unable to start sshd daemon due libcrypto issue
 

Hi team ,

when i am checking that my os is not able to do ssh /sftp to other server , i see that sshd daemon is not starting .


i tried to give sshd restart but following messages pops up :


Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libcrypto.so.10: failed to map segment from shared object: Permission denied
[FAILED]

please support for any idea

If your Linux distribution uses SElinux and you have enabled it (recently) have a look at the required context of the library (should be "lib_t"):
test if it requires changes:
and apply if necessary. If that doesn't fix things (temporarily disable SELinux if required for you to be able to apply necessary fixes, then) look at /var/log/audit/audit.log for clues:
and post the output if unsure.

sshd daemon----libcrypto issue
 

Hi ,

Please find teh atttached logs :


[root@TIOCC101 selinux]# ls -Z $(locate -r libcrypto.so*)
-bash: locate: command not found
-rw-r--r--. root root system_u:object_r:selinux_config_t:s0 config
-rw-r--r--. root root unconfined_u:object_r:selinux_config_t:s0 config_backup
-rw-r--r--. root root system_u:object_r:selinux_config_t:s0 restorecond.conf
-rw-r--r--. root root system_u:object_r:selinux_config_t:s0 restorecond_user.conf
-rw-r--r--. root root system_u:object_r:selinux_config_t:s0 semanage.conf
drwxr-xr-x. root root system_u:object_r:selinux_config_t:s0 targeted
[root@TIOCC101 selinux]#



================


[root@TIOCC101 audit]#
[root@TIOCC101 audit]# restorecon -nvv $(locate -r libcrypto.so*)
-bash: locate: command not found
[root@TIOCC101 audit]#




=================





can u please help me out to dog this out .??? what can be causing this

First of all you executed this command in the /etc/selinux directory. That caused the 'ls' command to return its contents. That is not what you want.
Secondly you executed a command without looking at its error output. That is not good.

I'll adjust the command for you to run again:

[root@TIOCC101 ~]#
[root@TIOCC101 ~]# find /lib* /usr/lib* -iname \*libcrypto\* -printf "%p %Z\n"
/usr/lib64/.libcrypto.so.1.0.0.hmac unconfined_u:object_r:usr_t:s0
/usr/lib64/libcrypto.so.1.0.0 unconfined_u:object_r:usr_t:s0
/usr/lib64/libcrypto.so.1.0.0.bak unconfined_u:object_r:usr_t:s0
/usr/lib64/.libcrypto.so.10.hmac unconfined_u:object_r:usr_t:s0
/usr/lib64/libcrypto.so.10 unconfined_u:object_r:usr_t:s0

Hi ,

is there any way by which we can solve the problem as mgmt is pushing for a ETA & i cant comment on that .

They are coming with to reinstall the same again with full application and all to be done again and i somehow want to avoid this retask.


thanks
Gulab
skype-- gulab.sharma4

Yes. In my first reply I gave you three very specific commands to execute. Reading about what those commands achieve, adapting them to your environment and executing them would have sped up the diagnose considerably. In sort: learn about the Operating System you work with and learn how to diagnose problems.


I am only interested in showing you and others how you can fix this, the right way. I am not impressed by that sort of "pressure" and I remind you that I am doing this in my own time.


This tells us that the libraries are not properly tagged (as you could have found yourself from adapting and running the 'restorecon' command) and you must do so now. If SELinux was disabled earlier on then you best reset all contexts across the machine ('genhomedircon; touch /.autorelabel; reboot'), else try 'restorecon -fvv /usr/lib64/libcrypto.so*'. Before you execute any of these commands read up on them (as in 'man restorecon' etc, etc.).

Hi ,
Thanks for reply.

i will try to extecute these commands suggested by you .

Could u please put the same in a simpler steps to execute these as i am new to this particular OS & restoration step.
Appreciate the support








Regards
Gulab Sharma

These steps are as simple as they could be. Your choice is between running and

Hi ,
I tried the second option of restorecon but getting this error while executing from root.

[root@TIOCC102 ~]# restorecon -fvv /usr/lib64/libcrypto.so*
Unable to open vv: No such file or directory
usage: restorecon [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]
[root@TIOCC102 ~]# cd /usr/lib
lib/ lib64_orig_backup.tar.gz
lib64/ libexec/
[root@TIOCC102 ~]# cd /usr/lib64
[root@TIOCC102 lib64]# ls -lrth lib
Display all 305 possibilities? (y or n)
[root@TIOCC102 lib64]# ls -lrth libcr*
-rwxr-xr-x. 1 root root 38K Feb 1 2011 libcrack.so.2.8.1
-rwxr-xr-x. 1 root root 1.6M Oct 12 2012 libcrypto.so.1.0.0
lrwxrwxrwx. 1 root root 17 Dec 1 21:44 libcrack.so.2 -> libcrack.so.2.8.1
lrwxrwxrwx. 1 root root 18 Dec 1 21:44 libcrypto.so.10 -> libcrypto.so.1.0.0
[root@TIOCC102 lib64]# pwd
/usr/lib64
[root@TIOCC102 lib64]# c


==============

current setting of Selinux,

[root@TIOCC102 lib64]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@TIOCC102 lib64]#

Please suggest

I gave you two options.
You choose one.
Try the other.

Hi ,
Thanks
The first steps need to be done @ root
or
need to be done at a defined one .
Please suggest

Root.

Hi ,
i did try but getting this :



oot@TIOCC101 ~]# cd
[root@TIOCC101 ~]# genhomedircon
/usr/sbin/semodule: error while loading shared libraries: libustr-1.0.so.1: failed to map segment from shared object: Permission denied
[root@TIOCC101 ~]#

Commence with: