CentOS8.2インストール手順(7)再起動後に検知したエラーメッセージと対処方法まとめ

これまでの記事で、CentOS8.2のインストールと、最初の基本設定をいろいろ済ませて、再起動した後に、Hinemos監視のシスログ監視をみたら、いろいろエラーメッセージを検知していたので、そのメモ書きです

CentOS8.2の再起動時に検知したエラーメッセージと、その対処方法をまとめておきます

この記事を書いている私は、某SIerに勤務しながら、
WEB系エンジニア・インフラエンジニアに憧れて、プログラミングおよびインフラ技術の勉強をしています。
私が実機で試したコマンドや画像を載せて書いています。
記事の信頼性担保に繋がると思います。

• CentOS8.2インストール手順(7)再起動後に検知したエラーメッセージと対処方法まとめ
  • firewalld関連「AllowZoneDrifting is enabled.」
    • 関連記事
    • 対処手順
  • ACPI BIOS Warning
  • Warning: Intel Processor
  • Disabling error capture for VT-d workaround
  • 無線LAN/Bluetooth関連
  • omfwd: TCPSendBuf error -2027
  • reload_microcode

firewalld関連「AllowZoneDrifting is enabled.」

WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.

関連記事

souiunogaii.hatenablog.com

対処手順

/etc/firewalld/firewalld.conf　の内容を編集します。
（編集する前に、元のファイルをリネームしてバックアップしておきます）

[root@SV-EARTH ~]# cp -p /etc/firewalld/firewalld.conf /etc/firewalld/firewalld.conf.original_bk
[root@SV-EARTH ~]# ls -l /etc/firewalld/firewalld.conf*
-rw-r--r--. 1 root root 2747  4月 24 12:02 /etc/firewalld/firewalld.conf
-rw-r--r--  1 root root 2747  4月 24 12:02 /etc/firewalld/firewalld.conf.original_bk

最後の行の、AllowZoneDrifting=yes を、AllowZoneDrifting=no に書き換えます。

vi /etc/firewalld/firewalld.conf

# firewalld config file

# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=public

# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld
# Default: yes
CleanupOnExit=yes

# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
# The lockdown whitelist file is lockdown-whitelist.xml
# Default: no
Lockdown=no

# IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the 
# packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl.
# Default: yes
IPv6_rpfilter=yes

# IndividualCalls
# Do not use combined -restore calls, but individual calls. This increases the
# time that is needed to apply changes and to start the daemon, but is good for
# debugging.
# Default: no
IndividualCalls=no

# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off

# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
#  - nftables (default)
#  - iptables (iptables, ip6tables, ebtables and ipset)
FirewallBackend=nftables

# FlushAllOnReload
# Flush all runtime rules on a reload. In previous releases some runtime
# configuration was retained during a reload, namely; interface to zone
# assignment, and direct rules. This was confusing to users. To get the old
# behavior set this to "no".
# Default: yes
FlushAllOnReload=yes

# RFC3964_IPv4
# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
# correspond to IPv4 addresses that should not be routed over the public
# internet.
# Defaults to "yes".
RFC3964_IPv4=yes

# AllowZoneDrifting
# Older versions of firewalld had undocumented behavior known as "zone
# drifting". This allowed packets to ingress multiple zones - this is a
# violation of zone based firewalls. However, some users rely on this behavior
# to have a "catch-all" zone, e.g. the default zone. You can enable this if you
# desire such behavior. It's disabled by default for security reasons.
# Note: If "yes" packets will only drift from source based zones to interface
# based zones (including the default zone). Packets never drift from interface
# based zones to other interfaces based zones (including the default zone).
# Possible values; "yes", "no". Defaults to "yes".
AllowZoneDrifting=no

最後にfirewalldを再起動します。

systemctl restart firewalld
systemctl status firewalld

[root@SV-EARTH ~]# systemctl restart firewalld
[root@SV-EARTH ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2020-08-15 16:16:38 JST; 6s ago
     Docs: man:firewalld(1)
 Main PID: 1912 (firewalld)
    Tasks: 2 (limit: 47652)
   Memory: 23.8M
   CGroup: /system.slice/firewalld.service
           mq1912 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

 8月 15 16:16:37 SV-EARTH systemd[1]: Stopped firewalld - dynamic firewall daemon.
 8月 15 16:16:37 SV-EARTH systemd[1]: Starting firewalld - dynamic firewall daemon...
 8月 15 16:16:38 SV-EARTH systemd[1]: Started firewalld - dynamic firewall daemon.

ACPI BIOS Warning

kernel: ACPI BIOS Warning (bug): 32/64X length mismatch in FADT/Gpe0Block: 128/32 (20190703/tbfadt-569)

Warning: Intel Processor

kernel: Detected CPU family 6 model 76 stepping 3
kernel: Warning: Intel Processor - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.

Disabling error capture for VT-d workaround

kernel: i915 0000:00:02.0: Disabling error capture for VT-d workaround

無線LAN/Bluetooth関連

kernel: Bluetooth: Core ver 2.22
kernel: Bluetooth: HCI device and connection manager initialized
kernel: Bluetooth: HCI socket layer initialized
kernel: Bluetooth: L2CAP socket layer initialized
kernel: Bluetooth: SCO socket layer initialized
kernel: platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
kernel: cfg80211: failed to load regulatory.db
kernel: Bluetooth: hci0: rtl: examining hci_ver=06 hci_rev=000a lmp_ver=06 lmp_subver=8821
kernel: Bluetooth: hci0: rtl: loading rtl_bt/rtl8821a_config.bin
kernel: bluetooth hci0: Direct firmware load for rtl_bt/rtl8821a_config.bin failed with error -2
kernel: Bluetooth: hci0: rtl: loading rtl_bt/rtl8821a_fw.bin
kernel: Bluetooth: hci0: rom_version status=0 version=1
kernel: Bluetooth: hci0: cfg_sz 0, total size 17428

Bluetoothのドライバが無い？ RTL8821A？
とりあえず、有線LAN接続しているし、マウスやキーボード等のBluetooth機器は使っていないので、様子見。

omfwd: TCPSendBuf error -2027

rsyslogd[1302]: omfwd: TCPSendBuf error -2027, destruct TCP Connection to 192.168.1.107:514 [v8.1911.0-3.el8 try https://www.rsyslog.com/e/2027 ]
rsyslogd[1302]: action 'action-8-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.1911.0-3.el8 try https://www.rsyslog.com/e/2007 ]
rsyslogd[1302]: action 'action-8-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.1911.0-3.el8 try https://www.rsyslog.com/e/2359 ]

192.168.1.107は、Hinemosサーバで、そのTCPポート514に接続できないエラーです。
Hinemosサーバからシスログ監視をしているのですが、原因調査中。

reload_microcode

reload_microcode[859]: /usr/bin/find: ‘standard output’: Broken pipe
reload_microcode[859]: /usr/bin/find: 書き込みエラー