wazuh-documentation
wazuh-documentation copied to clipboard
wazuh
RPM debug installation show unknown configuration option `protect = 1`
| Wazuh version | Install type | Action performed | Platform |
|---|---|---|---|
| 4.3.x | Repository | Install | CentOS 8 Stream |
Running the Wazuh indexer installation in ultra verbose mode, I have observed the following "error" message:
Unknown configuration option: protect = 1 in /etc/yum.repos.d/wazuh.repo
Command:
- yum -y install wazuh-indexer -v -d 10 --rpmverbosity=debug > install.log 2>&1
Repository added with documentation process:
echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
/etc/yum.repos.d/wazuh.repo file content:
[wazuh]
gpgcheck=1
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
enabled=1
name=EL-$releasever - Wazuh
baseurl=https://packages.wazuh.com/4.x/yum/
protect=1
We need to investigate the reason for using protect=1 and why this message appears in the log
Regards, Raúl.
I found this documentation about setting protect=1: https://wiki.centos.org/PackageManagement/Yum/ProtectBase
The purpose of the protectbase plugin is to protect certain repositories from updates from other repositories. Repositories that are to be protected will not be updated by newer files from unprotected repositories. This plugin is recommended for anyone who routinely enables 3rd party repositories, as these non-CentOS repositories may update certain system files, potentially causing your CentOS installation to become unstable.
At the moment I did not find the solution since the packages proposed in that documentation are not available in centos 8
[root@centos8stream ~]# yum install yum-plugin-protectbase
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:11:10 ago on Tue Jun 28 20:34:01 2022.
No match for argument: yum-plugin-protectbase
Error: Unable to find a match: yum-plugin-protectbase
[root@centos8stream ~]# yum install yum-protectbase
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:11:17 ago on Tue Jun 28 20:34:01 2022.
No match for argument: yum-protectbase
Error: Unable to find a match: yum-protectbase
I was also able to check the different yum.conf between centos 8 stream and centos 7 and find different settings
Centos 7
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
Centos 8 stream
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
I did a test adding plugins=1 but it didn't work either
I was investigating a little more, and I am not finding a similar configuration for dnf, nor can I find the reason why it has been removed from dnf or has not been incorporated. The reason for the message is because this plugin is not available to install