Open h00die-gr3y opened 1 year ago
Installed sshlog according to instructions. Try to start the daemon and it fails with SEGV (segmentation fault)
systemctl start sshlog # systemctl status sshlog × sshlog.service - SSHLog Agent Service Loaded: loaded (/lib/systemd/system/sshlog.service; disabled; preset: disabled) Active: failed (Result: signal) since Mon 2023-08-21 11:49:46 UTC; 2s ago Duration: 1.494s Process: 350961 ExecStart=/usr/bin/sshlogd --logfile /var/log/sshlog/sshlogd.log (code=killed, signal=SEGV) Main PID: 350961 (code=killed, signal=SEGV) CPU: 1.487s Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Scheduled restart job, restart counter is at 5. Aug 21 11:49:46 cerberus systemd[1]: Stopped sshlog.service - SSHLog Agent Service. Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Consumed 1.487s CPU time. Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Start request repeated too quickly. Aug 21 11:49:46 cerberus systemd[1]: sshlog.service: Failed with result 'signal'. Aug 21 11:49:46 cerberus systemd[1]: Failed to start sshlog.service - SSHLog Agent Service.
Checked the /var/log/sshlog/sshlogd.log but no failures there.
/var/log/sshlog/sshlogd.log
2023-08-21 11:49:14,129 - plugin_manager.py:26 - INFO - Detected Plugin upload_file_path_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin upload_file_path_regex_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin ignore_existing_logins_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin require_tty_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin username_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin username_regex_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,130 - plugin_manager.py:26 - INFO - Detected Plugin command_exit_code_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_name_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_name_regex_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_output_contains_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin command_output_contains_regex_filter with fields [{'name': 'filter_arg', 'required': True}] 2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin slack_action with fields [{'name': 'slack_webhook_url', 'required': True}] 2023-08-21 11:49:14,131 - plugin_manager.py:26 - INFO - Detected Plugin webhook_action with fields [{'name': 'webhook_url', 'required': True}, {'name': 'do_get_request', 'required': False}] 2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin email_action with fields [{'name': 'sender', 'required': True}, {'name': 'recipient', 'required': True}, {'name': 'subject', 'required': True}, {'name': 'body', 'required': True}, {'name': 'smtp_server', 'required': True}, {'name': 'smtp_port', 'required': True}, {'name': 'username', 'required': False}, {'name': 'password', 'required': False}] 2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin run_command_action with fields [{'name': 'command', 'required': True}, {'name': 'args', 'required': False}, {'name': 'timeout', 'required': False}] 2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin statsd_action with fields [{'name': 'server_address', 'required': True}, {'name': 'port', 'required': False}, {'name': 'statsd_prefix', 'required': False}] 2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin eventlogfile_action with fields [{'name': 'log_file_path', 'required': True}, {'name': 'output_json', 'required': False}, {'name': 'max_size_mb', 'required': False}, {'name': 'number_of_log_files', 'required': False}] 2023-08-21 11:49:14,132 - plugin_manager.py:26 - INFO - Detected Plugin sessionlog_action with fields [{'name': 'log_directory', 'required': True}, {'name': 'timestamp_frequency_seconds', 'required': False}] 2023-08-21 11:49:14,133 - plugin_manager.py:26 - INFO - Detected Plugin syslog_action with fields [{'name': 'server_address', 'required': True}, {'name': 'port', 'required': False}, {'name': 'program_name', 'required': False}, {'name': 'udp', 'required': False}, {'name': 'output_json', 'required': False}, {'name': 'facility', 'required': False}, {'name': 'severity', 'required': False}] 2023-08-21 11:49:14,133 - plugin_manager.py:37 - INFO - Reading config file /etc/sshlog/sshlog.yaml 2023-08-21 11:49:14,133 - plugin_manager.py:39 - WARNING - Configuration file /etc/sshlog/sshlog.yaml does not exist. Skipping 2023-08-21 11:49:14,133 - plugin_manager.py:37 - INFO - Reading config file /etc/sshlog/conf.d/log_events.yaml 2023-08-21 11:49:14,143 - plugin_manager.py:37 - INFO - Reading config file /etc/sshlog/conf.d/log_all_sessions.yaml 2023-08-21 11:49:14,151 - plugin_manager.py:162 - INFO - Initializing event plugin log_general_activity 2023-08-21 11:49:14,151 - plugin_manager.py:167 - INFO - Initializing filter plugin ignore_existing_logins 2023-08-21 11:49:14,151 - plugin_manager.py:175 - INFO - Initializing action plugin log_events 2023-08-21 11:49:14,151 - eventlogfile_action.py:19 - INFO - Initialized action log_events with log file path /var/log/sshlog/event.log 2023-08-21 11:49:14,153 - plugin_manager.py:162 - INFO - Initializing event plugin stream_terminal 2023-08-21 11:49:14,153 - plugin_manager.py:167 - INFO - Initializing filter plugin ignore_existing_logins 2023-08-21 11:49:14,153 - plugin_manager.py:175 - INFO - Initializing action plugin log_all_sessions 2023-08-21 11:49:14,153 - sessionlog_action.py:53 - INFO - Initialized action log_all_sessions with log directory /var/log/sshlog/sessions/
My configuration:
# uname -a Linux cerberus 5.15.44-Re4son-v8l+ #1 SMP PREEMPT Debian kali-pi (2022-07-03) aarch64 GNU/Linux # ssh -V OpenSSH_9.3p2 Debian-1, OpenSSL 3.0.9 30 May 2023
Installed sshlog according to instructions. Try to start the daemon and it fails with SEGV (segmentation fault)
Checked the
/var/log/sshlog/sshlogd.log
but no failures there.My configuration: