HiveBrain v1.2.0
Get Started
← Back to all entries
patternMinor

Azure Security Center with Ubuntu 19

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
ubuntuwithcentersecurityazure

Problem

Has anyone successfully gotten the Azure Security Center agent to work with Ubuntu 19? My omsconfig.log is full of messages like

This event indicates that failure happens when LCM is trying to get the configuration from pull server using download manager null. ErrorId is 1. ErrorDetail is cURL failed to perform on this base url: uks-agentservice-prod-1.azure-automation.net with this error message: Stream error in the HTTP/2 framing layer. Make sure cURL and SSL libraries are up to date.


I am convinced that they are up to date

# openssl version
OpenSSL 1.1.1b  26 Feb 2019
# curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1b zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh/0.8.6/openssl/zlib nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL


In omsadmin.sh I see

#This is a temporary fix for Systems with Curl versions using HTTP\2 as default
    #Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections. This fix runs curl with --http1.1 on systems with version above 7.47.0
    #Curl http2 Docs Link: https://curl.haxx.se/docs/http2.html
    CURL_VERSION_WITH_DEFAULT_HTTP2="7470"
    CURL_VERSION_SYSTEM=`curl --version | head -c11 | awk '{print $2}' | tr --delete .`
    if [ $CURL_VERSION_SYSTEM -gt $CURL_VERSION_WITH_DEFAULT_HTTP2 ]; then
      CURL_HTTP_COMMAND="--http1.1"
    fi


But this doesn't seem to be honoured by OMSConsistencyInvoker which is a binary file. The above error in the omsconfig.log coincides every 15 minutes with that command being invoked from cron.

Solution

Problem solved, I think: the agent comes with its own libcurl.so.3 in /opt/oms/lib, it doesn't use the system one at all. Once I replaced that, it seems to be succeeding. Previously:

$ cd /opt/microsoft/omsconfig/Scripts
$ ./PerformRequiredConfigurationChecks.py
instance of OMI_Error
{
    OwningEntity=OMI:CIMOM
    MessageID=OMI:MI_Result:1
    Message=cURL failed to perform on this base url: uks-agentservice-prod-1.azure-automation.net with this error message: Stream error in the HTTP/2 framing layer. Make sure cURL and SSL libraries are up to date.
    MessageArguments={}
    PerceivedSeverity=7
    ProbableCause=0
    ProbableCauseDescription=Unknown
    CIMStatusCode=1
    OMI_Code=1
    OMI_Category=0
    OMI_Type=MI
    OMI_ErrorMessage=A general error occurred, not covered by a more specific error code.
}


But now:

$ ./PerformRequiredConfigurationChecks.py
instance of PerformRequiredConfigurationChecks
{
    ReturnValue=0
}

Code Snippets

$ cd /opt/microsoft/omsconfig/Scripts
$ ./PerformRequiredConfigurationChecks.py
instance of OMI_Error
{
    OwningEntity=OMI:CIMOM
    MessageID=OMI:MI_Result:1
    Message=cURL failed to perform on this base url: uks-agentservice-prod-1.azure-automation.net with this error message: Stream error in the HTTP/2 framing layer. Make sure cURL and SSL libraries are up to date.
    MessageArguments={}
    PerceivedSeverity=7
    ProbableCause=0
    ProbableCauseDescription=Unknown
    CIMStatusCode=1
    OMI_Code=1
    OMI_Category=0
    OMI_Type=MI
    OMI_ErrorMessage=A general error occurred, not covered by a more specific error code.
}
$ ./PerformRequiredConfigurationChecks.py
instance of PerformRequiredConfigurationChecks
{
    ReturnValue=0
}

Context

StackExchange DevOps Q#8547, answer score: 2

Revisions (0)

No revisions yet.