Problem: failure in applying access policies
An access policy was disabled in Segura®, but remains active on the local device, preventing policy updates from being correctly applied to the installed agent.
Symptoms
- Policies disabled in the control panel continue to be in effect on the device.
- Access policy modifications are not being applied.
- The Agent does not synchronize correctly with Segura®.
Solution
Although the secpack-maestro service normally updates the rules automatically, follow these steps to resolve manually:
- Access as root in the Linux terminal
- Stop the secpack-maestro service:
service secpack-maestro stop
- Verify that the service stopped correctly:
service secpack-maestro status
- Remove the desired policies:
echo 'delete 100 acl write path="/etc/oracle/tnsnames.ora"' | /usr/sbin/caitsith-loadpolicy
- Confirm the policy removal:
cat /sys/kernel/security/caitsith/policy
- Disable the rule in the Segura® platform to prevent it from being reapplied
- Restart the service:
service secpack-maestro start
- Check the synchronization status:
systemctl status secpack-maestro
- Monitor logs for possible errors:
sudo tail -f /var/log/syslog
Prevention
- Always disable policies through Segura® before removing them locally.
- Regularly check the synchronization status between the agent and the platform.