Score:0

Server

Update From Debian 10 to Debian 11 Gone Wrong

Maestro223

1/11/23, 11:23 PM

I just upgrade from Debian 10 to Debian 11 using these instructions. Everything seems to have worked smoothly, except maldet is failing.

This is the the error:

maldet[2117]: maldet(2117): {mon} kernel does not support inotify(), aborting
systemd[1]: maldet.service: Can't open PID file /usr/local/maldetect/tmp/inotifywait.pid (yet?) after start: Operation not permitted 
systemd[1]: maldet.service: Failed with result 'protocol'.
systemd[1]: Failed to start Linux Malware Detect monitoring - maldet.

My /usr/lib/systemd/system/maldet.service file contains:

[Unit]
Description=Linux Malware Detect monitoring - maldet
After=network.target

[Service]
EnvironmentFile=/usr/local/maldetect/conf.maldet
ExecStart=/usr/local/maldetect/maldet --monitor USERS
ExecStop=/usr/local/maldetect/maldet --kill-monitor
Type=forking
PIDFile=/usr/local/maldetect/tmp/inotifywait.pid
[Install]
WantedBy=multi-user.target

prior to my update, I verified all services were working properly and during the update chose "N" no, declined to replace my custom config files... so nothing should have changed.

Also, I am using Linux 5.10.0-8-amd64 & maldet 1.6.4

Can someone help me figure this out? thanks

441

0 + 0

debian

malware

Michael Hampton

1/11/23, 11:51 PM

`kernel does not support inotify` does not make sense, as it is very unlikely that the Debian maintainers would have made such a mistake in building the kernel and not have millions of people complaining. Something else is going on with your system. Did you actually **review** the new configuration files to see if there were changes you need to make?

Maestro223

1/12/23, 2:29 AM

@MichaelHampton The first thing I did trying to troubleshoot this was review my installation guide and settings. Nothing has changed. I even compared my test server config files to my prod server config files, where maldet still works on prod..

Maestro223

1/12/23, 3:02 AM

Editted above. I am running maldet 1.6.4 on both prod and test. inotifywait is present at/usr/bin/inotifywait, and /usr/local/maldetect/conf.maldet are still my customized versions on both test and prod... hence, my confusion.

Martynas Saint

1/12/23, 7:29 AM

seems that maldet was installed not using debian packages, but "manually" - I would try to rebuild/reinstall it to see if that helps. also it might be useful to check /usr/local/maldetect/tmp/ for permissions or other issues - seems that maldet can't create a file (pid) there.

Maestro223

1/12/23, 12:10 PM

@MartynasSaint can you provide instructions for installing maldet via debian packages. Every set of installation that I have found all use manual installation. FYI, permissions for /usr/local/maldetect/tmp/ are still exactly the same between prod and test.

Martynas Saint

1/12/23, 2:39 PM

i guess there is no official debian package, so you have to do it yourself if you want to go that route. by test server you mean debian 11 and prod debian 10? btw, what happens when you run it manually, like: /usr/local/maldetect/maldet --monitor USERS ?

Score:2

Server

camillepr

1/27/23, 9:18 AM

The issue is the condition in the file /usr/local/maldetect/internals/functions :

if [ -f "/boot/System.map-$(uname -r)" ]; then
        ksup=`grep -i inotify_ /boot/System.map-$(uname -r)`
        if [ -z "$ksup" ]; then
            eout "{mon} kernel does not support inotify(), aborting." 1
            exit
        fi
    elif [ -f "/boot/config-$(uname -r)" ]; then
        ksup=`grep -m1 CONFIG_INOTIFY /boot/config-$(uname -r)`
        if [ -z "$ksup" ]; then
            eout "{mon} kernel does not support inotify(), aborting." 1
            exit
        fi
fi

It's doing grep on the file /boot/System.map-$(uname -r) but in Debian 11 the content is ffffffffffffffff B The real System.map is in the linux-image-<version>-dbg package

I see two quick solutions, the first one is to check the proper file :

Install dbg package for the running Kernel with this command apt install linux-image-$(uname -r)-dbg
Replace the file path of the condition to point to the good one with sed -i 's#/boot/System.map#/lib/debug/boot/System.map#' /usr/local/maldetect/internals/functions

To avoid installing dbg package, the other solution is to remove the first condition and only use the second one which check into /boot/config-$(uname -r).

I used the first one to test, Maldetect is starting now. Both solutions should work waiting for a definitive fix.

Regards

0 + 0

Maestro223

1/29/23, 10:46 PM

thx for this.. i will give a try and let you know...

Maestro223

2/2/23, 3:56 AM

This solution worked like a charm... thanx.

Maestro223

9/11/23, 7:34 AM

Hi there.. unfortunately, I had to migrate to a new server.. (ubuntu 20.04), but and I have encountered this problem again. However, neither solution above works. 1.) I cannot install the dbg package. and (E: Unable to locate package linux-image-5.4.0-109-generic-dbg) and 2.) only using the second solution, just didn't work. Any other suggestions?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Update From Debian 10 to Debian 11 Gone Wrong

TH: อัปเดตจาก Debian 10 เป็น Debian 11 ผิดพลาด

RO: Actualizarea de la Debian 10 la Debian 11 a mers greșit

RU: Обновление с Debian 10 до Debian 11 пошло не так

VI: Cập nhật từ Debian 10 lên Debian 11 Đã sai

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.