Summary: | Enabling BSM/audit security can prevent root login | ||
---|---|---|---|
Product: | Base System | Reporter: | Tim Hogard <thogard> |
Component: | standards | Assignee: | freebsd-standards (Nobody) <standards> |
Status: | Open --- | ||
Severity: | Affects Many People | CC: | brueffer, csjp, emaste, markj |
Priority: | --- | ||
Version: | 13.2-RELEASE | ||
Hardware: | amd64 | ||
OS: | Any |
Description
Tim Hogard
2024-02-02 12:53:26 UTC
It appears this was due to older flags in /etc/security/audit_control If the old Solaris flags were added, specifically ua and pm, and since they aren't in /etc/security/audit_class, the audit mask isn't created and since it isn't created, root can't log in on the console. I think the login code should allow root to login in the case of a bad (or undefined) audit mask to prevent being locked out of a system. Perhaps the old Sun masks should be added to audit_class as: 0x00000000:ua:obsolete user administration class 0x00000000:pm:obsolete process modify class If someone else runs into this the fix is 1) fix the flags: in audit_control or 2) add the missing classes to audit_class as zeros and ensure the events you needed audited are in the flags: line This applies between 14.0 back to at least 11.X. Christian, would you be able to look at this? |