Solaris Tip of the Week.

I have to be semi-vague here because of the nature of the post.

If you’re using Cisco Security Agent as a SOX compliance tool, stop. There is a very high chance that once you upgrade to the latest RPC that your system will crash. The only way to remedy this is to upgrade the CSA *and* CMA packages, and that isn’t 100%. This knowledge came about from installing some RPC’s on a few pieces of SPARC hardware and a core dump sent to Sun for analysis. The analysis came back showing that CSA was holding onto hundreds of threads, causing load averages to spike in a way I’ve never thought possible and locking up the machine. It locked it up so badly that we couldn’t even get to a console from the LOM.

So yeah. Get rid of it. Pipe your syslogs to another server and send those off for compliance.