Wednesday, May 19, 2010

Trobleshooting the Checkpoint Daemon (CPD) - problem with Secure Internal Communication

The cpd process is responsible for all inter-module communications, and therefore plays a role in SIC initilization.

To check whether the Checkpoint Daemon (cpd) is running, run the following command:
ps -aux | grep cpd

The cpwd_admin list command will also display the status of the daemon.

Cat the $CPDIR/log/cpd.elg file. Look for any indication of a problem.

To restart the daemon:
$CPDIR/bin/cpd &

To debug the daemon (for example, if the daemon is stopping):
cpd_admin debug on TDERROR_ALL_ALL=5 ; cpd_admin debug on OPSEC_DEBUG_LEVEL=3

Once CPD dies on both, they should come back up in non-debug mode, but just to be safe run...
cpd_admin debug off ; cpd_admin debug off

Next generate a cpinfo and send the results to Checkpoint:
cpinfo -z -o

Also you can enable a CPD daemon core dump by doing the following:
1) Run 'um_core enable'
2) Run 'ulimit -c unlimited'
3) reboot
Once the daemon dies again, the core will be dumped to /var/log/dump/usermode

No comments: