[Touch-packages] [Bug 2069041] Re: Changing Port in sshd_config requires calling systemctl daemon-reload
** Tags added: noble -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2069041 Title: Changing Port in sshd_config requires calling systemctl daemon-reload Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Noble: In Progress Bug description: [Impact] There is currently no comment in the default /etc/ssh/sshd_config explaining that a systemctl daemon-reload is needed for changes to Port etc. to take effect when systemd socket activation is used (the default on Ubuntu). Users may change e.g. Port in /etc/ssh/sshd_config and expect systemctl restart ssh.service to reflect the change, but this will not work. [Test Plan] 1. The proposed fix here is to improve the documentation by adding a comment above the default Port setting in /etc/ssh/sshd_config. Hence, the test is to simply install openssh-server from noble-proposed, and verify that the comment is there. 2. Because the patch changes the default sshd_config, and debian/openssh-server.ucf-md5sum needs to be updated when this happens, an upgrade from noble to oracular should be done after installing openssh-server from noble-proposed. If a debconf prompt is shown, then a mistake was made in recording the checksums. Otherwise, they are correct. [Where problems could occur] There is low technical risk, but we should be sure that the documentation is clear and improves the experience of users. It could be harmful if the documentation accidentally makes things worse, or is just confusing. Also, a packaging quirk of openssh-server is that checksums of the patched sshd_config (along with certain settings tweaked) need to be recorded in debian/openssh-server.ucf-md5sum to avoid unnecessary debconf prompts on upgrades. I have updated those checksums, but if they are incorrent, then in future upgrades users might see an unnecessary debconf prompt about /etc/ssh/sshd_config. [Original Description] Changing the Port directive in sshd_config and restarting ssh.service is without effect, sshd keeps listening to port 22. Also mentioned in https://discourse.ubuntu.com/t/sshd-now-uses-socket- based-activation-ubuntu-22-10-and-later/30189/32 Steps to reproduce: 1. Install Ubuntu 24.04 LTS 2. Change Port directive in /etc/ssh/sshd_config to Port 2233 3. Restart ssh.service 4. Observe sshd still listening to port 22 Expected behaviour: sshd changes port to 2233 Actual behaviour: sshd keeps listening to port 22 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2069041/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2011404] Re: vanilla-gnome-desktop depends on pulseaudio which conflicts with pipewire
** Tags added: mantic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2011404 Title: vanilla-gnome-desktop depends on pulseaudio which conflicts with pipewire Status in pipewire package in Ubuntu: Confirmed Status in pulseaudio package in Ubuntu: Confirmed Status in ubuntu-gnome-meta package in Ubuntu: Confirmed Bug description: Package vanilla-gnome-desktop 0.97 depends on pulseaudio which conflicts with pipewire-alsa and pipewire-audio which in turn are required for upgrading gnome to version 43. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/2011404/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1890804] Re: 20.10 groovy proposed: resolvconf-pull-resolved.service fails to start if resolvconf is installed at the same time
** Bug watch added: Debian Bug tracker #968015 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968015 ** Also affects: resolvconf (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968015 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to resolvconf in Ubuntu. https://bugs.launchpad.net/bugs/1890804 Title: 20.10 groovy proposed: resolvconf-pull-resolved.service fails to start if resolvconf is installed at the same time Status in resolvconf package in Ubuntu: Confirmed Status in resolvconf package in Debian: Unknown Bug description: I was trying to find some resolutions when I found this fresh debian bug report: https://www.mail-archive.com/debian-bugs- d...