Server Bug Fix: How much does httpd_can_network_connect being set to 1 actually open up on SELinux

Original Source Link

I am getting the following SELinux denied lines in my log file when I attempt to redirect a user to Paypal to checkout. Would you please help me understand what it means and what exceptions I should add to SELinux to allow these?

type=AVC msg=audit(1591554743.559:10135): avc:  denied  { name_connect } for  pid=3389 comm="httpd" dest=80 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1591554743.559:10135): arch=c000003e syscall=42 success=no exit=-13 a0=19 a1=7f6a14077238 a2=10 a3=26 items=0 ppid=981 pid=3389 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=PROCTITLE msg=audit(1591554743.559:10135): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44 

type=AVC msg=audit(1591554758.933:10140): avc:  denied  { name_connect } for  pid=5728 comm="php-fpm" dest=80 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket permissive=0
type=SYSCALL msg=audit(1591554758.933:10140): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f2e0555cf50 a2=10 a3=1bd7a524e1bda8 items=0 ppid=977 pid=5728 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null)ARCH=x86_64 SYSCALL=connect AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=PROCTITLE msg=audit(1591554758.933:10140): proctitle=7068702D66706D3A20706F6F6C20777777

From my research, it looks like “When enabled in ENFORCING mode, by default, SELinux prevents Apache web server from establishing network connections. On the machine hosting Apache web server, configure SELinux it to allow httpd network connections” RedHat

# /usr/sbin/setsebool httpd_can_network_connect 1

I just wanted to learn more about how much this actually opens up from a security standpoint and if it is adding too broad of an exception.

Also, if there is any way to limit by domains on this boolean rule.

Thank you all very much for your help 🙂

how much this actually opens up from a security standpoint

A lot. As you may have guessed it allows httpd_t to talk to any remote servers.
There is no specification for which website it is, and it can be a malicious one.

and if it is adding too broad of an exception

It does, but it’s a somewhat necessary evil.

To understand how it can be dangerous: with the boolean off, PHP code is unable talk to remote websites (as if curl_ functions were disabled).

If a website was hacked and the attacker now can change some files, they often will seek to add payload from other websites or establish a reverse shell, which wouldn’t be possible.

With the boolean enabled, it will be possible.

The same applies to all cases of fetching any untrusted PHP code from third parties.
E.g. consider your website was not hacked, to begin with.

You have installed some rare module for your CMS, but little did you know that it
had some obfuscated code that pretends to be a license, to fetch malware/do crypto-mining when it’s being run, from the author’s website.

if there is any way to limit by domains on this boolean rule.

It looks like it’s only possible to limit by IP addresses. I’m not sure about specific implementation though.

Tagged : / / / /

Server Bug Fix: SSHd not starting on CentOS 8.1

Original Source Link

I have centos 8.1.1911 (core)

I can’t get opensshd to run. I have dnf.

I removed it dnf remove openssh-server
then reinstalled dnf install openssh-server

systemctl start sshd

job for sshd.service failed for because hte control process exited with error code.

Going through the /var/log/messages log and I see a possible error
I did sshd -t and got the same error, error is:

Failed to seed from getrandom: Function not implemented

journalctl -xe and systemctl status sshd.service show no other failures

sshd.service main process exited code=exited status=255/n/a
Failed to start openssh server daemon

I did dnf remove openssh-server and tried again, still no luck

Removed /etc/ssh folder
rm -rf /etc/ssh
To wipe away any bad config and tried again. No luck

Care to advise? Does the centos 8.1.1911 just simply have no way to do this yet?

I saw a comment online to try this:
mkdir -p /var/run/sshd

For what I believe for PID file generation but having no luck still.

One possible reason could be when you upgraded the OS from CentOS 7 to CentOS 8 some of the code and commands that might have been defined in the sshd_config which are not compatible with CentOS 8. To know more check the access.log in /var/log PATH. Reinstalling sshd or openssh server doesn’t remove the complete instance. Due to that, it may not work in many situations. The best way is to check the logs and sshd_config file.

It’s a little too late but if the problem is the result of a dist upgrade it’s probably a kernel problem, you must upgrade your kernel version.
Check yours with

uname -a

if =< 3.x you should try an upgrade

Tagged : / /

Server Bug Fix: Unable to run sidekiq as service in CentOS 8

Original Source Link

I have following service file.

