On Sunday 23 September 2007 04:57:13 Victor Star wrote: > Hi guys, > > I need your help to fix my FreeBSD 6.2-RELEASE system. > This is my home server, used mostly for mail (courier) and local file > server (samba). It's been up for quite some time with no problems and > really fun for me to learn FreeBSD. I've learned lots of things configuring > postfix, courier, RAIDs and wireless. But now I have something I can't > handle myself. Spent time searching archives, web to no avail. > > Now, few days ago I started getting the following in the daily security run > output: > > ====- 8< -=================================================== > Checking for packages with security vulnerabilities: > > su: pam_start: system error > ====- 8< -=================================================== > > What I see on the console is: > ====- 8< -=================================================== > su: in openpam_load_module(): no pam_unix.so found > su: pam_start: system error > ====- 8< -=================================================== > > I can't also login neither through ssh nor on the console - getting same > error. Luckily I still have one ssh root session alive (so far!). > I have this bad feeling that on disconnect or reboot I will loose the > access to the box. > > Mail server still working no problem, smtp and POP via SSL work and > authorize fine. > > pam_unix.so is in /usr/lib: > ====- 8< -=================================================== > # ls -l /usr/lib/pam_unix* > lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so -> > pam_unix.so.3 -r--r--r-- 1 root wheel 10240 Feb 19 2007 > /usr/lib/pam_unix.so.3 # file /usr/lib/pam_unix.so > /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3' > ====- 8< -===================================================
If ldd /usr/lib/pam_unix.so does not show undefined libs, then first thing I'd look would be towards limits, most notably open file limits: compare sysctl kern.openfiles with output of limits -Hn. > There is one more thing that is suspiciously close in time to when this > started happening. In the same security run output where I first saw this > error I found this: ====- 8< > -=================================================== > Sep 18 11:11:37 xxxxxx su: BAD SU <myloginname> to root on /dev/ttyp3 Did or did you not mistype password? > Sep 18 11:13:46 xxxxxx sshd: Bad protocol version identification > '\377\364\377\375\006quit' from <some ip here> Sep 18 11:15:08 xxxxxx > sshd: Received disconnect from <some ip here>: 2: Bad packet length > 710099706. ====- 8< -=================================================== That's some user doing telnet on port 22 and doesn't know how to talk ssh. -- Mel _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"