Skip to content
This repository has been archived by the owner on Oct 16, 2020. It is now read-only.

pam_tty_audit not shipped with CoreOS #2633

Open
pms1969 opened this issue Nov 12, 2019 · 0 comments
Open

pam_tty_audit not shipped with CoreOS #2633

pms1969 opened this issue Nov 12, 2019 · 0 comments

Comments

@pms1969
Copy link

pms1969 commented Nov 12, 2019

Issue Report

Guidance

Container Linux Version

$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=2247.6.0
VERSION_ID=2247.6.0
BUILD_ID=2019-11-06-2138
PRETTY_NAME="Container Linux by CoreOS 2247.6.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

Environment

What hardware/cloud provider/hypervisor is being used to run Container Linux?

AWS

Expected Behavior

I'd expect /usr/lib64/security to contain pam_tty_audit.so

Actual Behavior

$ ls /usr/lib64/security
pam_access.so     pam_deny.so  pam_faildelay.so  pam_group.so    pam_limits.so     pam_mail.so       pam_nologin.so        pam_pwhistory.so  pam_shells.so      pam_systemd.so  pam_timestamp.so  pam_wheel.so
pam_cap.so        pam_echo.so  pam_filter        pam_issue.so    pam_listfile.so   pam_mkhomedir.so  pam_oslogin_admin.so  pam_rhosts.so     pam_sss.so         pam_tally.so    pam_umask.so      pam_xauth.so
pam_cifscreds.so  pam_env.so   pam_filter.so     pam_keyinit.so  pam_localuser.so  pam_motd.so       pam_oslogin_login.so  pam_rootok.so     pam_stress.so      pam_tally2.so   pam_unix.so
pam_debug.so      pam_exec.so  pam_ftp.so        pam_lastlog.so  pam_loginuid.so   pam_namespace.so  pam_permit.so         pam_securetty.so  pam_succeed_if.so  pam_time.so     pam_warn.so

It's not there.

Other Information

I've tried taking pam_tty_audit.so out of one of the other containers; /usr/bin/toolbox, but when I add it to my pam config for sshd, it just blows up; consequently breaking sshd.

Is there some known way to add this that I'm unaware of? I've spent days scouring google and trying to get a build container together to compile it, but I've had no success.

Thanks.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant