No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Clear the Alarm 9957 in MediaX 3600

Publication Date:  2018-01-25 Views:  80 Downloads:  0
Issue Description


This alarm is generated when the board, COTS server, or virtual machine (VM) OS intrusion is detected.


You can manually clear this alarm after analyzing the OS intrusion detection report and rectify the faults.


Alarm-9957, in this case, is caused by tcpdump program installed on MediaX VM. 

The installed file of MediaX didn’t contain tcpdump package and what we need to do is to uninstall the tcpdump program because the ALM-9957 cannot be cleared automatically in this scenario.

Solution

How to locate the problem:

1. Get MediaX virtual machine system information using the following command:

GET SYSINFO: TYPE=ALL, DEPLOYTYPE=VM, VMNAME="MEDIAX_01";


The report file is in osinfo/opt/osinfo/detect/report



2. Open alarm report file 

We can confirm the root cause is tcpdump program from the report bellow:


3. Query MediaX inner IP

Log into the OMU client, execute LST INIP at CGP module, the ineer IP is 172.16.128.15, in this case:



4. Login the OMU server with Putty or Xshell. 

Then login MediaX VM with the IP address obtained in previous step: 172.16.128.15, default pass is cnp200@HW.



5. Check if there is tcpdump installed on the MediaX virtual machine. If installed, uninstall tcpdump.


                        Check if there is tcpdump installed on the MediaX virtual machine.

media1:/opt # rpm -q tcpdump

tcpdump-3.9.8-1.21

uninstall tcpdump.

media1:/opt # rpm -e tcpdump-3.9.8-1.21

media1:/opt #

 

  Check if tcpdump is uninstalled.

media1:/opt # rpm -q tcpdump

              package tcpdump is not installed



6. Log in to the standby MediaX VM and use this command: ssh media2 and re-execute Step 3 to remove tcpdump on the standby VM.

 

7. Manually restore the ALM-9957 alarm on the OMU client.

END