When I installed OSSEC 2.8.3 on a few Debian servers, the installation process was stuck in the middle, leaving dpkg in an unknown state.
I manually needed to kill the still running apt-get install ossec-hids-agent process and then decided to install the package by hand. But it's not that easy if the postinstall or postremove scripts from the package are not able to do their jobs.
Well, let's just do another installation by hand, I thought:
root@debian:~# apt-get install ossec-hids-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
ossec-hids-agent is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
1 not fully installed or removed.
Need to get 0 B/437 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? y
dpkg: error processing ossec-hids-agent (--configure):
package ossec-hids-agent is not ready for configuration
cannot configure (current status `half-installed')
Errors were encountered while processing:
ossec-hids-agent
localepurge: Disk space freed in /usr/share/locale: 0 KiB
localepurge: Disk space freed in /usr/share/man: 0 KiB
Total disk space freed by localepurge: 0 KiB
E: Sub-process /usr/bin/dpkg returned an error code (1)
But dpkg didn't want to and returned me an error and also showed the current status as "half-installed", which can be verified:
root@debian:~# dpkg -l|grep ossec
rH ossec-hids-agent 2.8.3-4wheezy amd64 OSSEC Agent - Host Based Intrusion Detection System
When I tried to remove the package, dpkg returned an error:
root@debian:~# apt-get remove ossec-hids-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
ossec-hids-agent
0 upgraded, 0 newly installed, 1 to remove and 16 not upgraded.
1 not fully installed or removed.
After this operation, 1,539 kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 44119 files and directories currently installed.)
Removing ossec-hids-agent ...
dpkg: error processing ossec-hids-agent (--remove):
subprocess installed post-removal script returned error exit status 2
Errors were encountered while processing:
ossec-hids-agent
E: Sub-process /usr/bin/dpkg returned an error code (1)
Damn. Neither a reinstall, nor the remove of the package works. I tried it with the force parameter (-f) but that didn't help either:
root@debian:~# apt-get install -f ossec-hids-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
ossec-hids-agent is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
1 not fully installed or removed.
Need to get 437 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ossec.wazuh.com/repos/apt/debian/ wheezy/main ossec-hids-agent amd64 2.8.3-4wheezy [437 kB]
Fetched 437 kB in 1s (227 kB/s)
dpkg: error processing ossec-hids-agent (--configure):
package ossec-hids-agent is not ready for configuration
cannot configure (current status `half-installed')
Errors were encountered while processing:
ossec-hids-agent
localepurge: Disk space freed in /usr/share/locale: 0 KiB
localepurge: Disk space freed in /usr/share/man: 0 KiB
Total disk space freed by localepurge: 0 KiB
E: Sub-process /usr/bin/dpkg returned an error code (1)
Then I came across a blog post on absolutelytech.com, which advised to force-install the installation not via apt but directly from the deb package:
root@debian:~# dpkg --remove --force-remove-reinstreq ossec-hids-agent
(Reading database ... 44119 files and directories currently installed.)
Removing ossec-hids-agent ...
dpkg: error processing ossec-hids-agent (--remove):
subprocess installed post-removal script returned error exit status 2
Errors were encountered while processing:
ossec-hids-agent
root@debian:~# dpkg -i --force-overwrite /var/cache/apt/archives/ossec-hids-agent_2.8.3-4wheezy_amd64.deb
Selecting previously unselected package ossec-hids-agent.
(Reading database ... 44120 files and directories currently installed.)
Preparing to replace ossec-hids-agent 2.8.3-4wheezy (using ossec-hids-agent_2.8.3-4wheezy_amd64.deb) ...
mkdir: cannot create directory `/tmp/ossec-hids': File exists
dpkg: error processing ossec-hids-agent_2.8.3-4wheezy_amd64.deb (--install):
subprocess new pre-installation script returned error exit status 1
dpkg: error while cleaning up:
subprocess new post-removal script returned error exit status 2
Errors were encountered while processing:
ossec-hids-agent_2.8.3-4wheezy_amd64.deb
But as you can see, this didn't work either. At least there was an additional hint:
mkdir: cannot create directory `/tmp/ossec-hids': File exists
So this error came from one of the package scripts, which failed because this directory already existed. I deleted it and tried again:
root@debian:~# rm -rf /tmp/ossec-hids/
root@debian:~# dpkg -i --force-overwrite ossec-hids-agent_2.8.3-4wheezy_amd64.deb
(Reading database ... 44120 files and directories currently installed.)
Preparing to replace ossec-hids-agent 2.8.3-4wheezy (using ossec-hids-agent_2.8.3-4wheezy_amd64.deb) ...
Unpacking replacement ossec-hids-agent ...
dpkg: warning: subprocess old post-removal script returned error exit status 2
dpkg: trying script from the new package instead ...
dpkg: error processing ossec-hids-agent_2.8.3-4wheezy_amd64.deb (--install):
subprocess new post-removal script returned error exit status 2
dpkg: error while cleaning up:
subprocess new post-removal script returned error exit status 2
Errors were encountered while processing:
ossec-hids-agent_2.8.3-4wheezy_amd64.deb
Dang it! What now?
Finally, through another blog article from the author Philippe Ivaldi, came the solution: The package files of the broken or half-installed package need to be removed from the dpkg system. This needs to be done manually:
root@debian:~# mv /var/lib/dpkg/info/ossec-hids-agent.* /tmp/
root@debian:~# dpkg --remove --force-remove-reinstreq ossec-hids-agent
dpkg: warning: overriding problem because --force enabled:
Package is in a very bad inconsistent state - you should
reinstall it before attempting a removal.
(Reading database ... 44115 files and directories currently installed.)
Removing ossec-hids-agent ...
This time no error! I checked the current package status and it looked much better (rc):
root@debian:~# dpkg -l|grep ossec
rc ossec-hids-agent 2.8.3-4wheezy amd64 OSSEC Agent - Host Based Intrusion Detection System
Now I was able to launch a "normal" installation again:
root@debian:~# apt-get install ossec-hids-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
ossec-hids-agent
0 upgraded, 1 newly installed, 0 to remove and 16 not upgraded.
Need to get 437 kB of archives.
After this operation, 1,539 kB of additional disk space will be used.
Get:1 http://ossec.wazuh.com/repos/apt/debian/ wheezy/main ossec-hids-agent amd64 2.8.3-4wheezy [437 kB]
Fetched 437 kB in 1s (306 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ossec-hids-agent.
(Reading database ... 44116 files and directories currently installed.)
Unpacking ossec-hids-agent (from .../ossec-hids-agent_2.8.3-4wheezy_amd64.deb) ...
Setting up ossec-hids-agent (2.8.3-4wheezy) ...
localepurge: Disk space freed in /usr/share/locale: 0 KiB
localepurge: Disk space freed in /usr/share/man: 0 KiB
Total disk space freed by localepurge: 0 KiB
... which worked:
root@debian:~# dpkg -l|grep ossec
ii ossec-hids-agent 2.8.3-4wheezy amd64 OSSEC Agent - Host Based Intrusion Detection System
Summary: If the installation of a package stops in the middle of it or you cancel it manually, the package will be in a half-installed state, causing a lot of problems. If the package scripts (preinstall, postinstall, postremove) are not bug-safe, the removal of the package will fail as well. Only a manual deletion of the files within the dpkg package manager will help.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Observability Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder