lmg
lmg copied to clipboard
halpomeranz
Profile generation failed on SUSE SLES 15 machine
I tried to run LMG on my SUSE SLES 15 test VM for grabbing its memory. Memory dumping via AVML seems to run smoothly but when I requested LMG to create a profile for this system's memory I got the following error:
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 # ./lmg
AVML is /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/avml/avml-x86_64
Dumping memory in "lime" format to /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/capture/linux-6ujy-2023-07-19_02.54.31
This could take a while...Done!
Grabbing a copy of /bin/bash...Done!
Writing volatilityrc to /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/capture/linux-6ujy-2023-07-19_02.54.31...Done!
Compile profile for this system? [N|y] y
make -C //lib/modules/4.12.14-577.gcac0110-default/build M="/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/volatility/tools/linux" clean
make[1]: *** //lib/modules/4.12.14-577.gcac0110-default/build: No such file or directory. Stop.
Makefile:15: recipe for target 'clean' failed
make: *** [clean] Error 2
adding: module.dwarf (deflated 91%)
adding: boot/System.map-4.12.14-577.gcac0110-default (deflated 79%)
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 #
The system's OS specs are as follows:
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 # hostnamectl
Static hostname: linux-6ujy.suse
Transient hostname: linux-6ujy
Icon name: computer-vm
Chassis: vm
Machine ID: 0ba95a9f792ad691ef914bbf63c2a52a
Boot ID: eabd56a0048442909ce0ce6f8ea2f349
Virtualization: vmware
Operating System: SUSE Linux Enterprise Server 12 SP5
CPE OS Name: cpe:/o:suse:sles:12:sp5
Kernel: Linux 4.12.14-577.gcac0110-default
Architecture: x86-64
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 #
Not sure if this is an issue of your script. :-)
All the best,
Michael
Looks like you’re missing the kernel build environment on the system. Most likely it’s a package named something like “kernel-headers” or maybe “kernel-devel”, etc.
--Hal
On Jul 18, 2023, at 7:19 PM, Michael Schmid @.***> wrote:
I tried to run LMG on my SUSE SLES 15 test VM for grabbing its memory. Memory dumping via AVML seems to run smoothly but when I requested LMG to create a profile for this system's memory I got the following error:
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 # ./lmg AVML is /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/avml/avml-x86_64 Dumping memory in "lime" format to /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/capture/linux-6ujy-2023-07-19_02.54.31 This could take a while...Done! Grabbing a copy of /bin/bash...Done! Writing volatilityrc to /run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/capture/linux-6ujy-2023-07-19_02.54.31...Done! Compile profile for this system? [N|y] y make -C //lib/modules/4.12.14-577.gcac0110-default/build M="/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2/volatility/tools/linux" clean make[1]: *** //lib/modules/4.12.14-577.gcac0110-default/build: No such file or directory. Stop. Makefile:15: recipe for target 'clean' failed make: *** [clean] Error 2 adding: module.dwarf (deflated 91%) adding: boot/System.map-4.12.14-577.gcac0110-default (deflated 79%) linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 #
The system's OS specs are as follows:
linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 # hostnamectl Static hostname: linux-6ujy.suse Transient hostname: linux-6ujy Icon name: computer-vm Chassis: vm Machine ID: 0ba95a9f792ad691ef914bbf63c2a52a Boot ID: eabd56a0048442909ce0ce6f8ea2f349 Virtualization: vmware Operating System: SUSE Linux Enterprise Server 12 SP5 CPE OS Name: cpe:/o:suse:sles:12:sp5 Kernel: Linux 4.12.14-577.gcac0110-default Architecture: x86-64 linux-6ujy:/run/media/sles/8da3c33c-73a1-4bab-a911-5220e6f972f2 #
Not sure if this is an issue of your script. :-)
All the best,
Michael
— Reply to this email directly, view it on GitHubhttps://github.com/halpomeranz/lmg/issues/10, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AALRXBH4YLETD36RVUCPLRDXQ4KWXANCNFSM6AAAAAA2PCM2RU. You are receiving this because you are subscribed to this thread.Message ID: @.***>
Maybe - as far as I can remeber that it was also quite complicated compiling the correct LiME Kernel module manually for that SUSE machine earlier :-)
But from the installed packages it seems complete to me:
linux-6ujy:/home/sles # zypper search 'kernel'
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
---+----------------------+------------------------------------------------+-----------
i+ | kernel-default | The Standard Kernel | package
| kernel-default | The Standard Kernel | srcpackage
| kernel-default-base | The Standard Kernel - base modules | package
i+ | kernel-default-devel | Development files necessary for building ker-> | package
i | kernel-devel | Development files needed for building kernel-> | package
i | kernel-firmware | Linux kernel firmware files | package
| kernel-firmware | Linux kernel firmware files | srcpackage
i | kernel-macros | RPM macros for building Kernel Module Packages | package
| kernel-source | The Linux Kernel Sources | package
| kernel-source | The Linux Kernel Sources | srcpackage
| kernel-syms | Kernel Symbol Versions (modversions) | package
| kernel-syms | Kernel Symbol Versions (modversions) | srcpackage
| kernelshark | GUI for trace-cmd | package
i | nfs-kernel-server | Support Utilities for Kernel nfsd | package
linux-6ujy:/home/sles #
Although I'm not sure in regards of the "Kernel Headers" it states that they are provided by "linux-glibc-devel":
linux-6ujy:/home/sles # zypper install kernel-headers
Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP5_x86_64'.
