Issues configuring SASL on Ubuntu 14 LTS

Jesse Bowling jessebowling at gmail.com
Tue May 27 20:34:01 EDT 2014


Things seem slightly better if I create /usr/lib64/sasl2 and place my conf file in that directory; similar results for 3.0.6.rc2 and 3.0.7.29 (which is the output below). That “SASL path C” seems wrong, but otherwise I’m at a loss...

# cat /usr/lib64/sasl2/argus.conf 
pwcheck_method: auxprop
mech_list: DIGEST-MD5
auxprop_plugin: sasldb

# /usr/local/sbin/argus -F /etc/argus.conf                                                                                                                            
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.198487 ArgusParseResourceFile: ArgusMinSsf "40" 
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.199502 ArgusParseResourceFile: ArgusMaxSsf "128" 
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.200390 ArgusParseResourceFile (/etc/argus.conf) returning
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.201356 setArgusInterfaceStatus(0x7fbc14d89010, 1)
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.204437 ArgusEstablishListen(561, 0x7fff077ac260) binding: any:561 family: 2
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.205060 ArgusEstablishListen(0x21a4010, 0x7fff077ac260) returning 3
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.205673 SASL path C
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.206251 ArgusInitOutput() done
  ArgusWarning: 27 May 14 20:30:21.206687 started
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.207081 ArgusCloneSource(0x7fbc14d89010) returning 0x7fbc13f71010
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.207490 clearArgusDevice(0x7fbc13f71010) returning
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:21.211288 ArgusOutputProcess(0x21a4010) starting
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.218983 ArgusOpenInterface() pcap_open_live(eth0) returned 0x21b2980
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.219938 Arguslookup_pcap_callback(1) returning 0x40ed85
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.220665 ArgusOpenInterface(0x7fbc13f71010, 'eth0') returning 1
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.222724 ArgusInitModeler(0x7fbc1615b010) done
argus[49443.40e72e16bc7f0000]: 27 May 14 20:30:21.223162 ArgusInitSource(0x7fbc13f71010) returning 1
argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.223990 ArgusGetPackets (0x7fbc13f71010) starting
argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.224771 setArgusInterfaceStatus(0x7fbc13f71010, 1)
  ArgusWarning: 27 May 14 20:30:21.225711 ArgusGetInterfaceStatus: interface eth0 is up
argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.226600 ArgusGetPackets: interface eth0 is selectable
argus[49443.00f7ce13bc7f0000]: 27 May 14 20:30:21.227073 setArgusInterfaceStatus(0x7fbc13f71010, 1)
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.725849 ArgusCheckClientStatus() new client
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.725928 ArgusNewSocket (6) returning 0x7fbc1611a010
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.725950 ArgusCheckClientStatus: SASL enabled
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.726419 ArgusCheckClientStatus: wrote 128 bytes to client
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.726517 ArgusSendSaslString(0x40029a0, 0x4002740, 2) {}
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.734609 ArgusGetSaslString(0x4002760, 0x14b79470, 512) N: 

argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.734654 ArgusAuthenticateClient: Error ArgusGetSaslString returned -1
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:36.734671 ArgusCheckClientStatus() returning
argus[49443.00c7b714bc7f0000]: 27 May 14 20:30:42.144883 ArgusDeleteSocket (0x7fbc1611a010) returning
  ArgusWarning: 27 May 14 20:30:42.145921 ArgusCheckClientMessage: client noname never started: timed out
On May 27, 2014, at 8:23 PM, Jesse Bowling <jessebowling at gmail.com> wrote:

> Much different results using 3.0.6.rc2:
> 
> # /usr/local/sbin/argus -F /etc/argus.conf                                                                                                                                                       
> argus[49290]: looking for plugins in '/usr/lib64/sasl2', failed to open directory, error: No such file or directory
> argus[49290]: 27 May 14 20:13:44.194462 started
> argus[49290]: 27 May 14 20:13:44.199882 ArgusGetInterfaceStatus: interface eth0 is up
> argus[49290]: 27 May 14 20:13:48.003224 ArgusAuthenticateClient: Error generating mechanism list
> 
> Oddly, the libsasl2-2 package does not seem to include ‘/usr/lib64/sasl2’...I’m scouring the nets for instructions on generic SASL configuration on Ubuntu 14, but coming up short...Is this an issue on the Ubuntu/SASL side, or the argus side?
> 
> # dpkg -L libsasl2-2
> /.
> /usr
> /usr/lib
> /usr/lib/sasl2
> /usr/lib/x86_64-linux-gnu
> /usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25
> /usr/share
> /usr/share/doc
> /usr/share/doc/libsasl2-2
> /usr/share/doc/libsasl2-2/README.configure-options
> /usr/share/doc/libsasl2-2/README.Debian
> /usr/share/doc/libsasl2-2/copyright
> /usr/lib/x86_64-linux-gnu/libsasl2.so.2
> /usr/share/doc/libsasl2-2/NEWS.Debian.gz
> /usr/share/doc/libsasl2-2/changelog.Debian.gz
> 
> # ldd /usr/local/sbin/argus 
>        linux-vdso.so.1 =>  (0x00007fff4a9fa000)
>        libpcap.so.0.8 => /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 (0x00007f19af385000)
>        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f19af167000)
>        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f19aef4b000)
>        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f19aec45000)
>        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f19aea2c000)
>        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f19ae665000)
>        /lib64/ld-linux-x86-64.so.2 (0x00007f19af5cd000)
>        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f19ae461000)
> 
> Cheers,
> 
> Jesse
> 
> On May 27, 2014, at 12:12 PM, Carter Bullard <carter at qosient.com> wrote:
> 
>> Hey Jesse,
>> Well, seems that SASL isn’t happy at all.
>> Does an earlier version of argus run, such as 3.0.6.rc2 or rc3 ??
>> (just to get a grounding on whether its your SASL installation or argus).
>> 
>> Carter
>> 
>> On May 27, 2014, at 11:42 AM, Jesse Bowling <jessebowling at gmail.com> wrote:
>> 
>>> Sure thing; Wall of text below...
>>> 
>>> Cheers,
>>> 
>>> Jesse
>>> 
>>> May 27 11:15:04 thog argus[44295]: 27 May 14 11:15:04.900563 started
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.904404 ArgusEstablishListen(561, 0x7fff04b85170) binding: any:561 family: 2
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.904621 ArgusEstablishListen(0x1f61010, 0x7fff04b85170) returning 3
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.904917 SASL path ??C
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.907087 ArgusInitOutput() done
>>> May 27 11:15:04 thog argus[44295]: 27 May 14 11:15:04.907295 started
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.907486 ArgusCloneSource(0x7ff91d294010) returning 0x7ff91c47c010
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.907810 clearArgusDevice(0x7ff91c47c010) returning
>>> May 27 11:15:04 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:04.916181 ArgusOutputProcess(0x1f61010) starting
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.917023 ArgusOpenInterface() pcap_open_live(eth0) returned 0x1f70070
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.917146 Arguslookup_pcap_callback(1) returning 0x40ed85
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.917169 ArgusOpenInterface(0x7ff91c47c010, 'eth0') returning 1
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.918258 ArgusInitModeler(0x7ff91e666010) done
>>> May 27 11:15:04 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:04.918311 ArgusInitSource(0x7ff91c47c010) returning 1
>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.919130 ArgusGetPackets (0x7ff91c47c010) starting
>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.919370 setArgusInterfaceStatus(0x7ff91c47c010, 1)
>>> May 27 11:15:04 thog argus[44295]: 27 May 14 11:15:04.919544 ArgusGetInterfaceStatus: interface eth0 is up
>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.919966 ArgusGetPackets: interface eth0 is selectable
>>> May 27 11:15:04 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:04.920103 setArgusInterfaceStatus(0x7ff91c47c010, 1)
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125120 ArgusCheckClientStatus() new client
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125297 ArgusNewSocket (7) returning 0x7ff91e625010
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125349 ArgusCheckClientStatus: SASL enabled
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125664 ArgusCheckClientStatus: wrote 128 bytes to client
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127701 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127776 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127824 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.127866 ArgusAuthenticateClient: Error generating mechanism list
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128168 ArgusShutDown(1)
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128223 argus() [0x40527a]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128264 argus() [0x426f22]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128304 argus() [0x42078f]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128343 argus() [0x41adda]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128382 argus() [0x41b27c]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128420 /lib/x86_64-linux-gnu/libpthread.so.0(+0x8182) [0x7ff91e192182]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128460 /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7ff91d99e30d]
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.128515 ArgusShutDown(SIGHUP)#012
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.128596 ArgusCloseSource(0x7ff91d294010) starting
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.128643 ArgusCloseSource(0x7ff91c47c010) starting
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128779 ArgusShutDown(0)
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128842 argus() [0x40527a]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128884 argus() [0x40da63]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128933 argus() [0x40f041]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.128974 /usr/lib/x86_64-linux-gnu/libpcap.so.0.8(+0x59ba) [0x7ff91e3ad9ba]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129015 /usr/lib/x86_64-linux-gnu/libpcap.so.0.8(+0x9dce) [0x7ff91e3b1dce]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129054 argus() [0x413c91]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129092 /lib/x86_64-linux-gnu/libpthread.so.0(+0x8182) [0x7ff91e192182]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.129130 /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7ff91d99e30d]
>>> May 27 11:15:13 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:13.129169 ArgusShutDown(Normal Shutdown)#012
>>> May 27 11:15:13 thog argus[44295]: argus[44295.00f7ff17f97f0000]: 27 May 14 11:15:13.129210 ArgusShutDown() returning
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.131104 ArgusProcessQueue (0x7ff910003d80, 96) Shuting Down with 2 records
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132305 ArgusProcessQueue (0x7ff9100035d0, 96) Shuting Down with 33 records
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132371 ArgusProcessQueue (0x7ff910000f60, 96) Shuting Down with 180 records
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132457 ArgusModelerCleanUp (0x7ff91e666010) returning
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132538 ArgusCloseModeler(0x7ff91e666010) Total Sends 229
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132584 ArgusCloseSource(0x7ff91c47c010) done
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132626 ArgusModelerCleanUp (0x7ff91e778010) returning
>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.132687 ArgusCloseModeler(0x7ff91e778010) Total Sends 0
>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.132742 ArgusSourceProcess: ArgusGetPackets[0] done
>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.132790 main() ArgusSourceProcess returned: shuting down
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132865 ArgusShutDown(0)
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132908 argus() [0x40527a]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132949 argus() [0x407bae]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.132988 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7ff91d8c4ec5]
>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.133029 argus() [0x4043b9]
>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.133068 ArgusShutDown(Normal Shutdown)#012
>>> May 27 11:15:13 thog argus[44295]: argus[44295.40977f1ef97f0000]: 27 May 14 11:15:13.133109 ArgusShutDown() returning
>>> On May 27, 2014, at 11:39 AM, Carter Bullard <carter at qosient.com> wrote:
>>> 
>>>> Hey Jesse,
>>>> You are the 2nd site to report this in the last week.
>>>> This is a SASL error, not an argus error, but argus maybe
>>>> causing it, so need to investigate further.
>>>> 
>>>> When you run with -D3, do you get a lot of SASL messages ??
>>>> Can you send those to the list ??
>>>> 
>>>> Carter
>>>> 
>>>> On May 27, 2014, at 11:28 AM, Jesse Bowling <jessebowling at gmail.com> wrote:
>>>> 
>>>>> Hello,
>>>>> 
>>>>> Today I’m attempting to set up an argus instance using SASL on Ubuntu 14 LTS, and I encounter the following issue when trying to connect to the argus instance:
>>>>> 
>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125349 ArgusCheckClientStatus: SASL enabled
>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.125664 ArgusCheckClientStatus: wrote 128 bytes to client
>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127701 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127776 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>>> May 27 11:15:13 thog argus[44295]: argus[44295.0077081df97f0000]: 27 May 14 11:15:13.127824 ArgusSaslLog Other: Internal Error -4 in ../../lib/server.c near line 1753
>>>>> May 27 11:15:13 thog argus[44295]: 27 May 14 11:15:13.127866 ArgusAuthenticateClient: Error generating mechanism list
>>>>> 
>>>>> Both argus and client configured --with-sasl. I’ve not configured SASL on Ubuntu before, so it could certainly be an issue with that, but the 'Internal Error -4’ is unnerving...
>>>>> 
>>>>> What does "Internal Error -4” indicate in argus? Anyone else set up SASL auth with Ubuntu that could share their steps?
>>>>> 
>>>>> Cheers,
>>>>> 
>>>>> Jesse
>>>> 
>>> 
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140527/909cb238/attachment.sig>


More information about the argus mailing list