Hello Sergey, It appears as though the policy is corrupt. Have you tried deriving another policy and applying it to the sensor? I would also like to know what console you are using? (i.e. SiteProtector or WGM). Try the following. Stop the sensor and rename the current.policy. Now derive a new policy from the attack and audits and without modifying apply it to the sensor. Does the same error occur?
================================================= Wendel Crenshaw Senior Technical Support Engineer Internet Security Systems: http://www.iss.net Phone: (404) 236-2700 or (888) 447-4861 Technical Support email: [EMAIL PROTECTED] PGP Public Keys http://www.iss.net/support/howto_encrypted_email.php Training http://www.iss.net/education/ Internet Security Systems Product Knowledgebase http://www.iss.net/support/knowledgebase/ ***PLEASE NOTE: With the recent availability of the True Blue Customer Support Center, this is now the preferred method of electronic communication for all North American customers. Submitting incidents, viewing and updating status of incidents should be done via the True Blue Customer Support Center located at https://www.iss.net/issEn/MYISS/login_help.jhtml ================================================= -----Original Message----- From: Sergey V Soldatov [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 5:17 AM To: [EMAIL PROTECTED]; ISS Technical Support Subject: 785425 NetworkSensor 7.0.2002.269 on Linux 2.4.20-8 I have NS (SP 4.2:XPU 22.6) installed on Linux. When I use standard ISS's policies, such as "Attacks and Audits", etc, all is working properly. But when I try to use custom policy (see DMZ_Default.zip) sensor stops with the following errors in syslog (/var/log/messages): .... Dec 30 12:24:34 RNE1 kernel: application bug: issDaemon(1558) has SIGCHLD set to SIG_IGN but calls wait(). Dec 30 12:24:34 RNE1 kernel: (see the NOTES section of 'man 2 wait'). Workaround activated. Dec 30 12:26:45 RNE1 kernel: application bug: issDaemon(1558) has SIGCHLD set to SIG_IGN but calls wait(). Dec 30 12:26:45 RNE1 kernel: (see the NOTES section of 'man 2 wait'). Workaround activated. Dec 30 12:28:57 RNE1 kernel: application bug: issDaemon(1558) has SIGCHLD set to SIG_IGN but calls wait(). Dec 30 12:28:57 RNE1 kernel: (see the NOTES section of 'man 2 wait'). Workaround activated. Dec 30 12:31:08 RNE1 kernel: application bug: issDaemon(1558) has SIGCHLD set to SIG_IGN but calls wait(). Dec 30 12:31:08 RNE1 kernel: (see the NOTES section of 'man 2 wait'). Workaround activated. Dec 30 12:33:20 RNE1 kernel: application bug: issDaemon(1558) has SIGCHLD set to SIG_IGN but calls wait(). Dec 30 12:33:20 RNE1 kernel: (see the NOTES section of 'man 2 wait'). Workaround activated. .... As programmer in the past I know that it isn't correct to perform wait() system call when SIGCHILD set to SIG_IGN (ignored), but why standard ISS's policy "Attacks and Audits" normally work without any "application bug"? May be problem is in something else? Also, here is dmesg output, may be it will be interesting... (See attached file: dmesg.txt.gz) Thanks a lot. (See attached file: DMZ_Default.zip) --- Best regards, Sergey V. Soldatov Department of information security, TNK-BP. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
