On Wed, 18 May 2016 13:05:31 -0400, Boruch wrote in message <[email protected]>:
> On 2016-05-18 18:24, Arnt Karlsen wrote: > > DNG, I'm still left with runlevel 1, the damned thin will only > > accept root's passwd on the console, I can start and run ssh and X > > etc all day, and it works all nice except I have my password > > rejected once I try a login. > > Sounds to me like an issue with 'pam', and that you're fix will be in > /etc/pam.d. ..aye, behold: root@debian:/var/cache/apt/archives# ll /etc/pam.d total 200 -rw-r--r-- 1 root root 235 Aug 10 2014 atd -rw-r--r-- 1 root root 384 Feb 16 2011 chfn -rw-r--r-- 1 root root 92 Feb 16 2011 chpasswd -rw-r--r-- 1 root root 581 Feb 16 2011 chsh -rw-r--r-- 1 root root 56 Jul 13 2015 cinnamon-screensaver -rw-r--r-- 1 root root 1312 May 17 23:45 common-account -rw-r--r-- 1 root root 1498 May 17 23:45 common-auth -rw-r--r-- 1 root root 1633 May 17 23:45 common-password -rw-r--r-- 1 root root 1364 May 17 23:45 common-session -rw-r--r-- 1 root root 1286 May 17 23:45 common-session-noninteractive -rw-r--r-- 1 root root 606 May 25 2014 cron -rw-r--r-- 1 root root 69 Jun 9 2014 cups -rw-r--r-- 1 root root 56 Nov 25 2007 gnome-screensaver -rw-r--r-- 1 root root 987 Nov 9 2013 kdm -rw-r--r-- 1 root root 1031 Nov 9 2013 kdm-np -rw-r--r-- 1 root root 1354 Oct 17 2015 lightdm -rw-r--r-- 1 root root 1364 Oct 17 2015 lightdm-autologin -rw-r--r-- 1 root root 493 Oct 17 2015 lightdm-greeter -rw-r--r-- 1 root root 4756 Apr 30 2014 login -rw-r--r-- 1 root root 57 Mar 13 2014 mate-screensaver -rw-r--r-- 1 root root 564 Sep 14 2013 mock -rw-r--r-- 1 root root 147 Nov 19 02:04 newrole -rw-r--r-- 1 root root 92 Feb 16 2011 newusers -rw-r--r-- 1 root root 919 Mar 23 15:54 nodm -rw-r--r-- 1 root root 520 Jun 21 2011 other -rw-r--r-- 1 root root 135 Feb 14 2015 ovirt-hibernate -rw-r--r-- 1 root root 135 Feb 14 2015 ovirt-locksession -rw-r--r-- 1 root root 135 Jan 7 22:33 ovirt-logout -rw-r--r-- 1 root root 135 Feb 14 2015 ovirt-shutdown -rw-r--r-- 1 root root 92 Feb 16 2011 passwd -rw-r--r-- 1 root root 255 Oct 15 2013 polkit-1 -rw-r--r-- 1 root root 168 Jan 19 2011 ppp -rw-r--r-- 1 root root 162 Feb 25 2012 quagga -rw-r--r-- 1 root root 95 Nov 19 02:04 run_init -rw-r--r-- 1 root root 143 Oct 5 2014 runuser -rw-r--r-- 1 root root 105 Nov 27 04:36 runuser-l -rw-r--r-- 1 root root 84 Nov 12 2011 samba -rw-r--r-- 1 root root 1199 Jul 24 2012 schroot -rw-r--r-- 1 root root 1686 Jan 4 22:27 sddm -rw-r--r-- 1 root root 1338 Jan 4 22:27 sddm-autologin -rw-r--r-- 1 root root 1255 Jan 4 22:27 sddm-greeter -rw-r--r-- 1 root root 1300 Jun 8 2015 slim -rw-r--r-- 1 root root 108 Oct 15 2015 slock -rw-r--r-- 1 root root 2133 Aug 5 2014 sshd -rw-r--r-- 1 root root 2257 Mar 14 2014 su -rw-r--r-- 1 root root 95 Jan 12 2012 sudo -rw-r--r-- 1 root root 1205 May 8 2015 wdm -rw-r--r-- 1 root root 871 Dec 11 21:55 xdm -rw-r--r-- 1 root root 108 Oct 30 2011 xscreensaver root@debian:/var/cache/apt/archives# mc /etc/pam.d/ > > ..exactly how is a Devuan boot supposed to work these days? > > And what systemd crud could could my logins? > > systemd-logind ..nope, but there was crud allright. root@debian:/var/cache/apt/archives# dpkg -l |grep systemd |cut -c -123 |fmt -su ii dh-systemd 1.29+devuan1.0 all ii gnome-logs 3.20.1-1 amd64 pc libsystemd-daemon0:amd64 215-18 amd64 pc libsystemd-id128-0:amd64 215-18 amd64 pc libsystemd-journal0:amd64 215-18 amd64 pc libsystemd-login0:amd64 215-18 amd64 ii libsystemd0:amd64 229-6 amd64 ii systemd-shim 9-1 amd64 root@debian:/var/cache/apt/archives# > > And what logs do I check these days? > > /var/log/auth.log ..bingo, lotsa whining about a faulty module and a culprit in my claw: root@debian:/var/cache/apt/archives# less /var/log/auth.log root@debian:/var/cache/apt/archives# dpkg -S /lib/security/pam_abl.so dpkg-query: no path found matching pattern /lib/security/pam_abl.so root@debian:/var/cache/apt/archives# root@debian:/var/cache/apt/archives# zcat /usr/share/doc/libpam-abl/NEWS.Debian.gz libpam-abl (0.6.0-3) unstable; urgency=medium Starting from version 0.6.0-1, libpam-abl is enabled globally using pam-auth-update. Please see README.Debian for more details. -- Alexandre Mestiashvili <[email protected]> Mon, 12 May 2014 13:04:50 +0200 root@debian:/var/cache/apt/archives# cat /usr/share/doc/libpam-abl/README.Debian pam-abl for Debian =============================== By default the pam-abl PAM module is enabled for sshd service only. A user who mistyped a password 3 times will be blocked for 1 hour. A host with 30 failed attempts will be blocked for 1 hour. Default config file: /etc/security/pam_abl.conf See the pam_abl.conf(5) man page for the syntax and pam_abl(1) for information about the management tool. Starting from version 0.6.0-1, libapm-abl configured automatically with pam-auth-update. This may have a negative impact to other authentication services such as sudo, login, su and others. For example a bruteforce attack over ssh can blacklist and block a user and thus even su and sudo on localhost will not work for this user. To avoid such a situation, the default configuration for the debian package of pam-abl works only with "sshd" service. Note "sshd" in the user_rule=*/sshd:3/1h option in the configuration file. Please also note that pam_abl will list all users exceeding the number of allowed attepmts, even for the services not defined in the user_rule, but will block users only for services listed in the user_rule. Use pam_abl -v to see more information. One also can set up pam-abl manually, for this run pam-auth-update and unselect the pam-abl. After that add the following line for every PAM module you want to setup before all other authentication modules: auth required pam_abl.so config=/etc/security/pam_abl.conf See man 8 pam_abl for more details. The pam-abl's libdb databases (/var/lib/abl) are not removed automatically when the package is removed. In order to remove it compeltely use purge: apt-get purge libpam-abl. If pam_abl tool is not able to read the backend database ( usually after Berkeley DB update on the host ) just delete the database: rm -f /var/lib/abl/* Alternatively one can try to fix the database by migrating to the newest version. For example when migrating from libdb5.1 to libdb5.3: db5.3_upgrade -v -h /var/lib/abl hosts.db db5.3_upgrade -v -h /var/lib/abl users.db -- Alex Mestiashvili <[email protected]> > As a helpful hint, if you know a general time for which a logging > event might have occurred, use gre to help you find logs with entries > for that general time. For example: > > grep -rl "^May 16 06:5" /var/log > > For the most recently modified log, sorted by time: > > ls -Rlt /var/log | less ..aye, digging thru this 21GB mess is ... where I wish I had played more with friends like find and xargs. Oh well, with a bit of luck I don't have to. ;o) > > ..last time I had this laptop this bogged down, I simply wiped > > /etc/rc2.d/ clean and made it lean, does anyone have a lean > > Devuan machine so I can see /etc/rcS.d/ and /etc/rc2.d/ listings? > > The list has been recently discussing a minimal livecd build of > devuan that might be useful for you for this. It's a ~250Mb dowloaded > from > > http://devuan.kalos.mine.nu/ ..thanks, I'll try this next if the pam diagnosis fails. > Read the web page for how to use it, and for how to run it in qemu. ..has anyone done this out of a chroot yet? ;o) > -- > hkp://keys.gnupg.net > CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0 > _______________________________________________ > Dng mailing list > [email protected] > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
