000035164 - Unable to log into Configuration Manager or roll back after adding password key to schema in RSA Web Threat Detection 6.1

Document created by RSA Customer Support Employee on Feb 7, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035164
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Forensics
RSA Version/Condition: 6.1
Platform: Centos : 6.0
IssueCustomer added a new key under schema labeled password and once the changes were pushed, the Configuration Manager could not connect to Postgres database.

 
Cause       Symptoms
  1. Customer is unable to log into Configuration Manager or Analytics UI.  Also, cannot roll back the changes.
  2. Customer can't  login to the UI or Configuration Manager. Authentication failed with the following Message:

"Connection to the database not established "


  1. When trying to roll back using  Safe mode the following message appeared:

Error: [Errno 13] Permission denied: '/var/opt/silvertail/etc/uiserver/uiserver.conf' (IOError)


  1. I reviewed the logs and verified that  AnnoDb did not start.

File ownership under "/etc/init.d/"  changed to  RSAWTD with permission 777. Therefore file permissions were changed from rsawtd:rsawtd to root:root for file "/var/opt/silvertail/bin/scout-service.sh" and service started up.


  1. The previous step was applied to the rest of the services to fix the permission issue and be able to start the rest of WTD services.
  2. After the permissions were corrected, the Customer was able to roll back using Safe Mode. However, message logs  reported the following error :
 

ServerName.DomainName annodb[99701]:MainThread:ERROR:AnnoDb Failed to start.
May 10 23:09:29 ServerName.DomainName annodb[104128]:MainThread:INFO:Silver Tail AnnoDb version 6.1.0.135 May 10 23:09:53 ServerName.DomainName silvercat.py[104205]:MainThread:INFO:Silver Tail SilverCat version 6.1.0.135
May 10 23:09:53 ServerName.DomainName silvercat.py[104205]:MainThread:ERROR:[Errno 1] Operation not permitted: '/var/opt/silvertail/etc/universal_conf.py'#012Traceback (most recent call last):#012  File "/var/opt/silvertail/bin/silvercat.py", line 86, in main#012    silvercat_handler.Serve(conf, SilverCatVarz())#012  File "python/st/icat/silvercat_handler.py", line 6108, in Serve#012  File "python/st/icat/silvercat_handler.py", line 4654, in __init__#012  File "python/st/icat/service.py", line 273, in SetConfigFilePermissions#012OSError: [Errno 1] Operation not permitted: '/var/opt/silvertail/etc/universal_conf.py'

 


  1. A similar error was seen in JIRA WTD-5067 which concluded that the cause was related to missing dependencies.




 
ResolutionDebug mode was enabled on WTD, and we verified that SiteProxy could not login to Postgres due to bad credentials. Safe Mode reset the SilverTail password to default.

Enabling Debug Mode on CentOS
  1. Login to your WTD box via  SSH  and  SU to root.
  2. Use VI  to edit this file /etc/rsyslog.conf.
  3. Insert the following line.

*.debug            /var/log/debug


  1.  Save the file
  2.  Restart the srsyslog service by running the command below:

sudo /sbin/service rsyslog restart


  1. Stop UI server

 /etc/init.d/st-UIServer-0 stop


  1.  start UI server in debug mode

 /var/opt/silvertail/bin/uiserver -f /var/opt/silvertail/etc/conf.d/UIServer-0/UIServer-0.conf --loglevel=debug


  1.   leave it running for a 5 minutes and  provide  /var/log/messages and /var/log/debug files to Customer Support.
 
 

Attachments

    Outcomes