Latest Ubuntu kernel update hangs on VMware?

[Doug Burks]

Ubuntu just released a new kernel yesterday:
http://www.ubuntu.com/usn/usn-2910-1/

I installed this kernel update in a Security Onion 14.04 VM running on
VMware Fusion, rebooted, and the kernel hung. Repeated attempts
resulted in a hang of the kernel every time. Using the GRUB boot
loader to select the previous kernel resulted in a successful boot. I
also tested plain vanilla Xubuntu 14.04 (no Security Onion bits) and
saw the same behavior there, so I don't believe this issue is related
to Security Onion at all.

Has anybody else seen this issue already or have time to test in a
sacrificial VM?

--
Doug Burks

[tjob...@gmail.com]

Have the same problem with VMware Workstation on two different host systems.

[Doug Burks]

Thanks for confirming!

Looks like others are seeing the same issue as well:

http://ubuntuforums.org/showthread.php?t=2314723

http://askubuntu.com/questions/738083/ubuntu-14-04-4-lts-hangs-on-boot-after-latest-dist-upgrade

On Tue, Feb 23, 2016 at 12:22 PM, <tjob...@gmail.com> wrote:
> Have the same problem with VMware Workstation on two different host systems.
>

> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks

[tjob...@gmail.com]

It´s exactly the same with my Lubuntu installation.
No Security Onion issue.

Timo

[Doug Burks]

Yep, hopefully Ubuntu releases a fixed kernel soon. Thanks!

[nullprocess]

I'm getting Kernel hanging on boot too. This is from a fresh VM install from the latest iso on the download page. That is when I use the quick evaluation option. Is it the same issue? If so is there a work around?
Cheers
David

[Wes]

nullprocess,

You could try to boot using the previous version of the kernel
using the options in GRUB. You could then try to remove the offending package.

sudo apt-get remove 3.19.0-51-generic
sudo update-grub

Thanks,
Wes

[david day]

Thanks Wes, I can.  Thanks for helping.

Sent from TypeApp

[Doug Burks]

Looks like there is some movement on this bug:

https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1550090

https://bugs.launchpad.net/ubuntu/wily/+source/linux/+bug/1548587

Based on my reading of the second link, I would expect a new kernel
from Ubuntu fairly soon.

[Robert Bardo]

Here is my experience today folks:

Latest SOUP today, just performed, @1700hrs EST did major updates to the OS that seemed to have broke Squil.

Stable snapshot:
14.04 testing PPA build
Prads
IDS x2 procs
BRo x2 procs
Suricata
Http logs
Pcaps 150
mmap I/O 256
files 65534
*Everything else off.

Here are the actions taken: (that may or may not be a variable)
Ran Setup:
IDS x2 procs
BRo x2 procs
Suricata
Argus <----- change --- removed Prads and enabled Argus
Http logs
Elsa
Pcaps 150
mmap I/O 256
files 65534
*Everything else off..

Ran SOUP...

Executed Restart:
So stat shows all running including IDS - Squil. No errors.
Squil collects NO alerts after running a few exercises that I know throw alerts. ...NO JOY....

I have recovered the stable snapshot and all working well again. I'm going to avoid an update until we figure this one out

This is just an FYI to lookout for. =)

--Rob

[Doug Burks]

Hi Rob,

Replies inline.

On Fri, Feb 26, 2016 at 5:45 PM, Robert Bardo <rba...@netorian.com> wrote:
> Here is my experience today folks:
>
> Latest SOUP today, just performed, @1700hrs EST did major updates to the OS that seemed to have broke Squil.

This thread is about an Ubuntu kernel update that results in a blank
screen in VMware. I just ran soup in a VM and I'm not able to
duplicate your issue with Sguil. Everything works fine for me (other
than the blank screen in VMware). Are you sure nothing else changed
in your test?

> Stable snapshot:
> 14.04 testing PPA build
> Prads

Any particular reason you're running PRADS? Most folks don't need it
and get better performance without it.

> IDS x2 procs
> BRo x2 procs
> Suricata
> Http logs

Are you referring to HTTP_AGENT? Most folks don't need it and get
better performance without it.

> Pcaps 150
> mmap I/O 256
> files 65534
> *Everything else off.
>
>
> Here are the actions taken: (that may or may not be a variable)
> Ran Setup:
> IDS x2 procs
> BRo x2 procs
> Suricata
> Argus <----- change --- removed Prads and enabled Argus

Any particular reason you're running Argus? Most folks don't need it
and get better performance without it.

> Http logs

Are you referring to HTTP_AGENT? Most folks don't need it and get
better performance without it.

> Elsa
> Pcaps 150
> mmap I/O 256
> files 65534
> *Everything else off..
>
> Ran SOUP...
>
> Executed Restart:
> So stat shows all running including IDS - Squil. No errors.
> Squil collects NO alerts after running a few exercises that I know throw alerts. ...NO JOY....
>
> I have recovered the stable snapshot and all working well again. I'm going to avoid an update until we figure this one out
>
> This is just an FYI to lookout for. =)
>
> --Rob

--
Doug Burks

[Doug Burks]

Ubuntu has released a fixed kernel:
http://www.ubuntu.com/usn/usn-2910-2/

I've tested and it resolves the blank screen issue on VMware for me.

--
Doug Burks