Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2634: Can a Centrify DA Server be patched and rebooted?

Centrify DirectAudit ,  

12 April,16 at 11:08 AM

Applies to: All versions of Centrify DirectAudit.

 

Question:

 

What are the best practices to patch a Centrify DA server?

 

Answer:

 

We highly recommend disabling Centrify DA temporarily before an OS patch and also rebooting the machine after the OS upgrade.


Run as root:


#dacontrol -da


This will disable all shells.


After patching and rebooting, re-enable auditing as follows:


#dacontrol -e -a



1) Temporarily disabling auditing is recommended because if the upgrade replaces one of the executables that is being audited, then this could lead to unforeseen issues. 

 

2) Centrify also recommends disabling DA before patching because Centrify DA 2.x uses symlinks. Any update while auditing may interfere with these symlink’d files and/or destroy the linked-to DA binary.


In the future release of Centrify DA 3.x, symlinks for shell audit will no longer be used. However per command auditing is still an issue as it still uses symlinks in its operations.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 No related Articles