Critical System Protection

I have a PCI environment and am using CSP v5.2.9. I have four Linux servers running Red Hat Enterprise Linux Server release 5,9 and 5.10 (Tikanga). We were able to install the agent (5.2.9.568) without difficulty. When I attempt to install detection policies for UNIX_CSP_Agent_Status or the Unix_Baseline_Detection, CSP attempts to apply the policy, the process never compleats and hangs. Has anyone tried using RHL Tikanga?

I have not heard of issues with those builds of RHEL.

When you say that the process never completes, do you mean that the red flag in the console does not go away?

Yes, the red flag never goes away, I have even let it sit for a week.

Reapply the policy, then check the ...\Agent\scsplog\SISIPSSservice.log.  If there is an error thrown when applying the policy, it should be in there.

Also, when you installed the agent, did you have to run the Prerequisite Check Bypass to get the agent to install, or did it install without any issues?

Some other things to check -- make sure that all 3 of the services are running on the agent, and there is connectivity to the manager by running "sisipsconfig -test" from the command line.

What color is the dot next to the agent's name in the management console? 

After running the checks it was found that the IPS module was not enabled during the install. Inabling the IPS module, rebooting the server fixed the issues I was having.

Good news!  And that makes sense -- you cannot apply an IPS policy to an agent whose IPS driver has been disabled.