Data Loss Prevention

Hi Folks ,

I was referring to the below article which talks explicity about the entries that should be there on sudoers.d file  for Netmon Installs which is as below :

https://support.symantec.com/us/en/article.tech251727.html

# Vontu service user
Defaults:SymantecDLP !requiretty
SymantecDLP ALL= NOPASSWD: /bin/mount, /bin/umount, /usr/bin/sshfs
SymantecDLP ALL= NOPASSWD: /lib64/ld-linux-x86-64.so.2 --library-path /opt/Symantec/DataLossPrevention/Detection Server/15.1/Protect/lib/native\:/opt/Symantec/DataLossPrevention/Server JRE/1.8.0_162/lib/amd64/server /opt/Symantec/DataLossPrevention/Detection Server/15.1/Protect/bin/PacketCapture *

I would like to know specific mount point names that will be required  for the one highlighted in bold?

Is there any way we can check at the  application logs that may indicate the mount points used ? 

Any suggestion/help is appreciated !

Cheer's 

Ridhi Singh 

Hi Ridhi,

Please, could you post the error when you try yo start the DLP Network monitor service with the user "SymantecDLP"?, also check the logs on /var/log/SymantecDLP/debug

https://www.symantec.com/connect/articles/log-files-location-and-description-symantec-dlp-server

Hi Ronald ,

Thank's for looking to query . I am not getting any error with the service startup after providing the relavnt permission to sudoer.d file .

Looking at the primafacie , I am bit conerned to know what extact mount and unmount points are used by dlp installer so that i can mention that expliciltly on sudoer.d rather then giving it explicitly on bin for security concerns. I ve analyzed application install logs and i doesn't has mount point info.

Hope this helps! 

Cheer's 

Ridhi Singh