Home » Fixes
Category Archives: Fixes
ClamAV: “libfreshclam init failed, Initialization error!”
Basic Information
ClamAV is a stable anti virus software for Linux and it is available since two decades. Viruses could be an issue on Linux systems but it is more likely to get a rootkit infection on a Linux system. Basically it is not a failure to have an anti virus software on a Linux computer, for example to check downloaded files.
It could also make sense to install ClamAV to scan a Samba file share for Windows clients which is provided on a Linux server.
ClamAV is easy to install and it is available in the repositories of the most distributions.
The Installation
First of all we need to install ClamAV (here on Ubuntu) with this command:
apt-get install clamavAs a next step we need to update the virus definitions. But this could lead us to an error:
The Problem and the Fix
The update of the anti virus definitions can be done with this command:
freshclamBut on several systems I got this message here:
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!The problem is that “freshclam” locks a file (/var/log/clamav/freshclam.log) and does automatically updates in the background. This is just fine, but if we want to get debugging information of the anti virus definition update procedure we need to run these commands:
We need to find the PID of “freshclam” with the “ps -ef” command and then we need to stop it with the “kill” command. (Here is the PID of the “freshclam -d” process 1281)
The command “kill -p PID” stops the lock of the file “/var/log/clamav/freshclam.log” and then “freshclam” can be executed.
We see several times the message “up-to-date” in the last lines on the picture.
Conclusion
ClamAV is a kind of dinosaur in the Linux world. Its is uncomplicated and works well on Linux. The update procedure of the anti virus definitions can cause an error and the automatic update feature needs to be stopped. After stopping the automatic updates a manual update can be done.
Feel free to comment my blog post.
Automount ZFS RAID on Debian 11
ZFS is a modern file system with a lot of cool features, like encryption, handling very big volumes, providing data integrity (bit rot prevention) and high performance. Originally ZFS was developed by Sun Microsystems for Solaris and a Linux version of ZFS is available since 2013.
On systems with ECC RAM memory ZFS shows its advantages in terms of data integrity.
Another benefit is that ZFS combines several features like disk redundancy and encryption among other features in one single technology. As well it is possible to send encrypted volumes through a network for backup purposes.
The Problem
The problem is that auto mounting the ZFS volume could fail if the system is badly configured.
We will generate a key file which should be stored on a LUKS encrypted volume. If the server starts up, the ZFS volume should be mounted automatically. Let me show you how I did it:
The Fix
First of all we need to install ZFS with apt-get:
apt-get install zfsutilsAs next step we need to create a key file for the encryption. Keep this file in a secure place like a LUKS volume on the server and have a copy on another secure storage:
dd if=/dev/random of=/root/zfs-encryption.key bs=1 count=32Next we create a Zpool. We create a Raidz also known as Raid5.
zpool create -f tank1 -o - ashift=12 -o feature@encryption=enabled -O encryption=on -O keylocation=file:///root/zfs-encryption.key -O keyformat=raw raidz /dev/disk/by-id/wwndisk1 /dev/disk/by-id/wwndisk2 /dev/disk/by-id/wwndisk3 /dev/disk/by-id/wwndisk4After creating the RAID which contains the disks we need to create a ZFS file system:
zfs create -o mountpoint=/tank1/zfs tank1/zfsNext we need to create a Systemd startup script for ZFS by opening the file /etc/systemd/system/zfs-load-key.service. Add this code to the file:
[Unit]
Description=Load encryption keys
DefaultDependencies=no
Before=zfs-mount.service
After=zfs-import.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/bash -c '/usr/bin/zfs load-key -a'
[Install]
WantedBy=zfs-mount.serviceNow we need to enable the service to start during the system startup:
systemctl enable zfs-load-key.serviceNow reboot the system and ZFS should be mounted automatically.
Conclusion
ZFS is a feature rich modern file system. Auto mount a ZFS volume could be a small challenge. I showed you how to automatically mount a ZFS volume on Debian 11. Keep the decryption key file always safe and keep a backup of it.
Feel free to write a comment and have fun!
Fix Rootkit Hunter Errors: WEB_CMD and “Update failed”
Introduction
IT Security is an important topic nowadays. Since every aspect of our daily life is affected by IT, systems security and data security became essential. Hackers penetrate companies and their IT system all around the world day by day.
