Installing Linux EDR and the agent keeps going into Safe Mode on its own and is failing to send telemetry and check-in to Red Canary.
cf_system_log.csv, seeing errors related to an inability for the endpoint to connect to Outpost.
Error is something like:
Error encountered while invoking functor in InvokeIfConnected::invoke. It's probably just transient network failure. Context: Network(Error uploading to External Outpost: error sending request for url=telemetry&object [.....] unable to get local issuer certificate
Linux EDR package 1.2-1.4
PLEASE NOTE: any upgrades will affect the below change, which is simply a workaround for an outdated openssl version.
Edit the service file to point specifically to the SSL certs in the openssl-certs directory.
For 1.2, the file will be named
For 1.4, the file will be named
1. Either nano or vi to edit the service file:
For version 1.2:
3. Afterward do a
systemctl daemon-reloadto recognize the changes.
4. Finally, restart the service.
systemctl restart cwp.service
systemctl restart cfsvcd.service
And we’ll want to check the logs to see that we didn’t get the certificate error again.