Resolution summary for Error using JASS with Solaris 9

From: Varakantam, Vikram <VVarakantam_at_FDIC.gov>
Date: Thu May 22 2003 - 04:16:49 EDT
Thanks everyone for the responses, the problem was permissions on /usr
directory. It happened evern on a second server built with the same
methodolgy using the same JASS hardening driver. I will have to investigate
into permissions modifications on /usr.

Vikram



Intially everything worked great with only SSH access to the server. 
>After 2 days I had problem with SSH reporting PAM module failure 
>
>May 21 02:16:11 xxxxxxxxxx sshd[545]: [ID 487707 auth.error] load_modules:
>can not open module /usr/lib/security/pam_unix_session.so.1 
>May 21 02:16:11 xxxxxxxxxx sshd[545]: [ID 776383 auth.error] open_module:
>stat(/usr/lib/security/pam_unix_session.so.1) failed: Permission denied 
>May 21 02:16:11 xxxxxxxxxx sshd[545]: [ID 487707 auth.error] load_modules:
>can not open module /usr/lib/security/pam_unix_session.so.1 
>May 21 02:16:11 xxxxxxxxxx sshd[545]: [ID 800047 auth.crit] fatal: PAM
>session setup failed[1]: Dlopen failure 

Points to a file permission problem.

>I reinstalled SSH packages and still the problem persisted, so I had to
>reopen telnet access to the server. After which the server ONLY permits
ROOT
>login on CONSOLE and ROOT SSH access, when i try to SU to a user acccount
it
>complains "NO SHELL". The default user shell is "sh" and entry exsists in
>/etc/shells. I am not sure what I am missing, any help would be greatly
>appreciated. 


Check the permission on "/" is is most likely no longer 755;
and check the other directories too:

	ls -ld / /usr /usr/lib /usr/lib/security

as well as the PAM module:

	ls -l /usr/lib/security/pam_unix_session.so.1

Casper
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu May 22 04:16:44 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:12 EST