[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libpam.so.0 and libaudit.so.0 linking

Hi. I'm not shure wether this subscribe list is correct one to ask my question or not. If not, please suggest me where should I post it.

I have been creating an auditing procedure. I am working with 2 different OSes: CentOS 5.7 (everything is working fine) and Debian 6.0.3 (I am having problems with this).

My setup for auditd is the same in both places. However on the Debian system I get no audit events for user authentication for things like ssh and su. I do properly receive file/directory and syscall events. The problem is that libpam0g and login packages are compiled without audit functionality:


> ldd /lib/libpam.so.0
        linux-gate.so.1 =>  (0x00680000)
        libdl.so.2 => /lib/libdl.so.2 (0x00601000)
        libaudit.so.0 => /lib/libaudit.so.0 (0x0069a000)
        libc.so.6 => /lib/libc.so.6 (0x004a6000)
        /lib/ld-linux.so.2 (0x00482000)


> ldd /lib/libpam.so.0
        linux-gate.so.1 =>  (0xb7733000)
        libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb771c000)
        libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1 (0xb76ea000)
        libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb75a3000)
        /lib/ld-linux.so.2 (0xb7734000)

I managed to recompile login package but I'm having problems with compilation of libpam0g (/lib/libpam.so.0 containing package):

> sudo dpkg-buildpackage -rfakeroot -b
    /bin/bash ../../libtool --tag=CC   --mode=link gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -W -Wall -Wbad-function-cast -Wcast-align -Wcast-qual -Wmissing-declarations -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wstrict-prototypes -Wwrite-strings -Winline -Wshadow -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -Wl,-z,defs -Wl,--as-needed -Wl,-O1 -o pam_selinux.la -rpath /lib/security pam_selinux.lo -L../../libpam -lpam -lselinux -lcrypt
    libtool: link: gcc -shared  .libs/pam_selinux.o   -Wl,-rpath -Wl,/home/fmyoen/tmp/1/pam-1.1.1/libpam/.libs -L/home/fmyoen/tmp/1/pam-1.1.1/libpam /home/fmyoen/tmp/1/pam-1.1.1/libpam/.libs/libpam.so -lselinux -lcrypt  -Wl,--version-script=./../modules.map -Wl,-z -Wl,defs -Wl,--as-needed -Wl,-O1   -Wl,-soname -Wl,pam_selinux.so -o .libs/pam_selinux.so
    .libs/pam_selinux.o: In function `send_audit_message':
    /home/fmyoen/tmp/1/pam-1.1.1/modules/pam_selinux/pam_selinux.c:87: undefined reference to `audit_open'
    /home/fmyoen/tmp/1/pam-1.1.1/modules/pam_selinux/pam_selinux.c:112: undefined reference to `audit_log_user_message'
    collect2: ld returned 1 exit status
    make[4]: *** [pam_selinux.la] Error 1
    make[4]: Leaving directory `/home/fmyoen/tmp/1/pam-1.1.1/modules/pam_selinux'
    make[3]: *** [all-recursive] Error 1
    make[3]: Leaving directory `/home/fmyoen/tmp/1/pam-1.1.1/modules'
    make[2]: *** [all-recursive] Error 1
    make[2]: Leaving directory `/home/fmyoen/tmp/1/pam-1.1.1'
    make[1]: *** [all] Error 2
    make[1]: Leaving directory `/home/fmyoen/tmp/1/pam-1.1.1'
    dh_auto_build: make -j1 returned exit code 2
    make: *** [build] Error 2
    dpkg-buildpackage: error: debian/rules build gave error exit status 2

Any ideas what should I do? For me it looks like some packages still need to be recompiled. How can I trace it? Or maybe there is a better way to get audit events working?

Reply to: