noports
noports copied to clipboard
atsign-foundation
universal.sh failing to update sshnpd.service on SElinux enabled distro
Describe the bug
KD has been trying out NoPorts on CentOS 9 Stream with SElinux enabled. It seems that his initial install of 5.2.0 went OK, but an attempt to upgrade to 5.5.0 ran into trouble.
Steps to reproduce
- First install 5.2.0 onto CentOS 9 Stream with SElinux enabled
- Then attempt upgrade to 5.5.0 using universal.sh
Expected behavior
Upgrade should just work.
If there's SElinux stuff to wrangle then we need to understand what and how.
Additional context
KD sent over this report:
Steps I took to determine there could be a SElinux issue when using universial.sh to install sshnp on a device when the host (server) is a Linux using SElinux. After all of the data below I felt there was an issue with centOS9 Linux systems using SElinux. The same issue could effect other Linux systems that use SElinux.
Use universal.sh to install sshnp on a centOS9 stream Linux device and record the output from the script.
Output from the installaion.
kdimick@cos9-1 ~ % sudo sh Downloads/universal.sh
Environment:
Platform name: linux
System arch: x64
Temp path: /tmp
As root: true
Binary path: /usr/local/bin
User: kdimick
User home: /home/kdimick
Ssh status: sshd not found
Did directories exist (prior to install):
- .local/ : true
- .local/bin/ : true
- .ssh/ : true
- .sshnp/ : true
- .atsign/ : true
- .atsign/keys/ : true
Downloading archive from https://github.com/atsign-foundation/noports/releases/download/v5.5.0/sshnp-linux-x64.tgz
Install type (device, client): device
Enter client atSign: @intense56
Setting up device atSign
0) None
1) @55commercial
2) @85amateur55
3) @blackbagel42
4) @intense56
Found .atKeys for 4 atSigns.
Choose device atSign (input the number): $ 1
Selected: @55commercial
Enter device name: cos9_1
=> Removed /usr/local/bin/at_activate.old
=> Renamed existing binary /usr/local/bin/at_activate to /usr/local/bin/at_activate.old
=> Installed at_activate to /usr/local/bin
Failed to enable unit: Unit file sshnpd.service does not exist. <-note the failure->
kdimick@cos9-1 ~ %
Current date and time on the centOS9 system.
Thu Jul 11 03:15:20 PM PDT 2024
The date and time on the sshnpd.service file that was installed by the universal.sh script.
kdimick@cos9-1 ~ % sudo ls -l /etc/systemd/system/sshnpd.service
-rwxr-xr-x. 1 root root 1607 Jul 11 15:14 /etc/systemd/system/sshnpd.service
The manual atempt to check status and start sshnpd.service. Please note the output information.
kdimick@cos9-1 ~ % sudo systemctl status sshnpd.service
Unit sshnpd.service could not be found.
kdimick@cos9-1 ~ % sudo systemctl start sshnpd.service
Failed to start sshnpd.service: Unit sshnpd.service not found.
The following are the steps I used to determine SElinux may be an issue.
Checking the modes of SElinux.
The summary of the current mode of SElinux.
kdimick@cos9-1 ~ % getenforce
Enforcing
kdimick@cos9-1 ~ %
The details of the current mode of SElinux.
kdimick@cos9-1 ~ % sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing <-----
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
kdimick@cos9-1 ~ %
Changing the mode of SElinux from Enabled to Permissive.
kdimick@cos9-1 ~ % sudo setenforce 0
kdimick@cos9-1 ~ % sudo getenforce (displaying the new mode)
Permissive
kdimick@cos9-1 ~ %
The new details from SElinux command sestatus, please note the new mode.
kdimick@cos9-1 ~ % sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive <-----
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
kdimick@cos9-1 ~ %
Use universal.sh to install sshnp on a centOS9 stream Linux device with SElinux mode set to Permissive.
Output from the installaion.
kdimick@cos9-1 ~ % sudo sh Downloads/universal.sh
Environment:
Platform name: linux
System arch: x64
Temp path: /tmp
As root: true
Binary path: /usr/local/bin
User: kdimick
User home: /home/kdimick
Ssh status: sshd not found
Did directories exist (prior to install):
- .local/ : true
- .local/bin/ : true
- .ssh/ : true
- .sshnp/ : true
- .atsign/ : true
- .atsign/keys/ : true
Downloading archive from https://github.com/atsign-foundation/noports/releases/download/v5.5.0/sshnp-linux-x64.tgz
Install type (device, client): device
Enter client atSign: intense56
Setting up device atSign
0) None
1) @55commercial
2) @85amateur55
3) @blackbagel42
4) @intense56
Found .atKeys for 4 atSigns.
