CentOS patching getting failed and the action status says error

Hello BigFix Masters,

We are facing some issue while deploying CentOS patches in our test environment. While trying to deploy CentOS patches through a baseline into my test environment, the Import GPG key is getting deployed successfully but the patches are not getting deployed and we are getting the status as error due to which the patches which the baseline gets failed. Please help i am facing this issue since 1 week.

Thanks in advance

We also face same issue when we do CentOS patching. First patch gives syntax error and all patches get stuck.

Greetings.

Are all components in the baseline failing or is it specific ones?

-Matt

Hi @MattMangan the first component of the baseline shows the same error which is shown in the below attachment and the status of the first component shows as “error” .

We have tried deploying two different baselines with different components in it but the result is the same. Both the baseline’s are showing “error” on the first component and i guess due to which the next component is not getting installed onto the system and the baseline last reported status is showing us as error.

Are you getting an EDRDeployData folder on the client? The logs in there may be useful. It should be, I think, at /var/opt/besclient/EDRDeployData.

I’ve seen this once before when the site content was corrupt on the relay (an antivirus product was blocking the relay’s gather, I think), and the client was not getting a copy of the binaries used in the prefetch portion of the action. That can be difficult to diagnose. I’ll be at a computer in an hour or two and can tell you what to look for then.

1 Like

Echoing what Jason posted above. Take a look at the following log:

/var/opt/BESClient/EDRDeployData/EDR_DeploymentResults.txt

There should be some useful information in this log that can help with troubleshooting.

-Matt

Thanks @JasonWalker & @MattMangan i will surely look into the EDR logs.

@JasonWalker it will be grateful if share me what to check

Thanks in Advance

Check first on the endpoint for the EDRDeployData folder and the logs contained within it. Those should help identify the problem, whatever it is.

In the (unlikely) event that it’s the same specific thing I mentioned about failed site gathers…on the client, check the directory “/var/opt/BESClient/__BESData/Patches for CentOS6 Plugin R2” (or the CentOS7, or whichever version you’re using. There should be a number of .fxf files in there, as well as a couple of binaries that are used during the prefetch phases - specifically “centos-client-x64” and “centos-client-x32”. If those are missing, we’d begin troubleshooting why the client is failing to gather those sites correctly, which may lead us up the relay stream to find a failing relay.

Actually this brings to mind another possible edge case. If your client is not subscribed to the “Patches for Centos X” site, but is subscribed to the site in which you have your baseline, you could encounter the same type of behavior. The Baseline is relevant, but the prefetch statements depend on the binaries in the Patches for Centos X site, so an action would present an “error” result when the prefetch plugin operations fail.

Hi Guys thanks for the response, finally the issue was resolved. It took a lot of time to resolve this issue.

Basically we found out that the main directory where the patches get downloaded temporally, didn’t had permission to download and execute. It is always excluded while doing server hardening. After giving the permission the issue resolved and we were able to patch.