[BlueOnyx:06739] Re: [bluequartz] Re: cced gone wild

[Michael Aronoff]

Sorry I am late to this thread, but I was not sure at first if my problem
and yours were related.

I had a similar problem that turned out to be related to pam_abl. It seemed
that pam_abl was not purging it's blacklist history properly so as it tried
to do its thing cce was hanging.

Your problem seems a little different but try the following anyway. It came
from Michael @ Solarspeed

As root and from the console run this command:

/etc/init.d/pam_abl status

It should show a list of blocked hosts and users and also the date and time
of the events. Check this output for two things:

a) You should see no error message that indicate a corruption of the PAM_ABL
database.

b) You should see no events older than say a week.

If you see events older than a week OR get an error message that indicates a
corruption of the PAM_ABL database. Like in the case that I had recently,
the corruption of the database no longer allowed removal of old records, so
the PAM_ABL lists got so long that the GUI literally choked on processing
and displaying them.

To fix this issue run these two commands:

rm /var/lib/abl/hosts.db
rm /var/lib/abl/users.db

That will delete the PAM_ABL databases. They will get recreated
automatically, so no worries there. 

Then restart CCEd for good measure and check the PAM_ABL blocks again in the
GUI: 
/etc/init.d/cced.init restart
(this part is important!, cced is not updated about the fix until after it
tries to sync with the pam_abl database, so go to the GUI , under security,
failed logins. It might take a moment to come up, that is cced syncing to
the now empty pam_abl)

I had corrupted pam_abl databases on 3 out of 4 of my BX servers. This fixed
them right up.

Hope it helps you.

M Aronoff Out