Comments (9)
mschwager
commented on July 16, 2024
Thanks for the heads up! We're aware of this issue and working on it :)
from duo_unix.
mfischer-zd
commented on July 16, 2024
ETA?
from duo_unix.
mschwager
commented on July 16, 2024
Should be soon. This is part of a larger effort to release the newest version of all the Duo Unix packages. In the mean time, if you need your SELinux policies updated immediately the following commands should do the trick:
$ curl https://raw.githubusercontent.com/duosecurity/duo_unix/master/pam_duo/authlogin_duo.te > authlogin_duo.te
$ checkmodule -M -m -o authlogin_duo.mod authlogin_duo.te
$ semodule_package -o authlogin_duo.pp -m authlogin_duo.mod
$ semodule -i authlogin_duo.pp
from duo_unix.
mfischer-zd
commented on July 16, 2024
Great to hear. While you're at it, do you plan to add the pam_duo and other RPMs to your official repo?
from duo_unix.
mschwager
commented on July 16, 2024
The duo_unix RPM should already contain pam_duo:
$ wget http://pkg.duosecurity.com/CentOS/7/x86_64/duo_unix-1.9.13-0.x86_64.rpm
2015-10-23 09:41:00 (479 KB/s) - ‘duo_unix-1.9.13-0.x86_64.rpm’ saved [303050/303050]
$ rpm -qlp duo_unix-1.9.13-0.x86_64.rpm
warning: duo_unix-1.9.13-0.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 15d32efc: NOKEY
/etc/duo/login_duo.conf
/etc/duo/pam_duo.conf
/lib64/security/pam_duo.la
/lib64/security/pam_duo.so
/usr/include/duo.h
/usr/include/util.h
/usr/lib64/libduo.a
/usr/lib64/libduo.la
/usr/lib64/libduo.so
/usr/lib64/libduo.so.3
/usr/lib64/libduo.so.3.0.0
/usr/lib64/pkgconfig/libduo.pc
/usr/sbin/login_duo
/usr/share/doc/duo_unix/AUTHORS
/usr/share/doc/duo_unix/CHANGES
/usr/share/doc/duo_unix/LICENSE
/usr/share/doc/duo_unix/README
/usr/share/man/man3/duo.3
/usr/share/man/man8/login_duo.8
/usr/share/man/man8/pam_duo.8
from duo_unix.
mschwager
commented on July 16, 2024
This issue should be fixed with the latest RPM package. Can you confirm?
from duo_unix.
henry-spanka
commented on July 16, 2024
Auth log throws error.
Solution:
Execute the following command in postinstall script
semodule -i /usr/share/selinux/packages/authlogin_duo.pp.bz2
Tested on CentOS 7.1
from duo_unix.
mschwager
commented on July 16, 2024
Our postinstall should enable the SELinux module:
$ wget -q http://pkg.duosecurity.com/CentOS/7/x86_64/duo_unix-1.9.17-0.x86_64.rpm
$ rpm -qp --scripts duo_unix-1.9.17-0.x86_64.rpm
postinstall scriptlet (using /bin/sh):
chown sshd:root /etc/duo/login_duo.conf; chmod 4755 /usr/sbin/login_duo; /sbin/ldconfig; command -v selinuxenabled > /dev/null 2>&1 && selinuxenabled && semodule -i /usr/share/selinux/packages/authlogin_duo.pp.bz2; /bin/true
...
Does one of the following commands return false:
command -v selinuxenabled > /dev/null 2>&1
selinuxenabled
from duo_unix.
henry-spanka
commented on July 16, 2024
Seems like it only happens when upgrading from an old version.
Maybe you should also exec semodule on upgrade(postupgrade).
from duo_unix.
Related Issues (20)
- Feature request: default PAM / authselect profiles HOT 4
- Critical Vulnerability: Default Configuration Can Leave Unenrolled Accounts (Including 'root') Exposed HOT 3
- AD Users are bypassed due to groups when groups config option is set, regardless of group. HOT 4
- RHEL 9 / Centos 9 are missing in repo HOT 2
- Are there any tips as to how to get NetDrive or SSHFS to work with pam_duo? HOT 2
- Autopush should be configurable by device, not globally HOT 2
- login_duo: no selection output and automatically pushes to first phone in list with eternal terminal HOT 2
- duo_unix-1.12.1-4.el8 and setuid HOT 3
- Duo Unix 2.x RPM Digests on RHEL 8 with FIPS enabled HOT 7
- Feature request: behavior in situation of missing conf file and not member of groups directive HOT 4
- Bbbb
- More of a feature request, would like to have ,push# implemented like the Fortinet VPN module has HOT 2
- PAM_SUCCESS returned for non-duo users instead of PAM_IGNORE HOT 8
- /usr/sbin/login_duo returning no such file or directory after fresh install of duo HOT 1
- Manpages (login_duo/login_duo.8, pam_duo/pam_duo.8) hardcodes /etc instead of adjusting path according to --prefix
- Choice of the second factor should have a default value
- 8.8.8.8 DNS Server is hardcoded
- duo_unix not working with openssl 3.0.8 HOT 4
- Order of DUO Devices Displayed Incorrectly for Users with 10 or More Devices HOT 3
- Duo UNIX PAM module failing on AIX
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from duo_unix.