Hi Alll,
So I’m setting up the snmp extend postfix monitoring I have 10ish Ubuntu servers running with no issues.
Today I had to add a Centos Server for monitoring its running plesk and hosting websites sending mail etc.
for some reason I just cant get past the PAM error here is my Config
vi /etc/snmp/postfixdetailed
The cache file to use.
my $cache=‘/var/cache/postfixdetailed’;
the location of pflogsumm
my $pflogsumm=‘/usr/bin/env /usr/bin/sudo /usr/sbin/pflogsumm’;
vi /etc/snmp/postfix-queues
for i in $QUEUES; do
COUNT=sudo qshape $i | grep TOTAL | awk '{print $2}'
printf “$COUNT\n”
vi /etc/sudoers.d/libre
Debian-snmp ALL=(ALL) NOPASSWD: ALL
and this is the error I get when running discovery.
tail -f /var/log/secure
Sep 16 17:27:46 hosting-01 unix_chkpwd[24293]: could not obtain user info (root)
Sep 16 17:27:46 hosting-01 sudo: PAM audit_open() failed: Permission denied
Sep 16 17:27:46 hosting-01 sudo: root : PAM account management error: System error ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/qshape hold
Sep 16 17:27:46 hosting-01 sudo: PAM audit_open() failed: Permission denied
tail -f /var/log/audit/audit.log
type=SYSCALL msg=audit(1568647281.244:137049): arch=c000003e syscall=2 success=no exit=-13 a0=7f89434174f3 a1=80000 a2=1b6 a3=24 items=0 ppid=23172 pid=23175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“unix_chkpwd” exe=“/usr/sbin/unix_chkpwd” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.244:137049): proctitle=2F7573722F7362696E2F756E69785F63686B70776400726F6F740063686B657870697279
type=AVC msg=audit(1568647281.256:137050): avc: denied { create } for pid=23172 comm=“sudo” scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=netlink_audit_socket permissive=0
type=SYSCALL msg=audit(1568647281.256:137050): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=3 a2=9 a3=7ffe46cc5f20 items=0 ppid=23171 pid=23172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.256:137050): proctitle=7375646F00717368617065006465666572726564
type=AVC msg=audit(1568647281.256:137051): avc: denied { create } for pid=23172 comm=“sudo” scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=netlink_audit_socket permissive=0
type=SYSCALL msg=audit(1568647281.256:137051): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=3 a2=9 a3=7f61b1738b0c items=0 ppid=23171 pid=23172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.256:137051): proctitle=7375646F00717368617065006465666572726564
type=AVC msg=audit(1568647281.256:137052): avc: denied { create } for pid=23172 comm=“sudo” scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=netlink_audit_socket permissive=0
type=SYSCALL msg=audit(1568647281.256:137052): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=3 a2=9 a3=7f61b1738b0c items=0 ppid=23171 pid=23172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.256:137052): proctitle=7375646F00717368617065006465666572726564
type=AVC msg=audit(1568647281.351:137053): avc: denied { sys_resource } for pid=23177 comm=“sudo” capability=24 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=capability permissive=0
type=SYSCALL msg=audit(1568647281.351:137053): arch=c000003e syscall=160 success=no exit=-1 a0=6 a1=7ffcdd6ae0a0 a2=ffffffff a3=1 items=0 ppid=23176 pid=23177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.351:137053): proctitle=7375646F0071736861706500686F6C64
type=AVC msg=audit(1568647281.457:137054): avc: denied { read } for pid=23180 comm=“unix_chkpwd” name=“shadow” dev=“nvme0n1p1” ino=528648 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0