@lists.debian.org/msg1759183.html Is likely reproducible similarly but I can't since all my machines were hit by this bug and barely made one working and virtualbox-dkms is broken on 5.8.0-12-generic (filed that one too). This made all my fallback kernels,recovery unbootable! The solution discussed there is to remove the offending package resolvconf. I tried that in recovery mode root shell (graphical won't boot), but dpkg hangs when it tries to reload daemons but it can't asking me to restart after 20 minutes leaving with a host of broken packages but the system is finally bootable. Journalctl logspam: Journal file /var/log/journal/383ea8c95927438c95c2011a5f5bbfbb/system@0005ac4607f96c17-321a00afc15a51fc.journal~ is truncated, ignoring file. -- Logs begin at Fri 2020-08-07 06:46:27 UTC, end at Fri 2020-08-07 10:35:32 UTC. -- Aug 07 06:46:27 systemd[1]: Failed to start resolvconf-pull-resolved.service. Subject: A start job for unit resolvconf-pull-resolved.service has failed Defined-By: systemd Support: http://www.ubuntu.com/support A start job for unit resolvconf-pull-resolved.service has finished with a failure. The job identifier is 1649803534 and the job result is failed. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. Aug 07 06:46:29 systemd[1]: resolvconf-pull-resolved.service: Start request repeated too quickly. . systemd 246-2ubuntu1 systemd-sysv 246-2ubuntu1 resolvconf1.82ubuntu1 Kernel: 5.8.0-12-generic x86_64 Distro: Ubuntu 20.10 (Groovy Gorilla) (*Proposed) Just to note the bug probably came with systemd 246-2ubuntu1 today for me since it was working fine yesterday, not sure. Also some other systemd services are failing since moving to proposed like UFW (filed one too.) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1890804/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1666203] Re: pam_tty_audit failed in pam_open_session
Don, I've looked closer at the code and I agree with you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session Status in pam package in Ubuntu: Triaged Status in pam package in Debian: New Bug description: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' Thanks regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1666203] Re: pam_tty_audit failed in pam_open_session
I also tested with commit https://github.com/linux-pam/linux- pam/commit/05a1ccc0df92d0ca031699124ddf7ec3ce12f78f#diff- c5b734a338a8a0460af7f0c08a7b138a which fixes yet another uninitialized use. Resulting pam_tty_audit.so with both mentioned upstream commits tested and works on bionic, cosmic, and disco. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session Status in pam package in Ubuntu: Triaged Status in pam package in Debian: New Bug description: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' Thanks regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Tags added: trusty xen ** Tags removed: xen ** Tags added: cosmic disco xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session Status in pam package in Ubuntu: Triaged Status in pam package in Debian: New Bug description: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' Thanks regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Bug watch added: Debian Bug tracker #778664 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778664 ** Also affects: pam (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778664 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Unknown Bug description: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' Thanks regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1666203] Re: pam_tty_audit failed in pam_open_session
** Tags added: bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1666203 Title: pam_tty_audit failed in pam_open_session Status in pam package in Ubuntu: Triaged Status in pam package in Debian: Unknown Bug description: Dear Maintainer. I found a bug in pam_tty_audit. When Using the pam_tty_audit with other pam modules(ex, pam_ldap), it failed in pam_open_session. It was triggared by use uninitialized variable in pam_tty_audit.c::pam_open_session. * Enviroments Ubuntu 14.04.4 LTS linux-image-3.16.0-71-generic3.16.0-71.92~14.04.1 libpam-ldap:amd64184-8.5ubuntu3 libpam-modules:amd641.1.8-1ubuntu2.2 Ubuntu 16.04.2 TLS linux-image-4.4.0-62-generic4.4.0-62.83 libpam-ldap:amd64184-8.7ubuntu1 libpam-modules:amd641.1.8-3.2ubuntu2 * Reproduction method 1. Install libpam-ldap. 2. Add the following to the end of /etc/pam.d/common-sessions session required pam_tty_audit.so enable=* open_only 3. When logging in with ssh etc., pam_tty_audit will fail and login fails * Solution (== 2018/04/16 Link updated ==) apply upstream