search

sshlog / agent

SSH Session Monitoring Daemon
http://www.sshlog.com
Other
464 stars 22 forks source link

Segmentation fault ARM64 Raspberry PI running Kali Linux #13

Open h00die-gr3y opened 1 year ago

h00die-gr3y commented 1 year ago

Installed sshlog according to instructions. Try to start the daemon and it fails with SEGV (segmentation fault)

systemctl start sshlog
# systemctl status sshlog
× sshlog.service - SSHLog Agent Service
     Loaded: loaded (/lib/systemd/system/sshlog.service; disabled; preset: disabled)
     Active: failed (Result: signal) since Mon 2023-08-21 11:49:46 UTC; 2s ago
   Duration: 1.494s
    Process: 350961 ExecStart=/usr/bin/sshlogd --logfile /var/log/sshlog/sshlogd.log (code=killed, signal=SEGV)
   Main PID: 350961 (code=killed, signal=SEGV)
        CPU: 1.487s

Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Scheduled restart job, restart counter is at 5.
Aug 21 11:49:46 cerberus systemd[1]: Stopped sshlog.service - SSHLog Agent Service.
Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Consumed 1.487s CPU time.
Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Start request repeated too quickly.
Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Failed with result 'signal'.
Aug 21 11:49:46 cerberus systemd[1]: Failed to start sshlog.service - SSHLog Agent Service.

Checked the /var/log/sshlog/sshlogd.log but no failures there.

2023-08-21 11:49:14,129 - plugin_manager.py:26 - INFO - Detected Plugin upload_file_path_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin upload_file_path_regex_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin ignore_existing_logins_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin require_tty_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin username_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin username_regex_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin command_exit_code_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_name_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_name_regex_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_output_contains_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_output_contains_regex_filter with fields [{'name': 'filter_arg', 'required': True}]
2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin slack_action with fields [{'name': 'slack_webhook_url', 'required': True}]
2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin webhook_action with fields [{'name': 'webhook_url', 'required': True}, {'name': 'do_get_request', 'required': False}]
2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin email_action with fields [{'name': 'sender', 'required': True}, {'name': 'recipient', 'required': True}, {'name': 'subject', 'required': True}, {'name': 'body', 'required': True}, {'name': 'smtp_server', 'required': True}, {'name': 'smtp_port', 'required': True}, {'name': 'username', 'required': False}, {'name': 'password', 'required': False}]
2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin run_command_action with fields [{'name': 'command', 'required': True}, {'name': 'args', 'required': False}, {'name': 'timeout', 'required': False}]
2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin statsd_action with fields [{'name': 'server_address', 'required': True}, {'name': 'port', 'required': False}, {'name': 'statsd_prefix', 'required': False}]
2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin eventlogfile_action with fields [{'name': 'log_file_path', 'required': True}, {'name': 'output_json', 'required': False}, {'name': 'max_size_mb', 'required': False}, {'name': 'number_of_log_files', 'required': False}]
2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin sessionlog_action with fields [{'name': 'log_directory', 'required': True}, {'name': 'timestamp_frequency_seconds', 'required': False}]
2023-08-21 11:49:14,133 - plugin_manager.py:26 - INFO - Detected Plugin syslog_action with fields [{'name': 'server_address', 'required': True}, {'name': 'port', 'required': False}, {'name': 'program_name', 'required': False}, {'name': 'udp', 'required': False}, {'name': 'output_json', 'required': False}, {'name': 'facility', 'required': False}, {'name': 'severity', 'required': False}]
2023-08-21 11:49:14,133 - plugin_manager.py:37 - INFO - Reading config file /etc/sshlog/sshlog.yaml
2023-08-21 11:49:14,133 - plugin_manager.py:39 - WARNING - Configuration file /etc/sshlog/sshlog.yaml does not exist.  Skipping
2023-08-21 11:49:14,133 - plugin_manager.py:37 - INFO - Reading config file /etc/sshlog/conf.d/log_events.yaml
2023-08-21 11:49:14,143 - plugin_manager.py:37 - INFO - Reading config file /etc/sshlog/conf.d/log_all_sessions.yaml
2023-08-21 11:49:14,151 - plugin_manager.py:162 - INFO - Initializing event plugin log_general_activity
2023-08-21 11:49:14,151 - plugin_manager.py:167 - INFO - Initializing filter plugin ignore_existing_logins
2023-08-21 11:49:14,151 - plugin_manager.py:175 - INFO - Initializing action plugin log_events
2023-08-21 11:49:14,151 - eventlogfile_action.py:19 - INFO - Initialized action log_events with log file path /var/log/sshlog/event.log
2023-08-21 11:49:14,153 - plugin_manager.py:162 - INFO - Initializing event plugin stream_terminal
2023-08-21 11:49:14,153 - plugin_manager.py:167 - INFO - Initializing filter plugin ignore_existing_logins
2023-08-21 11:49:14,153 - plugin_manager.py:175 - INFO - Initializing action plugin log_all_sessions
2023-08-21 11:49:14,153 - sessionlog_action.py:53 - INFO - Initialized action log_all_sessions with log directory /var/log/sshlog/sessions/

My configuration:

# uname -a
Linux cerberus 5.15.44-Re4son-v8l+ #1 SMP PREEMPT Debian kali-pi (2022-07-03) aarch64 GNU/Linux
# ssh -V
OpenSSH_9.3p2 Debian-1, OpenSSL 3.0.9 30 May 2023