[geloest] Auf mein Debian 12 System startet der Haveged Dienst nicht mehr

[sharbich]

Hallo,
auf mein Debian 12 System startet der Haveged Dienst nicht mehr. Eine Deinstallation und Neuinstallation hat nicht geholfen. Hier die Fehlermeldung. Diese sagt leider überhaupt nichts aus:

Code: Alles auswählen

Nov 02 15:55:03 dsme01 systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:03 dsme01 audit[15372]: SECCOMP auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15372 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7faeac6cb190 code=0x80000000
Nov 02 15:55:03 dsme01 systemd[1]: haveged.service: Main process exited, code=killed, status=31/SYS
Nov 02 15:55:03 dsme01 systemd[1]: haveged.service: Failed with result 'signal'.
Nov 02 15:55:03 dsme01 kernel: audit: type=1326 audit(1730559303.691:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15372 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7faeac6cb190 code=0x80000000
Nov 02 15:55:03 dsme01 systemd[1]: haveged.service: Scheduled restart job, restart counter is at 1.
Nov 02 15:55:03 dsme01 systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:03 dsme01 systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:03 dsme01 audit[15379]: SECCOMP auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15379 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f9d2cb76190 code=0x80000000
Nov 02 15:55:03 dsme01 systemd[1]: haveged.service: Main process exited, code=killed, status=31/SYS
Nov 02 15:55:03 dsme01 systemd[1]: haveged.service: Failed with result 'signal'.
Nov 02 15:55:03 dsme01 kernel: audit: type=1326 audit(1730559303.907:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15379 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f9d2cb76190 code=0x80000000
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Scheduled restart job, restart counter is at 2.
Nov 02 15:55:04 dsme01 systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 audit[15386]: SECCOMP auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15386 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f32b7dc7190 code=0x80000000
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Main process exited, code=killed, status=31/SYS
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Failed with result 'signal'.
Nov 02 15:55:04 dsme01 kernel: audit: type=1326 audit(1730559304.163:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15386 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f32b7dc7190 code=0x80000000
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Scheduled restart job, restart counter is at 3.
Nov 02 15:55:04 dsme01 systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 audit[15389]: SECCOMP auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15389 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f5e0c4c7190 code=0x80000000
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Main process exited, code=killed, status=31/SYS
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Failed with result 'signal'.
Nov 02 15:55:04 dsme01 kernel: audit: type=1326 audit(1730559304.407:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15389 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f5e0c4c7190 code=0x80000000
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Scheduled restart job, restart counter is at 4.
Nov 02 15:55:04 dsme01 systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 audit[15394]: SECCOMP auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15394 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f25afbc0190 code=0x80000000
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Main process exited, code=killed, status=31/SYS
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Failed with result 'signal'.
Nov 02 15:55:04 dsme01 kernel: audit: type=1326 audit(1730559304.663:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=/usr/sbin/haveged pid=15394 comm="haveged" exe="/usr/sbin/haveged" sig=31 arch=c000003e syscall=318 compat=0 ip=0x7f25afbc0190 code=0x80000000
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Scheduled restart job, restart counter is at 5.
Nov 02 15:55:04 dsme01 systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Start request repeated too quickly.
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Failed with result 'signal'.
Nov 02 15:55:04 dsme01 systemd[1]: Failed to start Entropy Daemon based on the HAVEGE algorithm.

Der Status des Dienstes sagt auch nicht viel aus:

Code: Alles auswählen

root@dsme01:~# systemctl status haveged.service
● haveged.service - Entropy Daemon based on the HAVEGE algorithm
     Loaded: loaded (/lib/systemd/system/haveged.service; enabled; vendor preset: enabled)
     Active: failed (Result: signal) since Sat 2024-11-02 15:55:04 CET; 32min ago
       Docs: man:haveged(8)
             http://www.issihosts.com/haveged/
    Process: 15394 ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS (code=killed, signal=SYS)
   Main PID: 15394 (code=killed, signal=SYS)

Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Scheduled restart job, restart counter is at 5.
Nov 02 15:55:04 dsme01 systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm.
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Start request repeated too quickly.
Nov 02 15:55:04 dsme01 systemd[1]: haveged.service: Failed with result 'signal'.
Nov 02 15:55:04 dsme01 systemd[1]: Failed to start Entropy Daemon based on the HAVEGE algorithm.

Wie bekomme ich den Dienst wieder zum laufen?
Gruß von Stefan Harbich

[sharbich]

Hallo Ihr Lieben,
mit der folgenden Änderung in der haveded.service Datei konnte ich den Fehler beheben. Jetzt startet der Dienst wieder ohne Probleme:
---SystemCallFilter=@basic-io @file-system @io-event @network-io @signal
+++SystemCallFilter=@system-service @basic-io @file-system @io-event @network-io @signal

Code: Alles auswählen

root@dsme01:~# cat /lib/systemd/system/haveged.service 
[Unit]
Description=Entropy Daemon based on the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
DefaultDependencies=no
After=apparmor.service systemd-tmpfiles-setup.service systemd-tmpfiles-setup-dev.service
Before=sysinit.target shutdown.target

[Service]
EnvironmentFile=-/etc/default/haveged
ExecStart=/usr/sbin/haveged --Foreground --verbose=1 $DAEMON_ARGS
Restart=always
SuccessExitStatus=137 143
SecureBits=noroot-locked
CapabilityBoundingSet=CAP_SYS_ADMIN
PrivateTmp=true
PrivateDevices=true
PrivateNetwork=true
ProtectSystem=full
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
RestrictNamespaces=true
RestrictRealtime=true

LockPersonality=true
MemoryDenyWriteExecute=true
SystemCallArchitectures=native
SystemCallFilter=@system-service @basic-io @file-system @io-event @network-io @signal
SystemCallFilter=arch_prctl brk ioctl mprotect sysinfo

[Install]
WantedBy=sysinit.target