Cron audit problem in Solaris 8

Mr.AIX · September 26, 2010, 1:55am

cron audit problem. job failed
I�m getting problem with crontab in Solaris 8

Crontab stop and is not running for all the cron jobs

under cat /var/cron/log
> CMD: /var/sh/go.sh
> root 24835 c Sun Sep 26 08:06:00 2010
< root 24835 c Sun Sep 26 08:06:00 2010 rc=1
! cron audit problem. job failed (/var/sh/go.sh) for user root Sun Sep 26 08:07:00 2010

Pls your kind help in this issue ..

citaylor · September 26, 2010, 3:41am

An email should have been sent to the user who executed the script.
However, from your logs it seems that there is a space after "/var" in the script path.
(/var<space>/sh/go.sh) which would be my guess at the issue

Mr.AIX · September 27, 2010, 3:04am

Space is not the issue , space came when I copied it here!

I discovered it

I discovered the reason of cron audit problem. job failed

Reason is :

With auditing on there's an additional file /var/spool/cron/crontab/root.au that crond uses to set the audit flags. If you run the crontab command when you're logged into the system in a way that can't be properly audited, like via ssh, the values in root.au are set wrong and your cron jobs will fail.

To avoid the crontab interruption

Log into the console and run crontab -e then save it and all should work fine ..

Our main issue:

Our main issue why there is conflicting between crontab , auditing and ssh

I'm still investigating any one has idea in this regard , Pls advice �

.

citaylor · September 27, 2010, 3:28am

I have come across this issue with Solaris auditing and crontabs before (there is actually a Sun bug opened for it, but I believe they never fixed it).

The latest openssh and Solaris sshd packages have a fix to add the correct auditing API calls to setup the audit session, so I would recommend updating your sshd to newer code (probably a good idea anyway for security reasons as the bug was reported 9 years ago!).

In the meantime, there is a workaround, which is detailed here:
http://www.unix.com/solaris/18160-ssh-crontab-bug.html

I hope this helps.

Mr.AIX · September 29, 2010, 2:08am

based on the below

------------------------------------
for all those replied,
The case had been resolved by setting the (UseLogin) parameter in (/etc/sshd_config) to yes, then Re-Editing the Cron by (cron -e).
From this link: ssh & crontab bug
------------------------------------

I have changed the UseLogin to yes under /etc/sshd_config and I stoped and re started the ssh deamon

Now I'm facing another issue I can not login to the server by ssh !

Any advice �

citaylor · September 29, 2010, 2:26am

Have you tried running your sshd with debug on and see what is displayed ? This may help with debugging the login issue.

Alternatively, Go to Sunfreeware - Free and Open Source Software (FOSS) for Sun Microsystem's Solaris click on your given architecture on the right light and download openssh and its dependant packages (openssl, zlib, libgcc) and install them. This will give you a bang up-to-date openssh, openssl (which again is good because of security issues) and will work fine with Solaris BSM.

Or, contact Sun support and ask them for the latest SUWssh - I believe they have made fixes in the past, which probably update the ssh code for your architecture.

I hope this helps.