This technote describes an issue where a deploy changes might time out when the permissions are modified for the /opt/qradar/conf directory.
When an administrator clicks Deploy Changes from the Admin tab, the system attempts to complete the operation, but eventually displays a timeout message.
When a permissions issue is the root cause, the following messages may be seen in /var/log/qradar.error
Feb 28 05:00:00 IP Address [tomcat] [Thread-16009] ComponentOutput: [ERROR] [NOT:0000003000][IP Address/- -] [-/- -]ErrorStream postDeployScripts: mv: cannot move `/tmp/nvaconf.temp.OCx5hT.sorted' to `/opt/qradar/conf/nva.conf': Permission denied.
The permission level assigned to the /opt/qradar/conf directory might have been changed.
Diagnosing The Problem
The administrator should review the permissions and ownership that is assigned to the configuration directory for QRadar.
- Using SSH, log in to QRadar as the root user.
- To verify the permission level, type the following command: ls -ld /opt/qradar/conf.
- Review the permissions and ownership that is assigned to the /opt/qradar/conf directory.
The permissions should be: drwxrwxr-x. 29 nobody nobody 45056 Feb 27 14:36 conf.
Example screen capture:
If the owner and group of the directory have changed, deploys may fail because the Tomcat process which performs the deploy needs to run as nobody nobody.
Resolving The Problem
The administrator must correct the permissions or ownership of the directory by using the appropriate chmod and chown commands. The owner of the directory must be nobody nobody.
Where do you find more information?
16 June 2018