pam_abl install errors

[[0cc]Vince]

Hello, I am running SuSE 10.3 and am trying to install the pam module known as pam_abl (auto black lister). I have downloaded and extracted the files but when I try to do a "make install" I get a bunch of errors. I have edited the makefile with what I believe is the correct configuration, but there is barely any documentation on how to install this module.

Here is the makefile dir settings I have:

Code:

CFLAGS=-Wall -fPIC
PAMDIR=/lib/security
CONFDIR=/etc/security
DBDIR=/var/lib/abl
LIBS=-ldb -lpthread
MODULE=pam_abl.so
OBJ=pam_abl.o log.o config.o rule.o
SUBDIRS=tools

And here is the output after a make install:

Code:

cc -Wall -fPIC   -c -o pam_abl.o pam_abl.c
In file included from pam_abl.c:53:
pam_abl.h:53:34: error: security/pam_modules.h: No such file or directory
In file included from pam_abl.c:53:
pam_abl.h:85: error: expected specifier-qualifier-list before ‘pam_handle_t’
pam_abl.h:120: error: expected ‘)’ before ‘*’ token
pam_abl.h:121: error: expected ‘)’ before ‘*’ token
pam_abl.c: In function ‘record_host’:
pam_abl.c:167: error: ‘abl_args’ has no member named ‘host_db’
pam_abl.c:171: warning: implicit declaration of function ‘pam_get_item’
pam_abl.c:171: error: ‘abl_args’ has no member named ‘pamh’
pam_abl.c:171: error: ‘PAM_RHOST’ undeclared (first use in this function)
pam_abl.c:171: error: (Each undeclared identifier is reported only once
pam_abl.c:171: error: for each function it appears in.)
pam_abl.c:171: error: ‘PAM_SUCCESS’ undeclared (first use in this function)
pam_abl.c:176: error: ‘abl_args’ has no member named ‘host_db’
pam_abl.c:176: error: ‘abl_args’ has no member named ‘host_purge’
pam_abl.c:184: warning: control reaches end of non-void function
pam_abl.c: In function ‘record_user’:
pam_abl.c:187: error: ‘abl_args’ has no member named ‘user_db’
pam_abl.c:190: error: ‘abl_args’ has no member named ‘pamh’
pam_abl.c:190: error: ‘PAM_USER’ undeclared (first use in this function)
pam_abl.c:190: error: ‘PAM_SUCCESS’ undeclared (first use in this function)
pam_abl.c:195: error: ‘abl_args’ has no member named ‘user_db’
pam_abl.c:195: error: ‘abl_args’ has no member named ‘user_purge’
pam_abl.c:203: warning: control reaches end of non-void function
pam_abl.c: In function ‘check_host’:
pam_abl.c:285: error: ‘abl_args’ has no member named ‘host_db’
pam_abl.c:288: error: ‘abl_args’ has no member named ‘pamh’
pam_abl.c:288: error: ‘PAM_RHOST’ undeclared (first use in this function)
pam_abl.c:288: error: ‘PAM_SUCCESS’ undeclared (first use in this function)
pam_abl.c:294: error: ‘abl_args’ has no member named ‘host_db’
pam_abl.c:294: error: ‘abl_args’ has no member named ‘host_rule’
pam_abl.c:302: warning: control reaches end of non-void function
pam_abl.c: In function ‘check_user’:
pam_abl.c:305: error: ‘abl_args’ has no member named ‘user_db’
pam_abl.c:307: error: ‘abl_args’ has no member named ‘user_db’
pam_abl.c:307: error: ‘abl_args’ has no member named ‘user_rule’
pam_abl.c:311: warning: control reaches end of non-void function
pam_abl.c: In function ‘check_attempt’:
pam_abl.c:319: error: ‘abl_args’ has no member named ‘pamh’
pam_abl.c:319: error: ‘PAM_USER’ undeclared (first use in this function)
pam_abl.c:319: error: ‘PAM_SUCCESS’ undeclared (first use in this function)
pam_abl.c:324: error: ‘abl_args’ has no member named ‘pamh’
pam_abl.c:324: error: ‘PAM_SERVICE’ undeclared (first use in this function)
pam_abl.c: At top level:
pam_abl.c:342: error: expected ‘)’ before ‘*’ token
pam_abl.c:357: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘int’
pam_abl.c:394: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘int’
make: *** [pam_abl.o] Error 1

I did a search and there is no pam_modules.h file on my hard drive so maybe I need to install more packages, but I'm pretty sure I have the necessary PAM installation.
Thanks

[[0cc]Vince]

Ok, I think I fixed that problem by installing the PAM-devel package. But I am still able to brute force attack my machine from another even after configuration of /etc/security/pam_abl.conf and including
"auth required /lib/security/pam_abl.so config=/etc/security/pam_abl.conf" in /lib/pam.d/sshd

Here is the new output from a make install:

Code:

cc -Wall -fPIC   -c -o pam_abl.o pam_abl.c
cc -Wall -fPIC   -c -o log.o log.c
cc -Wall -fPIC   -c -o config.o config.c
cc -Wall -fPIC   -c -o rule.o rule.c
ld -x --shared -ldb -lpthread -o pam_abl.so pam_abl.o log.o config.o rule.o
install --mode=755 --strip pam_abl.so /lib/security
#install --mode=644 conf/pam_abl.conf /etc/security
install -d --mode=755 /var/lib/abl
for d in t tools ; do cd $d && make install && cd .. ; done
/bin/sh: line 0: cd: t: No such file or directory
make[1]: Entering directory `/root/pam_abl/tools'
cc -Wall   -c -o log.o log.c
cc -Wall   -c -o config.o config.c
cc -Wall   -c -o rule.o rule.c
cc -Wall   -c -o pam_abl.o pam_abl.c
cc -ldb -lpthread -o pam_abl log.o config.o rule.o pam_abl.o
install --mode=755 --strip pam_abl /usr/bin
make[1]: Leaving directory `/root/pam_abl/tools'

And here is the pam_abl.conf

Code:

# /etc/security/pam_abl.conf
# debug
host_db=/var/lib/abl/hosts.db
host_purge=2d
host_rule=*:6/1h,30/1d
user_db=/var/lib/abl/users.db
user_purge=2d
user_rule=!root:10/1h,30/1d

And here is the /etc/pam.d/sshd

Code:

#%PAM-1.0
auth	 requisite	pam_nologin.so
auth	 required  	pam_abl.so config=/etc/security/pam_abl.conf
auth     include        common-auth
account  include        common-account
password include        common-password
session	 required	pam_loginuid.so
session  include        common-session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session  optional	pam_resmgr.so fake_ttyname

I have SuSE Firewall2 running, maybe I need to change something there as well?