Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-5982: Executing shell command from within FTP results in a warning message about missing shell and Direct Audit emergency shell is executed instead

Centrify DirectAudit ,  

12 April,16 at 11:44 AM

Applies to: Centrify DirectAudit 2.0.2 on Solaris OS

Problem:
Warning message about missing shell and Direct Audit emergency shell is executed instead occurs when running shell scripts in FTP session:


bash-3.2$ ftp
ftp> !env
DirectAudit worked out that your shell is /sh, but this file is not executable by you, as this is not a login session, or you are root, DirectAudit is allowing you access using fallback shell: /bin/da.emergency.shell
DA_DASH_DEPTH=3
HOME=/export/home/frank12test
LOGNAME=frank12test
MAIL=/var/mail/frank12test
PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin
PWD=/export/home/frank12test
SHELL=/bin/sh
SHLVL=1
...


Cause:
In DirectAudit 2.0.2, this is because FTP erroneously passes shell path to Direct Audit audited shell (i.e.
cdash) as “/<shell>” which does not exist. The warning message is not an error and the FTP shell command is successfully executed.
This issue does not occur in DirectAudit 3.2.3 release because of the
architectural difference.

Workaround:
For each supported shell, create a soft link in the form of “
/<shell>” in the “/” directory to point to the real shell renamed by Direct Audit. For example for sh, create a soft link /sh to point to /usr/bin/sh.daudit.

eg.

bash-3.2# ln -s /sbin/sh.daudit /sh
bash-3.2# ls -al /sh
lrwxrwxrwx   1 root     root          15 Dec  8 17:24 /sh -> /sbin/sh.daudit
bash-3.2# ftp
ftp> !env
DA_DASH_DEPTH=3
HOME=/
LOGNAME=root
MAIL=/var/mail/root
OLDPWD=/sbin
PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin
PWD=/
SHELL=/sbin/sh
SHLVL=1
...


Resolution:
Please upgrade the DirectAudit agent to 3.2.3 version or above.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.