WTH is going on with Yum?!

Issues related to applications and software problems
Post Reply
Gwcraig04
Posts: 8
Joined: 2018/04/19 03:03:44

WTH is going on with Yum?!

Post by Gwcraig04 » 2018/05/16 03:44:42

Good evening, CentOSers,

I’m having some difficulty with yum that manifested out of nowhere today. Here’s the scenario:
1. yum gets hung up at “Loaded Plugins: fastestmirror” line and also yum-complete-transactions
2. (This is crazy) If I open Firefox, it WILL load my homepage (cleared cache to make sure), but not anything else after that, and my ROUTER takes a dump at exactly the same time that I open Firefox.
So, yum hangs up at loaded plugins, and somehow my web browsers makes my wi-fi go down (DOS-Attack style)
To fix yum, I’ve tried:
I've tried:

1. removing /var/cache/yum/timedhosts.txt
2. yum update yum
3. making sure there are no other processes running and removing /var/run/yum.pid
4. yum clean all
5. Checked that DNS works for all the servers in the /etc/yum.repos.d/*.repo files
6. Set the enabled flag in vi /etc/yum/pluginconf.d/fastestmirror.conf // enabled=0

I even ran:
rm -f /var/lib/rpm/__*
rpm --rebuilddb -v -v

Nothing has worked, nothing has changed. Any next suggestions to move forward? The web browser DOSing my own Wi-Fi is blow No my mind right now. I know it isn’t “actually” a DOS but I’ve never seen anything like it. The first page loads, there’s clearly traffic, and then NO ONE can connect to the WiFi.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: WTH is going on with Yum?!

Post by avij » 2018/05/16 06:41:03

Yum's fastestmirror plugin establishes several connections to the mirrors to measure the time it takes to connect to each mirror. Some routers might think this is some sort of an attack and block the offending IP address for a while. Firefox may also establish several connections at startup.

If your router has some sort of a firewall or DoS protection setting, I would consider turning that off. Those have been fairly useless in my experience.

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: WTH is going on with Yum?!

Post by lightman47 » 2018/05/16 12:14:19

Also - a couple thoughts that would be on MY mind if it were me:

Any chance "unknown" machines are on your wifi? One experiment would be to temporarily change the encryption key on the router and see if results are different.

If first suggestion didn't help, I'd wonder if your machine (or even ) router has been compromised.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: WTH is going on with Yum?!

Post by TrevorH » 2018/05/16 12:34:40

Or your homepage has some sort of malware on it so that when you go to it, it runs stuff(TM) on your machine and creates lots of outbound connections.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Gwcraig04
Posts: 8
Joined: 2018/04/19 03:03:44

Re: WTH is going on with Yum?!

Post by Gwcraig04 » 2018/05/16 22:13:53

It could be that the system has been compromised, I might go change keys here soon.

Anyway, I did this:

# rm -f /var/lib/rpm/__db*
# db_verify /var/lib/rpm/Packages
# rpm --rebuilddb
# yum clean all
# yum update

THAT was successful, but if I run:
# yum check

It hangs at:
Loaded plugins: fastestmirror, langpacks, nvidia

So I killed the command with:
CTRL+Z
# pkill -9 yum

Then I tried to run yum check-update and got this:
# yum check-update
error: rpmdb: BDB0113 Thread/process 5215/140309826737984 failed: BDB1507 Thread died in Berkeley DB library
error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db5 - (-30973)
error: cannot open Packages database in /var/lib/rpm
CRITICAL:yum.main:

Error: rpmdb open failed

I'm not sure what to do next? Let's assume that I've changed my Wi-Fi keys, also, I have looked in my Router's MAC table AND the Association Table and there's nothing out of the ordinary. So maybe it was an overreach to suggest that something compromised the router, but not outside the realm of possibility, it just isn't plausible because I know that my neighbors have no idea how to even try that sort of thing.

So any suggestions on the Software side?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: WTH is going on with Yum?!

Post by TrevorH » 2018/05/16 22:32:21

# pkill -9 yum
Ouch, don't do that. Did you by any chance back up /var/lib/rpm and /var/lib/yum before you did that?
something compromised the router, but not outside the realm of possibility, it just isn't plausible because I know that my neighbors have no idea how to even try that sort of thing.
Doesn't have to be neighbours, more likely to be something run inside your LAN. There is malware around that, for example, will find your router and try to login to it using various default credentials and if successful, will do things like change the DNS servers that it distributes via DHCP to your clients to send you off to fake sites.

If you can restore copies of the rpm and yum databases from a backup now then you could try using yum --noplugins to disable those 3 you list - fastestmirror is by far the most likely cause if any of them are.

BTW, don't run rpm --rebuilddb so casually. It usually does more damage than help and is really the last resort.

I would also suggest using tcpdump or tshark to see what traffic is going out at the time of the problems.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Gwcraig04
Posts: 8
Joined: 2018/04/19 03:03:44

Re: WTH is going on with Yum?!

Post by Gwcraig04 » 2018/05/17 01:21:15

Ouch, don't do that. Did you by any chance back up /var/lib/rpm and /var/lib/yum before you did that?
Oops... nope, I didn’t.

I’ve actually tried rebuilding the rpmdb a few times.. :|

I also manually assign my IPs and limit the assignable DHCP pool to only the addresses that I need. I keep the guest WiFi open for other people to use (still PW protected).
With DNS, I assign 8.8.8.8 because my shitty ISP keeps changing theirs.

Gwcraig04
Posts: 8
Joined: 2018/04/19 03:03:44

Re: WTH is going on with Yum?!

Post by Gwcraig04 » 2018/05/17 14:50:48

[UPDATE]

Okay, massive "thank yous" to everyone that helped me out on this thread. I did a few things this morning to help lock down my home network AND I believe that I fixed my rpm database issue.

Router Fix:
1. I changed the SSID for my home network, previously named "Craig CiscoNet" (which gave potential attackers the vendor that made the damn device), to something else. I moved the AP from the wall bordering my house to a more central location.

2. Configured DNS settings to point to 8.8.8.8 on the ROUTER (instead of individual hosts), and propagated that through a SMALLER DHCP Pool.

3. Changed IP range of DHCP pool to an other-than 192.168.X.X Private IP Range that only encompasses the maximum amount of devices that I own.

4. Established MAC filtering based on MY devices

5. Stood-up guest network on ONLY 2.4GHz frequency range, which allows up to four devices to connect, allowing access ONLY to the internet, not any of my home-network resources.

6. Expanded filtering options to include inbound anonymous IPs, multicast IPs (in source field), and broadcast IPs (in source field)

I'm not sure what else to do, I can't hide the SSID, the firmware doesn't allow for it. So if I could get any input on that I would appreciate it.

Yum Fix:
1. Nothing. I woke up this morning and it worked. I updated bumblebee and configured /etc/bumblebee/bumblebee.conf fine.

2. Also:
# yum install wireshark-gnome
(So that I can watch for future traffic)

Question for Wireshark: How can I monitor ALL traffic that passes through my router FROM my laptop?

Post Reply