Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fwupd error in syslog, ossec alert for Focal #5835

Closed
emkll opened this issue Mar 1, 2021 · 2 comments · Fixed by #5882
Closed

fwupd error in syslog, ossec alert for Focal #5835

emkll opened this issue Mar 1, 2021 · 2 comments · Fixed by #5882
Assignees
@kushaldas
Milestone
1.8.1

Comments

@emkll
Copy link
Contributor

emkll commented Mar 1, 2021

Description

On both a Mac mini and a NUC5PYH running Ubuntu Focal, I receive the following ossec alerts (and associated syslog entries)

  1. On the mac mini, 2 errors
OSSEC HIDS Notification.
2021 Mar 01 13:22:55

Received From: (app) 10.20.2.2->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Mar  1 13:22:53 app fwupd[133921]: 13:22:53:0576 FuEngine             Failed to load SMBIOS: invalid DMI data size, got 2527 bytes, expected 2745



 --END OF NOTIFICATION



OSSEC HIDS Notification.
2021 Mar 01 13:22:55

Received From: (app) 10.20.2.2->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Mar  1 13:22:53 app fwupd[133921]: 13:22:53:0883 FuPluginUefi         Error opening directory “/sys/firmware/efi/esrt/entries�: No such file or directory



 --END OF NOTIFICATION
  1. On the NUC, only 1 of the two errors

OSSEC HIDS Notification.
2021 Mar 01 11:51:47

Received From: mon->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Mar  1 11:51:46 mon fwupd[133502]: 11:51:46:0509 FuPluginUefi         Error opening directory “/sys/firmware/efi/esrt/entries�: No such file or directory



 --END OF NOTIFICATION

Comments

The errors observed are likely a result of my machines either not supported by fwupd or perhaps legacy boot enabled. We should ensure fwupd is properly configured or supported on the hosts on which it is running, or remove the package entirely.
@zenmonkeykstop
Copy link
Contributor

reproducible on nuc7:


Received From: mon->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Mar  4 14:03:02 mon fwupd[134631]: 14:03:02:0629 FuPluginUefi         Error opening directory “/sys/firmware/efi/esrt/entries�: No such file or directory

@eloquence eloquence added this to the 1.9.0 milestone Mar 8, 2021
@eloquence
Copy link
Member

Seeing this in my prod logs as well on Ubuntu 20.04 (haven't checked OSSEC alerts yet).

@eloquence eloquence modified the milestones: 1.9.0, 1.8.1 Mar 24, 2021
@kushaldas kushaldas self-assigned this Mar 29, 2021
kushaldas added a commit that referenced this issue Mar 29, 2021
@kushaldas
Fixes #5835 disables ossec mails for fwupd
4fd0b81 
Adds a new rules group and also the related decoder.
@kushaldas kushaldas mentioned this issue Mar 29, 2021
Merged
12 tasks
emkll pushed a commit that referenced this issue Apr 6, 2021
@kushaldas @emkll
Fixes #5835 disables ossec mails for fwupd
d289c1a 
Adds a new rules group and also the related decoder.
zenmonkeykstop pushed a commit that referenced this issue Apr 7, 2021
@kushaldas @zenmonkeykstop
Fixes #5835 disables ossec mails for fwupd
15df7ed 
Adds a new rules group and also the related decoder.

(cherry picked from commit d289c1a)
zenmonkeykstop pushed a commit that referenced this issue Apr 7, 2021
@kushaldas @zenmonkeykstop
Fixes #5835 disables ossec mails for fwupd
64bc4be 
Adds a new rules group and also the related decoder.

(cherry picked from commit d289c1a)
@kushaldas kushaldas mentioned this issue Apr 12, 2021
Closed
23 tasks
@cfm cfm mentioned this issue Oct 26, 2021
Merged
4 tasks
@cfm cfm mentioned this issue Jan 10, 2022
Merged
3 tasks
cfm added a commit to freedomofpress/securedrop-docs that referenced this issue Jan 11, 2022
@cfm
explains Unicode garbage in example from freedomofpress/securedrop#5835
ad49ef8
maeve-fpf pushed a commit to freedomofpress/securedrop-docs that referenced this issue Jan 11, 2022
@cfm @maeve-fpf
explains Unicode garbage in example from freedomofpress/securedrop#5835
0850bb5
maeve-fpf pushed a commit to freedomofpress/securedrop-docs that referenced this issue Jan 11, 2022
@cfm @maeve-fpf
explains Unicode garbage in example from freedomofpress/securedrop#5835
cf10ad3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kushaldas kushaldas

Labels
None yet
Projects
None yet
Milestone
1.8.1
Development

Successfully merging a pull request may close this issue.

Disables OSSEC email for fwupd freedomofpress/securedrop
4 participants
@eloquence @kushaldas @zenmonkeykstop @emkll