensor(version:4.16.0) on a Debian machine. When I try to start the agent it doesn't start up.
I checked the logs of falcon-sensor and here is what it says :
2019 unable to initialize dynamic libraries. (2309) [144]
I checked the log of falconctl and here is what it says :
Invalid file /opt/CrowdStrike/falconstore length: 0 (2277) [568]
I tried finding answers through googling but I could not find any.
Any help on this would be really helpful
Thanks in advance.

falcon-sensor has libssl.so.1.0.0 as dependency, but that version is missing on Debian Stretch (there is version 1.0.2).
I just created a symlink to the existing version:
ln -s libssl.so.1.0.2 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
and now it works.

Make sure you performed the basic steps correctly:
1 ) Download falcon-sensor.rpm to your machine.
2 ) sudo yum install -y falcon-sensor.rpm .
3 ) sudo /opt/CrowdStrike/falconctl -s --cid=<Your-CID> .
4 ) service falcon-sensor start.
Check status:
[ec2-user#ip-172-21-80-18 ~]$ service falcon-sensor status
Redirecting to /bin/systemctl status falcon-sensor.service
● falcon-sensor.service - CrowdStrike Falcon Sensor
Loaded: loaded (/usr/lib/systemd/system/falcon-sensor.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-09-05 13:48:34 UTC; 1min 6s ago
Process: 2746 ExecStart=/opt/CrowdStrike/falcond (code=exited, status=0/SUCCESS)
Process: 2729 ExecStartPre=/opt/CrowdStrike/falconctl -g --cid (code=exited, status=0/SUCCESS)
Main PID: 2747 (falcond)
Tasks: 19
Memory: 4.5M
CGroup: /system.slice/falcon-sensor.service
├─2747 /opt/CrowdStrike/falcond
└─2749 falcon-sensor
systemd[1]: Starting CrowdStrike Falcon Sensor...
falconctl[2729]: cid="<Your-CID>".
falcond[2747]: starting
Started CrowdStrike Falcon Sensor.
falcon-sensor[2749]: No traceLevel set via falconctl defaulting to none
falcon-sensor[2749]: LogLevelUpdate: none = trace level 0.
View process:
ps -e | grep falcon-sensor
2749 ? 00:00:00 falcon-sensor
Notice that all commands should be executed with sudo Or else you see the error below:
$ service falcon-sensor restart #< --- No root permission
Redirecting to /bin/systemctl restart falcon-sensor.service
Failed to restart falcon-sensor.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files
See system logs and 'systemctl status falcon-sensor.service' for details.

I follow install steps 1~3 below without issue, but have not get a CID, please let met know how to get it
1 ) Download falcon-sensor.rpm to your machine.
2 ) sudo yum install -y falcon-sensor.rpm .
3 ) sudo /opt/CrowdStrike/falconctl -s --cid=<Your-CID>
4 ) service falcon-sensor start.

