Learn about Centmin Mod LEMP Stack today
Become a Member

centmin.sh While opening centmin menu it rewrites csf.conf IPV6 setting to "0"

Discussion in 'Bug Reports' started by happyhacking, Jun 20, 2022.

  1. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    When doing a new fresh install i found that every time i open the centmin menu this will update the IPV6 setting that i modified from "1" to "0". The weird is that on my old centmin installs this doesnt happens, but this is the proof that the centmin script is doing the change:
    Code (Text):
    type=PROCTITLE msg=audit(20/06/22 06:15:54.833:291) : proctitle=sed -i s|^IPV6 = .*|IPV6 = "0"| /etc/csf/csf.conf 
    type=PATH msg=audit(20/06/22 06:15:54.833:291) : item=0 name=/etc/csf/csf.conf inode=393539 dev=08:03 mode=file,600 ouid=root ogid=root rdev=00:00 objtype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
    type=CWD msg=audit(20/06/22 06:15:54.833:291) :  cwd=/usr/local/src/centminmod 
    type=SYSCALL msg=audit(20/06/22 06:15:54.833:291) : arch=x86_64 syscall=open success=yes exit=3 a0=0x7ffe4e791741 a1=O_RDONLY a2=0x1b6 a3=0x24 items=1 ppid=27352 pid=27952 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts1 ses=29 comm=sed exe=/usr/bin/sed key=IPV6 
    ----
    type=PROCTITLE msg=audit(20/06/22 06:15:54.838:292) : proctitle=sed -i s|^IPV6 = .*|IPV6 = "0"| /etc/csf/csf.conf 
    type=PATH msg=audit(20/06/22 06:15:54.838:292) : item=4 name=/etc/csf/csf.conf inode=393532 dev=08:03 mode=file,600 ouid=root ogid=root rdev=00:00 objtype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
    type=PATH msg=audit(20/06/22 06:15:54.838:292) : item=3 name=/etc/csf/csf.conf inode=393539 dev=08:03 mode=file,600 ouid=root ogid=root rdev=00:00 objtype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
    type=PATH msg=audit(20/06/22 06:15:54.838:292) : item=2 name=/etc/csf/sedw4quZ2 inode=393532 dev=08:03 mode=file,600 ouid=root ogid=root rdev=00:00 objtype=DELETE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
    type=PATH msg=audit(20/06/22 06:15:54.838:292) : item=1 name=/etc/csf/ inode=393421 dev=08:03 mode=dir,600 ouid=root ogid=root rdev=00:00 objtype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
    type=PATH msg=audit(20/06/22 06:15:54.838:292) : item=0 name=/etc/csf/ inode=393421 dev=08:03 mode=dir,600 ouid=root ogid=root rdev=00:00 objtype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 
    type=CWD msg=audit(20/06/22 06:15:54.838:292) :  cwd=/usr/local/src/centminmod 
    type=SYSCALL msg=audit(20/06/22 06:15:54.838:292) : arch=x86_64 syscall=rename success=yes exit=0 a0=0x851080 a1=0x7ffe4e791741 a2=0x851080 a3=0x7ffe4e78ede0 items=5 ppid=27352 pid=27952 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts1 ses=29 comm=sed exe=/usr/bin/sed key=IPV6 
    

    This was obtained with auditd, unfortunatly i didnt found whats causing this behavior.

     
  2. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,374
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,677
    Local Time:
    6:04 PM
    Nginx 1.21.x
    MariaDB 10.x
    Interesting. You can run these command to run centmin.sh in debug mode and saved contents to /root/centminlogs/centmin-debug.txt. wait until you return to command prompt for completion of debug mode
    Code (Text):
    cmupdate
    cd /usr/local/src/centminmod
    echo 24 | bash -x centmin.sh 2>&1 | sed -e "s|$(hostname -f)|hostname|g" -e "s|$(hostname -s)|hostname|g" | tee /root/centminlogs/centmin-debug.txt
    

    then inspect the contents of /root/centminlogs/centmin-debug.txt or scrub and remove any private info/ip addresses/passwords and post to pastebin.com or gist.github.com and share the link here or private message me with the link
     