[Unit]
Description=xxx_sidekiq
After=syslog.target network.target


[Service]
Type=notify
WatchdogSec=10

WorkingDirectory=/home/xxx/project/matchspace/appointment-ms
ExecStart=/home/xxx/.rvm/wrappers/ruby-2.6.4/bundle exec sidekiq -e production
User=developer
Group=developer
UMask=0002

Environment=MALLOC_ARENA_MAX=2

RestartSec=1
Restart=on-failure

StandardOutput=syslog
StandardError=syslog

SyslogIdentifier=xxx_sidekiq

[Install]
WantedBy=multi-user.target

When I start the service as sudo systemctl start xxx_sidekiq.service I get following error

Jun  4 05:55:23 cnctest systemd[23391]: xxx_sidekiq.service: Failed to execute command: Permission denied
Jun  4 05:55:23 cnctest systemd[23391]: xxx_sidekiq.service: Failed at step EXEC spawning /home/xxx/.rvm/wrappers/ruby-2.6.4/bundle: Permission denied

The reason for Permission denied is given as

Jun  4 05:55:23 cnctest platform-python[23362]: SELinux is preventing /usr/lib/systemd/systemd from read access on the lnk_file ruby-2.6.4.#012#012*****  Plugin catchall (100. confidence) suggests   **************************#012#012If you believe that systemd should be allowed read access on the ruby-2.6.4 lnk_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c '(bundle)' --raw | audit2allow -M my-bundle#012# semodule -X 300 -i my-bundle.pp#012

How can I solve this problem.

Tagged : /

Server Bug Fix: Adding default gateway using nmcli – Centos 8

Original Source Link

I am trying to add 2 default gateways on my Centos8 server with different interface names and metrics. I have a route file for each interface with the route “default via metric “. This is not working as I don’t see the routes when I specify “ip route show all”. Looks like NetworkManager is not considering the route files with default gateway. So I add the default route using “ip route add” command. This becomes a problem since this doesn’t persist on reboot. Any idea how to achieve this and make it persistent?

Tagged : / / / /

Server Bug Fix: Inverse Name Search by UID (CentOS 8) – Retrieves last created with same UID

Original Source Link

I am working with CentOS 8 and I have a problem with UIDs and User Names. I have installed VestaCP to manage my websites. The user by the name of “user123” and UID 1007 is the owner of all the websites (user in VestaCP). Then I have created individual FTP users for each website. Each FTP user has the following name format: “user123_random”, where random is a random text. Each FTP user has a different name, but they all share the same UID (1007) (this is the default behavior when creating new FTP users).

Now the problem happens when I am checking the ownership (user) of each website or file inside that website. So technically, the owner belongs is UID 1007. The problem here is that CentOS 8, for some reason, it is showing “user123_random” as the owner of the websites instead of “user123”.

The curious thing is that when I do a “id -nu 1007”, it returns the name of the last FTP user created with the prefix “user123_”. So I assume, this is what CentOS 8 does internally, showing the last username (with same ID 1007) as the owner of a file/directory. This is not how CentOS 7 worked. CentOS 7 would show “user123” as the owner of the files, irrespective of adding new FTP users with the same UID.

The question is…is there a way to change this behavior in CentOS 8, so that it behaves as CentOS 7? So that the inverse name search by UID returns the “first created user” with that UID.

I would use a different solution. I would add all those users in 2 groups, one group to give read-only access, and another group to give read-write access.
Then I would use extended POSIX ACLs to give those groups permission on the folders and files. You can set a default permission to be inherited. And with setGID I would set the group for new files and folders.

For details see the man pages for: chmod, chown, setfacl, getfacl, ls

Tagged : / / /

Server Bug Fix: Rsyslog – debugg error logs

Original Source Link

I run rsyslog in the debugg mode (-dn) and I show this logs :

    0153.213242514:main thread    : nsd_ptcp.c: We could initialize 1 TCP listen sockets out of 2 we received - this may or may not be an error indication.
    0153.215776512:main thread    : net.c: We could initialize 1 UDP listen sockets out of 2 we received - this may or may not be an error indication.
    0153.218166036:main thread    : net.c: We could initialize 1 UDP listen sockets out of 2 we received - this may or may not be an error indication.


