From owner-freebsd-questions@FreeBSD.ORG Mon Sep 24 14:29:18 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AA7E16A418 for ; Mon, 24 Sep 2007 14:29:18 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from sarevok.dnr.servegame.org (b83183.upc-b.chello.nl [212.83.83.183]) by mx1.freebsd.org (Postfix) with ESMTP id 4092B13C457 for ; Mon, 24 Sep 2007 14:29:18 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (unknown [66.230.99.27]) by sarevok.dnr.servegame.org (Postfix) with ESMTP id 6F055B8EA for ; Mon, 24 Sep 2007 16:29:16 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 5DB4B1CDEE for ; Mon, 24 Sep 2007 06:29:14 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Mon, 24 Sep 2007 16:29:11 +0200 User-Agent: KMail/1.9.7 References: <573620367.20070922225713@victorstar.com> In-Reply-To: <573620367.20070922225713@victorstar.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200709241629.12331.fbsd.questions@rachie.is-a-geek.net> Subject: Re: Can't login: no pam_unix.so found X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 14:29:18 -0000 On Sunday 23 September 2007 04:57:13 Victor Star wrote: > Hi guys, > > I need your help to fix my FreeBSD 6.2-RELEASE system. > This is my home server, used mostly for mail (courier) and local file > server (samba). It's been up for quite some time with no problems and > really fun for me to learn FreeBSD. I've learned lots of things configuring > postfix, courier, RAIDs and wireless. But now I have something I can't > handle myself. Spent time searching archives, web to no avail. > > Now, few days ago I started getting the following in the daily security run > output: > > ====- 8< -=================================================== > Checking for packages with security vulnerabilities: > > su: pam_start: system error > ====- 8< -=================================================== > > What I see on the console is: > ====- 8< -=================================================== > su: in openpam_load_module(): no pam_unix.so found > su: pam_start: system error > ====- 8< -=================================================== > > I can't also login neither through ssh nor on the console - getting same > error. Luckily I still have one ssh root session alive (so far!). > I have this bad feeling that on disconnect or reboot I will loose the > access to the box. > > Mail server still working no problem, smtp and POP via SSL work and > authorize fine. > > pam_unix.so is in /usr/lib: > ====- 8< -=================================================== > # ls -l /usr/lib/pam_unix* > lrwxr-xr-x 1 root wheel 13 Sep 25 2006 /usr/lib/pam_unix.so -> > pam_unix.so.3 -r--r--r-- 1 root wheel 10240 Feb 19 2007 > /usr/lib/pam_unix.so.3 # file /usr/lib/pam_unix.so > /usr/lib/pam_unix.so: symbolic link to `pam_unix.so.3' > ====- 8< -=================================================== If ldd /usr/lib/pam_unix.so does not show undefined libs, then first thing I'd look would be towards limits, most notably open file limits: compare sysctl kern.openfiles with output of limits -Hn. > There is one more thing that is suspiciously close in time to when this > started happening. In the same security run output where I first saw this > error I found this: ====- 8< > -=================================================== > Sep 18 11:11:37 xxxxxx su: BAD SU to root on /dev/ttyp3 Did or did you not mistype password? > Sep 18 11:13:46 xxxxxx sshd[45047]: Bad protocol version identification > '\377\364\377\375\006quit' from Sep 18 11:15:08 xxxxxx > sshd[45056]: Received disconnect from : 2: Bad packet length > 710099706. ====- 8< -=================================================== That's some user doing telnet on port 22 and doesn't know how to talk ssh. -- Mel