LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 06-30-2008, 05:43 AM   #1
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Rep: Reputation: 17
Can not login as any user in TTY console


Hi All,

we have a Redhat Linux 9 box in our office. Somebody have played with that box and as a result no user is able to login to the box on any TTY console. When we put a user name to log in (root and non-root also), it doesnot ask for password, and simply login prompt appears again. Whereas I can log in as root user through ssh (pseudo terminal). I tail to /var/log/message and /var/log/secure to see what is prohibiting users from logging in to TTY console, but no log appears.

I have checked basic things like....
1) all terminals are allowed in /etc/securetty
2) permission of the /etc/securetty is 600 which should be
3) /etc/nologin file does not exist
4) root and other user account can login through ssh session
5) there is no setting in /etc/security/access.conf



What else I missed to check........ can anybody help me.......



Suhas
 
Old 06-30-2008, 11:58 AM   #2
prik420
LQ Newbie
 
Registered: Jun 2008
Posts: 18

Rep: Reputation: 0
logs

when you ssh to the box, check if syslog is running:

/etc/int.d/syslogd status

start the service if it isn't:

/etc/init.d/syslogd start

check /var/log/secure too
check your pam configuration

btw, when u say somebody has played did u mean someone hacked the box?

check the command history of the user/s in the box, you might find something that would help u.
 
Old 06-30-2008, 08:57 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5
Posts: 16,086

Rep: Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995Reputation: 1995
If you mean hacked, I'm not surprised if you've got the orig RH9 (Shrike?). Support for that was discontinued yrs ago, so its wide open to exploits.
Try RH Fedora 8 (9 just came out) which is free, or Centos, which is a free version of RH Enterprise Linux.
If you want to stick with what you've got & if you've got the time & expertise, you can try to fix it/make notes, but frankly a clean re-install is the only safe way (after backing up any key data).
 
Old 07-02-2008, 12:44 AM   #4
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Original Poster
Rep: Reputation: 17
Hi All,

Thanks for your suggestions, The syslog service is running on the box and it is loggin all the login event from remote host through ssh in /var/log/secure but it is not loggin a single login attempt from TTY terminal.

And I dont mean to say that somebody has hacked the machine, but somebody working in my organization previously has done something nasty for some reason that has caused this thing.

I think I should work out on logs first which will give me direction to troubleshot the problem.


Regards
 
Old 07-02-2008, 12:50 AM   #5
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,615

Rep: Reputation: Disabled
Just try single use mode and go through the /etc/passwd file.
It may have been changed. Or find out if there a file /etc/nologin.
If that file exists, delete it.
 
Old 07-02-2008, 01:11 AM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,950
Blog Entries: 11

Rep: Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860
Have you had a look through /etc/login.defs?

Is the machine using pam for authentication?
If yes, look at pam.conf and/or pam.d/login ...



Cheers,
Tink
 
Old 07-02-2008, 06:33 AM   #7
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Original Poster
Rep: Reputation: 17
Unhappy

Hi All,

Thanks for your response, the /etc/nologin file does not exist, and I see no problem in /etc/passwd as I am able to login through ssh from remote machine.

Following are the some file's output, I think they are ok.

# cat /etc/log.d/conf/services/pam.conf | grep -v ^#

Title = "pam"
LogFile = messages
*OnlyService = pam
*RemoveHeaders


# cat /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so




What else it could be........
 
Old 07-02-2008, 06:59 AM   #8
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,615

Rep: Reputation: Disabled
Is this line creating problems "auth required pam_nologin.so" ?
Try commenting this out.
 
Old 07-03-2008, 12:03 PM   #9
prik420
LQ Newbie
 
Registered: Jun 2008
Posts: 18

Rep: Reputation: 0
the line:
auth required /lib/security/pam_nologin.so

only checks for the existence of /etc/nologin and denies login if the user isn't root.

i'm still looking for workaround on this. since u said that local logins aren't being logged, u might wanna take a look at ur syslog config or paste it here.

another thing u can do is run sysreport and upload the report here, that would provide more info so we can further troubleshoot this.


ppl should know to never piss off those who administer your server
 
Old 07-03-2008, 01:05 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,950
Blog Entries: 11

Rep: Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860Reputation: 860
Quote:
Originally Posted by suhas! View Post
Hi All,

Thanks for your response, the /etc/nologin file does not exist, and I see no problem in /etc/passwd as I am able to login through ssh from remote machine.

Following are the some file's output, I think they are ok.


What else it could be........ :(

And what about /etc/login.defs ...
 
Old 07-04-2008, 08:05 AM   #11
sahil.jammu
Member
 
Registered: Jun 2008
Distribution: Ubuntu
Posts: 83

Rep: Reputation: 15
Kindly paste the exact output of /etc/securetty
Sometimes the additional space put in there can cause such problems.
 
Old 07-05-2008, 04:05 AM   #12
suhas!
Member
 
Registered: Mar 2007
Posts: 100

Original Poster
Rep: Reputation: 17
Hi All,

Heres the output of both file.


#cat /etc/login.defs | grep -v ^#
MAIL_DIR /var/spool/mail

PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7

UID_MIN 500
UID_MAX 60000

GID_MIN 500
GID_MAX 60000


CREATE_HOME yes



# cat /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11


Regards,

Suhas
 
Old 07-05-2008, 05:14 AM   #13
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Try validating the package that supplies /etc/initab. Or just post yours so we can compare.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
auto login as root (or other user) in console mode Peter_Peck Linux - General 4 05-01-2009 02:05 AM
console tty assignment in mdk 10.1 bcotton56 General 0 01-11-2007 10:26 PM
console, tty, stty confusion kernel.vijay Linux - General 2 03-29-2006 07:50 AM
tty console switching problem aldar Slackware 2 12-16-2005 06:30 PM
more then 12 tty /console ... apenguinlinux Debian 4 02-21-2005 09:56 PM


All times are GMT -5. The time now is 03:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration