Issue with latest package upgrade

7 posts / 0 new
Last post
#1 Mon, 10/07/2019 - 16:24
stylus

Issue with latest package upgrade

After upgrading all the recommended packages via the package manager on virtualmin, FirewallD will no longer start. When I check its status, I get this ugly error message:

2019-09-20 15:46:27 ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack' modprobe: ERROR: could not insert 'nf_conntrack': Function not implemented modprobe: ERROR: Error running install command for nf_conntrack modprobe: ERROR: could not insert 'nf_conntrack': Operation not permitted

nf_conntrack is missing, and FirewallD depends on it!

[root@123 ~]

yum -q list installed kernel*

Installed Packages kernel-debug-devel.x86_64 3.10.0-1062.1.2.el7 @updates kernel-headers.x86_64 3.10.0-1062.1.2.el7 @updates

[root@123 ~]# uname -r

4.19.62-mod-std-ipv6-64-rescue

[root@123 ~]

modinfo nf_conntrack

modinfo: ERROR: Module alias nf_conntrack not found.

What can I do to fix this? My server is vulnerable to vicious attacks. I tried asking on the Centos forum, but their response was simple: "Not a CentOS kernel and presumably missing the required module. You need to talk to the people that supply that kernel (which is not us)."

https://centos.org/forums/viewtopic.php?f=48&t=71716&sid=6a282b6c6a0d245...

Mon, 10/07/2019 - 22:37
noisemarine

I'm fairly certain that Webmin/Virtualmin is not providing your kernels. Check what repos you have set as you have probably enabled a 3rd party repo to gain access to some other package. You could use yum to try manually searching for and installing a different kernel. Preferably something that the CentOS community can support.

Mon, 10/07/2019 - 23:22
andreychek

Howdy,

If CentOS was installed onto a dedicated server, unless another kernel was manually added, it would be a CentOS kernel that's being used there.

If it's on a VPS, it's possible the VPS provider is using their own kernels. A lot of VPS providers offer their own kernels.

As noisemarine mentioned though Virtualmin doesn't provide any kernels, we just use the kernel that comes with the OS.

-Eric

Tue, 10/08/2019 - 07:22
stylus

Centos is installed on a dedicated server. Those that are enabled are:

base (CentOS)   Yes http://centos.mirrors.ovh.net/ftp.centos.org/$releasever/os/$basearch/
updates (CentOS)    Yes http://centos.mirrors.ovh.net/ftp.centos.org/$releasever/updates/$basearch/
extras (CentOS) Yes http://centos.mirrors.ovh.net/ftp.centos.org/$releasever/extras/$basearch/
centos-sclo-rh (CentOS) Yes http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-rh
centos-sclo-sclo (CentOS)   Yes http://mirrorlist.centos.org?arch=$basearch&release=7&repo=sclo-sclo
epel (Extra Packages for Enterprise Linux 7)    Yes
virtualmin (RHEL/CentOS)    Yes http://software.virtualmin.com/vm/6/gpl/centos/$releasever/$basearch/
virtualmin-universal (Virtualmin Distribution Neutral Packages) Yes http://software.virtualmin.com/vm/6/gpl/universal/

They were enabled originally when I installed virtualmin. Anyway, the issue remains, nf_conntrack is missing and preventing FirewallD from working. What do you suggest I do?

Tue, 10/08/2019 - 09:45
andreychek

Re-reading your original post, you mentioned that your kernel shows up as "4.19.62-mod-std-ipv6-64-rescue".

I Google'd that name, and see some references to that being a custom OVH kernel.

Are you by chance using OVH as a provider?

This OVH user here seems to be having a similar problem:

https://centos.org/forums/viewtopic.php?t=71716

They changed the kernel that they're using to resolve it, switching back to the standard CentOS kernel.

I'm not sure how to do that at OVH, but if that's your provider, you may need to work with them to see see if they have alternate kernels you can boot into, or if they otherwise have an idea as to how to use that module you need.

-Eric

Tue, 10/08/2019 - 21:41
stylus

Hi Eric.

He mentions "With the CentOS kernel 3.10.0-1062.1.1.el7.x86_64, everything works well."

How the heck do I install a new kernel. I've never had to do something like this; I have 7 sites running on the server, perhaps install a new kernel will undo everything? Sounds like a stupid question, but I really don't know.

When I updated the packages via virtualmin, how did the virtualmin custom kernel come into the picture? How does that even work?

Wed, 10/09/2019 - 07:12
noisemarine

There is no Virtualmin custom kernel.

The kernel came from your provider or somewhere else. It gets installed in the same way that other software is installed - either at the time the system software is installed, or later by someone either upgrading or requesting it.

Topic locked