Symantec Guide to Managing SCSP UNIX Agents and Network Configuration

Edit and remove the line from /etc/symantec/sis/sis.conf:

SisInstalledClsId=<cluster_member_id>

Get the Cluster Member ID by running the following command: /sbin/sysconfig -q generic grep memberid

6If the machine not is a member of a TruCluster, or it is configured as a single member cluster, perform the following actions:

Type and run the following commands to remove the agent user and group: userdel sisips

groupdel sisips

Remove the cluster member directories and CDSLs (cluster dependent symbolic links):

rm -rf /cluster/members/\{memb\}/etc/sisips

rm -f /cluster/members/\{memb\}/sbin/init.d/sisi?sagent rm -f /etc/sisips(CDSL)

rm -f /sbin/init.d/sisi?sagent (CDSL) rm -f /opt/Symantec(CDSL)

rm -rf /etc/symantec rm -f /etc/sisips.conf

rm -f /sbin/rc?.d/*sisips* rm -f /sbin/rc?.d/*sisids* rm -f /usr/.smdb./SYMCSP513.*

Disabling and enabling UNIX agents

You can temporarily and permanently disable UNIX agents. If you permanently disable an agent, the agent daemons stop immediately and disable startup upon restart. It does not disable the agent daemons. Upon restart, the agent daemons continue to load and enforce the currently-applied policies.

Disabling and enabling Solaris agents

This section describes how to disable and enable Solaris agents.

Temporarily disabling the IPS driver

If you have performance issues with Solaris agents, you may need to temporarily disable the intrusion prevention driver. You should do this only if there are serious performance issues that you suspect are being caused by the IPS driver, or if you have applied a prevention policy that is not allowing you to access the system in any way.