Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pam_tty_audit not shipped with CoreOS #2633

Open
pms1969 opened this issue Nov 12, 2019 · 0 comments

Comments

@pms1969
Copy link

@pms1969 pms1969 commented Nov 12, 2019

Issue Report

Guidance

Container Linux Version

$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=2247.6.0
VERSION_ID=2247.6.0
BUILD_ID=2019-11-06-2138
PRETTY_NAME="Container Linux by CoreOS 2247.6.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

Environment

What hardware/cloud provider/hypervisor is being used to run Container Linux?

AWS

Expected Behavior

I'd expect /usr/lib64/security to contain pam_tty_audit.so

Actual Behavior

$ ls /usr/lib64/security
pam_access.so     pam_deny.so  pam_faildelay.so  pam_group.so    pam_limits.so     pam_mail.so       pam_nologin.so        pam_pwhistory.so  pam_shells.so      pam_systemd.so  pam_timestamp.so  pam_wheel.so
pam_cap.so        pam_echo.so  pam_filter        pam_issue.so    pam_listfile.so   pam_mkhomedir.so  pam_oslogin_admin.so  pam_rhosts.so     pam_sss.so         pam_tally.so    pam_umask.so      pam_xauth.so
pam_cifscreds.so  pam_env.so   pam_filter.so     pam_keyinit.so  pam_localuser.so  pam_motd.so       pam_oslogin_login.so  pam_rootok.so     pam_stress.so      pam_tally2.so   pam_unix.so
pam_debug.so      pam_exec.so  pam_ftp.so        pam_lastlog.so  pam_loginuid.so   pam_namespace.so  pam_permit.so         pam_securetty.so  pam_succeed_if.so  pam_time.so     pam_warn.so

It's not there.

Other Information

I've tried taking pam_tty_audit.so out of one of the other containers; /usr/bin/toolbox, but when I add it to my pam config for sshd, it just blows up; consequently breaking sshd.

Is there some known way to add this that I'm unaware of? I've spent days scouring google and trying to get a build container together to compile it, but I've had no success.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.