Uninstalling GuardMode Agent on Linux

Before uninstallation, ensure that the GuardMode Agent service is stopped and disabled. This prevents the service from automatically starting during the uninstallation process:

systemctl stop Catalogic.GuardMode.Agent.service
systemctl disable Catalogic.GuardMode.Agent.service

Next, remove symbolic links and files related to the GuardMode Agent service:

find /etc/systemd/system/ -type l -name "*Catalogic.GuardMode.Agent*" -exec echo "removing {}" \; -exec rm -f {} \;
find /etc/systemd/system/ -type f -name "*Catalogic.GuardMode.Agent*" -exec echo "removing {}" \; -exec rm -f {} \;
find /usr/lib/systemd/system/ -type l -name "*Catalogic.GuardMode.Agent*" -exec echo "removing {}" \; -exec rm -f {} \;
find /usr/lib/systemd/system/ -type f -name "*Catalogic.GuardMode.Agent*" -exec echo "removing {}" \; -exec rm -f {} \;

Adjust system service properties:

sed -i 's/^RefuseManualStop=no$/RefuseManualStop=yes/' /usr/lib/systemd/system/auditd.service

# For OES 2023 only:
sed -i 's/^[ \t]*ProtectHome=read-only$/ProtectHome=true/' /usr/lib/systemd/system/augenrules.service
sed -i 's/^[ \t]*ProtectHome=read-only$/ProtectHome=true/' /usr/lib/systemd/system/auditd.service

Reload the system daemon:

systemctl daemon-reload

Remove the GuardMode Agent installation directory and any related configuration files:

rm -rf /opt/catalogic/guard-mode/agent
rm -f /etc/audit/rules.d/GuardMode.rules
rm -f /etc/audit/plugins.d/CatalogicAuditDispatcher.conf
rm -f /etc/audisp/plugins.d/CatalogicAuditDispatcher.conf

Update Audit Rules and Restarting the Service:

augenrules
systemctl restart auditd.service

(Optional) Depending on your specific requirements, you might want to remove auditd from your system.

Tip. Audit packages might be installed by default.

For RHEL 7, 8, 9:

yum remove audit audit-libs libicu

For OES 2023:

zypper remove audit libaudit1 libauparse0

PreviousUninstalling GuardMode Agent on Windows NextConfiguring GuardMode Agent for SAMBA setup