hi
i plan to put auditd on several hundred servers to control.

I saw this bug, but i can't confirmed it on debian jessie or stretch, and i was 
thinking
it didn't exist anymore i discover the same case and behavior on ubuntu 18.40.

So now i'm in doubt :)

Jessie, 8.11 version

libpam-modules:amd64                 1.1.8-3.1+deb8u2+b1
debconf                              1.5.56+deb8u1 
libaudit1:amd64                      1:2.4-1+b1 
libc6:amd64                          2.19-18+deb8u10 
libdb5.3:amd64                       5.3.28-9+deb8u1 
libpam-modules-bin                   1.1.8-3.1+deb8u2+b1
libpam0g:amd64                       1.1.8-3.1+deb8u2+b1
libselinux1:amd64                    2.3-2   


Stretch, 9.6 version

libpam-modules:amd64                 1.1.8-3.6
debconf                              1.5.61 
libaudit1:amd64                      1:2.6.7-2 
libc6:amd64                          2.24-11+deb9u3
 libdb5.3:amd64                       5.3.28-12+deb9u1
libpam-modules-bin                   1.1.8-3.6 
libpam0g:amd64                       1.1.8-3.6 
libselinux1:amd64                    2.6-3+b3    

No problems:

Jessie:
Jan 21 14:38:17  su[10664]: Successful su for root by marc
Jan 21 14:38:17  su[10664]: + /dev/pts/1 marc:root
Jan 21 14:38:17  su[10664]: pam_unix(su:session): session opened for user root 
by marc(uid=1003)
Jan 21 14:38:17  su[10664]: pam_tty_audit(su:session): changed status from 0 to 
1

stretch:

Jan 21 14:41:13  su[11588]: Successful su for root by marc
Jan 21 14:41:13  su[11588]: + /dev/pts/2 marc:root
Jan 21 14:41:13  su[11588]: pam_unix(su:session): session opened for user root 
by marc(uid=1001)
Jan 21 14:41:13  su[11588]: pam_systemd(su:session): Cannot create session: 
Already running in a session
Jan 21 14:41:13  su[11588]: pam_tty_audit(su:session): changed status from 0 to 
1

but ubuntu:
Jan 21 14:32:17  sshd[10975]: pam_tty_audit(sshd:session): error setting 
current audit status: Invalid argument
Jan 21 14:32:18  sshd[10975]: error: PAM: pam_open_session(): Cannot 
make/remove an entry for the specified session


So what environement or package create the bug ?
i don't want to have hundred of servers i can't no longer connect on it.
Best regards
thanks

Reply via email to