Related

systemd unit for pgagent

I want to make a systemd unit for pgagnent.
I found only init.d script on this page http://technobytz.com/automatic-sql-database-backup-postgres.html, but I don't know how to exec start-stop-daemon in systemd.
I have written that unit:
[Unit]
Description=pgagent
After=network.target postgresql.service
[Service]
ExecStart=start-stop-daemon -b --start --quiet --exec pgagent --name pgagent --startas pgagent -- hostaddr=localhost port=5432 dbname=postgres user=postgres
ExecStop=start-stop-daemon --stop --quiet -n pgagent
[Install]
WantedBy=multi-user.target
But I get errors like:
[/etc/systemd/system/pgagent.service:14] Executable path is not absolute, ignoring: start-stop-daemon --stop --quiet -n pgagent
What is wrong with that unit?
systemd expects the ExecStart and ExecStop commands to include the full path to the executable.
start-stop-daemon is not necessary for services under systemd management. you will want to have it execute the underlying pgagent commands.
look at https://unix.stackexchange.com/questions/220362/systemd-postgresql-start-script for an example
If you installed pgagent with yum or apt-get, it should have created the systemd file for you. For example, on RHEL 7 (essentially CentOS 7), you can install PostgreSQL 12 followed by pgagent
sudo yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
sudo yum install postgresql12
sudo yum install postgresql12-server
sudo yum install pgagent_12.x86_64
This installs PostgreSQL to /var/lib/pgsql/12 and pgagent_12 to /usr/bin/pgagent_12
In addition, it creates a systemd file at /usr/lib/systemd/system/pgagent_12.service
View the status of the service with systemctl status pgagent_12
Configure it to auto-start, then start it, with:
sudo systemctl enable pgagent_12
sudo systemctl start pgagent_12
Most likely the authentication will fail, since the default .service file has
ExecStart=/usr/bin/pgagent_12 -s ${LOGFILE} hostaddr=${DBHOST} dbname=${DBNAME} user=${DBUSER} port=${DBPORT}
Confirm with sudo tail /var/log/pgagent_12.log which will show
Sat Oct 12 19:35:47 2019 WARNING: Couldn't create the primary connection [Attempt #1]
Sat Oct 12 19:35:52 2019 WARNING: Couldn't create the primary connection [Attempt #2]
Sat Oct 12 19:35:57 2019 WARNING: Couldn't create the primary connection [Attempt #3]
Sat Oct 12 19:36:02 2019 WARNING: Couldn't create the primary connection [Attempt #4]
To fix things, we need to create a .pgpass file that is accessible when the service starts. First, stop the service
sudo systemctl stop pgagent_12
Examining the service file with less /usr/lib/systemd/system/pgagent_12.service shows it has
User=pgagent
Group=pgagent
Furthermore, /etc/pgagent/pgagent_12.conf has
DBNAME=postgres
DBUSER=postgres
DBHOST=127.0.0.1
DBPORT=5432
LOGFILE=/var/log/pgagent_12.log
Examine the /etc/passwd file to look for the pgagent user and its home directory: grep "pgagent" /etc/passwd
pgagent:x:980:977:pgAgent Job Schedule:/home/pgagent:/bin/false
Thus, we need to create a .pgpass file at /home/pgagent/.pgpass to define the postgres user's password
sudo su -
mkdir /home/pgagent
chown pgagent:pgagent /home/pgagent
chmod 0700 /home/pgagent
echo "127.0.0.1:5432:postgres:postgres:PasswordGoesHere" > /home/pgagent/.pgpass
chown pgagent:pgagent /home/pgagent/.pgpass
chmod 0600 /home/pgagent/.pgpass
The directory and file permissions are important. If you're having problems, you can enable debug logging by editing the service file at /usr/lib/systemd/system/pgagent_12.service to enable debug logging by updating the ExecStart command to have -l 2
ExecStart=/usr/bin/pgagent_12 -l 2-s ${LOGFILE} hostaddr=${DBHOST} dbname=${DBNAME} user=${DBUSER} port=${DBPORT}
After changing a .service file, things must be reloaded with sudo systemctl daemon-reload (systemd will inform you of this requirement if you forget it).
Keep starting/stopping the service and checking /var/log/pgagent_12.log Eventually, it will start properly and sudo systemctl status pgagent_12 will show
● pgagent_12.service - PgAgent for PostgreSQL 12
Loaded: loaded (/usr/lib/systemd/system/pgagent_12.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2019-10-12 20:18:18 PDT; 13s ago
Process: 6159 ExecStart=/usr/bin/pgagent_12 -s ${LOGFILE} hostaddr=${DBHOST} dbname=${DBNAME} user=${DBUSER} port=${DBPORT} (code=exited, status=0/SUCCESS)
Main PID: 6160 (pgagent_12)
Tasks: 1
Memory: 1.1M
CGroup: /system.slice/pgagent_12.service
└─6160 /usr/bin/pgagent_12 -s /var/log/pgagent_12.log hostaddr=127.0.0.1 dbname=postgres user=postgres port=5432
Oct 12 20:18:18 prismweb3 systemd[1]: Starting PgAgent for PostgreSQL 12...
Oct 12 20:18:18 prismweb3 systemd[1]: Started PgAgent for PostgreSQL 12.

