Ubuntu snapd with no snaps installed, firing recurring HIDS alerts

snapd
1

I am using a headless Ubuntu 16.04.3 on EC2, i have recently installed OSSEC HIDS and today (after updates and reboots of some servers) it started firing off emails for

snap-repair[4607]: error: cannot use snap-repair on a classic system

On all of those rebooted servers. The main updates where:

libcups2 update-notifier-common lxd lxd-client 2 servers had a snapd update (only one is firing alerts)

According to some other posts, this classic mode can happen if the system started with 16.04.1, but the most recent machine having errors in the syslog was built a couple weeks ago from scratch with 16.04.3.

Ultimately, b/c i don’t know a lot about snapd, but am interested in learning:

  1. If no snaps are installed, should the daemon even be started, if so what requires it?
  2. Do i need to update a package, so i don’t have this error snap-repair[4607]: error: cannot use snap-repair on a classic system, going into syslog and HIDS sending me emails about it throughout the day (yes i can stop them through HIDS config, but that is not my question).

All servers return the same responses: $> sudo snap list No snaps are installed yet. Try “snap install hello-world”. $> sudo snap version snap 2.27.5 snapd 2.27.5 series 16 ubuntu 16.04 kernel 4.4.0-1032-aws

There are also other notifications in the syslog, but they do not produce errors, ultimately my first question may be higher priority than the second, as i don’t want software running that i don’t currently need, but am happy to enable it when the need arises.

Thank you, very much for considering my noob question. Jeff

2

@mvo the noisiness of some of our nop services seems to be maybe an issue

3

thanks for the comment @pedronis, i’ll have to stop them in my HIDS now as for each server as of the 2.27.5 version they come out every 6 hours.

Could you shed some light on why this daemon needs to start if i have no snaps?

Thanks again!

4

Thanks for your bugreport and sorry for this noise this is making. We need to fix this with the next release.

5

Thanks @mvo, should i report this elsewhere so it gets tagged as a bug, or is this sufficient? If you need any more detailed information from me please feel free to ask, happy to give what i can.

Jeff

6

Hi I have the exact same issues, since I have upgraded yesterday with OSSEC every 6 hours:

Received From:->/var/log/syslog
Rule: 1002 fired (level 2) -> “Unknown problem somewhere in the system.”
Portion of the log(s):

Sep 9 11:07:10 snap-repair[9837]: error: cannot use snap-repair on a classic system

What should I do ?

7

You can stop/disable the “snap.snap-repair.timer” systemd unit as a workaround for now. This will stop the messages. We are working on a proper fix and it is ready for review in https://github.com/snapcore/snapd/pull/3897

8

sorry what would be the command to do this on Ubuntu 16 ? I am a bit of a newb here.

many thanks

9

this is not ubuntu specific, but rather systemd specific …
you just use systemctl to stop and disable it …

10

for the time being, since i don’t make any use of snapd/snaps etc, i have
disabled everything, as i don’t reallly need something running on an
ec2.small instance that will consume any resources and is network related.

i use salt, so this was easily done in one command from the salt-master,
but in effect i did (also on 16.04, but as Oliver states it does not matter)
sudo systemctl stop snap-repair.timer
sudo systemctl disable snap-repair.timer // so it does not come back after
a reboot, which i assume it would, this kills the link
sudo systemctl stop snapd
sudo systemctl disable snapd

If you have need for snapd, don’t run the latter two commands.

you can check any of these services with sudo systemctl status {process}

HTH,
Jeff