LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-02-2014, 03:21 AM   #1
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Rep: Reputation: Disabled
unable to start sshd daemon due libcrypto issue


Hi team ,

when i am checking that my os is not able to do ssh /sftp to other server , i see that sshd daemon is not starting .


i tried to give sshd restart but following messages pops up :


Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libcrypto.so.10: failed to map segment from shared object: Permission denied
[FAILED]

please support for any idea
 
Old 12-04-2014, 12:23 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by gulab614 View Post
Code:
Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libcrypto.so.10: failed to map segment from shared object: Permission denied [FAILED]
If your Linux distribution uses SElinux and you have enabled it (recently) have a look at the required context of the library (should be "lib_t"):
Code:
ls -Z $(locate -r libcrypto.so*)
test if it requires changes:
Code:
restorecon -nvv $(locate -r libcrypto.so*)
and apply if necessary. If that doesn't fix things (temporarily disable SELinux if required for you to be able to apply necessary fixes, then) look at /var/log/audit/audit.log for clues:
Code:
grep 'libcrypto.so' /var/log/audit/audit.log|audit2allow
and post the output if unsure.
 
Old 12-04-2014, 01:55 AM   #3
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
Wink sshd daemon----libcrypto issue

Hi ,

Please find teh atttached logs :


[root@TIOCC101 selinux]# ls -Z $(locate -r libcrypto.so*)
-bash: locate: command not found
-rw-r--r--. root root system_ubject_r:selinux_config_t:s0 config
-rw-r--r--. root root unconfined_ubject_r:selinux_config_t:s0 config_backup
-rw-r--r--. root root system_ubject_r:selinux_config_t:s0 restorecond.conf
-rw-r--r--. root root system_ubject_r:selinux_config_t:s0 restorecond_user.conf
-rw-r--r--. root root system_ubject_r:selinux_config_t:s0 semanage.conf
drwxr-xr-x. root root system_ubject_r:selinux_config_t:s0 targeted
[root@TIOCC101 selinux]#



================


[root@TIOCC101 audit]#
[root@TIOCC101 audit]# restorecon -nvv $(locate -r libcrypto.so*)
-bash: locate: command not found
[root@TIOCC101 audit]#




=================





can u please help me out to dog this out .??? what can be causing this
 
Old 12-04-2014, 01:50 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by gulab614 View Post
Code:
[root@TIOCC101 selinux]# ls -Z $(locate -r libcrypto.so*)
-bash: locate: command not found
First of all you executed this command in the /etc/selinux directory. That caused the 'ls' command to return its contents. That is not what you want.
Secondly you executed a command without looking at its error output. That is not good.

I'll adjust the command for you to run again:
Code:
find /lib* /usr/lib* -iname \*libcrypto\* -printf "%p %Z\n"
 
Old 12-04-2014, 03:53 PM   #5
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
[root@TIOCC101 ~]#
[root@TIOCC101 ~]# find /lib* /usr/lib* -iname \*libcrypto\* -printf "%p %Z\n"
/usr/lib64/.libcrypto.so.1.0.0.hmac unconfined_ubject_r:usr_t:s0
/usr/lib64/libcrypto.so.1.0.0 unconfined_ubject_r:usr_t:s0
/usr/lib64/libcrypto.so.1.0.0.bak unconfined_ubject_r:usr_t:s0
/usr/lib64/.libcrypto.so.10.hmac unconfined_ubject_r:usr_t:s0
/usr/lib64/libcrypto.so.10 unconfined_ubject_r:usr_t:s0
 
Old 12-04-2014, 04:00 PM   #6
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi ,

is there any way by which we can solve the problem as mgmt is pushing for a ETA & i cant comment on that .

They are coming with to reinstall the same again with full application and all to be done again and i somehow want to avoid this retask.


thanks
Gulab
skype-- gulab.sharma4
 
Old 12-05-2014, 01:54 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by gulab614 View Post
is there any way by which we can solve the problem
Yes. In my first reply I gave you three very specific commands to execute. Reading about what those commands achieve, adapting them to your environment and executing them would have sped up the diagnose considerably. In sort: learn about the Operating System you work with and learn how to diagnose problems.


Quote:
Originally Posted by gulab614 View Post
as mgmt is pushing for a ETA & i cant comment on that .
I am only interested in showing you and others how you can fix this, the right way. I am not impressed by that sort of "pressure" and I remind you that I am doing this in my own time.


