Removing Server Sensor network modules from Solaris
How do you remove the Server Sensor network modules from Solaris?
This article documents the procedure for removing the Server Sensor network modules for Solaris in version 5.5 and higher.
Note: By removing these modules, you are disabling the networking monitoring fundamentals of the Server Sensor. The RealSecure Server Sensor uses two modules for monitoring network traffic as it comes to the host. These two modules are rsdrv (the low module that looks at individual packets) and rstcp (the high module that correlates multiple packets). Some modules, not all, are imported into kernel space by the file:
/etc/devlink.tab. This is the import file that Server Sensor uses to place the rsdrv module within the kernel in order to be referenced.
The following steps are needed in order to remove the rsdrv (low) module.
- Edit (vi, emacs, etc.) the file
/etc/devlink.taband find the below line:
- Change this line by adding the "#" at the beginning. This causes the module to be ignored during bootstrap.
- : Move the module file into another directory for reference later, for this example
/rootare used to store the kernel module. See the below command:
mv /kernel/drv/rsdrv /root
The next steps are used to remove rstcp (high) module.
- Move the rstcp module file into a directory for reference later, for this example
/rootwill be used to store the kernel module. See the below command:
mv /kernel/strmod/rstcp /root
- Restart the host server. After a restart of the host, in order to verify that the modules are not present, use the following command:
modinfo | grep rs
- Ensure that the rsdrv and rstcp are not in the list that appears. An error message results in the syslogs that can be safely ignored.
Apr 26 09:40:10 host.network.net rsagent[PID]: Error in opening Protocol Sensor. Protocol Sensor is DISABLED.
More support for:
IBM Security Host Protection
RealSecure Server Sensor
Software version: 7.0 - SR 4.1, 7.0 - SR 4.2, 7.0 - SR 4.3, 7.0 - SR 4.4
Operating system(s): Solaris
Reference #: 1434279
Modified date: 16 February 2015