000025463 - Enabling syslog debug output on Solaris 10

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025463
Applies ToSolaris 10
PAM
sshd
IssueEnabling syslog debug output on Solaris 10
syslog
CauseThe RSA Authentication Manager and the SecurID PAM agent are both capable of sending debug or logging data to syslog on Solaris.  Many of us are familiar with doing a manual stop and start of the syslog daemon on earlier versions of Solaris but on Solaris 10 this system has now changed.
Resolution

Note:  RSA does not offer any formal support for configuring the Solaris operating system.  These notes are supplied "as is" and for formal assistance customers should contact Sun Microsystems.

The following note shows how to configure the syslog mechanism on Solaris 10 to report debug level messages that are sent to it and (more specifically) shows the formal mechanism used on Solaris 10 to stop and start the service.

First, we can confirm that the syslog daemon is running (this is the usual state) 

# ps -ef | grep syslog
    root 15083     1   0 08:40:43 ?           0:00 /usr/sbin/syslogd

Now we can issue a command to stop syslog (running the 'ps -ef' is simply my demonstration of what has occurred)

# svcadm -v disable svc:/system/system-log
svc:/system/system-log:default disabled.

# ps -ef | grep syslog
#

Insert this line in to /etc/syslog.conf

*.debug    /var/adm/messages

Now we want to restart the syslog daemon - notice the ps -ef which simply demonstrates it is back up and running

# svcadm -v enable svc:/system/system-log
svc:/system/system-log:default enabled.

# ps -ef | grep syslog
    root 15101     1   0 09:32:18 ?           0:00 /usr/sbin/syslogd

#

An example of debug:

Some PAM authentication modules (including the RSA SecurID PAM module) will send debug messages to syslog.  To enable this debug simply put the word "debug" at the end of the configuration line, for example:

sshd-kbdint     auth required           pam_securid.so             debug

Here is an example of the type of output generated when using the Solaris 10 SSHD:

Jun  7 14:54:46 rockster sshd[15187]: [ID 554966 auth.notice] @(#)RSA Authentication Agent 6.0 for PAM [049]
Jun  7 14:54:46 rockster sshd[15187]: [ID 356477 auth.notice] Entered pam_sm_authenticate
Jun  7 14:54:46 rockster sshd[15187]: [ID 711792 auth.notice] Entered iReadPAMConfigFile
Jun  7 14:54:46 rockster sshd[15187]: [ID 581891 auth.notice] [1] Buffer: #VAR_ACE ::  the location where the sdconf.rec, sdstatus.12 and securid files will go
Jun  7 14:54:46 rockster sshd[15187]: [ID 852666 auth.notice] [1] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 764395 auth.notice] [2] Buffer: VAR_ACE=/var/ace
Jun  7 14:54:46 rockster sshd[15187]: [ID 381679 auth.notice] [2] Keyword: VAR_ACE
Jun  7 14:54:46 rockster sshd[15187]: [ID 976085 auth.notice] VAR_ACE is /var/ace
Jun  7 14:54:46 rockster sshd[15187]: [ID 496038 auth.notice] [3] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 512422 auth.notice] [4] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 718338 auth.notice] [5] Buffer: #ENABLE_GROUP_SUPPORT :: 1 to enable; 0 to disable group support
Jun  7 14:54:46 rockster sshd[15187]: [ID 852674 auth.notice] [5] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 807812 auth.notice] [6] Buffer: ENABLE_GROUP_SUPPORT=0
Jun  7 14:54:46 rockster sshd[15187]: [ID 145488 auth.notice] [6] Keyword: ENABLE_GROUP_SUPPORT
Jun  7 14:54:46 rockster sshd[15187]: [ID 376023 auth.notice] ENABLE_GROUP_SUPPORT is 0
Jun  7 14:54:46 rockster sshd[15187]: [ID 561574 auth.notice] [7] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 577958 auth.notice] [8] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 627531 auth.notice] [9] Buffer: #INCL_EXCL_GROUPS :: 1 to always prompt the listed groups for securid authentication (include)
Jun  7 14:54:46 rockster sshd[15187]: [ID 852682 auth.notice] [9] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 144490 auth.notice] [10] Buffer: #                 :: 0 to never prompt the listed groups for securid authentication (exclude)
Jun  7 14:54:46 rockster sshd[15187]: [ID 420884 auth.notice] [10] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 770404 auth.notice] [11] Buffer: INCL_EXCL_GROUPS=0
Jun  7 14:54:46 rockster sshd[15187]: [ID 493449 auth.notice] [11] Keyword: INCL_EXCL_GROUPS
Jun  7 14:54:46 rockster sshd[15187]: [ID 427632 auth.notice] INCL_EXCL_GROUPS is 0
Jun  7 14:54:46 rockster sshd[15187]: [ID 459606 auth.notice] [12] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 475990 auth.notice] [13] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 888392 auth.notice] [14] Buffer: #LIST_OF_GROUPS :: a list of groups to include or exclude...Example
Jun  7 14:54:46 rockster sshd[15187]: [ID 420892 auth.notice] [14] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 822534 auth.notice] [15] Buffer: LIST_OF_GROUPS=other:wheel:eng:othergroupnames
Jun  7 14:54:46 rockster sshd[15187]: [ID 856911 auth.notice] [15] Keyword: LIST_OF_GROUPS
Jun  7 14:54:46 rockster sshd[15187]: [ID 688015 auth.notice] Adding ::other:: to list of groups
Jun  7 14:54:46 rockster sshd[15187]: [ID 158581 auth.notice] Adding ::wheel:: to list of groups
Jun  7 14:54:46 rockster sshd[15187]: [ID 267424 auth.notice] Adding ::eng:: to list of groups
Jun  7 14:54:46 rockster sshd[15187]: [ID 827178 auth.notice] Adding ::othergroupnames:: to list of groups
Jun  7 14:54:46 rockster sshd[15187]: [ID 128939 auth.notice] Number of groups is 4
Jun  7 14:54:46 rockster sshd[15187]: [ID 525142 auth.notice] [16] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 541526 auth.notice] [17] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 648187 auth.notice] [18] Buffer: #PAM_IGNORE_SUPPORT :: 1 to return PAM_IGNORE if a user is not SecurID authenticated due to their group membership
Jun  7 14:54:46 rockster sshd[15187]: [ID 420900 auth.notice] [18] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 284013 auth.notice] [19] Buffer: #                   :: 0 to UNIX authenticate a user that is not SecurID authenticated due to their group membership
Jun  7 14:54:46 rockster sshd[15187]: [ID 420902 auth.notice] [19] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 224984 auth.notice] [20] Buffer: PAM_IGNORE_SUPPORT=0
Jun  7 14:54:46 rockster sshd[15187]: [ID 429894 auth.notice] [20] Keyword: PAM_IGNORE_SUPPORT
Jun  7 14:54:46 rockster sshd[15187]: [ID 780604 auth.notice] PAM_IGNORE_SUPPORT is 0
Jun  7 14:54:46 rockster sshd[15187]: [ID 443734 auth.notice] [21] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 460118 auth.notice] [22] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 365214 auth.notice] [23] Buffer: #AUTH_CHALLENGE_USERNAME_STR :: prompt message to ask user for their username/login id
Jun  7 14:54:46 rockster sshd[15187]: [ID 662008 auth.notice] [23] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 920721 auth.notice] [24] Buffer: AUTH_CHALLENGE_USERNAME_STR=Enter USERNAME :
Jun  7 14:54:46 rockster sshd[15187]: [ID 985381 auth.notice] [24] Keyword: AUTH_CHALLENGE_USERNAME_STR
Jun  7 14:54:46 rockster sshd[15187]: [ID 509270 auth.notice] [25] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 525654 auth.notice] [26] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 590493 auth.notice] [27] Buffer: #AUTH_CHALLENGE_RESERVE_REQUEST_STR :: prompt message to ask administrator for their System password
Jun  7 14:54:46 rockster sshd[15187]: [ID 662016 auth.notice] [27] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 829750 auth.notice] [28] Buffer: AUTH_CHALLENGE_RESERVE_REQUEST_STR=Please enter System Password for root :
Jun  7 14:54:46 rockster sshd[15187]: [ID 717674 auth.notice] [28] Keyword: AUTH_CHALLENGE_RESERVE_REQUEST_STR
Jun  7 14:54:46 rockster sshd[15187]: [ID 574806 auth.notice] [29] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 427862 auth.notice] [30] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 702592 auth.notice] [31] Buffer: #AUTH_CHALLENGE_PASSCODE_STR :: prompt message to ask user for their Passcode
Jun  7 14:54:46 rockster sshd[15187]: [ID 903122 auth.notice] [31] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 344652 auth.notice] [32] Buffer: AUTH_CHALLENGE_PASSCODE_STR=Enter PASSCODE :
Jun  7 14:54:46 rockster sshd[15187]: [ID 698037 auth.notice] [32] Keyword: AUTH_CHALLENGE_PASSCODE_STR
Jun  7 14:54:46 rockster sshd[15187]: [ID 477014 auth.notice] [33] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 493398 auth.notice] [34] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 973171 auth.notice] [35] Buffer: #AUTH_CHALLENGE_PASSWORD_STR :: prompt message to ask user for their Password
Jun  7 14:54:46 rockster sshd[15187]: [ID 903130 auth.notice] [35] Skipping comment
Jun  7 14:54:46 rockster sshd[15187]: [ID 446452 auth.notice] [36] Buffer: AUTH_CHALLENGE_PASSWORD_STR=Enter your PASSWORD :
Jun  7 14:54:46 rockster sshd[15187]: [ID 566770 auth.notice] [36] Keyword: AUTH_CHALLENGE_PASSWORD_STR
Jun  7 14:54:46 rockster sshd[15187]: [ID 542550 auth.notice] [37] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 558934 auth.notice] [38] Buffer:
Jun  7 14:54:46 rockster sshd[15187]: [ID 782194 auth.notice] iReadPAMConfigFile: Returning success.
Jun  7 14:54:46 rockster sshd[15187]: [ID 558808 auth.notice] Entered PAM:InitSecurID
Jun  7 14:54:46 rockster sshd[15187]: [ID 756371 auth.notice] ace_dir_env is VAR_ACE=/var/ace
Jun  7 14:54:46 rockster sshd[15187]: [ID 962168 auth.notice] Leaving init
Jun  7 14:54:46 rockster sshd[15187]: [ID 293590 auth.notice] Service name is :: sshd-kbdint
Jun  7 14:54:51 rockster sshd[15187]: [ID 423634 auth.notice] Authentication successful.
Jun  7 14:54:51 rockster sshd[15187]: [ID 342016 auth.notice] Leaving pam_sm_authenticate::auth succeeded
Jun  7 14:54:51 rockster sshd[15187]: [ID 800047 auth.info] Accepted keyboard-interactive for root from 10.178.1.43 port 1501 ssh2

Legacy Article IDa35119

Attachments

    Outcomes