Article Content
Article Number | 000039083 |
Applies To | RSA Product Set: RSA NetWitness Platform RSA Product/Service Type: Endpoint Insight RSA Version/Condition: 11.3.2.1 |
Issue | You may see lots of prelink <defunct> process in CentOS6/RHEL6 linux machines after installing nwe-agent as shown below. ![]() ![]() |
Cause | This issue seems to be happening in certain scenarios when agent calls the rpmVerifyFile API and when the RPM subsystem detects that at least one of file's dependencies has changed since prelinking. In this case, RPM is internally invoking the prelink process and since the agent is the caller of that API, the <defunct> processes are associated with our process. As such prelink is known to interfere with integrity checks on the system and has been disabled by default from CentOS7/RHEL7 onwards. And if the server is in FIPS mode, as per RHEL 6 documentation (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html-single/security_guide/index section: Enabling FIPS Mode ), prelink needs to be disabled in which case we will not run into this issue as RPM will not invoke prelink. |
Workaround | You can resolve this issue with the following 3 options below.
assistance. |