[Bug 276777] Enabling BSM/audit security can prevent root login
Date: Tue, 06 Feb 2024 00:33:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276777 --- Comment #1 from Tim Hogard <thogard@abnormal.com> --- It appears this was due to older flags in /etc/security/audit_control If the old Solaris flags were added, specifically ua and pm, and since they aren't in /etc/security/audit_class, the audit mask isn't created and since it isn't created, root can't log in on the console. I think the login code should allow root to login in the case of a bad (or undefined) audit mask to prevent being locked out of a system. Perhaps the old Sun masks should be added to audit_class as: 0x00000000:ua:obsolete user administration class 0x00000000:pm:obsolete process modify class If someone else runs into this the fix is 1) fix the flags: in audit_control or 2) add the missing classes to audit_class as zeros and ensure the events you needed audited are in the flags: line This applies between 14.0 back to at least 11.X. -- You are receiving this mail because: You are the assignee for the bug.