patch https://github.com/linux-pam/linux-pam/commit/c5f829931a22c65feffee16570efdae036524bee * Logs (on Ubuntu14.04) -- auth.log -- May 18 14:47:03 vm sshd[2272]: Accepted publickey for test from 10.99.0.1 port 51398 ssh2: RSA 8f:39:1c:3a:f4:9d:ca:99:67:fc:e3:fd:1e:0c:5b:a8 May 18 14:47:03 vm sshd[2272]: pam_unix(sshd:session): session opened for user test by (uid=0) May 18 14:47:03 vm sshd[2272]: pam_tty_audit(sshd:session): error setting current audit status: Invalid argument May 18 14:47:03 vm sshd[2272]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session May 18 14:47:03 vm sshd[2297]: Received disconnect from 10.99.0.1: 11: disconnected by user -- syslog -- May 18 14:47:03 vm audispd: node=vm type=USER_ACCT msg=audit(1463550423.399:58): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.403:59): pid=2272 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=LOGIN msg=audit(1463550423.403:60): pid=2272 uid=0 old-auid=4294967295 auid=20299 old-ses=4294967295 ses=3 res=1 May 18 14:47:03 vm audispd: node=vm type=CONFIG_CHANGE msg=audit(1463550423.403:61): pid=2272 uid=0 auid=20299 ses=3 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=32743 res=0 May 18 14:47:03 vm audispd: node=vm type=USER_START msg=audit(1463550423.447:62): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:session_open acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=failed' May 18 14:47:03 vm audispd: node=vm type=CRED_ACQ msg=audit(1463550423.447:63): pid=2297 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' May 18 14:47:03 vm audispd: node=vm type=CRED_DISP msg=audit(1463550423.451:64): pid=2272 uid=0 auid=20299 ses=3 msg='op=PAM:setcred acct="test" exe="/usr/sbin/sshd" hostname=10.99.0.1 addr=10.99.0.1 terminal=ssh res=success' Thanks regards. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1666203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1434121] Re: if-up might fail when triggered before temporary directory available
** Tags added: trusty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1434121 Title: if-up might fail when triggered before temporary directory available Status in ifupdown package in Ubuntu: New Bug description: It seems that if-up.d is activated before any temporary directory is available. On affected setup that caused a bash here-tag to fail, thus security settings were not applied to the interface leaving it open to attacks. Documentation seems to be unclear, if any script should expect, that temporary directory would work. At least here it was quite unexpected that data processing in scripts without explicit request for disk operation failed due to that. In my opinion, a CAVEAT in the interfaces (5) documentation might be sufficient in most cases. A workaround for the affected setup was to create a separate temporary directory on /var/run (which is a tmpfs instance) and export it using TEMPDIR. To reproduce: cat < /etc/network/if-up.d/aaa-early #!/bin/bash echo "mounts" cat /proc/mounts echo "touch" touch /tmp/xxx cat
[Touch-packages] [Bug 1416793] Re: ifquery segfaults if /run/network/ifstate file is not found
Happens to me on most boots of a Vivid server. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1416793 Title: ifquery segfaults if /run/network/ifstate file is not found Status in ifupdown package in Ubuntu: Confirmed Bug description: This makes the ifup@.service systemd unit file sad. version 0.7.48.1ubuntu6 [amd64] command: ifquery --state eth0 after a mkdir /run/network/ and a touch /run/network/ifstate the command above runs, but produces no output. Thanks for looking into this! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1416793/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1416793] Re: ifquery segfaults if /run/network/ifstate file is not found
** Tags added: vivid ** Tags added: amd64 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1416793 Title: ifquery segfaults if /run/network/ifstate file is not found Status in ifupdown package in Ubuntu: Confirmed Bug description: This makes the ifup@.service systemd unit file sad. version 0.7.48.1ubuntu6 [amd64] command: ifquery --state eth0 after a mkdir /run/network/ and a touch /run/network/ifstate the command above runs, but produces no output. Thanks for looking into this! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1416793/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