Also Linux can be compromised by hackers. Although Windows is still dominant on desktops and laptops and therefore it was the main target for hackers in the past, Linux has its high market shares in the servers sector and as well at the mobile devices market .
Windows systems were mainly affected by classical viruses in the past, while Linux desktops and Linux servers where more exposed to rootkits. A rootkit is a malicious software which grants full access, known as root access, to a hacker on a compromised system.
Rootkits are difficult to detect but there is software available which can give a first hint of compromise to a systems maintainer.
Among a few open source tools there is Rootkit Hunter available to scan Linux systems. But by default it can be misconfigured and some fixes need to be done:
The Problems and their Fixes
First of all the installation of Rootkit Hunter needs to be done. I show here the installation and the fixes on a Ubuntu Desktop. The command for the installation is :
sudo apt-get install rkhunterAs a next step we want to update the rootkit definitions similar to anti virus definitions:
sudo rkhunter --updateAnd then we are getting this error message:
Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"Here is a screen shot with of the problem:
…and as well we see the fix for the problem in the last line of the screen shot. Here is the command to copy for you:
sudo sed -i 's/WEB_CMD=\"\/bin\/false\"/WEB_CMD=\"\"/g' /etc/rkhunter.confBut that’s not all! As we continue another error appears, if we run “sudo rkhunter –update” again. The output is “Update failed”. But there is also a fix as you see next:
The fix for the problem as bash command:
sudo sed -i 's/UPDATE_MIRRORS=0/UPDATE_MIRRORS=1/g' /etc/rkhunter.conf
sudo sed -i 's/MIRRORS_MODE=1/MIRRORS_MODE=0"\"/g' /etc/rkhunter.confNext we see that the command finally works:
But then another error appears if we want to ran a scan. The command for the scan is:
sudo rkunter -cHere is the error message:
Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/egrep
Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/fgrepHere is the screen shot of the probĺem:
And as well the fix is here as code:
sudo sed -i 's/\/usr\/bin\/egrep/\/bin\/egrep/g' /etc/rkhunter.conf
sudo sed -i 's/\/usr\/bin\/fgrep/\/bin\/fgrep/g' /etc/rkhunter.confAfter these modifications our rootkit check finally worked as you see here:
Conculsion
Rootkit Hunter is a good piece of software but on some Ubuntu version it fails if it is executed after the installation. The procedures here make Rootkit Hunter functioning properly. As well I showed how to fix a problem with updating Rootkit Hunter.
Feel free to comment my blog post!
Windows 10 slow on older Hardware
Basic Information
Windows 10 is also in 2023 a popular and widely used operating system. Although Windows 11 is released since 2021 Windows 10 is still current. Windows 10 will be supplied with security updates until October 2025. Until this time Windows 10 can be used safely without any disadvantage.
The situation is different for Windows 8.1 and for sure for Windows 7. These systems are “end of life” (EOL) and should not be used anymore becauase of a lack of system security. Also an Anti Virus Software doesn’t compensate that there are no security updates offered by Microsoft anymore.
Windows 10 can also be installed and running on older Hardware. Microsoft writes that Windows 10 is able to be functioning on devices with at lease 2 GB of RAM and a 1 GHz processor (CPU). These low system requirements tempt to install Windows 10 on older hardware.
But to not be disappointed by the low performance a trick needs to be done.
The Problem
If you installed Windows 10 on weaker hardware the slow speed of the system and reduced usability could be an issue. The reaction to a click could take up to a few seconds and this can be very annoying if you want to work efficient and effective.
Also to work with several programs at the same time could lead the hardware to its limits.
But there is a trick to reduce the RAM occupation of Windows 10 and to speed up the system.
The Fix
Click to the Windows Start button in the left lower corner of you screen.
Type then “performance” into the search bar. As a search result “Adjust the appearance and performance of Windows” will be in the search result list.
Now this Windows opens:
Now click on “Adjust for best performance” and then “OK”.
Restart your computer!
After the reboot of the computer the Memory/RAM fingerprint of Windows 10 will be much reduced and the computer operates much faster than before.
If the computer still doesn’t operate fast enough a hard disk drive replacement could be considered.
