Applies to: All versions of Centrify DirectAudit.

Question:

What are the best practices to patch a Centrify DA server?

Answer:

We highly recommend disabling Centrify DA temporarily before an OS patch and also rebooting the machine after the OS upgrade.

Run as root:

#dacontrol -da

This will disable all shells.

After patching and rebooting, re-enable auditing as follows:

#dacontrol -e -a

1) Temporarily disabling auditing is recommended because if the upgrade replaces one of the executables that is being audited, then this could lead to unforeseen issues. 

2) Centrify also recommends disabling DA before patching because Centrify DA 2.x uses symlinks. Any update while auditing may interfere with these symlink’d files and/or destroy the linked-to DA binary.

In the future release of Centrify DA 3.x, symlinks for shell audit will no longer be used. However per command auditing is still an issue as it still uses symlinks in its operations.