On 2/25/20 8:40 AM, Brian Wengel wrote:
Package: libpam-abl
Version: 0.6.0-5
Description:
I cannot run a simple shell script:
I have the following options in my "/etc/security/pam_abl.conf":
user_rule=*:3/1h
host_rule=*:5/5h
host_purge=1d
user_purge=1d
limits=100-300
user_db=/var/lib/abl/users.db
host_db=/var/lib/abl/hosts.db
user_clear_cmd=[logger] [clear] [user] [%u]
host_clear_cmd=[/tmp/brute.sh]
host_block_cmd=[/tmp/brute.sh]
user_clear_cmd=[/tmp/brute.sh]
user_block_cmd=[/tmp/brute.sh]
host_whitelist=localhost
user_whitelist=
db_home=/var/lib/abl
The result of the command "pam_abl -d" is:
host_block_cmd: "/tmp/brute.sh"
host_clear_cmd: "/tmp/brute.sh"
user_block_cmd: "/tmp/brute.sh"
user_clear_cmd: "/tmp/brute.sh"
The content of "/tmp/brute.sh"
#!/bin/bash
echo START >> /tmp/PAM_abl_env.txt
env >> /tmp/PAM_abl_env.txt
Is this a bug or am I missing something?
Hm, works for me, did you set exec bit on /tmp/brute.sh ?
See below some details.
cat /etc/security/pam_abl.conf | grep user_rule
user_rule=*/sshd:10/1h
pam_abl | grep -B1 Block
toor (12)
Blocked based on rule [*/sshd]
cat /tmp/PAM_abl_env.txt
START
PWD=/
LANG=en_US.UTF-8
INVOCATION_ID=xxx
RUNTIME_DIRECTORY=/run/sshd
SSHD_OPTS=
NOTIFY_SOCKET=/run/systemd/notify
SHLVL=1
JOURNAL_STREAM=6:52564204
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env