Advice
On old computers often the hard disk causes a performance bottle neck and slows down the whole system. Old HDDs (hard drives) should be replaced with SSDs (Solid-State Drives) and old SSD should be replaced with new SSDs.
This procedure takes more efforts and to reinstall Windows 10. Technical skill is needed as well.
Conclusion
Windows 10 is still current for the next years and if the main task of the user consists in browsing the internet, writing emails and creating documents and spread sheets older hardware can be sufficient. The trick described above can make a significant difference in the speed of the system.
If a low budget solution is required, instead of buying a new computer a hard disk drive change can speed up the computer as well.
Feels free to comment this post!
Ubuntu slow because of Tracker-miner-fs Package
The Problem
Ubuntu 20.04 can be very slow on weaker hardware with low RAM and a weaker CPU. It can be the case that the Ubuntu PC is unusable because CPU usage is very high, although not many applications are opened by the user.
An investigation on an affected PC shows that a specific application called “tracker-miner-fs” caused the high CPU usage and slowed down the PC. Further research showed that “tracker”, version 2, caused the PC to be nearly inoperable.
Linux command line tools like “htop” and “ps -ef” can be used to investigate the details of the running processes and it shows details about the memory and CPU usage.
“Tracker” is an indexing software, which creates and updates a database of the files on the PC’s hard disk drive all the time in the background. On faster and newer hardware it has its advantages, providing metadata for the files on the computer.
But on older hardware it can cause the PC to be inoperable.
The Fix
Several trails of disabling “Tracker” did not work. And: “Tracker” cannot just be uninstalled because the Gnome Desktop, means the whole graphical window system, is dependent on the “Tracker” package. Removing the “Tracker” package would result in a Ubuntu Linux with just a command line interface.
Finally the wooden hammer method worked for me and fixed the trouble we had on the affected system:
sudo chmod -x /usr/libexec/tracker-miner-fs
sudo chmod -x /usr/libexec/tracker-extract
sudo chmod -x /usr/libexec/tracker-store
sudo rebootThe commands above just prevent the “Tracker” binaries to be able to be started. Removing the “execution” permission with the option “-x” in the commands stop the binaries from starting.
Conclusion
The result of the execution of the commands above is a fast running Ubuntu Desktop on older hardware with a little amount of RAM and a weaker CPU. Keep in mind that some cool features of the Gnome Desktop like file meta data info stop working after running the command above.
Have fun with your faster Ubuntu Desktop and comment this blog post!
MySQL – ERROR 1064 (42000): You have an error in your SQL syntax;
Basic Information
MySQL is a database management system for a special kind of SQL databases. SQL databases basically contain a data model and then the data itself. The data model defines the structure for the stored data.
SQL is also the name for the programming language.
The SQL Syntax of the programming language is basically distinguished between the Data Definition Language (DDL) and the Data Manipulation Language (DML). SQL for MySQL is well documented in the internet: https://dev.mysql.com/doc/
MySQL is widespread and a base for many web pages and web systems in the internet. MySQL is open source although some module are closed source. In Linux MySQL can be easily installed and used. There is also an installer for Windows available.
The Problem
Before I upgraded from an older MySQL version to a newer one the following command could be executed successfully:
mysql> GRANT ALL PRIVILEGES ON testdb.* TO testuser@localhost IDENTIFIED BY 'secpasswd';Executing the command after I upgraded MySQL gave me the following error message:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'secpasswd'' at line 1The command should basically create a user “testuser” and give this user full access to the database “testdb”. It’s really frustrating because the command above worked for me long time without problems.
But after short trails I found the new way to create a user and to grant access to the database.
The Fix
The complete procedure is listed here:
CREATE database testdb;The command above creates the databases with the name “testdb”.
CREATE USER 'testuser'@'localhost' IDENTIFIED BY 'secpasswd';The second command above creates a user (“testuser”) and sets a password.
GRANT ALL PRIVILEGES ON testdb.* TO 'testuser'@'localhost';The last step gives the user “testuser” full access to the database “testdb”. The procedure works for me on MySQL version 8.0.31-0ubuntu0.20.04.2.
Conclusion
Often syntax and commands are changing after system upgrades. Software is often replaced by forks or software which fits better to the users needs. Professionals invest a lot of time to find out how the new versions or the new software works. But on the other side updated and new software comes with new features and bug fixes.
Feel free to comment my post.
rm: cannot remove ‘file.txt’: Read-only file system on BTRFS
Basic Information
Recently we were experiencing an error on an OpenSuse Linux and BTRFS.
OpenSuse is a popular Linux and comes by default with the BTRFS (B-tree FS) file system. The BTRFS file system is a modern file system with many advantages compared to the old EXT4.
For clarification: A file system basically manages the way how your data is stored on a hard disk drive. A hard disk drive can be spitted into partitions and every partition gets its own file system. As I wrote in our case it is BTRFS.
The basic management like setting permissions and ownership of files and directories is similar on all the Linux file systems – also on BTRFS. Normally a user doesn’t have to care much about the file system type.
Our problem with BTRFS showed up as follows:
The Problem
Recently we started up an OpenSuse PC with a BTRFS file system and we wanted to erase the file “file.txt” with the “rm” command as you can see here:
rm file.txt
rm: cannot remove 'file.txt': Read-only file systemYou are seeing in the second line the error message we got.
A further analysis showed up that the device /dev/sde1 was keeping the file which we wanted to erase.
As a symptom of the problem we were identifying that /dev/sde1 was mounted as “read-only” volume.
Because the partition is mounted as “read-only” we cannot erase, create or modify any file on /dev/sde1 – also not our “file.txt” !
The Fix
1. Boot a Linux Live System
Since the device /dev/sde1 was occupied by the installed OpenSuse Linux and could not be unmounted I decide to boot my PC with a Ubuntu Live System. I choose “Try Ubuntu” and I got a fully working system with graphical user interface.
2. Open a Terminal and Check BTRFS
We assume that the file system is mounted “read-only” because of a file system defect. We have to execute the following command:
sudo btrfs check /dev/sde1
3. Reboot
Although now error was recognized by the check we rebooted the system. And: The device /dev/sde1 wan now mounted as rw (read write). We could successfully erase, create and modify all the files on our BTRFS partition again.
Conclusion
The task was successfully closed. Keep in mind that there could be a serious hardware issue with the hard disk drive. It could be the case that the problem appears again. There are other Linux tools to check the integrity of the hard disk drive and maybe the very last solution for the problem could be a hard disk drive replacement.
ata3:00: status: DRDY ERR
The Problem
During the years in my career I relatively often see a specific error message on Linux production servers. The error is associated with hard drive failures. I saw the problem on systems with conventional HDD drives as well on servers which are only using NVMe drives. RAID array disks are affected as well as single drive systems.
The information in the internet is relatively rare in relation to the appearance of the problem. Sometimes the error are appearing on std out, directly in the shell and sometimes they are only visible when “dmesg” is executed.
Here is the error which is meant:
ata3:00: status: { DRDY ERR }
ata3.00: error {UNC }
ata3:00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
ata3:00: BMDMA stat 0x25
ata3:00: failed command: READ DMAFor sure the details like the ATA number are different depending on the configuration of the system.
The Analysis
The error basically says that somethings wrong with a specific disk drive. We need to find out which physical disk is causing the error.
This command works for me on Ubuntu 20.04:
ls /dev/disk/by-path -alIt shows the ATAx to /dev/sdX association on my system. Since I know now the /dev/sdx device I need to get the serial number of the hard drive:
smartctl -a /dev/sdXTo know the serial number of the hard disk is important because the serial number is, at least on HDDs, printed on a sticker on the disk.
The Fix
I had luck at least in 40 percent of the cases in which this error appeared by just shutting down the computer, opening the casing, identifying the right physical disk and changing the connecting SATA cable.
One time the error appeared on multiple disks at the same time. The fix was to order an identical mainboard and physically installing it. I connected the disks again to the new mainboard and the error never appeared again.
Another method could be just to shut down the system and unplug and reconnect the SATA cables on the same socket (loose contact). This solved the problem one time for me.
In the case of NVMe drives it could help to shut down the computer and also unplug the NVMe and reconnect it to rule out a loose contact.
But sometimes there is just a hard disk drive defect and the hard disk needs to be replaced.
3ware 9500S-4LP – Raid 5 Degraded
The Problem
I had a RAID 5 failure on an old Linux Server with special hardware connected. A RAID 5 as you probably know is a redundant disk array of hard disks. Disks are usually connected to a RAID Controller. The controller in my server is a 3ware 9500S-4LP. This controller is outdated but still available to buy at some web shops. Sometimes it is not possible to migrate outdated systems to new hardware like in this specific case.