Quote:
Originally Posted by gulab614 View Post
Code:
[root@TIOCC101 ~]#
[root@TIOCC101 ~]# find /lib* /usr/lib* -iname \*libcrypto\* -printf "%p %Z\n"
/usr/lib64/.libcrypto.so.1.0.0.hmac unconfined_u:object_r:usr_t:s0
/usr/lib64/libcrypto.so.1.0.0 unconfined_u:object_r:usr_t:s0
/usr/lib64/libcrypto.so.1.0.0.bak unconfined_u:object_r:usr_t:s0
/usr/lib64/.libcrypto.so.10.hmac unconfined_u:object_r:usr_t:s0
/usr/lib64/libcrypto.so.10 unconfined_u:object_r:usr_t:s0
This tells us that the libraries are not properly tagged (as you could have found yourself from adapting and running the 'restorecon' command) and you must do so now. If SELinux was disabled earlier on then you best reset all contexts across the machine ('genhomedircon; touch /.autorelabel; reboot'), else try 'restorecon -fvv /usr/lib64/libcrypto.so*'. Before you execute any of these commands read up on them (as in 'man restorecon' etc, etc.).
 
Old 12-06-2014, 02:14 AM   #8
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi ,
Thanks for reply.

i will try to extecute these commands suggested by you .

Could u please put the same in a simpler steps to execute these as i am new to this particular OS & restoration step.
Appreciate the support








Regards
Gulab Sharma
 
Old 12-06-2014, 04:46 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by gulab614 View Post
Could u please put the same in a simpler steps to execute these as i am new to this particular OS & restoration step.
These steps are as simple as they could be. Your choice is between running
Code:
genhomedircon
touch /.autorelabel
reboot
and
Code:
restorecon -fvv /usr/lib64/libcrypto.so*
 
Old 12-08-2014, 02:18 PM   #10
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi ,
I tried the second option of restorecon but getting this error while executing from root.

[root@TIOCC102 ~]# restorecon -fvv /usr/lib64/libcrypto.so*
Unable to open vv: No such file or directory
usage: restorecon [-iFnprRv0] [-e excludedir ] [-o filename ] [-f filename | pathname... ]
[root@TIOCC102 ~]# cd /usr/lib
lib/ lib64_orig_backup.tar.gz
lib64/ libexec/
[root@TIOCC102 ~]# cd /usr/lib64
[root@TIOCC102 lib64]# ls -lrth lib
Display all 305 possibilities? (y or n)
[root@TIOCC102 lib64]# ls -lrth libcr*
-rwxr-xr-x. 1 root root 38K Feb 1 2011 libcrack.so.2.8.1
-rwxr-xr-x. 1 root root 1.6M Oct 12 2012 libcrypto.so.1.0.0
lrwxrwxrwx. 1 root root 17 Dec 1 21:44 libcrack.so.2 -> libcrack.so.2.8.1
lrwxrwxrwx. 1 root root 18 Dec 1 21:44 libcrypto.so.10 -> libcrypto.so.1.0.0
[root@TIOCC102 lib64]# pwd
/usr/lib64
[root@TIOCC102 lib64]# c


==============

current setting of Selinux,

[root@TIOCC102 lib64]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@TIOCC102 lib64]#

Please suggest
 
Old 12-08-2014, 03:52 PM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I gave you two options.
You choose one.
Try the other.
 
Old 12-08-2014, 05:28 PM   #12
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi ,
Thanks
The first steps need to be done @ root
or
need to be done at a defined one .
Please suggest
 
Old 12-08-2014, 05:45 PM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Root.
 
Old 12-08-2014, 05:54 PM   #14
gulab614
LQ Newbie
 
Registered: Dec 2014
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi ,
i did try but getting this :



oot@TIOCC101 ~]# cd
[root@TIOCC101 ~]# genhomedircon
/usr/sbin/semodule: error while loading shared libraries: libustr-1.0.so.1: failed to map segment from shared object: Permission denied
[root@TIOCC101 ~]#
 
Old 12-08-2014, 06:26 PM   #15
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Commence with:
Code:
touch /.autorelabel
reboot
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Locked Out of SSH Due to Invalid SSHD Config DeltaCharlieBravo Linux - Security 3 11-01-2013 02:08 PM
[SOLVED] CentOS 6.0: unable to start gnome due to an incomprehensible error fbcyborg Linux - Newbie 1 10-26-2011 08:17 AM
add or remove program says - unable to start due to a cofiguration error sampoo Linux - Software 1 01-28-2007 04:48 AM
How do I stop the sshd daemon? ebenh Linux - Software 5 09-04-2004 02:06 PM
not able to start up apache correctly due to fqdn issue Robin01 Linux - Newbie 4 11-23-2003 04:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration