Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1996: How to remove "DirectAudit Emergency Prompt:" error upon boot

Centrify DirectAudit ,  

12 April,16 at 11:00 AM

Applies to: All version of Centrify DirectAudit on RedHat EL 6 Kernel 2.6.32-71.18.el6.x86_64

Problem:
After upgrading to latest kernel RedHat EL 6 Kernel 2.6.32-71.18.el6.x86_64, DirectAudit immediately boots into "DirectAudit Emergency Prompt" after the grub screen stating:


"DirectAudit was unable to work out an appropriate shell based on the name /bin/sh, defaulting to fallback shell /bin/da.emergency.shell, however /bin/da.emergency.shell does not seem to exist, or the current user does not have the appropriate permissions to start it. DirectAudit will now provide an emergency prompt. Please use this prompt to either replace /bin/da.emergency.shell with a known good shell binary (for instance: from media, backups or network), modify the execution permissions on /bin/da.emergency.shell, or manually disable auditing. Note that as auditing for /bin/sh is currently broken, it is recommended that you avoid execution of any scripts which are interpreted by /bin/sh.

DirectAudit tries to maintain a backup copy of the default system shell, while this shell is not currently available, you may be able to mount the appropriate filesystem to retrieve and use that copy in recovery operations. Copies are kept in the following locations: /usr/share/centrifydc/bin/da.emergency.shell and /etc/centrifyda/da.emergency.shell and /etc/centrifyda/da.emergency.shell


Type 'exit' to exit
<DirectAudit Emergency Prompt># "

Cause:
Under normal circumstance, you will run into this issue when uninstalling DirectAudit without disabling DirectAudit.  On RedHat EL6, there is also a /bin/dash which is used in the boot image as the default shell.  When DirectAudit is installed, /bin/dash conflicts with the existing /bin/dash.  When you rpm removed DirectAudit, /bin/dash was removed.  Hence when you upgraded the kernel, the boot image has no shell.  There are two problems one being conflict with /bin/dash and two mkinitrd.  Mkinird is, the process which creates initial ramdisk images for preloading modules, being replaced by dracut in RedHat EL6.

Workaround:
You need to reinstall the kernel on the system to force a rebuild of the initial image to make this work again.  For future reference, if you need to upgrade the kernel, you must do dacontrol -d -a, reinstall dash-0.5.5.1-3.1.el6.i686, then upgrade the kernel.

Resolution:
This issue has been fixed in DirectAudit 3.2.0 (Server Suite 2014). 

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.