package logcheck 1.3.7ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

Bug #695124 reported by Mario Tomljenović on 2010-12-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
logcheck (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: logcheck

I wanted to install harden-nids (network intrusion detection system) package in Synaptic Package Manager, and installation failed.

ProblemType: Package
DistroRelease: Ubuntu 10.04
Package: logcheck 1.3.7ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-27.49-generic 2.6.32.26+drm33.12
Uname: Linux 2.6.32-27-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Tue Dec 28 20:44:07 2010
ErrorMessage: subprocess installed post-installation script returned error exit status 1
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
PackageArchitecture: all
SourcePackage: logcheck
Title: package logcheck 1.3.7ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

Loïc Minier (lool) wrote :

Setting up logtail (1.3.7ubuntu1) ...
Setting up logcheck (1.3.7ubuntu1) ...
Adding user logcheck to group adm
newaliases: fatal: open /etc/postfix/main.cf: No such file or directory
Password:
chfn: PAM authentication failed
dpkg: error processing logcheck (--configure):
 subprocess installed post-installation script returned error exit status 1

The first message:
newaliases: fatal: open /etc/postfix/main.cf: No such file or directory

seems to indicate that you have a broken newaliaes / postfix configuration (newaliases somehow tries to poke etc/postfix/main.cf which means newaliases is provided by postfix, but somehow it's not there). This would make sense is postfix was being installed in the same dpkg run, but it's not, so I suspect your setup might be broken there?

The second set of messages:
Password:
chfn: PAM authentication failed

suggests that you have a broken PAM configuration: the postinst calls chfn to set the real name of the account in the passwd database:
    chfn -f 'logcheck system account' logcheck
and the postinst runs as root; by default, etc/[pam.d/chfn contains:
auth sufficient pam_rootok.so
[...]
@include common-auth
@include common-account
@include common-session

so it should just accept to run chfn and not prompt you for a password; again, I'm puzzled, did you change your PAM configuration in some way?

No I didn´t change anything in PAM configuration.. I wrote my password there (which works always), and it said that PAM authentication failed. I even tried later to install logcheck in Terminal, but got the same output after writing my password in.

Loïc Minier (lool) wrote :

Then I personally have no idea; maybe you installed a package which changed some files like chfn to not be SUID root, or which changes PAM permissions

Well I installed Snort by these instructions:

http://www.snort.org/assets/158/Ubuntu-snortinstallguide2903.pdf

So now I have one more user on my Ubuntu system - Snort user. Maybe that is the problem?

Lou Ruppert (louferd) wrote :

It doesn't appear that this is a bug with logcheck, which is what this is filed under. It appears to be more of a support request. Is there anything more that can be done on it, or can it be closed?

I think it can be closed.

Loïc Minier (lool) on 2011-10-03
Changed in logcheck (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers