Linux Red Hat agents ‘Failed to query audit subsystem’

Owned by Carlos Osorio
Nov 06, 2020
1 min read


SUMMARY

  • Oct 17, 2016

Symptom

Installing and executing the Snare Enterprise Agent for Linux, on Red Hat (such as Snare Enterprise Agent for Linux RHEL7 ) may have the error in /var/log/messages:

SnareDispatchHelper: Failed to Initialise agent:Failed to query audit subsystem version: No child processes

Other errors include:
-There are no listeners on port 6161, there no web interface.
-Manually running /usr/sbin/SnareDispatchHelper starts 6161 but reloading the setttings kills the process and doesn't restart

Resolution

Note: For Red Hat users to access the remote control interface, will need to ensure:

• the firewall rule allows access to the agent.
• to disable or set to permissive mode with SELinux.

You can check selinux status using the following command:
#getenforce -- returns Enforcing if enabled

You can disable it using:
#setenforce 0

To stop firewall service:
# service firewalld stop