Thursday, July 18, 2024

Duo Linux Ubuntu Configuration

Configuring Ubuntu for the Duo Linux integration.

Reference link
https://duo.com/docs/duounix#pam-examples
https://www.youtube.com/watch?v=vhCtmJFXe3I

1.
sudo apt-get update
2.
wget --content-disposition https://dl.duosecurity.com/duo_unix-latest.tar.gz
3.
apt-get install libssl-dev
sudo apt-get install libssl-dev

4.
apt-get install libpam-dev
sudo apt-get install libpam-dev

5.
sudo apt update
sudo apt install build-essential
sudo gcc --version

6.
$ tar zxf duo_unix-latest.tar.gz
tar zxf duo_unix-2.0.3.tar.gz

7.
 $ cd duo_unix-2.0.3
./configure --with-pam --prefix=/usr && make && sudo make install

8.
cd /etc/duo/
sudo vi pam_duo.conf 

edit pam_duo.conf (in /etc/duo or /etc/security)

[duo]
; Duo integration key
ikey = DI289WCUX0ARRH450AZK
; Duo secret key
skey = LqIuXQ58jWnWWLsoOnwXZTDmBJ24i1EULZu0Z8ZZ
; Duo API host
host = api-3af8e141.duosecurity.com
autopush = yes
; `failmode = safe` In the event of errors with this configuration file or connection to the Duo service
; this mode will allow login without 2FA.
; `failmode = secure` This mode will deny access in the above cases. Misconfigurations with this setting
; enabled may result in you being locked out of your system.
failmode = safe
; Send command for Duo Push authentication
;pushinfo = yes

9.
sudo vi /etc/pam.d/common-auth

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
#auth   [success=1 default=ignore]      pam_unix.so nullok
auth    requisite       pam_unix.so     nullok_secure
auth    [success=1 default=ignore]      pam_duo.so
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so

# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional                        pam_cap.so
# end of pam-auth-update config

10. Troubleshooting
taka@ubuntu-1:/etc/duo$ tail -f /var/log/auth.log

Jul 18 02:11:29 ubuntu-1 sshd[3987835]: pam_unix(sshd:session): session closed for user taka
Jul 18 02:11:29 ubuntu-1 systemd-logind[891]: Session 2904 logged out. Waiting for processes to exit.
Jul 18 02:11:29 ubuntu-1 systemd-logind[891]: Removed session 2904.
Jul 18 02:13:23 ubuntu-1 sudo: PAM unable to dlopen(pam_duo.so): /lib/security/pam_duo.so: cannot open shared object file: No such file or directory
Jul 18 02:13:23 ubuntu-1 sudo: PAM adding faulty module: pam_duo.so
Jul 18 02:13:23 ubuntu-1 sudo:     taka : TTY=pts/0 ; PWD=/etc/duo ; USER=root ; COMMAND=/usr/bin/vi /etc/pam.d/common-auth
Jul 18 02:13:23 ubuntu-1 sudo: pam_unix(sudo:setcred): unrecognized option [nullock_secure]
Jul 18 02:13:23 ubuntu-1 sudo: pam_unix(sudo:session): session opened for user root by taka(uid=0)
Jul 18 02:13:35 ubuntu-1 sudo: pam_unix(sudo:session): session closed for user root
Jul 18 02:13:35 ubuntu-1 sudo: pam_unix(sudo:setcred): unrecognized option [nullock_secure]
Jul 18 02:13:41 ubuntu-1 sshd[3988022]: PAM unable to dlopen(pam_duo.so): /lib/security/pam_duo.so: cannot open shared object file: No such file or directory
Jul 18 02:13:41 ubuntu-1 sshd[3988022]: PAM adding faulty module: pam_duo.so
Jul 18 02:13:43 ubuntu-1 sshd[3988022]: pam_unix(sshd:auth): unrecognized option [nullock_secure]
Jul 18 02:13:45 ubuntu-1 sshd[3988022]: Failed password for taka from 192.168.2.249 port 63911 ssh2
Jul 18 02:13:59 ubuntu-1 sshd[3988022]: error: Received disconnect from 192.168.2.249 port 63911:13: The user canceled authentication.  [preauth]
Jul 18 02:13:59 ubuntu-1 sshd[3988022]: Disconnected from authenticating user taka 192.168.2.249 port 63911 [preauth]                                                    


taka@ubuntu-1:/etc/duo$ find ~/ pam_duo.so | grep pam_duo.so
/home/taka/duo_unix-2.0.3/pam_duo/.libs/pam_duo.so

taka@ubuntu-1:/lib$ sudo mkdir security
taka@ubuntu3:/lib$ cd security

taka@ubuntu3:/lib/security$ sudo cp /home/taka/duo_unix-2.0.3/pam_duo/.libs/pam_duo.so pam_duo.so

taka@ubuntu-1:/etc/duo$ tail -f /var/log/auth.log
Jul 18 02:28:10 ubuntu-1 sshd[3988427]: Aborted Duo login for 'taka' from 192.168.2.249: Error gathering user response
Jul 18 02:28:12 ubuntu-1 sshd[3988427]: Failed password for taka from 192.168.2.249 port 64939 ssh2
Jul 18 02:28:36 ubuntu-1 sshd[3988427]: starting Duo Unix: PAM Duo
Jul 18 02:28:36 ubuntu-1 sshd[3988427]: pam_duo(sshd:auth): conversation failed
Jul 18 02:28:36 ubuntu-1 sshd[3988427]: Aborted Duo login for 'taka' from 192.168.2.249: Error gathering user response
Jul 18 02:28:39 ubuntu-1 sshd[3988427]: Failed password for taka from 192.168.2.249 port 64939 ssh2
Jul 18 02:28:41 ubuntu-1 sshd[3988427]: Connection closed by authenticating user taka 192.168.2.249 port 64939 [preauth]
Jul 18 02:31:12 ubuntu-1 sudo:     taka : TTY=pts/0 ; PWD=/etc/duo ; USER=root ; COMMAND=/usr/bin/vi pam_duo.conf
Jul 18 02:31:12 ubuntu-1 sudo: pam_unix(sudo:session): session opened for user root by taka(uid=0)
Jul 18 02:32:01 ubuntu-1 sudo: pam_unix(sudo:session): session closed for user root
Jul 18 02:32:15 ubuntu-1 sshd[3988567]: starting Duo Unix: PAM Duo
Jul 18 02:32:23 ubuntu-1 sshd[3988567]: Successful Duo login for 'taka' from 192.168.2.249
Jul 18 02:32:23 ubuntu-1 sshd[3988567]: Accepted password for taka from 192.168.2.249 port 65196 ssh2
Jul 18 02:32:23 ubuntu-1 sshd[3988567]: pam_unix(sshd:session): session opened for user taka by (uid=0)
Jul 18 02:32:23 ubuntu-1 systemd-logind[891]: New session 2905 of user taka.


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Cisco Secure Access Docker

  sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.d...

  • Client Certificate
    https://amod-kadam.medium.com/how-to-set-up-private-ca-and-use-the-certificates-issued-by-private-ca-da55941c51ee Step1: Generate private ke...
  • Create SSH Key
    Reference link https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/create-with-openssh/ https://www.ssh.com/academy/ssh/putt...
  • ThousandEyes Troubleshooting Tools on Cisco Secure Access
    You can run the csc_te_diagnostics.exe application to generate the diagnostic file. The diagnostic bundle will be generated and saved on the...