08 Feb 2024 02:47 PM - last edited on 07 Mar 2024 08:56 AM by Michal_Gebacki
We have a Dynatrace oneagent on an selinux Rhel server which we have just upgraded from 7 to 8. When we upgraded to 8 the audit logs on the server were getting filled up constantly with dynatrace entries such as:
-rw-r--r--. root dtuser unconfined_u:object_r:oneagent_t:s0 liboneagentaudit.so
-rw-r--r--. root dtuser unconfined_u:object_r:oneagent_t:s0 liboneagentdynamizer.so
-rw-r--r--. root dtuser unconfined_u:object_r:oneagent_t:s0 liboneagentdynamizer.so.hmac
-rw-r--r--. root dtuser unconfined_u:object_r:oneagent_t:s0 liboneagentplugin.so
This didn't happen with Rhel 7.
The Dynatrace libraries are in unconfined selinux state on both 7 and 8.
The Oneagent has been uninstalled and reinstalled and it hasn't fixed the issue.
Has anyone come across this issue and know how to fix it?
Solved! Go to Solution.
19 Feb 2024 11:34 AM
In case anyone finds themselves with the above problem, the root cause of this issue was McAfee (Trellix) and its EDRTrace component that was logging everything Dynatrace Oneagent was doing in to the logs and making them useless.