OpenStack-Ansible

missing clamav folder

Bug #1944564 reported by Carlos
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Undecided
Unassigned

Bug Description

When using the playbook on Amazon Linux 2 in order to install CLAMAV, I have received this error below:

Sep 21 14:37:54 ip-10-0-1-90 systemd: Starting clamd scanner (scan) daemon...
Sep 21 14:37:54 ip-10-0-1-90 clamd[12646]: Received 0 file descriptor(s) from systemd.
Sep 21 14:37:54 ip-10-0-1-90 clamd[12646]: clamd daemon 0.103.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sep 21 14:37:54 ip-10-0-1-90 clamd[12646]: Log file size limited to 1048576 bytes.
Sep 21 14:37:54 ip-10-0-1-90 clamd[12646]: Reading databases from /var/lib/clamav
Sep 21 14:37:54 ip-10-0-1-90 clamd[12646]: Not loading PUA signatures.
Sep 21 14:37:54 ip-10-0-1-90 clamd[12646]: Bytecode: Security mode set to "TrustSigned".
Sep 21 14:38:07 ip-10-0-1-90 clamd[12646]: Loaded 8567141 signatures.
Sep 21 14:38:10 ip-10-0-1-90 clamd[12646]: LOCAL: Could not create socket directory: /run/clamd.scan: Permission denied
Sep 21 14:38:10 ip-10-0-1-90 clamd: ERROR: LOCAL: Could not create socket directory: /run/clamd.scan: Permission denied
Sep 21 14:38:10 ip-10-0-1-90 clamd: ERROR: LOCAL: Socket file /run/clamd.scan/clamd.sock could not be bound: No such file or directory
Sep 21 14:38:10 ip-10-0-1-90 clamd[12646]: LOCAL: Socket file /run/clamd.scan/clamd.sock could not be bound: No such file or directory

In order to continue with the installation I created this folder with the permissions.

I created the folder before installation, after creating the folder the installation worked and the service started.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to ansible-hardening (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/ansible-hardening/+/814748

Changed in openstack-ansible:
status: New → In Progress
Revision history for this message
Dmitriy Rabotyagov (noonedeadpunk) wrote :

From what I see on CentOS 8 Stream, Ubuntu bionic/focal and Debian 10 - LocalSocket folder is created with package hooks.
And we kind of never annouced support of Amazon Linux since we don't have them in CI and we are not testing any changas against them.

But since this fix is relatively easy, I've suggested a fix for it anyway

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ansible-hardening (master)

Reviewed: https://review.opendev.org/c/openstack/ansible-hardening/+/814748
Committed: https://opendev.org/openstack/ansible-hardening/commit/9d6a927d8c18891cb7caa67e05635a26fd171695
Submitter: "Zuul (22348)"
Branch: master

commit 9d6a927d8c18891cb7caa67e05635a26fd171695
Author: Dmitriy Rabotyagov <email address hidden>
Date: Wed Oct 20 15:27:21 2021 +0300

    Explicitly create clamav socket directory

    While most our supported distributions does create LocalSocket on their
    own, it's not always the case and shouldn't be trusted that much.

    Change-Id: I56851f56aa85108a4898ef99c48ac77c898ccb69
    Closes-Bug: #1944564

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening yoga-eom

This issue was fixed in the openstack/ansible-hardening yoga-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/ansible-hardening xena-eom

This issue was fixed in the openstack/ansible-hardening xena-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.