Choose device atSign (input the number): $ 1
Selected: @55commercial
Enter device name: cos9_1
=> Removed /usr/local/bin/at_activate.old
=> Renamed existing binary /usr/local/bin/at_activate to /usr/local/bin/at_activate.old
=> Installed at_activate to /usr/local/bin
sshnpd installed with systemd. To see logs use:
journalctl -u sshnpd.service -f
kdimick@cos9-1 ~ %
The date and time on the sshnpd.service file that was installed by the universal.sh script after SElinux mode was set to Permissive.
kdimick@cos9-1 ~ % sudo ls -l /etc/systemd/system/sshnpd.service
-rwxr-xr-x. 1 root root 1607 Jul 11 15:46 /etc/systemd/system/sshnpd.service
kdimick@cos9-1 ~ %
Output from the sudo systemctl status sshnpd.service command. Please note sshnpd.service started once the universal.sh script finish running.
kdimick@cos9-1 ~ % sudo systemctl status sshnpd.service
● sshnpd.service - Ssh No Ports Daemon
Loaded: loaded (/etc/systemd/system/sshnpd.service; enabled; preset: disab>
Active: active (running) since Thu 2024-07-11 15:46:11 PDT; 2min 7s ago
Main PID: 3480 (dart:sshnpd)
Tasks: 5 (limit: 22402)
Memory: 16.6M
CPU: 640ms
CGroup: /system.slice/sshnpd.service
└─3480 /usr/local/bin/sshnpd -a @55commercial -m @intense56 -d cos>
Jul 11 15:46:12 cos9-1 sshnpd[3480]: INFO|2024-07-11 15:46:12.883523| sshnpd |S>
Jul 11 15:46:12 cos9-1 sshnpd[3480]: INFO|2024-07-11 15:46:12.883665| sshnpd |S>
Jul 11 15:46:13 cos9-1 sshnpd[3480]: INFO|2024-07-11 15:46:13.040411| sshnpd |D>
Jul 11 15:46:13 cos9-1 sshnpd[3480]: INFO|2024-07-11 15:46:13.156479|Monitor (@>
Jul 11 15:46:13 cos9-1 sshnpd[3480]: SHOUT|2024-07-11 15:46:13.387768| sshnpd |>
Jul 11 15:46:38 cos9-1 sshnpd[3480]: SHOUT|2024-07-11 15:46:38.389144| sshnpd |>
Jul 11 15:47:03 cos9-1 sshnpd[3480]: SHOUT|2024-07-11 15:47:03.391968| sshnpd |>
Jul 11 15:47:28 cos9-1 sshnpd[3480]: SHOUT|2024-07-11 15:47:28.389435| sshnpd |>
Jul 11 15:47:53 cos9-1 sshnpd[3480]: SHOUT|2024-07-11 15:47:53.385033| sshnpd |>
Jul 11 15:48:18 cos9-1 sshnpd[3480]: SHOUT|2024-07-11 15:48:18.399503| sshnpd |>
I rebooted the centOS9 system without editing the /etc/selinux/config file to start SElinux in Permissive mode.
Current system date and time.
kdimick@cos9-1 ~ % date
Thu Jul 11 04:01:28 PM PDT 2024
The manual atempt to check status and start sshnpd.service after a reboot and SElinux mode set to Enforce. Please note the output information.
kdimick@cos9-1 ~ % sudo systemctl status sshnpd.service
Unit sshnpd.service could not be found.
kdimick@cos9-1 ~ % sudo systemctl start sshnpd.service
Failed to start sshnpd.service: Unit sshnpd.service not found.
kdimick@cos9-1 ~ % sudo getenforce
Enforcing
kdimick@cos9-1 ~ %
I edited the /etc/selinux/config file and set the boot time mode of SElinux to Permissive and rebooted the system.
current date and time after reboot and setting SElinux to Permissive mode.
kdimick@cos9-1 ~ % date
Thu Jul 11 04:07:38 PM PDT 2024
Check the timestamp on the current sshnpd.service.
kdimick@cos9-1 ~ % sudo ls -l /etc/systemd/system/sshnpd.service
-rwxr-xr-x. 1 root root 1607 Jul 11 15:46 /etc/systemd/system/sshnpd.service
kdimick@cos9-1 ~ %
Output from the sudo systemctl status sshnpd.service command. Please note sshnpd.service started once the universal.sh script finish running.
kdimick@cos9-1 ~ % sudo systemctl status sshnpd.service
● sshnpd.service - Ssh No Ports Daemon
Loaded: loaded (/etc/systemd/system/sshnpd.service; enabled; preset: disab>
Active: active (running) since Thu 2024-07-11 16:07:16 PDT; 3min 46s ago
Main PID: 1341 (dart:sshnpd)
Tasks: 5 (limit: 22402)
Memory: 17.1M
CPU: 553ms
CGroup: /system.slice/sshnpd.service
└─1341 /usr/local/bin/sshnpd -a @55commercial -m @intense56 -d cos>
Jul 11 16:07:17 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:17.809327| sshnpd |S>
Jul 11 16:07:17 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:17.809547| sshnpd |S>
Jul 11 16:07:18 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:18.080476|AtLookup|C>
Jul 11 16:07:18 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:18.426492|AtLookup|N>
Jul 11 16:07:18 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:18.606794|AtLookup|a>
Jul 11 16:07:18 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:18.732846| sshnpd |S>
Jul 11 16:07:18 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:18.732970| sshnpd |S>
Jul 11 16:07:18 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:18.733121| sshnpd |S>
Jul 11 16:07:18 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:18.927850| sshnpd |D>
Jul 11 16:07:19 cos9-1 sshnpd[1341]: INFO|2024-07-11 16:07:19.043863|Monitor (@>
