On our hardened instances of RHEL the postinstallation script embedded in scx fails, which causes the SSL certs to not be properly generated, or even existing certificates being removed during upgrades.
Running scriptlet: scx-1.7.0-0.x86_64 2/4
/etc/profile.d/bash_timeout.sh: line 1: TMOUT: readonly variable
warning: %post(scx-1.7.0-0.x86_64) scriptlet failed, exit status 1
Error in POSTIN scriptlet in rpm package scx
We work around it for upgrades by removing the file /etc/opt/omi/ssl/.omi_cert_marker that the scx script is looking for.
Removing the readonly TMOUT is not an option as it is required by our security policy.
I've observed this behavior on all supported versions of RHEL. I've verified the script exits at sourcing /etc/profile by extracting it and running the script manually using sh -x
On our hardened instances of RHEL the postinstallation script embedded in scx fails, which causes the SSL certs to not be properly generated, or even existing certificates being removed during upgrades.
We work around it for upgrades by removing the file
/etc/opt/omi/ssl/.omi_cert_markerthat the scx script is looking for.Removing the readonly TMOUT is not an option as it is required by our security policy.
I've observed this behavior on all supported versions of RHEL. I've verified the script exits at sourcing /etc/profile by extracting it and running the script manually using
sh -x