KB-1996: How to remove "DirectAudit Emergency Prompt:" error upon boot
Applies to: All version of Centrify DirectAudit on RedHat EL 6 Kernel 2.6.32-71.18.el6.x86_64
Problem: After upgrading to latest kernel RedHat EL 6 Kernel 2.6.32-71.18.el6.x86_64, DirectAudit immediately boots into "DirectAudit Emergency Prompt" after the grub screen stating:
"DirectAudit was unable to work out an appropriate shell based on the name /bin/sh, defaulting to fallback shell /bin/da.emergency.shell, however /bin/da.emergency.shell does not seem to exist, or the current user does not have the appropriate permissions to start it. DirectAudit will now provide an emergency prompt. Please use this prompt to either replace /bin/da.emergency.shell with a known good shell binary (for instance: from media, backups or network), modify the execution permissions on /bin/da.emergency.shell, or manually disable auditing. Note that as auditing for /bin/sh is currently broken, it is recommended that you avoid execution of any scripts which are interpreted by /bin/sh.
DirectAudit tries to maintain a backup copy of the default system shell, while this shell is not currently available, you may be able to mount the appropriate filesystem to retrieve and use that copy in recovery operations. Copies are kept in the following locations: /usr/share/centrifydc/bin/da.emergency.shell and /etc/centrifyda/da.emergency.shell and /etc/centrifyda/da.emergency.shell
Type 'exit' to exit <DirectAudit Emergency Prompt># "
Cause: Under normal circumstance, you will run into this issue when uninstalling DirectAudit without disabling DirectAudit. On RedHat EL6, there is also a /bin/dash which is used in the boot image as the default shell. When DirectAudit is installed, /bin/dash conflicts with the existing /bin/dash. When you rpm removed DirectAudit, /bin/dash was removed. Hence when you upgraded the kernel, the boot image has no shell. There are two problems one being conflict with /bin/dash and two mkinitrd. Mkinird is, the process which creates initial ramdisk images for preloading modules, being replaced by dracut in RedHat EL6.
Workaround: You need to reinstall the kernel on the system to force a rebuild of the initial image to make this work again. For future reference, if you need to upgrade the kernel, you must do dacontrol -d -a, reinstall dash-0.5.5.1-3.1.el6.i686, then upgrade the kernel.
Resolution: This issue has been fixed in DirectAudit 3.2.0 (Server Suite 2014).