On my server three disks were attached to the controller. I used the tw_cli which was available for downloading on the 3ware homepage in the past. Recently I found the binaries here:
I downloaded the tw_cli package, extracted it, executed it and then to get an overview I did:
//server> show
Ctl Model Ports Drives Units NotOpt RRate VRate BBU ------------------------------------------------------------------------
c8 9500S-4LP 4 3 1 1 4 4 -
I used the “show” command to get the basic controller information.
Then, the next command showed detailed information about the controller state.
//server> info c8 u0
Unit UnitType Status %Cmpl Port Stripe Size(GB) Blocks
-------------------------------------------------------------------------
u0 RAID-5 DEGRADED - - 64K 745.037 1562456064
u0-0 DISK DEGRADED - p3 - 372.519 781228032
u0-1 DISK OK - p2 - 372.519 781228032
u0-2 DISK OK - p0 - 372.519 781228032I saw that it was degraded because of a failed disk.
The Fix
I had to stop all the processes which were executed on the RAID 5 volume. Then I had to umount the RAID 5 volume from the file system. The next step was to remove the degraded disk on the port 3 with this command:
//server>maint remove c8 p3Then I shut the server down. I saw on the controller hardware on which SATA Port the p3 Disk was connected. I replaced the disk with a newer, bigger one. The cache of the new disk was bigger than on the old one. That is important!
//server>maint rescan c8This was the next important step – “rescan” for the newly installed disk. And then to start recreation of the RAID I finally did:
//server>maint rebuild c8 u0 p3After a few hours i got this:
//server> info c8 u0
Unit UnitType Status %Cmpl Port Stripe Size(GB) Blocks -----------------------------------------------------------------------
u0 RAID-5 REBUILDING 42 - 64K 745.037 1562456064
u0-0 DISK DEGRADED - p3 - 372.519 781228032
u0-1 DISK OK - p2 - 372.519 781228032
u0-2 DISK OK - p0 - 372.519 781228032The rebuild took only a few hours.
If the Rebuild doesn’t start and you get an error message, it could be a good alternative to start the rebuild inside the controller BIOS.
Finally the server was as good as it was before 🙂
Rootkit scan with Ubuntu Live System
Basic Information
Sometimes it is the case that Linux, like other Operating Systems, shows odd behavior. And in some cases the cause of the odd behavior cannot be comprehended although log files are verified and the hardware is checked. I had this problem too often in the past years.
Then often I check the system for malicious software. On Linux are programs available which are scanning for a so called Rootkits. A Rootkit is a malicious software which grant administrative access to the attacker or hacker.
Well known detection software for Rootkits are programs like Rootkit Hunter, Unhide or Chkrootkit.
The difference between a Rootkit and a Virus is that the Virus doesn’t necessarily administrative access to the system.
The Problem
If the Rootkit scan is done on a System which is already infected, then the Rootkit is probably not found because the Rootkit is hidden. There are only hints which are only difficult to distinguish from false positives.
The Fix
Rootkit scans can then be done from a Linux Live system. Just follow the following steps:
1. Step
Download Ubuntu Live Iso file and install the Iso file to a USB stick.
2. Step
Boot the Ubuntu Live system and select “Try Ubuntu”.
3. Step
Install Chkrootkit:
apt-get update
apt-get install chkrootkit4. Step
On my system the following partitions exist:
- sda1 – swap space
- sda2 – this is the root partition /
- sda3 – this is my home partition /home
- sda4 – this is the home directory of the root user /root
5. Step
mkdir /mnt/disk – creates a directorymount /dev/sda2 /mnt/disk – provides access to the filesystem and the files on the system which I want to scanmount /dev/sda4 /mnt/disk/root – this location will be also scanned, so it is important to grant access to it
6. Step
Do the Scan with the following command:
chkrootkit -r /mnt/disk/Normally the output should say things like “nothing found” or “not infected”.
Conclusion
If there is a detected Rootkit do another scan with Rkhunter. It could still be a false positive.
Rkhunter needs to be installed and updated.
If there is a Rootkit installed you should reinstall the Operating System.
