CentOS 7 vs CentOS 8 differences

I have had several of my scripts break, that had worked on CentOS 6 and CentOS 7, when applying them to CentOS 8.  Here are a couple of examples and their fixes.

curl

A script inspired by 802.1x in Lion for Macbook Air needing AD domain authentication and a script on GitHub contained a line similar to the following.

# curl (CentOS 7)
curl --negotiate -u : .........
# curl (CentOS 8)
curl --http1.1 --negotiate -u : .........

I noted that there was an error on the attempt for http/2 negotiation and an attempt was made for http/1.1.  Since curl 7.47 support for http/2 exists along with the additional options to support http/1.1 and http/2.  After adding --http1.1 to the string, the script works as expected.

openssl

Running the following command on CentOS7 and CentOS 8 returns a different response.

echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -issuer 2>/dev/null

The Results.

# CentOS 7
issuer= /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA

# CentOS 8
issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA

Note that the backslashes are replaced with spaces and commas and that their are spaces between the equal signs.  I had to rewrite a grep to work universally between CentOS 7 and CentOS 8.  The awk is added to the end to remove the space from the front of the result.

# CentOS 7 (works)
grep -o 'CN=.*' | cut -f2- -d"="

# CentOS 7 and CentOS 8
grep -o 'CN.*' | cut -f2- -d"=" | awk '{$1=$1};1'

ClamAV

This may not be so much a difference in version between CentOS7 and CentOS8 rather than a version difference in ClamAV.  Well, not up till around mid February 2020. Both OSs were using 0.101.5, I had scripts that ran flawlessly on both.  After a yum update, my script broke on CentOS8.  CentOS8 is now using 0.102.2-2 which is a leap in configuration changes and file names. You can look up the details, but some of the big ones are clamonacc an executable which can be daemonized replaces ScanOnAccess, which is not only deprecated, it is not functional.  For one reason or another, against all documentation, OnAccessMountPath works, whereas the documentation states that OnAccessIncludePath will work, it does not.  I was unable to get LocalSocket, however, with TCPAddr/TCPSocket only.

Source(s)

  • https://ec.haxx.se/http/http-versions
  • https://gist.github.com/mrmichalis/3ed655acaf8a8ba59552
  • https://www.jamf.com/jamf-nation/discussions/3387/802-1x-in-lion-for-macbook-air-needing-ad-domain-authentication
  • https://github.com/curl/curl/blob/master/docs/HTTP2.md
  • https://www.clamav.net/documents/on-access-scanning