  3. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    Here is the interesting part of running the debug mode:
    Code (Text):
    + checkipvsix
    + [[ n = [yY] ]]
    + [[ n != [yY] ]]
    + [[ -d /etc/postfix ]]
    ++ LC_ALL=C
    ++ grep -w inet_protocols /etc/postfix/main.cf
    ++ LC_ALL=C
    ++ grep -w ipv4
    + [[ -n '' ]]
    ++ cat /proc/sys/net/ipv6/conf/all/disable_ipv6
    + [[ 1 -eq 1 ]]
    + DETECH_CHANGES=y
    + [[ y = [nN] ]]
    + [[ y = [yY] ]]
    ++ LC_ALL=C
    ++ grep -w net.ipv6.conf.all.disable_ipv6 /etc/sysctl.conf
    + [[ -n '' ]]
    + [[ y = [nN] ]]
    + [[ y = [yY] ]]
    ++ LC_ALL=C
    ++ grep -w net.ipv6.conf.default.disable_ipv6 /etc/sysctl.conf
    + [[ -n '' ]]
    + [[ '' = [yY] ]]
    + [[ 7 -eq 7 ]]
    + [[ -f /usr/lib/systemd/system/rpcbind.socket ]]
    + [[ 7 -eq 7 ]]
    + [[ -f /usr/lib/systemd/system/rpcbind.socket ]]
    + [[ -f /etc/csf/csf.conf ]]
    + [[ -f /etc/sysconfig/network ]]
    ++ awk -F = '/NETWORKING_IPV6/ {print $2}' /etc/sysconfig/network
    ++ LC_ALL=C
    ++ grep yes
    ++ echo 1
    + [[ 1 = \0 ]]
    + [[ -f /etc/csf/csf.conf ]]
    + [[ -f /etc/sysconfig/network ]]
    ++ awk -F = '/NETWORKING_IPV6/ {print $2}' /etc/sysconfig/network
    ++ LC_ALL=C
    ++ grep yes
    ++ echo 1
    + [[ 1 != \0 ]]
    ++ cat /proc/sys/net/ipv6/conf/all/disable_ipv6
    + [[ 1 -eq 1 ]]
    ++ cat /proc/sys/net/ipv6/conf/default/disable_ipv6
    + [[ 1 -eq 1 ]]
    + sed -i 's|^IPV6 = .*|IPV6 = "0"|' /etc/csf/csf.conf
    + csf -ra
    + [[ y = [yY] ]]
    + service network restart
    


    If you still need the full file, let me know.
     
  4. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    Could be this test the cause for disabling IPv6:
    Code (Text):
    cat /proc/sys/net/ipv6/conf/default/disable_ipv6
    1
    cat /proc/sys/net/ipv6/conf/all/disable_ipv6
    1
    

    When CentOS was clean installed i did enable_ipv6 command then rebooted and installed centminmod, should i do the enable_ipv6 again ?
     
  5. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    CentOS enable_ipv6 command:
    Code (Text):
    which enable_ipv6
    alias enable_ipv6='sed -i "/net.ipv6.conf.all.disable_ipv6.*/d" /etc/sysctl.conf && sysctl -q -p && echo 0 > /proc/sys/net/ipv6/conf/all/disable_ipv6'
        /usr/bin/sed
        /usr/sbin/sysctl
        /usr/bin/echo
    

    Dont know, but should i reenable IPv6 after centminmod or should i set IPv6 support through customconfig setting ?
     
  6. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    Solved !! after re enabling IPv6 through enable_ipv6 centmin menu doesnt changes my csf.conf
     
  7. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    BTW: Everytime i did a fresh install of centminmod it changed my timezone to Etc/UTC so i had to change it acording to my local settings again after the script finishes
     
  8. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,374
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,677
    Local Time:
    6:04 PM
    Nginx 1.21.x
    MariaDB 10.x
    This is because by default Centmin Mod defaults to DISABLE_IPVSIX='y' to disable IPv6 to lessen past IPv6 connectivity issues folks have had/reported. This is unless you set in persistent config file /etc/centminmod/custom_config.inc to DISABLE_IPVSIX='n' which then allows IPv6 to work if enabled.
     
  9. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,374
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,677
    Local Time:
    6:04 PM
    Nginx 1.21.x
    MariaDB 10.x
    That's normal best practice is usually use UTC if possible especially if you plan to use multiple servers or stuff like MySQL replication in future.
     
  10. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    Thank you, then should I set DISABLE_IPVSIX='y' if i would keep using IPv6, but what about enabling ipv6 after ipv4 only install, still should i set DISABLE_IPVSIX='y' ?
     
  11. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    Didnt know that, thanks for clarification.

    BTW: I see somewhere the percona repos enabled, how feasible is to exchange MariaDB to Percona Server or Galera Cluster ?
     
  12. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,374
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,677
    Local Time:
    6:04 PM
    Nginx 1.21.x
    MariaDB 10.x
    Not advisable especially if you're moving from MariaDB 10.4 to Percona 8.0 a lot of changes between them for in place upgrades. And you'd lack any Centmin Mod automatic MySQL optimizations like you get with current MariaDB 10 defaults.

    Only time it's possible for such a switch is for fresh installs without any existing user data. I do have a private script to do fresh Centmin Mod installs switch from MariaDB 10.3 to Percona and MySQL 8.0 that I worked on for 123.09beta01 ages ago for a paying client. But in future I do plan to support MySQL/Percona 8.0 eventually.

    Adding stuff is easy part, but testing takes time so a lot of stuff isn't released until I have tested it and am willing to support it under the banner of 'free'. Of course for paying private clients, I do much more if they want to customize their Centmin Mod setups :)
     
  13. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,374
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,677
    Local Time:
    6:04 PM
    Nginx 1.21.x
    MariaDB 10.x
    No it's a double negative, to use IPv6 set DISABLE_IPVSIX='n' :)
     
  14. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    Again thanks for clarification !!
     
  15. happyhacking

    happyhacking Premium Member Premium Member

    86
    15
    8
    Apr 23, 2021
    Ratings:
    +50
    Local Time:
    2:04 AM
    1.22.0
    MariadDB 10.4.25
    Hehehe you are right, i was confused by the double negative