Failed to open \EFI\centos\grubx64.efi - Not Found

Support for security such as Firewalls and securing linux
enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: I believe CentOS repos have been compromised

Post by enseva » 2018/09/29 19:47:28

TrevorH wrote:
2018/09/29 19:26:42
Just because google returns a bunch of malicious links to a search done by you does not mean that our repos have been compromised. The same search done here doesn't return those links. I am going to remove those links from your post as there's no point in having pointers to known malicious content even when it's obscured.

There was a recent update to the "shim" packages that are used for secure boot. It's much more likely that your machine has applied that and something about your configuration has broken as a result. All CentOS packages are GPG signed and unless you've done something stupid like disable GPG checking for the base and updates repos then any compromised package would need to have been signed by the official CentOS 7 signing key.

What sort of VM is this? When was it created and what leads you to believe that there is a corrupt or missing EFI file? What file is missing?
I've created a new VM and will reproduce the error. You need to understand this is an error after update. After reboot. Then it's inaccessible and the error appears in a VMM Hyper-V console window because it's inaccessible.

I'm unclear what these "shims" are you're referring to and why EFI would suddenly be an issue when we've never had anything like this occur before.

User avatar
TrevorH
Forum Moderator
Posts: 28544
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I believe CentOS repos have been compromised

Post by TrevorH » 2018/09/29 19:49:51

What media are you using to perform the initial install? And what do you do post-install? Does this happen for you if you just do a minimal install and then yum update?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: I believe CentOS repos have been compromised

Post by enseva » 2018/09/29 19:51:04

TrevorH wrote:
2018/09/29 19:49:51
What media are you using to perform the initial install? And what do you do post-install? Does this happen for you if you just do a minimal install and then yum update?
Install from Centos minimal (your iso).

reboot

yum update

reboot

Borked.

Obviously, it's able to boot okay. It also happened on a machine I've been running for months, which has been rebooted a number of times. Only after this update, it was dead.

We've also reproduced this using a template and that was also the 1804 minimal iso.
Last edited by enseva on 2018/09/29 19:57:20, edited 1 time in total.

User avatar
TrevorH
Forum Moderator
Posts: 28544
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I believe CentOS repos have been compromised

Post by TrevorH » 2018/09/29 19:57:02

We still need to see the error.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: I believe CentOS repos have been compromised

Post by enseva » 2018/09/29 19:58:06

TrevorH wrote:
2018/09/29 19:57:02
We still need to see the error.
There's 336 updates. Your're going to have to wait a minute.

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: I believe CentOS repos have been compromised

Post by enseva » 2018/09/29 20:03:06

This is the entirety of what was updated:

Updating : libgcc-4.8.5-28.el7_5.1.x86_64 1/336
Updating : tzdata-2018e-3.el7.noarch 2/336
Updating : glibc-common-2.17-222.el7.x86_64 3/336
Updating : nss-softokn-freebl-3.36.0-5.el7_5.x86_64 4/336
Updating : glibc-2.17-222.el7.x86_64 5/336
Updating : bash-4.2.46-30.el7.x86_64 6/336
Updating : nspr-4.19.0-1.el7_5.x86_64 7/336
Updating : nss-util-3.36.0-1.el7_5.x86_64 8/336
Updating : libsepol-2.5-8.1.el7.x86_64 9/336
Updating : libselinux-2.5-12.el7.x86_64 10/336
Updating : audit-libs-2.8.1-3.el7_5.1.x86_64 11/336
Updating : libcom_err-1.42.9-12.el7_5.x86_64 12/336
Updating : libuuid-2.23.2-52.el7_5.1.x86_64 13/336
Updating : libdb-5.3.21-24.el7.x86_64 14/336
Updating : info-5.1-5.el7.x86_64 15/336
Updating : elfutils-libelf-0.170-4.el7.x86_64 16/336
Updating : cpio-2.11-27.el7.x86_64 17/336
Updating : libattr-2.4.46-13.el7.x86_64 18/336
Updating : libacl-2.2.51-14.el7.x86_64 19/336
Updating : libstdc++-4.8.5-28.el7_5.1.x86_64 20/336
Updating : libsemanage-2.5-11.el7.x86_64 21/336
Updating : nss-softokn-3.36.0-5.el7_5.x86_64 22/336
Updating : iptables-1.4.21-24.1.el7_5.x86_64 23/336
Updating : iproute-4.11.0-14.el7.x86_64 24/336
Updating : 2:ethtool-4.8-7.el7.x86_64 25/336
Installing : lz4-1.7.5-2.el7.x86_64 26/336
Updating : pciutils-libs-3.5.1-3.el7.x86_64 27/336
Updating : device-mapper-persistent-data-0.7.3-3.el7.x86_64 28/336
Updating : mozjs17-17.0.0-20.el7.x86_64 29/336
Updating : acl-2.2.51-14.el7.x86_64 30/336
Updating : 2:vim-minimal-7.4.160-4.el7.x86_64 31/336
Updating : 2:tar-1.26-34.el7.x86_64 32/336
Updating : libdb-utils-5.3.21-24.el7.x86_64 33/336
Updating : libss-1.42.9-12.el7_5.x86_64 34/336
Updating : e2fsprogs-libs-1.42.9-12.el7_5.x86_64 35/336
Updating : libselinux-utils-2.5-12.el7.x86_64 36/336
Updating : ca-certificates-2018.2.22-70.0.el7_5.noarch 37/336
Updating : coreutils-8.22-21.el7.x86_64 38/336
Updating : 1:openssl-libs-1.0.2k-12.el7.x86_64 39/336
Updating : krb5-libs-1.15.1-19.el7.x86_64 40/336
Updating : libpwquality-1.2.3-5.el7.x86_64 41/336
Updating : pam-1.1.8-22.el7.x86_64 42/336
Updating : libblkid-2.23.2-52.el7_5.1.x86_64 43/336
Updating : centos-release-7-5.1804.4.el7.centos.x86_64 44/336
Updating : libmount-2.23.2-52.el7_5.1.x86_64 45/336
Updating : glib2-2.54.2-2.el7.x86_64 46/336
Updating : shared-mime-info-1.8-4.el7.x86_64 47/336
Updating : python-libs-2.7.5-69.el7_5.x86_64 48/336
Updating : python-2.7.5-69.el7_5.x86_64 49/336
Updating : gzip-1.5-10.el7.x86_64 50/336
Updating : libselinux-python-2.5-12.el7.x86_64 51/336
Updating : python-slip-0.4.0-4.el7.noarch 52/336
Updating : python-slip-dbus-0.4.0-4.el7.noarch 53/336
Updating : python-firewall-0.4.4.4-15.el7_5.noarch 54/336
Updating : python-perf-3.10.0-862.14.4.el7.x86_64 55/336
Updating : setup-2.8.71-9.el7.noarch 56/336
warning: /etc/group created as /etc/group.rpmnew
warning: /etc/shadow created as /etc/shadow.rpmnew
Updating : filesystem-3.2-25.el7.x86_64 57/336
Updating : cyrus-sasl-lib-2.1.26-23.el7.x86_64 58/336
Updating : mokutil-12-2.el7.x86_64 59/336
Updating : logrotate-3.8.6-15.el7.x86_64 60/336
Updating : nss-sysinit-3.36.0-7.el7_5.x86_64 61/336
Updating : nss-3.36.0-7.el7_5.x86_64 62/336
Updating : nss-tools-3.36.0-7.el7_5.x86_64 63/336
Updating : libcurl-7.29.0-46.el7.x86_64 64/336
Updating : curl-7.29.0-46.el7.x86_64 65/336
Updating : rpm-libs-4.11.3-32.el7.x86_64 66/336
Updating : rpm-4.11.3-32.el7.x86_64 67/336
Updating : openldap-2.4.44-15.el7_5.x86_64 68/336
Updating : libuser-0.60-9.el7.x86_64 69/336
Updating : gnupg2-2.0.22-5.el7_5.x86_64 70/336
Updating : rpm-build-libs-4.11.3-32.el7.x86_64 71/336
Updating : rpm-python-4.11.3-32.el7.x86_64 72/336
Updating : yum-plugin-fastestmirror-1.1.31-46.el7_5.noarch 73/336
Updating : yum-3.4.3-158.el7.centos.noarch 74/336
Updating : binutils-2.27-28.base.el7_5.1.x86_64 75/336
Updating : numactl-libs-2.0.9-7.el7.x86_64 76/336
Updating : kernel-tools-libs-3.10.0-862.14.4.el7.x86_64 77/336
Updating : libteam-1.27-4.el7.x86_64 78/336
Updating : kmod-libs-20-21.el7.x86_64 79/336
Updating : 7:device-mapper-1.02.146-4.el7.x86_64 80/336
Updating : kpartx-0.4.9-119.el7_5.1.x86_64 81/336
Updating : procps-ng-3.3.10-17.el7_5.2.x86_64 82/336
Updating : util-linux-2.23.2-52.el7_5.1.x86_64 83/336
Updating : 7:device-mapper-libs-1.02.146-4.el7.x86_64 84/336
Updating : cryptsetup-libs-1.7.4-4.el7.x86_64 85/336
Updating : dracut-033-535.el7_5.1.x86_64 86/336
Updating : kmod-20-21.el7.x86_64 87/336
Updating : elfutils-libs-0.170-4.el7.x86_64 88/336
Updating : systemd-libs-219-57.el7_5.3.x86_64 89/336
Updating : 1:dbus-libs-1.10.24-7.el7.x86_64 90/336
Updating : systemd-219-57.el7_5.3.x86_64 91/336
Updating : 1:dbus-1.10.24-7.el7.x86_64 92/336
Updating : elfutils-default-yama-scope-0.170-4.el7.noarch 93/336
Updating : initscripts-9.49.41-1.el7_5.2.x86_64 94/336
Updating : 7:device-mapper-event-libs-1.02.146-4.el7.x86_64 95/336
Updating : polkit-0.112-14.el7.x86_64 96/336
Updating : systemd-sysv-219-57.el7_5.3.x86_64 97/336
Updating : 1:wpa_supplicant-2.6-9.el7.x86_64 98/336
Updating : 12:dhcp-libs-4.2.5-68.el7.centos.1.x86_64 99/336
Updating : 1:NetworkManager-libnm-1.10.2-16.el7_5.x86_64 100/336
Created symlink from /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service to /usr/lib/systemd/system/NetworkManager-wait-online.service.
Updating : 1:NetworkManager-1.10.2-16.el7_5.x86_64 101/336
Updating : openssh-7.4p1-16.el7.x86_64 102/336
Updating : policycoreutils-2.5-22.el7.x86_64 103/336
Updating : selinux-policy-3.13.1-192.el7_5.6.noarch 104/336
Updating : 12:dhcp-common-4.2.5-68.el7.centos.1.x86_64 105/336
Updating : 7:device-mapper-event-1.02.146-4.el7.x86_64 106/336
Updating : 7:lvm2-libs-2.02.177-4.el7.x86_64 107/336
Updating : ebtables-2.0.10-16.el7.x86_64 108/336
Updating : hwdata-0.252-8.8.el7.x86_64 109/336
Updating : libpciaccess-0.14-1.el7.x86_64 110/336
Updating : libdrm-2.4.83-2.el7.x86_64 111/336
Updating : cronie-anacron-1.4.11-19.el7.x86_64 112/336
Updating : cronie-1.4.11-19.el7.x86_64 113/336
Updating : teamd-1.27-4.el7.x86_64 114/336
Updating : plymouth-core-libs-0.8.9-0.31.20140113.el7.centos.x86_64 115/336
Updating : plymouth-scripts-0.8.9-0.31.20140113.el7.centos.x86_64 116/336
Updating : plymouth-0.8.9-0.31.20140113.el7.centos.x86_64 117/336
Updating : virt-what-1.18-4.el7.x86_64 118/336
Updating : firewalld-filesystem-0.4.4.4-15.el7_5.noarch 119/336
Updating : 32:bind-license-9.9.4-61.el7_5.1.noarch 120/336
Updating : 32:bind-libs-lite-9.9.4-61.el7_5.1.x86_64 121/336
Updating : 12:dhclient-4.2.5-68.el7.centos.1.x86_64 122/336
Updating : dracut-network-033-535.el7_5.1.x86_64 123/336
Updating : linux-firmware-20180220-62.2.git6d51311.el7_5.noarch 124/336
Installing : kernel-3.10.0-862.14.4.el7.x86_64 125/336
Updating : kexec-tools-2.0.15-13.el7_5.2.x86_64 126/336
Updating : firewalld-0.4.4.4-15.el7_5.noarch 127/336
Updating : tuned-2.9.0-1.el7_5.2.noarch 128/336
Updating : 1:NetworkManager-team-1.10.2-16.el7_5.x86_64 129/336
Updating : 7:lvm2-2.02.177-4.el7.x86_64 130/336
Updating : selinux-policy-targeted-3.13.1-192.el7_5.6.noarch 131/336
Updating : openssh-server-7.4p1-16.el7.x86_64 132/336
Updating : openssh-clients-7.4p1-16.el7.x86_64 133/336
Updating : 1:NetworkManager-tui-1.10.2-16.el7_5.x86_64 134/336
Updating : 1:NetworkManager-wifi-1.10.2-16.el7_5.x86_64 135/336
Updating : audit-2.8.1-3.el7_5.1.x86_64 136/336
Updating : 3:irqbalance-1.0.7-11.el7.x86_64 137/336
Updating : rsyslog-8.24.0-16.el7_5.4.x86_64 138/336
Updating : biosdevname-0.7.3-1.el7.x86_64 139/336
Updating : 2:microcode_ctl-2.1-29.16.el7_5.x86_64 140/336
Updating : dracut-config-rescue-033-535.el7_5.1.x86_64 141/336
Updating : parted-3.1-29.el7.x86_64 142/336
Updating : kernel-tools-3.10.0-862.14.4.el7.x86_64 143/336
Updating : sudo-1.8.19p2-14.el7_5.x86_64 144/336
Updating : shim-x64-12-2.el7.x86_64 145/336
Updating : e2fsprogs-1.42.9-12.el7_5.x86_64 146/336
Updating : xfsprogs-4.5.0-15.el7.x86_64 147/336
Updating : 1:openssl-1.0.2k-12.el7.x86_64 148/336
Updating : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 149/336
Updating : alsa-lib-1.1.4.1-2.el7.x86_64 150/336
Updating : libgomp-4.8.5-28.el7_5.1.x86_64 151/336
Updating : iprutils-2.4.15.1-1.el7.x86_64 152/336
Updating : iwl6000g2a-firmware-17.168.5.3-62.2.el7_5.noarch 153/336
Updating : iwl135-firmware-18.168.6.1-62.2.el7_5.noarch 154/336
Updating : iwl6050-firmware-41.28.5.1-62.2.el7_5.noarch 155/336
Updating : iwl2000-firmware-18.168.6.1-62.2.el7_5.noarch 156/336
Updating : iwl7265-firmware-22.0.7.0-62.2.el7_5.noarch 157/336
Updating : iwl3945-firmware-15.32.2.9-62.2.el7_5.noarch 158/336
Updating : iwl5000-firmware-8.83.5.1_1-62.2.el7_5.noarch 159/336
Updating : iwl6000g2b-firmware-17.168.5.2-62.2.el7_5.noarch 160/336
Updating : iwl100-firmware-39.31.5.1-62.2.el7_5.noarch 161/336
Updating : iwl3160-firmware-22.0.7.0-62.2.el7_5.noarch 162/336
Updating : iwl5150-firmware-8.24.2.2-62.2.el7_5.noarch 163/336
Updating : 1:iwl1000-firmware-39.31.5.1-62.2.el7_5.noarch 164/336
Updating : iwl6000-firmware-9.221.4.1-62.2.el7_5.noarch 165/336
Updating : iwl7260-firmware-22.0.7.0-62.2.el7_5.noarch 166/336
Updating : iwl105-firmware-18.168.6.1-62.2.el7_5.noarch 167/336
Updating : iwl2030-firmware-18.168.6.1-62.2.el7_5.noarch 168/336
Updating : iwl4965-firmware-228.61.2.24-62.2.el7_5.noarch 169/336
Cleanup : tuned-2.8.0-5.el7_4.2.noarch 170/336
Cleanup : firewalld-0.4.4.4-6.el7.noarch 171/336
Cleanup : selinux-policy-targeted-3.13.1-166.el7_4.9.noarch 172/336
Cleanup : selinux-policy-3.13.1-166.el7_4.9.noarch 173/336
Cleanup : python-firewall-0.4.4.4-6.el7.noarch 174/336
Cleanup : python-slip-dbus-0.4.0-2.el7.noarch 175/336
Cleanup : python-slip-0.4.0-2.el7.noarch 176/336
Cleanup : dracut-config-rescue-033-502.el7_4.1.x86_64 177/336
Cleanup : yum-3.4.3-154.el7.centos.1.noarch 178/336
Cleanup : yum-plugin-fastestmirror-1.1.31-42.el7.noarch 179/336
Cleanup : shim-x64-12-1.el7.centos.x86_64 180/336
Cleanup : linux-firmware-20170606-58.gitc990aae.el7_4.noarch 181/336
Cleanup : firewalld-filesystem-0.4.4.4-6.el7.noarch 182/336
Cleanup : iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch 183/336
Cleanup : iwl135-firmware-18.168.6.1-58.el7_4.noarch 184/336
Cleanup : iwl6050-firmware-41.28.5.1-58.el7_4.noarch 185/336
Cleanup : iwl2000-firmware-18.168.6.1-58.el7_4.noarch 186/336
Cleanup : iwl7265-firmware-22.0.7.0-58.el7_4.noarch 187/336
Cleanup : iwl3945-firmware-15.32.2.9-58.el7_4.noarch 188/336
Cleanup : iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch 189/336
Cleanup : iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch 190/336
Cleanup : iwl100-firmware-39.31.5.1-58.el7_4.noarch 191/336
Cleanup : iwl3160-firmware-22.0.7.0-58.el7_4.noarch 192/336
Cleanup : iwl5150-firmware-8.24.2.2-58.el7_4.noarch 193/336
Cleanup : 1:iwl1000-firmware-39.31.5.1-58.el7_4.noarch 194/336
Cleanup : iwl6000-firmware-9.221.4.1-58.el7_4.noarch 195/336
Cleanup : iwl7260-firmware-22.0.7.0-58.el7_4.noarch 196/336
Cleanup : iwl105-firmware-18.168.6.1-58.el7_4.noarch 197/336
Cleanup : iwl2030-firmware-18.168.6.1-58.el7_4.noarch 198/336
Cleanup : iwl4965-firmware-228.61.2.24-58.el7_4.noarch 199/336
Cleanup : openssh-server-7.4p1-13.el7_4.x86_64 200/336
Cleanup : rpm-python-4.11.3-25.el7.x86_64 201/336
Cleanup : 1:NetworkManager-tui-1.8.0-11.el7_4.x86_64 202/336
Cleanup : rpm-build-libs-4.11.3-25.el7.x86_64 203/336
Cleanup : 7:lvm2-2.02.171-8.el7.x86_64 204/336
Cleanup : openssh-clients-7.4p1-13.el7_4.x86_64 205/336
Cleanup : policycoreutils-2.5-17.1.el7.x86_64 206/336
Cleanup : plymouth-scripts-0.8.9-0.28.20140113.el7.centos.x86_64 207/336
Cleanup : plymouth-0.8.9-0.28.20140113.el7.centos.x86_64 208/336
Cleanup : parted-3.1-28.el7.x86_64 209/336
Cleanup : openssh-7.4p1-13.el7_4.x86_64 210/336
Cleanup : kexec-tools-2.0.14-17.2.el7.x86_64 211/336
Cleanup : 7:lvm2-libs-2.02.171-8.el7.x86_64 212/336
Cleanup : 7:device-mapper-event-1.02.140-8.el7.x86_64 213/336
Cleanup : audit-2.7.6-3.el7.x86_64 214/336
Cleanup : sudo-1.8.19p2-11.el7_4.x86_64 215/336
Cleanup : rsyslog-8.24.0-12.el7.x86_64 216/336
Cleanup : 1:openssl-1.0.2k-8.el7.x86_64 217/336
Cleanup : cronie-1.4.11-17.el7.x86_64 218/336
Cleanup : cronie-anacron-1.4.11-17.el7.x86_64 219/336
Cleanup : e2fsprogs-1.42.9-10.el7.x86_64 220/336
Cleanup : gnupg2-2.0.22-4.el7.x86_64 221/336
Cleanup : 1:NetworkManager-team-1.8.0-11.el7_4.x86_64 222/336
Cleanup : kernel-tools-3.10.0-693.21.1.el7.x86_64 223/336
Cleanup : 3:irqbalance-1.0.7-10.el7.x86_64 224/336
Cleanup : logrotate-3.8.6-14.el7.x86_64 225/336
Cleanup : libsemanage-2.5-8.el7.x86_64 226/336
Cleanup : 1:mariadb-libs-5.5.56-2.el7.x86_64 227/336
Cleanup : 1:NetworkManager-wifi-1.8.0-11.el7_4.x86_64 228/336
Cleanup : 1:NetworkManager-1.8.0-11.el7_4.x86_64 229/336
Cleanup : 1:NetworkManager-libnm-1.8.0-11.el7_4.x86_64 230/336
Cleanup : polkit-0.112-12.el7_3.x86_64 231/336
Cleanup : 1:wpa_supplicant-2.6-5.el7_4.1.x86_64 232/336
Cleanup : mozjs17-17.0.0-19.el7.x86_64 233/336
Cleanup : xfsprogs-4.5.0-12.el7.x86_64 234/336
Cleanup : teamd-1.25-6.el7_4.3.x86_64 235/336
Cleanup : device-mapper-persistent-data-0.7.0-0.1.rc6.el7_4.1.x86_64 236/336
Cleanup : dracut-network-033-502.el7_4.1.x86_64 237/336
Cleanup : 12:dhclient-4.2.5-58.el7.centos.3.x86_64 238/336

