Previous Topic: secons UtilityNext Topic: secons Utility—Manage CA ControlMinder Tracing


secons Utility—Manage CA ControlMinder Shutdown on UNIX

Valid on UNIX

The secons utility shuts down CA ControlMinder and the associated daemons. You can also use this utility to find out which processes are still executing CA ControlMinder code.

Only users defined as ADMIN or OPERATOR can shut down CA ControlMinder. To shut down CA ControlMinder on remote computers, you must be defined as ADMIN or OPERATOR on those remote computers.

This command has the following format:

secons [-s [hosts | ghosts]] \
[-S [{selogrd | selogrcd | serevu}]] \
[-sc] [-scl] [-sk]
‑s [hosts | ghosts]

Shuts down the CA ControlMinder daemons on the defined, space-separated, list of remote hosts. If you do not specify any hosts, CA ControlMinder shuts down on the local host.

You can define a group of hosts by entering the name of a ghost record. If you use this option from a remote terminal, the utility requests password verification. You also need admin privileges on both the remote and local computers, and write permission to the local computer on the remote host database.

‑S [{selogrd | selogrcd | serevu}]

If you do not define a daemon, terminates the CA ControlMinder daemons and attempts to terminate active daemons selogrd, selogrcd and serevu. If the selogrd, selogrcd, or serevu tokens in the [daemons] section of seos.ini file are set to yes, sends the termination request to the running CA ControlMinder main daemon or sends the termination signal to the specified daemon if CA ControlMinder is already down.

If you define a daemon, secons does not terminate the CA ControlMinder daemons. If the appropriate token in the [daemons] section of seos.ini file is set to yes, it sends the termination request to the running CA ControlMinder main daemon or it sends the termination signal to that daemon if CA ControlMinder is down.

-sc[l]

Displays processes that are still executing CA ControlMinder code.

You cannot unload CA ControlMinder if an application, which is loaded on top of CA ControlMinder, has an open system call (syscall) that is hooked by CA ControlMinder. Once you know which processes are still executing CA ControlMinder code, you can shut down these processes and unload the CA ControlMinder kernel module. You can then use UNIX exits to automatically shut down these processes before unloading the kernel and then restart them after the kernel unloaded.

The -sc output displays as a two-column table with the system call number in the first column, and the process identifier in the second column.

The -scl option also displays parent process ID (PPID), UID, time, and program name information for the processes that are still executing CA ControlMinder code. The time information lets you find out how long the process has CA ControlMinder hooked. If the time is relatively short, the hook is likely to be a temporary one.

You can also run this while CA ControlMinder is running to help you predict what may cause unload issues in advance. However, in some cases, such as the accept command, CA ControlMinder code removes the hook during unload. This means that some of the active hooks you see while CA ControlMinder is running may not actually affect unloading.

Note: By default, CA ControlMinder monitors system calls intercepted by CA ControlMinder. You must set the syscall_monitor token in the seos.ini file to 0 (disabled) if you do not want CA ControlMinder to monitor system calls.

-sk

Shuts down all CA ControlMinder daemons and prepares the CA ControlMinder kernel extension to be unloaded.

Example: Shut Down CA ControlMinder

Example: Display Information for Processes that are Still Executing CA ControlMinder Code