Problem: failure in applying access policies
An access policy was disabled in Segura, but remains active on the local device, preventing policy updates from being correctly applied to the installed agent.
Symptoms
- Policies disabled in the control panel continue to be in effect on the device.
- Access policy modifications are not being applied.
- The Agent does not synchronize correctly with Segura.
Solution
Although the secpack-maestro service normally updates the rules automatically, follow these steps to resolve manually:
- Access as root in the Linux terminal
- Stop the secpack-maestro service:
service secpack-maestro stop
- Verify that the service stopped correctly:
service secpack-maestro status
- Remove the desired policies:
echo 'delete 100 acl write path="/etc/oracle/tnsnames.ora"' | /usr/sbin/caitsith-loadpolicy
- Confirm the policy removal:
cat /sys/kernel/security/caitsith/policy
- Disable the rule in the Segura platform to prevent it from being reapplied
- Restart the service:
service secpack-maestro start
- Check the synchronization status:
systemctl status secpack-maestro
- Monitor logs for possible errors:
sudo tail -f /var/log/syslog
Prevention
- Always disable policies through Segura before removing them locally.
- Regularly check the synchronization status between the agent and the platform.