0183.411735751:imudp.c        : parser.c: dropped LF at very end of message (DropTrailingLF is set)
0183.411809598:imudp.c        : parser.c: dropped LF at very end of message (DropTrailingLF is set)
0183.411869286:imudp.c        : parser.c: dropped LF at very end of message (DropTrailingLF is set)

The configuration is :

rsyslog.conf :

module(load="imuxsock")
module(load="imjournal")
module(load="imtcp")
module(load="imudp")
global(workDirectory="/var/lib/rsyslog")
include(file="/etc/rsyslog.d/*.conf")
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

rsyslog.d/test.conf :

template(name="test_template" type="string" string="/data/%FROMHOST-IP%.log")
ruleset(name="test_device"){
                action(type="omfile" dynaFile="test_template")
                action(type="omfwd" protocol="udp" target="10.0.0.1" port="1514")
}
input(type="imudp" port="1514" ruleset="test_device")

It’s rsyslog 8.37 on CentOS8 with ~900messages per second.

The problem is that rsyslog stop forwarding randomly after a few seconds / minutes / hours

Thanks

Tagged : /

Server Bug Fix: Rsyslog queueing: configuration failed

Original Source Link

I want to use queueing/disk buffer with rsyslog (8.37.0) for each rsyslog config.

I’ve configure this rules :

template(name="test_template" type="string" string="/data/%FROMHOST-IP%.log")
ruleset(name="test_device"){
                action(type="omfile" dynaFile="test_template")
                action(type="omfwd"
                        queue.type="disk"
                        queue.maxdiskspace="50g"
                        queue.filename="/data/queueing/test"
                        queue.saveonshutdown="on"
                        action.resumeRetryCount="-1"
                        protocol="udp" target="10.0.0.1" port="1514")
}
input(type="imudp" port="1514" ruleset="test_device")

When I stop the remote rsyslog, no queue file is created.

Someone have an idea ?

Thanks

Tagged : /

Code Bug Fix: Error when trying to install mod_jk – Centos 8

Original Source Link

I’m a Digitalocean user and I’m trying to migrate mi infraestructre from Centos 7 to Centos 8
It implies moving DBs (mysql), set a Web Server and Java.
One of the steps is installing Apache and Tomcat making use of mod_jk.
All the steps I will describe end in a complete succes in Centos 7 but fails in Centos 8
The way i got Java installed was by a RPM package I downloaded from oracle itself.

# java -version
java version "14.0.1" 2020-04-14
Java(TM) SE Runtime Environment (build 14.0.1+7)
Java HotSpot(TM) 64-Bit Server VM (build 14.0.1+7, mixed mode, sharing)

These are all the steps I follow.

# dnf install httpd
#cd /tmp
# wget https://apache.zero.com.ar/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz
# cd tomcat-connectors-1.2.48-src/native
# dnf install httpd-devel
# dnf install make
# dnf install libtool
# which apxs
/usr/bin/apxs

In this directory there’s the file “BUILDING.txt” with instructions to install which I follow.
It looks like this.

# ./configure --with-apxs=/usr/bin/apxs
# make

And here there is seem to be the problem.
Some “redhat” directory not found in Centos.

Error when executing ‘Make’ screenshot

The next would be

# make install

But is fails in Centos 8

Does anyone know how to solve this?
Thanks in advance.

You need to install redhat-rpm-config. Install redhat-rpm-config and test.

yum install redhat-rpm-config

Tagged : / / /

Server Bug Fix: GCP startup-scripts errors

Original Source Link

I try to create an compute instance with gcloud util from cli and have some troubles. There is my creation command:

gcloud compute instances create bastion 
  --boot-disk-size=20GB 
  --image-family centos-8 
  --image-project=centos-cloud 
  --machine-type=f1-micro 
  --tags bastion-server 
  --zone=europe-west1-d 
  --restart-on-failure 
  --can-ip-forward 
  --address=bastion-external 
  --private-network-ip=bastion 
  --metadata-from-file startup-script=/tmp/infra-rh8-pritunl/setupvpn.sh

setupvpn.sh installs Pritunl server with MongoDB and when I run it from installed instance – there are no problems, but when I try to send it through metadata to run as startup-script I have this issue: Error: GPG check FAILED.