UPGRADE: Automatically re-enabling default systemd units:
brandbot.path
rhel-autorelabel.service
rhel-autorelabel-mark.service
rhel-configure.service
rhel-dmesg.service
rhel-domainname.service
rhel-import-state.service
rhel-loadmodules.service
rhel-readonly.service

User avatar
TrevorH
Forum Moderator
Posts: 28544
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I believe CentOS repos have been compromised

Post by TrevorH » 2018/09/29 20:04:10

If it has 336 updates then that's not a minimal install. A minimal 7.5 install here and a subsequent yum update shows 82 updates and 1 install (new kernel).

Which exact minimal iso filename did you use - I'm trying to replicate your install and need to know if you installed 7.5, 7.0 or something in-between? Did you check its sha256sum against the list published in the relevant release notes for that particular version?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
TrevorH
Forum Moderator
Posts: 28544
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: I believe CentOS repos have been compromised

Post by TrevorH » 2018/09/29 20:11:23

So, I have just done a minimal install from the 7.5.1804 DVD (default install type is the same package set as the minimal iso itself). After the install completed I rebooted, connected to it, changed /etc/yum.repos.d/CentOS-Base.repo to point both base and updates to the first link that you gave that was returned by the mirrorlist http://mirror.team-cymru.com/CentOS/7.5 ... s}/x86_64/ then ran a yum update. 82 updates and a new kernel later I rebooted and everything is fine.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: I believe CentOS repos have been compromised

Post by enseva » 2018/09/29 20:14:01

TrevorH wrote:
2018/09/29 20:04:10
If it has 336 updates then that's not a minimal install. A minimal 7.5 install here and a subsequent yum update shows 82 updates and 1 install (new kernel).

Which exact minimal iso filename did you use - I'm trying to replicate your install and need to know if you installed 7.5, 7.0 or something in-between? Did you check its sha256sum against the list published in the relevant release notes for that particular version?
No. We've been building VMs with this ISO for months. It's not the ISO. I'm not sure why you're focused on the ISO being the issue.

I have to provide a screen shot as since the error is in a console window I can't cut/paste from it.

Image

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: I believe CentOS repos have been compromised

Post by enseva » 2018/09/29 20:14:35

TrevorH wrote:
2018/09/29 20:11:23
So, I have just done a minimal install from the 7.5.1804 DVD (default install type is the same package set as the minimal iso itself). After the install completed I rebooted, connected to it, changed /etc/yum.repos.d/CentOS-Base.repo to point both base and updates to the first link that you gave that was returned by the mirrorlist http://mirror.team-cymru.com/CentOS/7.5 ... s}/x86_64/ then ran a yum update. 82 updates and a new kernel later I rebooted and everything is fine.
I'm not sure if you don't know what a VM or Hyper-V is but you seem to be ignoring that fact.

Post Reply

Return to “CentOS 7 - Security Support”