DevHeads.net

Postings by Veetil, Vyshnav

Sftp connections timing out in Centos 7

Hi,
We are facing some issues in Centos 7. When we create sftp connection and sync data from server to client and vice-versa.
Whenever we are running load on the setup SFTP connections are frequently getting timed out. Resulting in unnecessary sftp processes on system. Is there any known issue related to sftp timeout. Please let us know your suggestions to overcome this issue.

Thanks and Regards,
Vyshnav

When you will fix the CVE's affected to kernel package.

Hi,
Could you please let us know ,when you will fix these below CVE's in kernel package.
1) CVE-2018-10940
2) CVE-2018-1120

Regards,
Vyshnav

NSS authentication issue in FIPS mode.

Hi ,

In FIPS mode I was using

"NSS FIPS 140-2 Certificate DB:mypassphrase" in /etc/ipsec.d/nsspassword and in my custom location.

But it is failing with the below error in logs:

Jun 27 12:36:11: authentication of "NSS FIPS 140-2 Certificate DB" failed Jun 27

12:36:11: FATAL: NSS initialization failure

I was using CentOS Linux release 7.4.1708 (Core) with libreswan-3.20-3.el7.x86_64.

Could you please help me to resolve this problem.

Regards,

Vyshnav

Do we know the reason why this below listed CVEs will not be fixed For elfutils-libelf, elfutils-libs and elfutils pakages ?

Do we know the reason why this below listed CVEs will not be fixed
For elfutils-libelf,elfutils-libs and elfutils pakages ?
1.CVE-2017-7607
2.CVE-2017-7608
3.CVE-2017-7609
4.CVE-2017-7610
5.CVE-2017-7611
6.CVE-2017-7612
7.CVE-2017-7613

CentOS 7.4 installation getting failed because of nss password prompt during installation.

Hi,
We have been observing that after migration to CentOS 7.4 the installation fails due to password being prompted for the execution of below command as part of the install script.

<custom_location>certutil -N -d <custom location> -f <custom location>/nsspassword

The install script contains the above command to create the NSSDB at the install time.

how to disable nscd and nm-dispatcher logs from centos console.

Hi,
After upgraded to CentOS7.4 we are getting some logs printed on the console.
nscd logs are getting printed after executing the command
service nscd restart.

Nm-dispatcher logs are getting printed on the console after every restart.

Can you please suggest any solution for disabling this logs.

NetworkManager-1.8.0-9.el7.x86_64
nscd-2.17-196.el7.i686

Please find the attached config files using for nscd and NetworkManager.(/etc/NetworkManager/NetworkManager.conf)

steps to create efiboot.img in centos

Hi ,
Can you please explain the steps to create the efiboot.img in centos.

Thanks and Regards,
Vyshnav

nmdispatcher logs are getting printed in CentOS7.4 cli.

Hi ,
When we upgrade to centos7.4 ,nm-dispatcher logs are getting printed in the cli page.
Please find the below logs.

localhost login:nm-dispatcher:req:1 'hostname':new request (4 scripts)
nm-dispatcher: req:2 'up' [eth0]: new request (4 scripts)
nm-dispatcher: req:2 'up' [eth0]: start running ordered scripts...
nm-dispatcher: req:3 'connectivity-change': new request (4 scripts)
nm-dispatcher: req:4 'hostname':new request (4 scripts)
nm-dispatcher: req:4 'hostname':start running ordered scripts...

Can you please tell me the reason for these messages?
How can we remove this messages from cli

Issue with selinux load_policy command

Hi,
We have done changes in our Centos7.4 to disable unconfined user from our code. We have created an iso in which we have replaced unconfined
with sysadm and we are performing an upgrade using the new iso. After upgrade current partition stop working .
It started expecting policies for unconfined.

Fix for CVE-2018-7409

Hi,
When will you provide the fix for CVE-2018-7409 affected to package unixODBC
Thanks and Regards,
Vyshnav

nssdb is pointing to /etc/ipsec.d but it needs to point to the /usr/local/platform/.security/ipsec path provided in /etc/ipsec.conf

Hi,
We are getting problem with ipsec connection in Centos7.4
Libreswan is unable to read the nssdir path /usr/local/platform/.security/ipsec instead always trying to only read /etc/ipsec.d Also, want to mention that /etc/ipsec.conf already has ipsecdir=/usr/local/platform/.security/ipsec which was working earlier with CentOS 7.3.
In CentOS 7.3 libreswan-3.15-8.el7.x86_64 is used.
In CentOS 7.4 libreswan-3.20-3.el7.x86_64 is used.

What has been changed in libreswan-3.20-3.el7.x86_64 packages?

For overcoming the pluto related issue, I have done some changes in configuration file.
I have rem

Custom ISO is giving error during installation

Hi,
I created a new ISO and try to install on my box but it failed. ISO has 1744 RPMs.
I saw it installed 1700+ packages and then enter this screen as attached screenshot.
It seems to complain about not enough space. if you suggest me try something, please do.

Regards,
Vyshnav

To enquire about the expected arrival of ntp, ntpdate, expat&libxml2 rpms with CVE fix

Hi All,
Can you please tell me the expected release of these rpms which is having the fix for below CVE's.
1. expat rpm:
CVE-2017-9233

2.libxml2:
CVE-2015-8035

3. ntp and ntpdate RPM:
CVE-2017-6462
CVE-2018-7170
CVE-2018-7170
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956

Environment variable $USER not getting updated on using 'exec sudo command'

Hi All,
We are facing an issue with exec sudo command which is resulting in an infinite loop.
We have one script in which we are checking if $USER is not equal to root then execute the same script with exec sudo so that it will run with root.
Code snippet:
script1:

if [[ "$USER" != "root" ]]; then
exec sudo $0 $@
fi
If we run the script with some another user say root1 using below
"sudo -u root1 script1" script1 will run in infinite loop.
In CentOS 7.4 when exec sudo command runs , the value of $USER remains same i.e root1 and again it enters and if block and execute the scipt1 and so on

EVP_sha1() returning exception invalid digest in fips mode on Centos7.4

Hi,

We are facing an issue when we are trying to sign a certificate using digest value EVP_sha1(). It throws an exception error
"Error: com.adharman.datatools.DataException: java.lang.Exception: java.lang.Exception: [0x80004005] AvMiuOpenSSLCertCreate, X509_sign->0. [error:060B7098:digital envelope routines:EVP_DigestSignInit:invalid digest]"

When I tried same thing with EVP_sha256() it worked. Is there any change in Centos7.4? Any deprecation for sha1?
Please share your thoughts on the same.

Can we expect the Fix for “OpenSSL error hex string is too long invalid hex key value” in next OpenSSL release.

In CentOS7.4 ,we are getting this error “OpenSSL error hex string is too long invalid hex key value” . OpenSSL version we are using is openssl-1.0.2k-8.el7. We have solved this issue by applying a patch in openssl package suggested by openssl community (<a href="https://mta.openssl.org/pipermail/openssl-dev/2016-May/007266.html" title="https://mta.openssl.org/pipermail/openssl-dev/2016-May/007266.html">https://mta.openssl.org/pipermail/openssl-dev/2016-May/007266.html</a>). Can we expect a Fix for this problem in next release of OpenSSL.