linux-package-repositories icon indicating copy to clipboard operation
linux-package-repositories copied to clipboard
verified publisher icon microsoft

[mdatp][rhel8] removing mdatp package shows warning

Open Klaas- opened this issue 2 years ago • 6 comments

Describe the issue Hi, it seems the mdatp package is being modified outside of the rpm context. I'd say this is bad practice.

I noticed this during tests with mdatp because during the removal of the rpm a warning like this appears: warning: file /opt/microsoft/mdatp/lib/libauparse.so.0: remove failed: No such file or directory

so I checked the whole contents of the installed rpm package:

# rpm -qV mdatp
.M.......    /opt/microsoft/mdatp/conf/scripts/mde_autoupdater.sh
.M.......    /opt/microsoft/mdatp/conf/scripts/mde_installer.sh
missing     /opt/microsoft/mdatp/definitions/libmpengine.so
missing     /opt/microsoft/mdatp/definitions/mpasbase.vdm
missing     /opt/microsoft/mdatp/definitions/mpasdlta.vdm
missing     /opt/microsoft/mdatp/definitions/mpavbase.vdm
missing     /opt/microsoft/mdatp/definitions/mpavdlta.vdm
missing     /opt/microsoft/mdatp/lib/libauparse.so.0

If you expect files to change at runtime they should marked as configuration files, but this all looks like you should just remove/change them inside the package spec to fit what you expect instead of modifying the rights (first two) or deleting (the last 6 files) post-install.

If appplicable, what package did you attempt to install, and from which repo? https://packages.microsoft.com/rhel/8/prod/Packages/m/mdatp_101.94.13.x86_64.rpm RHEL 8.7, installed via extension

Steps to Reproduce

  1. Install defender via extension
  2. $ rpm -qV mdatp
  3. remove extension
  4. $ dnf remove -y mdatp

Actual Result missing files / changed modes

Expected Result Package verification should pass

Klaas- avatar Feb 06 '23 14:02 Klaas-

@Klaas- thanks for the report. I've contacted the mdatp team and pointed them to this issue.

daviddavis avatar Feb 06 '23 15:02 daviddavis

Also the installation of it seems to create a 2nd microsoft-prod repo file. That is very much bad practice:

$ cat /etc/yum.repos.d/prod.repo
[packages-microsoft-com-prod]
name=packages-microsoft-com-prod
baseurl=https://packages.microsoft.com/rhel/8/prod/
enabled=1

Klaas- avatar Feb 07 '23 07:02 Klaas-

they should be using packages-microsoft-prod.rpm I'd say, same for the AADSSHLoginForLinux Extension, they create that file correctly but don't use the rpm.

Klaas- avatar Feb 07 '23 07:02 Klaas-

@Klaas- Did you use mde_installer script to install mde? Or did you use yum?

agarwalneetu avatar Jun 19 '23 12:06 agarwalneetu

@Klaas- can you share all the installations steps followed for mdatp installation?

agarwalneetu avatar Jun 19 '23 12:06 agarwalneetu

@Klaas- Did you use mde_installer script to install mde? Or did you use yum?

I think it was installed via extension I would guess (via automatic enrollment via defender for cloud)

@Klaas- can you share all the installations steps followed for mdatp installation?

None, it's a switch inside the azure portal that will then roll out mdatp on VMs

Klaas- avatar Jun 19 '23 13:06 Klaas-