On Sunday 23 September 2007 04:57:13 Victor Star wrote:
> Hi guys,
>
> I need your help to fix my FreeBSD 6.2-RELEASE system.
> This is my home server, used mostly for mail (courier) and local file
> server (samba). It's been up for quite some time with no problems and
> really fun for me to learn FreeBSD. I've learned lots of things configuring
> postfix, courier, RAIDs and wireless. But now I have something I can't
> handle myself. Spent time searching archives, web to no avail.
>
> Now, few days ago I started getting the following in the daily security run
> output:
>
> ====- 8< -===================================================
> Checking for packages with security vulnerabilities:
>
> su: pam_start: system error
> ====- 8< -===================================================
>
> What I see on the console is:
> ====- 8< -===================================================
> su: in openpam_load_module(): no pam_unix.so found
> su: pam_start: system error
> ====- 8< -===================================================
>
> I can't also login neither through ssh nor on the console - getting same
> error. Luckily I still have one ssh root session alive (so far!).
> I have this bad feeling that on disconnect or reboot I will loose the
> access to the box.
>
> Mail server still working no problem, smtp and POP via SSL work and
> authorize fine.
>
> pam_unix.so is in /usr/lib:
> ====- 8< -===================================================
> # ls -l /usr/lib/pam_unix*
> lrwxr-xr-x  1 root  wheel     13 Sep 25  2006 /usr/lib/pam_unix.so ->
> pam_unix.so.3 -r--r--r--  1 root  wheel  10240 Feb 19  2007
> /usr/lib/pam_unix.so.3 # file /usr/lib/pam_unix.so
> /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3'
> ====- 8< -===================================================

If ldd /usr/lib/pam_unix.so does not show undefined libs, then first thing I'd 
look would be towards limits, most notably open file limits:
compare sysctl kern.openfiles with output of limits -Hn.

> There is one more thing that is suspiciously close in time to when this
> started happening. In the same security run output where  I first saw this
> error I found this: ====- 8<
> -===================================================
> Sep 18 11:11:37 xxxxxx su: BAD SU <myloginname> to root on /dev/ttyp3

Did or did you not mistype password?

> Sep 18 11:13:46 xxxxxx sshd[45047]: Bad protocol version identification
> '\377\364\377\375\006quit' from <some ip here> Sep 18 11:15:08 xxxxxx
> sshd[45056]: Received disconnect from <some ip here>: 2: Bad packet length
> 710099706. ====- 8< -===================================================

That's some user doing telnet on port 22 and doesn't know how to talk ssh.
-- 
Mel
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to