clamav-freshclam doesn't start ...

Post your bugs here.
User avatar
ilu
Posts: 2471
Joined: 09 Oct 2013 12:45

clamav-freshclam doesn't start ...

Postby ilu » 08 Jun 2019 20:40

... complaining about permissions on /var/log/clamav/freshclam.log - which belongs to root on my system. Also logrotate refuses to run because of excessive permissions on /var/log/clamav.

I don't know whether this was fixed in the meantime, but in my fstab /var/log/clamav has the default for tmpfs which is 1777. /var/log/clamav is supposed to have 0755 instead. I changed the line in fstab to

Code: Select all

tmpfs   /var/log/clamav         tmpfs   defaults,noatime,mode=0755,uid=clamav,gid=clamav                        0       0
and the issue seems to be fixed. Other tmpfs lines in fstab might also need a mode parameter but since I have them deactivated I don't know.

User avatar
Arjen Balfoort
Site Admin
Posts: 9253
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: clamav-freshclam doesn't start ...

Postby Arjen Balfoort » 09 Jun 2019 17:11

Is uid and gid really necessary?


SolydXK needs you!
Development | Testing | Translations

User avatar
ilu
Posts: 2471
Joined: 09 Oct 2013 12:45

Re: clamav-freshclam doesn't start ...

Postby ilu » 10 Jun 2019 15:08

I'm not sure. That's the setting I tested. I'll test again without it. I think the main problem was that tmpfs has 1777 as default and needs to be forced to use more restrictive permissions, probably everywhere, except /tmp. With 1777 logrotate refused to run and the log files were for some reason created with root perms.

User avatar
ilu
Posts: 2471
Joined: 09 Oct 2013 12:45

Re: clamav-freshclam doesn't start ...

Postby ilu » 22 Jun 2019 17:24

On my system uid and gid are needed, otherwise the log file is created for root and freshclam fails. This needs to be corrected on the new ISO and probably also on already installed systems because freshclam not updating is unexpected behaviour.

On a SolydX10June VM which has no tmpfs the permissions in /var/log are root 755 except clamav (clamav 755) and exim4 (debian-exim and 2750) and everything seems to be working. If transferred to tmpfs these perms probably need to be set.

On another note:
- What's /var/log/private? (root 700)
- Should there be a /var/log/apache2?
- Should there be a /var/log/mysql?
- Why are mysql-common and mariadb-common installed? I can't find any rdepends.

User avatar
Arjen Balfoort
Site Admin
Posts: 9253
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: clamav-freshclam doesn't start ...

Postby Arjen Balfoort » 23 Jun 2019 06:46

The live installer change:

Code: Select all

            ram = "\n# RAM disks\n" \
            "tmpfs   /tmp                    tmpfs   defaults,noatime,mode=1777              0       0\n" \
            "#tmpfs   /var/cache/apt/archives tmpfs   defaults,noexec,nosuid,nodev,mode=0755 0       0\n" \
            "tmpfs   /var/tmp                tmpfs   defaults,noatime                        0       0\n" \
            "tmpfs   /var/backups            tmpfs   defaults,noatime                        0       0\n" \
            "# Disable /var/log/* tmpfs dirs when enabling tmpfs on /var/log\n" \
            "#tmpfs   /var/log                tmpfs   defaults,noatime                        0       0\n" \
            "#tmpfs   /var/log/apt            tmpfs   defaults,noatime,mode=0755              0       0\n" \
            "#tmpfs   /var/log/lightdm        tmpfs   defaults,noatime,mode=0755              0       0\n" \
            "#tmpfs   /var/log/samba          tmpfs   defaults,noatime,mode=0755              0       0\n" \
            "tmpfs   /var/log/cups           tmpfs   defaults,noatime,mode=0755               0       0\n" \
            "tmpfs   /var/log/ConsoleKit     tmpfs   defaults,noatime,mode=0755               0       0\n" \
            "tmpfs   /var/log/clamav         tmpfs   defaults,noatime,mode=0755,uid=clamav,gid=clamav 0       0\n"
In the adjust.py script of solydxk-system these directories/files are created or permissions are set on every boot:

Code: Select all

apache2: /var/log/apache2 - root:adm
mysql-client: /var/log/mysql - mysql:adm
clamav: /var/log/clamav - clamav:clamav
clamav: /var/log/clamav/freshclam.log - touch
samba: /var/log/samba - root:adm
consolekit: /var/log/ConsoleKit - root:root
exim4-base: /var/log/exim4 - Debian-exim:adm
lightdm: /var/lib/lightdm/data - lightdm:lightdm
This is removed on SolydK10 when purging mariadb-common:

Code: Select all

  colord* default-mysql-client-core* libdbd-mysql-perl* libgdal20* libhpmud0*
  libkf5sane5* libmariadb3* libopencv-calib3d3.2* libopencv-contrib3.2*
  libopencv-features2d3.2* libopencv-highgui3.2* libopencv-imgcodecs3.2*
  libopencv-objdetect3.2* libopencv-stitching3.2* libopencv-superres3.2*
  libopencv-videoio3.2* libopencv-videostab3.2* libopencv-viz3.2*
  libqt4-sql-mysql* libqt5sql5-mysql* libsane* libsnmp30* libvtk6.3*
  mariadb-client-10.3* mariadb-client-core-10.3* mariadb-common*
  printer-driver-hpcups* printer-driver-hpijs* python-opencv* sane-utils*
  skanlite*
-271MB

Then, installing skanlite:

Code: Select all

  libkf5sane5 libmariadb3 libsane libsnmp30 mariadb-common sane-utils
+7MB

Installing HP printer drivers:

Code: Select all

  ibhpmud0 printer-driver-hpcups printer-driver-hpijs
+5MB

and colord:
+200KB

A bit of work, but seems to be worth it :)

[EDIT]
After that, deborphan finds some remnant packages as well.


SolydXK needs you!
Development | Testing | Translations

User avatar
ilu
Posts: 2471
Joined: 09 Oct 2013 12:45

Re: clamav-freshclam doesn't start ...

Postby ilu » 23 Jun 2019 16:25

Strange, mariadb-client-core-10.3 is not installed on my test VM, I explicitly checked that. So I completely missed the track but still found the opencv easteregg :D

I noticed that the ISOs are steadily growing in size although core components don't (at least not that much) so we need to keep an eye on that. I will open a new topic on some other things I noticed.


Return to “Bug Control”

Who is online

Users browsing this forum: No registered users and 1 guest