Bug#952508: Cannot call external script in rule CMD option

Tue, 25 Feb 2020 02:15:31 -0800 

Yes, exec bit is set and script also tested directly in console.
How does your cmd option lines look like in the config-file?
Now I start to suspect  that not even the default cmd line "logger..." is
running. I don't see the message in syslog it should create.

Enabled debug in config-file and restored the original cmds:
Feb 25 11:00:46 debiansdk sshd[9115]: Invalid user test from 10.0.1.104
port 62729
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
host_purge=1d
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
user_purge=1d
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
limits=100-300
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
user_db=/var/lib/abl/users.db
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
host_db=/var/lib/abl/hosts.db
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
user_whitelist=
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
host_whitelist=localhost
Feb 25 11:00:47 debiansdk pam-abl[9115]: /etc/security/pam_abl.conf:
db_home=/var/lib/abl
Feb 25 11:00:47 debiansdk pam-abl[9115]: debug           = 1
Feb 25 11:00:47 debiansdk pam-abl[9115]: db_home         = /var/lib/abl
Feb 25 11:00:47 debiansdk pam-abl[9115]: host_db         =
/var/lib/abl/hosts.db
Feb 25 11:00:47 debiansdk pam-abl[9115]: host_rule       = */sshd:3/5h
Feb 25 11:00:47 debiansdk pam-abl[9115]: host_purge      = 86400
Feb 25 11:00:47 debiansdk pam-abl[9115]: host_block_cmd  = [logger] [block]
[host] [%h]
Feb 25 11:00:47 debiansdk pam-abl[9115]: host_clear_cmd  = [logger] [clear]
[host] [%h]
Feb 25 11:00:47 debiansdk pam-abl[9115]: user_db         =
/var/lib/abl/users.db
Feb 25 11:00:47 debiansdk pam-abl[9115]: user_rule       = */sshd:2/1h
Feb 25 11:00:47 debiansdk pam-abl[9115]: user_purge      = 86400
Feb 25 11:00:47 debiansdk pam-abl[9115]: user_block_cmd  = [logger] [block]
[user] [%u]
Feb 25 11:00:47 debiansdk pam-abl[9115]: user_clear_cmd  = [logger] [clear]
[user] [%u]
Feb 25 11:00:47 debiansdk pam-abl[9115]: lower limit     = 100
Feb 25 11:00:47 debiansdk pam-abl[9115]: upper limit     = 300
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde918d0] =
db_home=/var/lib/abl
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde918a0] =
host_whitelist=localhost
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde91880] =
user_whitelist=
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde91850] =
host_db=/var/lib/abl/hosts.db
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde91820] =
user_db=/var/lib/abl/users.db
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde91800] =
limits=100-300
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde917e0] = user_purge=1d
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde917c0] = host_purge=1d
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde81ad0] = debug
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde91780] =
user_block_cmd=[logger] [block] [user] [%u]
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde91740] =
user_clear_cmd=[logger] [clear] [user] [%u]
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde91700] =
host_block_cmd=[logger] [block] [host] [%h]
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde916c0] =
host_clear_cmd=[logger] [clear] [host] [%h]
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde7d770] =
host_rule=*/sshd:3/5h
Feb 25 11:00:47 debiansdk pam-abl[9115]: str[0x5590bde7e1b0] =
user_rule=*/sshd:2/1h
Feb 25 11:00:48 debiansdk pam-abl[9115]: state opened
Feb 25 11:00:48 debiansdk pam-abl[9115]: state opened
Feb 25 11:00:48 debiansdk pam-abl[9115]: Check 10.0.1.104/sshd against
*/sshd:3/5h(1)
Feb 25 11:00:48 debiansdk pam-abl[9115]: Name part matches, **rp = '/'
Feb 25 11:00:48 debiansdk pam-abl[9115]: match('sshd', 'sshd:3/5h', 4)
Feb 25 11:00:48 debiansdk pam-abl[9115]: Match!
Feb 25 11:00:48 debiansdk pam-abl[9115]: Name matched, next char is ':'
Feb 25 11:00:48 debiansdk pam-abl[9115]: matchperiod(0x5590bde95b20, 1,
'3/5h')
Feb 25 11:00:48 debiansdk pam-abl[9115]: count is 3, **rp='/'
Feb 25 11:00:48 debiansdk pam-abl[9115]: period is 18000, **rp='#000'
Feb 25 11:00:48 debiansdk pam-abl[9115]: Checking 3/18000
Feb 25 11:00:48 debiansdk pam-abl[9115]: howmany(18000) = 1
Feb 25 11:00:48 debiansdk sshd[9115]: pam_unix(sshd:auth): check pass; user
unknown
Feb 25 11:00:48 debiansdk sshd[9115]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.1.104
Feb 25 11:00:50 debiansdk sshd[9115]: Failed password for invalid user test
from 10.0.1.104 port 62729 ssh2
Feb 25 11:00:53 debiansdk sshd[9115]: Connection closed by invalid user
test 10.0.1.104 port 62729 [preauth]
Feb 25 11:00:53 debiansdk pam-abl[9115]: In cleanup, err is 00000007
Feb 25 11:00:53 debiansdk pam-abl[9115]: record returned 0

I wonder what this cleanup error means: " pam-abl[9115]: In cleanup, err is
00000007"

Reply via email to