Deployed this to 6 AIX 5.3 TL10 hosts last night and after applying the Read and Write protection to the directories for our application the directories did not lock down like they should have i.e we could both read and write data to the directories. But randomly it seems sometime overnight the read and write protection kicked in. Anybody notice this behavior?
Also I Checked the sadmin rp -l and sadmin wp -l and the directories are listed, and the features list shows deny-read enabled.
That's the first I've heard of an issue like that. How did you apply the Read and Write protection, using the local CLI or was it pushed down through EPO or System Controller?
Once you made the policy change in EPO did you wake up the McAfee Agent to push down the policy change? I have to say I'm not an expert in that area of Solidcore but from what I remember if you don't do that then the change will not take affect until the next time the agent does a sync.
Thats actually a whole issue in itself. The McAfee Agent for AIX doesn't seem to have a collect and send option and the clients are behind a firewall that does not allow wakeup calls through. So I had to wait for the hourly ASCI to occur for them to get the policy. After the first ASCI i ran the commands remotely via client task and got the results on the next ASCI showing the folders in read/write protect and the application as an updater. However i could still read/write to the directories. 3 hours after i knew the policy was applied the drives were still open. I was going to wait until this morning to open a service ticket but when i came in this morning they were locked.