I have installed ClamAV in CentOS 7.3 and have problems when starting clamd as a systemd service.
When I start clamd manually from the command line (/usr/sbin/clamd -c /etc/clamd.conf), everything goes well and I can connect using clamdscan.
When I start clamd via systemd, (systemctl start clamd), clamd
starts and, after a few seconds, terminates with the message 'Waiting
for all threads to finish' in the log file.
Has anyone any idea why clamd starts OK from the command line but not
as a service? Configuration and log files follows. Thank you.
/usr/lib/systemd/system/clamd.service:
[Unit]
Description = clamd scanner daemon
After = network.target
[Service]
ExecStart = /usr/sbin/clamd -c /etc/clamd.conf
PrivateTmp = true
[Install]
WantedBy=multi-user.target
/etc/clamd.conf:
LogFile /tmp/clamd.log
LogTime true
LogVerbose true
TCPSocket 3310
TCPAddr localhost
logfile:
Thu Aug 31 09:52:18 2017 -> +++ Started at Thu Aug 31 09:52:18 2017
Thu Aug 31 09:52:18 2017 -> Received 0 file descriptor(s) from systemd
Thu Aug 31 09:52:18 2017 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Aug 31 09:52:18 2017 -> Log file size limited to 1048576 bytes.
Thu Aug 31 09:52:18 2017 -> Reading databases from /var/lib/clamav
Thu Aug 31 09:52:18 2017 -> Not loading PUA signatures.
Thu Aug 31 09:52:18 2017 -> Bytecode: Security mode set to "TrustSigned".
Thu Aug 31 09:52:24 2017 -> Loaded 6303399 signatures.
Thu Aug 31 09:52:26 2017 -> TCP: Bound to [127.0.0.1]:3310
Thu Aug 31 09:52:26 2017 -> TCP: Stting connection queue length to 200
Thu Aug 31 09:52:26 2017 -> Limits: Global size limit set to 104857600 bytes.
Thu Aug 31 09:52:26 2017 -> Limits: File size limit set to 26214400 bytes.
Thu Aug 31 09:52:26 2017 -> Limits: Recursion level limit set to 16.
Thu Aug 31 09:52:26 2017 -> Limits: Files limit set to 10000.
Thu Aug 31 09:52:26 2017 -> Limits: Core-dump limit is 0.
Thu Aug 31 09:52:26 2017 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Thu Aug 31 09:52:26 2017 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Thu Aug 31 09:52:26 2017 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Thu Aug 31 09:52:26 2017 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Thu Aug 31 09:52:26 2017 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Thu Aug 31 09:52:26 2017 -> Limits: MaxPartitions limit set to 50.
Thu Aug 31 09:52:26 2017 -> Limits: MaxIconsPE limit set to 100.
Thu Aug 31 09:52:26 2017 -> Limits: MaxRecHWP3 limit set to 16.
Thu Aug 31 09:52:26 2017 -> Limits: PCREMatchLimit limit set to 10000.
Thu Aug 31 09:52:26 2017 -> Limits: PCRERecMatchLimit set to 5000.
Thu Aug 31 09:52:26 2017 -> Limits: PCREMaxFileSize limit set to 26214400.
Thu Aug 31 09:52:26 2017 -> Archive support enabled.
Thu Aug 31 09:52:26 2017 -> Algorithmic detection enabled.
Thu Aug 31 09:52:26 2017 -> Portable Executable support enabled.
Thu Aug 31 09:52:26 2017 -> ELF support enabled.
Thu Aug 31 09:52:26 2017 -> Mail files support enabled.
Thu Aug 31 09:52:26 2017 -> OLE2 support enabled.
Thu Aug 31 09:52:26 2017 -> PDF support enabled.
Thu Aug 31 09:52:26 2017 -> SWF support enabled.
Thu Aug 31 09:52:26 2017 -> HTML support enabled.
Thu Aug 31 09:52:26 2017 -> XMLDOCS support enabled.
Thu Aug 31 09:52:26 2017 -> HWP3 support enabled.
Thu Aug 31 09:52:26 2017 -> Self checking every 600 seconds.
Thu Aug 31 09:52:26 2017 -> Listening daemon: PID: 5518
Thu Aug 31 09:52:26 2017 -> MaxQueue set to: 100
Thu Aug 31 09:52:28 2017 -> Waiting for all threads to finish.
Thu Aug 31 09:52:29 2017 -> Shutting down the main socket.
Thu Aug 31 09:52:29 2017 -> --- Stopped at Thu Aug 31 09:52:29 2017
Thu Aug 31 09:52:29 2017 -> Closing the main socket
systemctl status clamd
clamd.service - clamd scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2017-08-31 09:52:29 UTC; 42 min ago
Main PID: 5516 (code=exited, status=0/SUCCESS)
Aug 31 09:52:18 localhost.localdomain systemd[1]: Started clamd scanner daemon.
Aug 31 09:52:18 localhost.localdomain systemd[1]: Starting clamd scanner daemon ...
I messed up at the installation and missed installing, among other things, the clamav-server-systemd package.
Works alright now.
Related
I have Jenkins installed in an EC2 machine in AWS. I tried to install the slack plugin and it break the other plugins, so I tried updating Jenkins version to make it work again and now I cannot event start it. I get the following message:
Starting jenkins (via systemctl): Failed to start jenkins.service: Unit is not loaded properly: Invalid argument.
See system logs and 'systemctl status jenkins.service' for details.
[FAILED]
I have also tried to delete Jenkins completely following this guide: to then reinstall it following the Jenkins in AWS guide. But it is still not working. At some point when I did the journalctl -xe I got this error (I cant remember what I did to get there but at least I saved this log trace):
Unit jenkins.service has begun starting up.
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: Sep 20, 2022 4:39:49 PM executable.Main verifyJavaVersion
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: SEVERE: Running with Java class version 52, which is older than
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: java.lang.UnsupportedClassVersionError: 52.0
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: at executable.Main.verifyJavaVersion(Main.java:145)
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: at executable.Main.main(Main.java:109)
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: Jenkins requires Java versions [17, 11] but you are running wit
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: java.lang.UnsupportedClassVersionError: 52.0
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: at executable.Main.verifyJavaVersion(Main.java:145)
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal jenkins[23035]: at executable.Main.main(Main.java:109)
Sep 20 16:39:49 ip-10-10-3-149.ec2.internal systemd[1]: Failed to start Jenkins Continuous Integration Server.
-- Subject: Unit jenkins.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit jenkins.service has failed.
--
So I though I had finally found the error, I checked the java -version and it was saying java1.8. Therefore I changed it with alternatives --config java and set it to:
java-11-openjdk.x86_64 (/usr/lib/jvm/java-11-openjdk-11.0.16.0.8-1.amzn2.0.1.x86_64/bin/java)
I have also added this path to /etc/rc.d/init.d/jenkins. Now when I get the java -version I get this:
openjdk version "11.0.16" 2022-07-19 LTS
OpenJDK Runtime Environment (Red_Hat-11.0.16.0.8-1.amzn2.0.1) (build 11.0.16+8-LTS)
OpenJDK 64-Bit Server VM (Red_Hat-11.0.16.0.8-1.amzn2.0.1) (build 11.0.16+8-LTS, mixed mode, sharing)
when I try to get the status of jenkins with systemctl status jenkins.service -l I get:
● jenkins.service
Loaded: error (Reason: Invalid argument)
Drop-In: /etc/systemd/system/jenkins.service.d
└─override.conf
Active: failed (Result: start-limit) since Tue 2022-09-20 16:39:49 UTC; 15h ago
Main PID: 23035 (code=exited, status=0/SUCCESS)
Sep 20 16:57:30 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 20 16:57:43 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:15:59 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:20:02 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:23:12 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:23:20 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:24:26 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:30:58 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:31:06 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
Sep 21 07:48:04 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecStop= setting. Refusing.
and when I use journalctl -xe I get:
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-120.scope has finished starting up.
--
-- The start-up result is done.
Sep 21 07:40:01 ip-10-10-3-149.ec2.internal CROND[842]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Sep 21 07:41:28 ip-10-10-3-149.ec2.internal dhclient[3121]: XMT: Solicit on eth0, interval 131610ms.
Sep 21 07:43:39 ip-10-10-3-149.ec2.internal dhclient[3121]: XMT: Solicit on eth0, interval 118630ms.
Sep 21 07:45:38 ip-10-10-3-149.ec2.internal dhclient[3121]: XMT: Solicit on eth0, interval 121300ms.
Sep 21 07:46:59 ip-10-10-3-149.ec2.internal sshd[3483]: Received disconnect from 92.255.85.69 port 28784:
Sep 21 07:46:59 ip-10-10-3-149.ec2.internal sshd[3483]: Disconnected from 92.255.85.69 port 28784 [preaut
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal dhclient[3075]: DHCPREQUEST on eth0 to 10.10.3.1 port 67 (xid
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal dhclient[3075]: DHCPACK from 10.10.3.1 (xid=0x18dc5aad)
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal NET[3542]: dhclient: Locked /run/dhclient/resolv.lock
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal dhclient[3075]: bound to 10.10.3.149 -- renewal in 1618 secon
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal ec2net[3561]: [get_meta] Querying IMDS for meta-data/network/
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal ec2net[3562]: [get_meta] Getting token for IMDSv2.
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal ec2net[3565]: [get_meta] Trying to get http://169.254.169.254
Sep 21 07:47:04 ip-10-10-3-149.ec2.internal ec2net[3570]: [remove_aliases] Removing aliases of eth0
Sep 21 07:47:39 ip-10-10-3-149.ec2.internal dhclient[3121]: XMT: Solicit on eth0, interval 116180ms.
Sep 21 07:48:03 ip-10-10-3-149.ec2.internal sudo[3947]: root : TTY=pts/0 ; PWD=/root ; USER=root ; CO
Sep 21 07:48:03 ip-10-10-3-149.ec2.internal sudo[3947]: pam_unix(sudo:session): session opened for user r
Sep 21 07:48:03 ip-10-10-3-149.ec2.internal systemd[1]: Reloading.
Sep 21 07:48:04 ip-10-10-3-149.ec2.internal systemd[1]: jenkins.service lacks both ExecStart= and ExecSto
Sep 21 07:48:04 ip-10-10-3-149.ec2.internal sudo[3947]: pam_unix(sudo:session): session closed for user r
Sep 21 07:48:09 ip-10-10-3-149.ec2.internal sudo[4019]: root : TTY=pts/0 ; PWD=/root ; USER=root ; CO
Sep 21 07:48:09 ip-10-10-3-149.ec2.internal sudo[4019]: pam_unix(sudo:session): session opened for user r
Sep 21 07:48:09 ip-10-10-3-149.ec2.internal sudo[4019]: pam_unix(sudo:session): session closed for user r
I have tried also the solution in here. I am not sure what else I can try.
UPDATE: this is how my jenkins unit looks like (systemctl cat jenkins):
# /etc/systemd/system/jenkins.service
[Service]
Environment="JENKINS_PORT=8000"
# /etc/systemd/system/jenkins.service.d/override.conf
[Service]
Environment="JENKINS_PORT=8000"
According to the logs, the unit file is missing start and stop scripts which can be confirmed by
systemctl cat jenkins.
According to Jenkins docs, the systemd file needed changes.Copying and overriding the unit file with the one given in the docs can solve the problem.
Trying to get Ops Agent working and used the following command to install it:
curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh
sudo bash add-google-cloud-ops-agent-repo.sh --also-install
I see the following error in the logs of journalctl -u google-cloud-ops-agent-opentelemetry-collector -xn
otelopscol[2706]: 2022-02-06T21:50:36.140Z info exporterhelper/queued_retry.go:215 Exporting failed. Will retry the request after interval. {"kind": "exporter", "name": "googlecloud", "error": "[rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: metadata: GCE metadata \"instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.read%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.write\" not defined; rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: metadata: GCE metadata \"instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.read%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.write\" not defined; rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: metadata: GCE metadata \"instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.read%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fmonitoring.write\" not defined]", "interval": "14.115202828s"}
The services otherwise look good and are running but the UI reports that Ops Agent wasn't actually running which I suspect is due to no data being sent back.
Here is the status of running agents:
google-cloud-ops-agent-opentelemetry-collector.service - Google Cloud Ops Agent - Metrics Agent
Loaded: loaded (/lib/systemd/system/google-cloud-ops-agent-opentelemetry-collector.service; static; vendor preset: enabled)
Active: active (running) since Sat 2022-02-05 04:38:41 UTC; 1 day 17h ago
Process: 2690 ExecStartPre=/opt/google-cloud-ops-agent/libexec/google_cloud_ops_agent_engine -service=otel -in /etc/google-clou>
Main PID: 2706 (otelopscol)
Tasks: 9 (limit: 2369)
Memory: 193.6M
CGroup: /system.slice/google-cloud-ops-agent-opentelemetry-collector.service
└─2706 /opt/google-cloud-ops-agent/subagents/opentelemetry-collector/otelopscol --config=/run/google-cloud-ops-agent-o>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: /root/go/pkg/mod/go.opentelemetry.io/collector#v0.42.0/exporter/exporterhelper/qu>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: go.opentelemetry.io/collector/exporter/exporterhelper.(*metricsSenderWithObservability).s>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: /root/go/pkg/mod/go.opentelemetry.io/collector#v0.42.0/exporter/exporterhelper/me>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: go.opentelemetry.io/collector/exporter/exporterhelper.(*queuedRetrySender).start.func1
Feb 06 21:55:53 mongo-1 otelopscol[2706]: /root/go/pkg/mod/go.opentelemetry.io/collector#v0.42.0/exporter/exporterhelper/qu>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: go.opentelemetry.io/collector/exporter/exporterhelper/internal.consumerFunc.consume
Feb 06 21:55:53 mongo-1 otelopscol[2706]: /root/go/pkg/mod/go.opentelemetry.io/collector#v0.42.0/exporter/exporterhelper/in>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: go.opentelemetry.io/collector/exporter/exporterhelper/internal.(*boundedMemoryQueue).Star>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: /root/go/pkg/mod/go.opentelemetry.io/collector#v0.42.0/exporter/exporterhelper/in>
Feb 06 21:55:53 mongo-1 otelopscol[2706]: 2022-02-06T21:55:53.145Z info exporterhelper/queued_retry.go:215 Exp>
● google-cloud-ops-agent.service - Google Cloud Ops Agent
Loaded: loaded (/lib/systemd/system/google-cloud-ops-agent.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2022-02-05 04:38:41 UTC; 1 day 17h ago
Process: 2691 ExecStartPre=/opt/google-cloud-ops-agent/libexec/google_cloud_ops_agent_engine -in /etc/google-cloud-ops-agent/co>
Process: 2704 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 2704 (code=exited, status=0/SUCCESS)
Feb 05 04:38:41 mongo-1 systemd[1]: Starting Google Cloud Ops Agent...
Feb 05 04:38:41 mongo-1 systemd[1]: Finished Google Cloud Ops Agent.
● google-cloud-ops-agent-fluent-bit.service - Google Cloud Ops Agent - Logging Agent
Loaded: loaded (/lib/systemd/system/google-cloud-ops-agent-fluent-bit.service; static; vendor preset: enabled)
Active: active (running) since Sun 2022-02-06 15:05:35 UTC; 6h ago
Process: 22138 ExecStartPre=/opt/google-cloud-ops-agent/libexec/google_cloud_ops_agent_engine -service=fluentbit -in /etc/googl>
Main PID: 22144 (fluent-bit)
Tasks: 22 (limit: 2369)
Memory: 29.0M
CGroup: /system.slice/google-cloud-ops-agent-fluent-bit.service
└─22144 /opt/google-cloud-ops-agent/subagents/fluent-bit/bin/fluent-bit --config /run/google-cloud-ops-agent-fluent-bi>
Feb 06 15:05:35 mongo-1 systemd[1]: google-cloud-ops-agent-fluent-bit.service: Scheduled restart job, restart counter is at 7.
Feb 06 15:05:35 mongo-1 systemd[1]: Stopped Google Cloud Ops Agent - Logging Agent.
Feb 06 15:05:35 mongo-1 systemd[1]: Starting Google Cloud Ops Agent - Logging Agent...
Feb 06 15:05:35 mongo-1 systemd[1]: Started Google Cloud Ops Agent - Logging Agent.
Feb 06 15:05:35 mongo-1 fluent-bit[22144]: Fluent Bit v1.8.12
Feb 06 15:05:35 mongo-1 fluent-bit[22144]: * Copyright (C) 2019-2021 The Fluent Bit Authors
Feb 06 15:05:35 mongo-1 fluent-bit[22144]: * Copyright (C) 2015-2018 Treasure Data
Feb 06 15:05:35 mongo-1 fluent-bit[22144]: * Fluent Bit is a CNCF sub-project under the umbrella of Fluentd
Feb 06 15:05:35 mongo-1 fluent-bit[22144]: * https://fluentbit.io
The issue was due to the VM not having a service account. The solution was to do the following:
create a service account
assign the service account Logs Writer and Monitoring Metric Writer roles
Stop the VM, Edit the VM, set the newly created service account, start the VM
Note that by default a VM has a default service account. In my case I created the VM and explicitely didn't enable any service account hence the issue.
Currently learning how to config an openVPN server on an AWS Linux server as a bit of a self-taught exercise. I've managed to set everything up to trying to connect to it via the OpenVPN client GUI, but it's not working. The error message in the log below:
Enter Management Password:
Mon May 18 14:59:57 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon May 18 14:59:57 2020 Need hold release from management interface, waiting...
Mon May 18 14:59:57 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon May 18 14:59:57 2020 MANAGEMENT: CMD 'state on'
Mon May 18 14:59:57 2020 MANAGEMENT: CMD 'log all on'
Mon May 18 14:59:57 2020 MANAGEMENT: CMD 'echo all on'
Mon May 18 14:59:57 2020 MANAGEMENT: CMD 'bytecount 5'
Mon May 18 14:59:57 2020 MANAGEMENT: CMD 'hold off'
Mon May 18 14:59:57 2020 MANAGEMENT: CMD 'hold release'
Mon May 18 14:59:57 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Mon May 18 14:59:57 2020 OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Mon May 18 14:59:57 2020 Cannot load private key file client.key
Mon May 18 14:59:57 2020 SIGUSR1[soft,private-key-password-failure] received, process restarting
Mon May 18 14:59:57 2020 MANAGEMENT: >STATE:1589810397,RECONNECTING,private-key-password-failure,,,,,
Mon May 18 14:59:57 2020 Restart pause, 5 second(s)
Here's the configs I have for server and client:
client
dev tun
proto udp
remote [MY AWS IP GOES HERE] 1194
ca ca.crt
cert client.crt
key client.key
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
cipher AES-256-CBC
auth SHA512
resolv-retry infinite
auth-retry none
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
tls-client
tls-auth pfs.key
Server
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
cipher AES-256-CBC
auth SHA512
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
tls-server
tls-auth /etc/openvpn/pfs.key
I am trying to stop Clamav service in Linux, but I am not able to do that.
I have installed Clamav in a seperate directory.
When running below command:
$ systemctl stop clamav-daemon
I get this error message:
Warning: Stopping clamav-daemon.service, but it can still be activated by:
clamav-daemon.socket
When running:
$ systemctl status clamav-daemon
I get:
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2020-04-29 13:23:33 IST; 7s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 32213 (clamd)
Tasks: 1
CGroup: /system.slice/clamav-daemon.service
└─32213 /usr/local/sbin/clamd --foreground=true
Any help will be appreciated. Thanks.
When you are logged in as a normal user which can be understood by seeing the $ sign in your command, clamav won't stop. You need to perform the following command.
It will stop clamav for only logged-in session
$ sudo systemctl stop clamav-daemon
To see the status
$ sudo systemctl status clamav-daemon
It will return:
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: inactive (dead)
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Aug 20 08:58:53 machine clamd[808]: Thu Aug 20 08:58:53 2020 -> HTML support enabled.
Aug 20 08:58:53 machine clamd[808]: Thu Aug 20 08:58:53 2020 -> XMLDOCS support enabled.
Aug 20 08:58:53 machine clamd[808]: Thu Aug 20 08:58:53 2020 -> HWP3 support enabled.
Aug 20 08:58:53 machine clamd[808]: Thu Aug 20 08:58:53 2020 -> Self checking every 3600 seconds.
Aug 20 09:58:53 machine clamd[808]: Thu Aug 20 09:58:53 2020 -> SelfCheck: Database status OK.
Aug 20 10:57:51 machine systemd[1]: Stopping Clam AntiVirus userspace daemon...
Aug 20 10:57:52 machine clamd[808]: Thu Aug 20 10:57:52 2020 -> --- Stopped at Thu Aug 20 10:57:52 >
Aug 20 10:57:52 machine clamd[808]: Thu Aug 20 10:57:52 2020 -> Socket file removed.
Aug 20 10:57:52 machine systemd[1]: clamav-daemon.service: Succeeded.
Aug 20 10:57:52 machine systemd[1]: Stopped Clam AntiVirus userspace daemon.
If you have created symbolic link of clamav daemon to start the program automatically when pc boot then you need to remove that link so that clamav shouldn't start automatically
$ sudo systemctl disable clamav-daemon
When configuring uwsgi django application for first time i had weird error. NGIX (configured as per documentation) responded with 502 Bad Gateway response.
Uwsgi logs give no apparent error:
Sun Oct 7 17:36:31 2012 - *** Starting uWSGI 1.2.3-debian (64bit) on [Sun Oct 7 17:36:31 2012] ***
Sun Oct 7 17:36:31 2012 - compiled with version: 4.7.1 on 13 September 2012 19:07:14
Sun Oct 7 17:36:31 2012 - detected number of CPU cores: 2
Sun Oct 7 17:36:31 2012 - current working directory: /
Sun Oct 7 17:36:31 2012 - writing pidfile to /run/uwsgi/app/lfitjcmsjb/pid
Sun Oct 7 17:36:31 2012 - detected binary path: /usr/bin/uwsgi-core
Sun Oct 7 17:36:31 2012 - setgid() to 33
Sun Oct 7 17:36:31 2012 - setuid() to 33
Sun Oct 7 17:36:31 2012 - your memory page size is 4096 bytes
Sun Oct 7 17:36:31 2012 - detected max file descriptor number: 1024
Sun Oct 7 17:36:31 2012 - lock engine: pthread robust mutexes
Sun Oct 7 17:36:31 2012 - uwsgi socket 0 bound to UNIX address /run/uwsgi/app/lfitjcmsjb/socket fd 3
Sun Oct 7 17:36:31 2012 - uwsgi socket 1 bound to UNIX address /tmp/lfitj.sock fd 5
Sun Oct 7 17:36:31 2012 - your server socket listen backlog is limited to 100 connections
Sun Oct 7 17:36:31 2012 - *** Operational MODE: preforking ***
Sun Oct 7 17:36:31 2012 - *** no app loaded. going in full dynamic mode ***
Sun Oct 7 17:36:31 2012 - *** uWSGI is running in multiple interpreter mode ***
Sun Oct 7 17:36:31 2012 - spawned uWSGI master process (pid: 5141)
Sun Oct 7 17:36:31 2012 - spawned uWSGI worker 1 (pid: 5144, cores: 1)
Sun Oct 7 17:36:31 2012 - spawned uWSGI worker 2 (pid: 5145, cores: 1)
Sun Oct 7 17:37:57 2012 - -- unavailable modifier requested: 0 --
uWSGI logs show error --- it is:
-- unavailable modifier requested: 0 --
which basically means that python plugin is missing --- you need to install it. On debian you need to install uwsgi-plugin-python.