Postfix monitoring through Centos! PAM errors

ionline · 16 September 2019 15:51

Hi Alll,

So I’m setting up the snmp extend postfix monitoring I have 10ish Ubuntu servers running with no issues.

Today I had to add a Centos Server for monitoring its running plesk and hosting websites sending mail etc.

for some reason I just cant get past the PAM error here is my Config

vi /etc/snmp/postfixdetailed

The cache file to use.

my $cache=‘/var/cache/postfixdetailed’;

the location of pflogsumm

my $pflogsumm=‘/usr/bin/env /usr/bin/sudo /usr/sbin/pflogsumm’;

vi /etc/snmp/postfix-queues

for i in $QUEUES; do
COUNT=sudo qshape $i | grep TOTAL | awk '{print $2}'
printf “$COUNT\n”

vi /etc/sudoers.d/libre

Debian-snmp ALL=(ALL) NOPASSWD: ALL

and this is the error I get when running discovery.

tail -f /var/log/secure

Sep 16 17:27:46 hosting-01 unix_chkpwd[24293]: could not obtain user info (root)
Sep 16 17:27:46 hosting-01 sudo: PAM audit_open() failed: Permission denied
Sep 16 17:27:46 hosting-01 sudo: root : PAM account management error: System error ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/qshape hold
Sep 16 17:27:46 hosting-01 sudo: PAM audit_open() failed: Permission denied

tail -f /var/log/audit/audit.log

type=SYSCALL msg=audit(1568647281.244:137049): arch=c000003e syscall=2 success=no exit=-13 a0=7f89434174f3 a1=80000 a2=1b6 a3=24 items=0 ppid=23172 pid=23175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“unix_chkpwd” exe=“/usr/sbin/unix_chkpwd” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.244:137049): proctitle=2F7573722F7362696E2F756E69785F63686B70776400726F6F740063686B657870697279
type=AVC msg=audit(1568647281.256:137050): avc: denied { create } for pid=23172 comm=“sudo” scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=netlink_audit_socket permissive=0
type=SYSCALL msg=audit(1568647281.256:137050): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=3 a2=9 a3=7ffe46cc5f20 items=0 ppid=23171 pid=23172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.256:137050): proctitle=7375646F00717368617065006465666572726564
type=AVC msg=audit(1568647281.256:137051): avc: denied { create } for pid=23172 comm=“sudo” scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=netlink_audit_socket permissive=0
type=SYSCALL msg=audit(1568647281.256:137051): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=3 a2=9 a3=7f61b1738b0c items=0 ppid=23171 pid=23172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.256:137051): proctitle=7375646F00717368617065006465666572726564
type=AVC msg=audit(1568647281.256:137052): avc: denied { create } for pid=23172 comm=“sudo” scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=netlink_audit_socket permissive=0
type=SYSCALL msg=audit(1568647281.256:137052): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=3 a2=9 a3=7f61b1738b0c items=0 ppid=23171 pid=23172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.256:137052): proctitle=7375646F00717368617065006465666572726564
type=AVC msg=audit(1568647281.351:137053): avc: denied { sys_resource } for pid=23177 comm=“sudo” capability=24 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:system_r:snmpd_t:s0 tclass=capability permissive=0
type=SYSCALL msg=audit(1568647281.351:137053): arch=c000003e syscall=160 success=no exit=-1 a0=6 a1=7ffcdd6ae0a0 a2=ffffffff a3=1 items=0 ppid=23176 pid=23177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=“sudo” exe=“/usr/bin/sudo” subj=system_u:system_r:snmpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1568647281.351:137053): proctitle=7375646F0071736861706500686F6C64
type=AVC msg=audit(1568647281.457:137054): avc: denied { read } for pid=23180 comm=“unix_chkpwd” name=“shadow” dev=“nvme0n1p1” ino=528648 scontext=system_u:system_r:snmpd_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0

ionline · 16 September 2019 16:08

Disable SELinux

You can temporarily change the SELinux mode from targeted to permissive with the following command:

sudo setenforce 0

Copy

However, this change will be valid for the current runtime session only.

To permanently disable SELinux on your CentOS 7 system, follow the steps below:

Open the /etc/selinux/config file and set the SELINUX mod to disabled :

/etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

Copy

Save the file and reboot your CentOS system with:

sudo shutdown -r now

Copy

Once the system boots up, verify the change with the sestatus command:

sestatus

Copy

The output should look like this:

SELinux status:                 disabled