Jenkins fails to start on centOS7

I am using jenkins on my centOS7/linux server. When I start jenkins and checked the status it showed me like this.
>jenkins.service - Jenkins Service
> Loaded: loaded (/etc/systemd/system/jenkins.service; enabled; vendor preset: > disabled)
> Active: failed (Result: exit-code) since Mon 2017-02-20 22:52:19 PST; 22s > ago
> Process: 40251 ExecStart=/usr/bin/java -jar /usr/local/bin/jenkins.war
>(code=exited, status=1/FAILURE)
> Main PID: 40251 (code=exited, status=1/FAILURE)
>Feb 20 22:52:19 CentOS7 systemd[1]: Started Jenkins Service.
>Feb 20 22:52:19 CentOS7 systemd[1]: Starting Jenkins Service...
>Feb 20 22:52:19 CentOS7 java[40251]: Error: Unable to access jarfile >/usr/l...ar
>Feb 20 22:52:19 CentOS7 systemd[1]: jenkins.service: main process exited, >c...RE
>Feb 20 22:52:19 CentOS7 systemd[1]: Unit jenkins.service entered failed state.
>Feb 20 22:52:19 CentOS7 systemd[1]: jenkins.service failed.
>Hint: Some lines were ellipsized, use -l to show in full.
So I uninstalled the jenkins sudo yum remove jenkins by this command, and installed it again sudo yum install jenkins.
Now again facing the same issue.
Can anyone tell me what to do.
Thanks!!
Before you can install Jenkins, you need to setup a Java virtual machine on your system
yum install java-1.8.0-openjdk.x86_64
And set two environment variables: JAVA_HOME and JRE_HOME.
echo 'export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk' | sudo tee -a /etc/profile
echo 'export JRE_HOME=/usr/lib/jvm/jre' | sudo tee -a /etc/profile
source /etc/profile
Then install jenkins and allow inbound traffic on port 8080.
You can see more details from how to install jenkins on Centos 7.
Hope this helps.
As per Jun, Jenkins required Java 11.
Refer :
Required Java version for Jenkins
at first you cannot get clue, on run systemctl status jenkins.service
until I try to change JENKINS_USER on /etc/init.d/jenkins to root, and show me
Jenkins requires Java versions [17, 11] but you are running with Java 1.8 from /usr/lib/j
Once I upgraded Java to 11 then it started working.

Postgresql server doesn't start

[Ubuntu 16.04]
I installed postgresql 9.5 along with dependencies:
sudo sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main' > /etc/apt/sources.list.d/pgdg.list"
wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install postgresql-common
sudo apt-get install postgresql-9.5 libpq-dev
When I want to run psql then I get:
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
But /var/run/postgresql/ is empty. When I restart posgresql everything appears to be fine:
$ /etc/init.d/postgresql restart
[ ok ] Restarting postgresql (via systemctl): postgresql.service.
$ /etc/init.d/postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since wto 2016-09-27 16:18:26 CEST; 1min 15s ago
Process: 3076 ExecReload=/bin/true (code=exited, status=0/SUCCESS)
Process: 3523 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 3523 (code=exited, status=0/SUCCESS)
but if check ps aux there is not such PID (why??)
Total reinstalation doesn't help at all. How can I fix it?
Edit:
I've just noticed that then type /etc/init.d/postgresql force-reload postgresql, systemctl are alive awhile and then are killed automatically
Besides systemctl returns
postgresql.service loaded active exited PostgreSQL RDBMS
● postgresql#9.5-main.service loaded failed failed PostgreSQL Cluster 9.5-main
Why is it failed?

Service tomcat8 failed to start by using service tomcat8 start

I'm using Vagrant to deploy to Ubuntu Linux and try to start a tomcat8 service.
Tomcat 8 was installed by apt-get install tomcat8.
When using the service tomcat8 start command, I got the following error:
Job for tomcat8.service failed. See "systemctl status tomcat8.service" and "journalctl -xe" for details.
Then I tracked the systemctl status tomcat8.service, found that:
? tomcat8.service - LSB: Start Tomcat.
Loaded: loaded (/etc/init.d/tomcat8)
Active: failed (Result: exit-code) since Mon 2016-03-28 09:44:17 GMT; 5s ago
Docs: man:systemd-sysv-generator(8)
Process: 884 ExecStop=/etc/init.d/tomcat8 stop (code=exited, status=0/SUCCESS)
Process: 1312 ExecStart=/etc/init.d/tomcat8 start (code=exited, status=1/FAILURE)
Mar 28 09:44:12 vagrant-ubuntu-trusty systemd[1]: Starting LSB: Start Tomcat....
Mar 28 09:44:12 vagrant-ubuntu-trusty tomcat8[1312]: * Starting Tomcat servlet engine tomcat8
Mar 28 09:44:17 vagrant-ubuntu-trusty tomcat8[1312]: ...fail!
Mar 28 09:44:17 vagrant-ubuntu-trusty systemd[1]: tomcat8.service: control process exited, code=exited status=1
Mar 28 09:44:17 vagrant-ubuntu-trusty systemd[1]: Failed to start LSB: Start Tomcat..
Mar 28 09:44:17 vagrant-ubuntu-trusty systemd[1]: Unit tomcat8.service entered failed state.
Mar 28 09:44:17 vagrant-ubuntu-trusty systemd[1]: tomcat8.service failed.
I'm unsure of how to proceed to get my Tomcat 8 service running.
This issue can be caused when the tomcat8 server runs under user tomcat8 and the catalina.out was created by root.
To solve this, delete catalina.out and let tomcat8 recreate it.
This could be related to this bug. Recent versions of Java deprecate the use of endorsed directories and fail if one is specified, but Tomcat8 specifies one even if it doesn't exist. Check the log in /var/log/tomcat8/ as suggested in the comments to your question to see whether this is indeed the source of your problem. If it is, you can either wait for the bug to be fixed or try the updated catalina.sh file suggested in the linked bug report.
What I did to solve the issue :
Process: 1312 ExecStart=/etc/init.d/tomcat8 start (code=exited, status=1/FAILURE)
See tomcat's dependencies
dpkg -s tomcat8-common|grep Depends
and the system java version
javar -version
And try to sort out things with the appropriate java version if things don't match.
If that's not the case, continue :
Never bad to start with
sudo apt-get update
Check eventual running tomcat processes
ps aux | grep java
Test the pid you're going to kill
pgrep -f tomcat
Targeted action
sudo pkill -f tomcat
Start removing by typing sudo apt-get remove tomcat8-tab.
You might find :
tomcat8-common tomcat8-user
Complete remove with ( I don't know which of these below is the most appropriate to run )
sudo apt-get purge tomcat8 or
sudo apt-get --auto-remove purge tomcat8 or just
sudo apt-get remove tomcat8
You can also
sudo apt-get autoremove
Carefully sudo rm -r folders like
/var/lib/tomcat*
/usr/share/tomcat*
/etc/tomcat*
Reboot
sudo systemctl reboot
When back on track install
sudo apt-get install tomcat8
Check how's going
sudo systemctl status tomcat8.service
sudo /usr/share/tomcat8/bin/version.sh
Better ?
Verify your tomcat8 configuration file in /etc/default/tomcat8. See if there are badly configured variables.
For me, this error was caused by the following variables in my configuration file:
-Djava.awt.headless=true -XX:+UseConcMarkSweepGC
JAVA_OPTS="-Djava.awt.headless=true -Xss4m -Xmx2g -XX:+UseConcMarkSweepGC"
I commented and it worked.

Unable to start postgresql service on CentOS 7

Unable to start postgresql-9.5 on CentOS 7.
I followed this page - https://wiki.postgresql.org/wiki/YUM_Installation - for installing the database server on CentOS.
I tried the same after setting setenforce 0, and that did not help either.
I am doing all operations as root.
systemctl start postgresql-9.5.service
Job for postgresql-9.5.service failed because the control process exited with error
code. See "systemctl status postgresql-9.5.service" and "journalctl -xe" for details.
And here is what I get for status -
Redirecting to /bin/systemctl status postgresql-9.5.service
● postgresql-9.5.service - PostgreSQL 9.5 database server
Loaded: loaded (/usr/lib/systemd/system/postgresql-9.5.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2016-02-18 15:20:30 EST; 2min 28s ago
Process: 15041 ExecStartPre=/usr/pgsql-9.5/bin/postgresql95-check-db-dir ${PGDATA} (code=exited, status=1/FAILURE)
Feb 18 15:20:30 myserver systemd[1]: Starting PostgreSQL 9.5 database server...
Feb 18 15:20:30 myserver systemd[1]: postgresql-9.5.service: control process exited, code=exited status=1
Feb 18 15:20:30 myserver systemd[1]: Failed to start PostgreSQL 9.5 database server.
Feb 18 15:20:30 myserver systemd[1]: Unit postgresql-9.5.service entered failed state.
Feb 18 15:20:30 myserver systemd[1]: postgresql-9.5.service failed.
And the contents of the different conf files are as follows -
[root#myserver /]# cat /etc/ld.so.conf.d/postgresql-pgdg-libs.conf
/usr/pgsql-9.5/lib/
[root#myserver /]# cat /usr/lib/tmpfiles.d/postgresql-9.5.conf
d /var/run/postgresql 0755 postgres postgres -
[root#myserver /]# cat /usr/pgsql-9.5/share/postgresql-9.5-libs.conf
/usr/pgsql-9.5/lib/
[root#myserver /]# cat /etc/alternatives/pgsql-ld-conf
/usr/pgsql-9.5/lib/
[root#myserver /]# cat /var/lib/alternatives/pgsql-ld-conf
auto
/etc/ld.so.conf.d/postgresql-pgdg-libs.conf
/usr/pgsql-9.5/share/postgresql-9.5-libs.conf
950
Googled for the error that I am seeing.
A number of folks have seen the same error, and the underlying cause is different in each case. Reading through those posts, it is not clear that I am seeing any of the already reported causes.
Make sure you have installed all packages correctly and updated yum repository sections [base] and [updates] before installation as it mentioned in the guide . We have CentOS 7 with PostgreSQL 9.5 and it works perfectly fine with following steps:
vi /etc/yum.repos.d/CentOS-Base.repo
yum localinstall http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/pgdg-centos95-9.5-2.noarch.rpm
yum list postgres*
yum install -y postgresql95-server.x86_64 postgresql95-contrib.x86_64 postgresql95-libs.x86_64
/usr/pgsql-9.5/bin/postgresql95-setup initdb
systemctl enable postgresql-9.5.service
systemctl start postgresql-9.5.service
and finally, systemctl status postgresql-9.5.service should show you something like this:
postgresql-9.5.service - PostgreSQL 9.5 database server
Loaded: loaded (/usr/lib/systemd/system/postgresql-9.5.service; enabled)
Active: active (running) since Fri 2016-02-19 00:01:13 UTC; 6min ago
Process: 10809 ExecStart=/usr/pgsql-9.5/bin/pg_ctl start -D ${PGDATA} -s -w -t 300 (code=exited, status=0/SUCCESS)
Process: 10802 ExecStartPre=/usr/pgsql-9.5/bin/postgresql95-check-db-dir ${PGDATA} (code=exited, status=0/SUCCESS)
Main PID: 10811 (postgres)
CGroup: /system.slice/postgresql-9.5.service
├─10811 /usr/pgsql-9.5/bin/postgres -D /var/lib/pgsql/9.5/data
├─10812 postgres: logger process
├─10814 postgres: checkpointer process
├─10815 postgres: writer process
├─10816 postgres: wal writer process
├─10817 postgres: autovacuum launcher process
└─10818 postgres: stats collector process
The most common issue is that the database cluster was not initialized. You can initialize it easily by running the postgresql-XX-setup script with the initdb command, e.g.
sudo /usr/pgsql-11/bin/postgresql-11-setup initdb
Then start the Postgres service, e.g.
sudo systemctl start postgresql-11
These steps helped me on our test server.
Connect your server via SSH.
Then switch user:
sudo su - postgres
Check Postgres status:
pg_ctl status
Stop DB:
pg_ctl stop
Check if no server processes exist:
ps axf | grep postg
Start Postgres service:
sudo systemctl start postgresql.service
OR
sudo systemctl start postgresql
Then check status:
systemctl status postgresql.service ИЛИ systemctl status postgresql

Resources