There is setup.sh:

sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

sudo tee /etc/yum.repos.d/mongodb-org-4.2.repo << EOF

[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
EOF

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/oraclelinux/8/
gpgcheck=1
enabled=1
EOF

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp
sudo rpm --import key.tmp
sudo rm -f key.tmp

sudo yum -y install pritunl mongodb-org
sudo systemctl start mongod pritunl
sudo systemctl enable mongod pritunl

journalctl log:

>

May 27 16:19:44 bastion sudo[1548]:     root : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/bin/tee /etc/yum.repos.d/mongodb-org-4.2.repo
May 27 16:19:44 bastion sudo[1548]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script:
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: [mongodb-org-4.2]
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: name=MongoDB Repository
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.2/x86_64/
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: gpgcheck=1
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: enabled=1
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
May 27 16:19:44 bastion sudo[1548]: pam_unix(sudo:session): session closed for user root
May 27 16:19:44 bastion sudo[1571]:     root : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/bin/tee /etc/yum.repos.d/pritunl.repo
May 27 16:19:44 bastion sudo[1571]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: [pritunl]
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: name=Pritunl Repository
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: baseurl=https://repo.pritunl.com/stable/yum/oraclelinux/8/
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: gpgcheck=1
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: enabled=1
May 27 16:19:44 bastion sudo[1571]: pam_unix(sudo:session): session closed for user root
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: gpg: directory '/root/.gnupg' created
May 27 16:19:44 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:44 GCEMetadataScripts: startup-script: gpg: keybox '/root/.gnupg/pubring.kbx' created
May 27 16:19:45 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:45 GCEMetadataScripts: startup-script: gpg: connecting dirmngr at '/run/user/0/gnupg/S.dirmngr' failed: IPC connect call failed
May 27 16:19:45 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:45 GCEMetadataScripts: startup-script: gpg: keyserver receive failed: No dirmngr
May 27 16:19:45 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:45 GCEMetadataScripts: startup-script: gpg: WARNING: nothing exported
May 27 16:19:45 bastion sudo[1612]:     root : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/bin/rpm --import key.tmp
May 27 16:19:46 bastion sudo[1612]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 27 16:19:46 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:46 GCEMetadataScripts: startup-script: error: key.tmp: import read failed(0).
May 27 16:19:46 bastion sudo[1612]: pam_unix(sudo:session): session closed for user root
May 27 16:19:46 bastion sudo[1626]:     root : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/bin/rm -f key.tmp
May 27 16:19:46 bastion sudo[1626]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 27 16:19:46 bastion sudo[1626]: pam_unix(sudo:session): session closed for user root
May 27 16:19:46 bastion sudo[1650]:     root : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/bin/yum -y install pritunl mongodb-org
May 27 16:19:46 bastion sudo[1650]: pam_unix(sudo:session): session opened for user root by (uid=0)
May 27 16:19:49 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:49 GCEMetadataScripts: startup-script: Extra Packages for Enterprise Linux Modular 8 -  77 kB/s | 118 kB     00:01
May 27 16:19:51 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:51 GCEMetadataScripts: startup-script: Extra Packages for Enterprise Linux 8 - x86_64  3.8 MB/s | 6.8 MB     00:01
May 27 16:19:54 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:54 GCEMetadataScripts: startup-script: MongoDB Repository                               24 kB/s | 9.1 kB     00:00
May 27 16:19:55 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:55 GCEMetadataScripts: startup-script: Pritunl Repository                               91 kB/s |  85 kB     00:00
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Dependencies resolved.
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: ================================================================================
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  Package            Arch   Version                        Repository       Size
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: ================================================================================
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Installing:
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  mongodb-org        x86_64 4.2.7-1.el8                    mongodb-org-4.2  10 k
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  pritunl            x86_64 1.29.2435.70-1.el8.oraclelinux pritunl          35 M
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Installing dependencies:
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  psmisc             x86_64 23.1-3.el8                     BaseOS          151 k
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  openvpn            x86_64 2.4.9-1.el8                    epel            542 k
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  pkcs11-helper      x86_64 1.22-7.el8                     epel             64 k
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  mongodb-org-mongos x86_64 4.2.7-1.el8                    mongodb-org-4.2  15 M
