Disable TailWatchd for a specific service

Operating System & Version
CLOUDLINUX 7.9
cPanel & WHM Version
v94.0.25

Rustam.Aheiev

Registered
Oct 29, 2021
3
0
1
Ukraine
cPanel Access Level
Root Administrator
Good day!

Is it possible to disable TailWatchd to tracking for a specific service like TaniumRecorder?
We use auditd service and for the measures TaniumRecorder. So I don't have access to config TaniumRecorder.
But after install Tanium there are many messages in the audit.log:

node=hostname type=SYSCALL msg=audit(1656586627.523:1012855268): arch=c000003e syscall=49 success=no exit=-99 a0=11b a1=2a76720 a2=10 a3=1 items=0 ppid=1 pid=1751 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tailwatchd" exe="/usr/local/cpanel/libexec/tailwatch/tailwatchd" key="TaniumRecorder"
node=hostname type=SOCKADDR msg=audit(1656586627.523:1012855268): saddr=0200000031B91AAE0000000000000000
node=hostname type=PROCTITLE msg=audit(1656586627.523:1012855268): proctitle="tailwatchd"

Or better to disbale tailwatchd dir for auditd?
TY!
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,731
1,864
363
cPanel Access Level
Root Administrator
Hey there! I'm not familiar with TaniumRecorder, but if the service is being monitored it was likely added using the details here:


You can undo that process to remove the monitoring. Can you try that and let me know if that works?