Loading repository data...
Reading installed packages...
'kernel-headers' not found in package names. Trying capabilities.
'linux-glibc-devel' providing 'kernel-headers' is already installed.
Resolving package dependencies...
Nothing to do.
linux-6ujy:/home/sles #
It's installed as well but it states in its description that it's for "userspace development" - that confuses me:
linux-6ujy:/home/sles # zypper search 'glibc'
Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP5_x86_64'.
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
---+---------------------+-------------------------------------------------+-----------
i+ | glibc | Standard Shared Libraries (from the GNU C Lib-> | package
| glibc | Standard Shared Libraries (from the GNU C Lib-> | srcpackage
i | glibc-32bit | Standard Shared Libraries (from the GNU C Lib-> | package
i | glibc-devel | Include Files and Libraries Mandatory for Dev-> | package
| glibc-devel-32bit | Include Files and Libraries Mandatory for Dev-> | package
| glibc-html | HTML Documentation for the GNU C Library | package
i | glibc-i18ndata | Database Sources for 'locale' | package
| glibc-info | Info Files for the GNU C Library | package
i | glibc-locale | Locale Data for Localized Programs | package
i | glibc-locale-32bit | Locale Data for Localized Programs | package
| glibc-profile | Libc Profiling and Debugging Versions | package
| glibc-profile-32bit | Libc Profiling and Debugging Versions | package
i | linux-glibc-devel | Linux headers for userspace development | package
| linux-glibc-devel | Linux headers for userspace development | srcpackage
linux-6ujy:/home/sles #
Do you have any idea on this?
Thanks a lot!
Michael
Honestly I’m just not sure. I don’t spend enough time with SUSE.
The error message from your original email says that the build can’t find the file “/lib/modules/4.12.14-577.gcac0110-default/build”. Does your package manager have a “whatprovides” option or other way that you can look up which package contains that file?
Hal
From: Michael Schmid @.> Sent: Tuesday, July 18, 2023 8:04 PM To: halpomeranz/lmg @.> Cc: Hal Pomeranz @.>; Comment @.> Subject: Re: [halpomeranz/lmg] Profile generation failed on SUSE SLES 15 machine (Issue #10)
Maybe - as far as I can remeber that it was also quite complicated compiling the correct LiME Kernel module manually for that SUSE machine earlier :-)
But from the installed packages it seems complete to me:
linux-6ujy:/home/sles # zypper search 'kernel'
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
---+----------------------+------------------------------------------------+-----------
i+ | kernel-default | The Standard Kernel | package
| kernel-default | The Standard Kernel | srcpackage
| kernel-default-base | The Standard Kernel - base modules | package
i+ | kernel-default-devel | Development files necessary for building ker-> | package
i | kernel-devel | Development files needed for building kernel-> | package
i | kernel-firmware | Linux kernel firmware files | package
| kernel-firmware | Linux kernel firmware files | srcpackage
i | kernel-macros | RPM macros for building Kernel Module Packages | package
| kernel-source | The Linux Kernel Sources | package
| kernel-source | The Linux Kernel Sources | srcpackage
| kernel-syms | Kernel Symbol Versions (modversions) | package
| kernel-syms | Kernel Symbol Versions (modversions) | srcpackage
| kernelshark | GUI for trace-cmd | package
i | nfs-kernel-server | Support Utilities for Kernel nfsd | package
linux-6ujy:/home/sles #
Although I'm not sure in regards of the "Kernel Headers" it states that they are provided by "linux-glibc-devel":
linux-6ujy:/home/sles # zypper install kernel-headers
Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP5_x86_64'.
Loading repository data...
Reading installed packages...
'kernel-headers' not found in package names. Trying capabilities.
'linux-glibc-devel' providing 'kernel-headers' is already installed.
Resolving package dependencies...
Nothing to do.
linux-6ujy:/home/sles #
It's installed as well but it states in its description that it's for "userspace development" - that confuses me:
linux-6ujy:/home/sles # zypper search 'glibc'
Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP5_x86_64'.
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
---+---------------------+-------------------------------------------------+-----------
i+ | glibc | Standard Shared Libraries (from the GNU C Lib-> | package
| glibc | Standard Shared Libraries (from the GNU C Lib-> | srcpackage
i | glibc-32bit | Standard Shared Libraries (from the GNU C Lib-> | package
i | glibc-devel | Include Files and Libraries Mandatory for Dev-> | package
| glibc-devel-32bit | Include Files and Libraries Mandatory for Dev-> | package
| glibc-html | HTML Documentation for the GNU C Library | package
i | glibc-i18ndata | Database Sources for 'locale' | package
| glibc-info | Info Files for the GNU C Library | package
i | glibc-locale | Locale Data for Localized Programs | package
i | glibc-locale-32bit | Locale Data for Localized Programs | package
| glibc-profile | Libc Profiling and Debugging Versions | package
| glibc-profile-32bit | Libc Profiling and Debugging Versions | package
i | linux-glibc-devel | Linux headers for userspace development | package
| linux-glibc-devel | Linux headers for userspace development | srcpackage
linux-6ujy:/home/sles #
Do you have any idea on this?
Thanks a lot!
Michael
— Reply to this email directly, view it on GitHubhttps://github.com/halpomeranz/lmg/issues/10#issuecomment-1641145250, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AALRXBAOPMOY5ORVFZXLSYLXQ4QADANCNFSM6AAAAAA2PCM2RU. You are receiving this because you commented.Message ID: @.@.>>