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  mongodb-org-server x86_64 4.2.7-1.el8                    mongodb-org-4.2  25 M
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  mongodb-org-shell  x86_64 4.2.7-1.el8                    mongodb-org-4.2  17 M
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  mongodb-org-tools  x86_64 4.2.7-1.el8                    mongodb-org-4.2  62 M
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:  pritunl-ndppd      x86_64 0.2.5-1.el8.oraclelinux        pritunl          86 k
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Transaction Summary
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: ================================================================================
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Install  10 Packages
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script:
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Total download size: 154 M
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Installed size: 491 M
May 27 16:19:57 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:57 GCEMetadataScripts: startup-script: Downloading Packages:
May 27 16:19:58 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:58 GCEMetadataScripts: startup-script: (1/10): pkcs11-helper-1.22-7.el8.x86_64.rpm     148 kB/s |  64 kB     00:00
May 27 16:19:58 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:58 GCEMetadataScripts: startup-script: (2/10): mongodb-org-4.2.7-1.el8.x86_64.rpm       65 kB/s |  10 kB     00:00
May 27 16:19:58 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:58 GCEMetadataScripts: startup-script: (3/10): openvpn-2.4.9-1.el8.x86_64.rpm          727 kB/s | 542 kB     00:00
May 27 16:19:59 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:59 GCEMetadataScripts: startup-script: (4/10): mongodb-org-mongos-4.2.7-1.el8.x86_64.r  40 MB/s |  15 MB     00:00
May 27 16:19:59 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:59 GCEMetadataScripts: startup-script: (5/10): psmisc-23.1-3.el8.x86_64.rpm            138 kB/s | 151 kB     00:01
May 27 16:19:59 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:59 GCEMetadataScripts: startup-script: (6/10): mongodb-org-shell-4.2.7-1.el8.x86_64.rp  41 MB/s |  17 MB     00:00
May 27 16:19:59 bastion GCEMetadataScripts[1255]: 2020/05/27 16:19:59 GCEMetadataScripts: startup-script: (7/10): mongodb-org-server-4.2.7-1.el8.x86_64.r  37 MB/s |  25 MB     00:00
May 27 16:20:00 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:00 GCEMetadataScripts: startup-script: (8/10): pritunl-ndppd-0.2.5-1.el8.oraclelinux.x 130 kB/s |  86 kB     00:00
May 27 16:20:00 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:00 GCEMetadataScripts: startup-script: (9/10): mongodb-org-tools-4.2.7-1.el8.x86_64.rp  52 MB/s |  62 MB     00:01
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: (10/10): pritunl-1.29.2435.70-1.el8.oraclelinux 8.5 MB/s |  35 MB     00:04
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: --------------------------------------------------------------------------------
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: Total                                            26 MB/s | 154 MB     00:05
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: warning: /var/cache/dnf/epel-6519ee669354a484/packages/openvpn-2.4.9-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: Extra Packages for Enterprise Linux 8 - x86_64  1.1 MB/s | 1.6 kB     00:00
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: Importing GPG key 0x2F86D6A1:
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script:  Userid     : "Fedora EPEL (8) <[email protected]>"
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script:  Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script:  From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: Key imported successfully
May 27 16:20:03 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:03 GCEMetadataScripts: startup-script: warning: /var/cache/dnf/mongodb-org-4.2-fddc3ec541fac48b/packages/mongodb-org-4.2.7-1.el8.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID 058f8b6b: NOKEY
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: MongoDB Repository                              4.3 kB/s | 1.7 kB     00:00
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: Importing GPG key 0x058F8B6B:
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script:  Userid     : "MongoDB 4.2 Release Signing Key <[email protected]>"
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script:  Fingerprint: E162 F504 A20C DF15 827F 718D 4B7C 549A 058F 8B6B
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script:  From       : https://www.mongodb.org/static/pgp/server-4.2.asc
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: Key imported successfully
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: warning: /var/cache/dnf/pritunl-0e8cf675bff600ae/packages/pritunl-1.29.2435.70-1.el8.oraclelinux.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID cf8e292a: NOKEY
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: Public key for pritunl-1.29.2435.70-1.el8.oraclelinux.x86_64.rpm is not installed
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: Public key for pritunl-ndppd-0.2.5-1.el8.oraclelinux.x86_64.rpm is not installed
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: The downloaded packages were saved in cache until the next successful transaction.
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: You can remove cached packages by executing 'dnf clean packages'.
May 27 16:20:04 bastion GCEMetadataScripts[1255]: 2020/05/27 16:20:04 GCEMetadataScripts: startup-script: Error: GPG check FAILED

I need your help. What I do wrong? Thank you!

Tagged : / /