Deployment Architecture

Splunk LEA - opsec_pull_cert issue

clymbouris
Path Finder

I've followed the documentation and I've arrived at this stage many times but can't figure it out. I'm not much of *nix expert so I'm hoping it's something others will find simple.

My configuration is Splunk 5.0.3 (tried both i686 and x86_64) on CentOS 6.4 (x86_64).
I've installed pam.i686 and glibc.i686

The error I'm getting is:
./opsec_pull_cert: error while loading shared libraries: libcpc++-libc6.1-2.so.3: cannot open shared object file: No such file or directory

I found this ancient post at CP site but get "Segmentation Fault" when I create the symbolic link.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Any help at this point will be godsend.

  • Costas
Tags (2)
1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

libcpc++-libc6.1-2.so.3 is shipped with the APP.
Check the bin directory to ensure is it available.

/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin

[root@ChubbybunnyCentOS bin]# ls -lhtr libcpc++-libc6.1-2.so.3 ; md5sum libcpc++-libc6.1-2.so.3
-rwxr-xr-x. 1 root root 1.3M May 20 11:32 libcpc++-libc6.1-2.so.3
2bf1dc1686785a300e12bb72ac08d4ad libcpc++-libc6.1-2.so.3

View solution in original post

arber
Communicator

You need to use the 32bit version of libpam and other libraries like :

sudo apt-get install libstdc++6:i386 libgcc1:i386 libc6-i386 libpam-modules:i386

On Debian 7, if you're unable to install 32-bit packages, the reason is because newer Debian distributions need to enable the installation of i386 packages on amd64 systems. Use the following command to enable installation of i386 packages:

sudo dpkg --add-architecture i386
sudo apt-get update

After enabling i386 package installation on amd64 systems, execute the following command to install all required packages:

sudo apt-get install libstdc++6:i386 libgcc1:i386 libc6-i386 libpam-modules:i386
0 Karma

shaileshmali
Path Finder

This solution worked for me -

Download these libraries in /lib dir
libpamc.so.0.82.1
libpam_misc.so.0.82.0
libpam.so.0.82.2
libaudit.so.1.0.0

Create Symbolic lync
ln -s libpamc.so.0.82.1 libpamc.so.0
ln -s libpam_misc.so.0.82.0 libpam_misc.so.0
ln -s libpam.so.0.82.2 libpam.so.0
ln -s libaudit.so.1.0.0 libaudit.so.1

check ls -al in /lib dir

lrwxrwxrwx 1 root root 17 Aug 21 16:15 libpamc.so.0 -> libpamc.so.0.82.1
-rwxr-xr-x 1 root root 13764 Aug 21 16:11 libpamc.so.0.82.1
lrwxrwxrwx 1 root root 21 Aug 21 16:18 libpam_misc.so.0 -> libpam_misc.so.0.82.0
-rwxr-xr-x 1 root root 9704 Aug 21 16:11 libpam_misc.so.0.82.0
lrwxrwxrwx 1 root root 16 Aug 21 16:18 libpam.so.0 -> libpam.so.0.82.2
-rwxr-xr-x 1 root root 50816 Aug 21 16:12 libpam.so.0.82.2
lrwxrwxrwx 1 root root 17 Aug 21 16:29 libaudit.so.1 -> libaudit.so.1.0.0
-rwxr-xr-x 1 root root 112224 Aug 21 16:27 libaudit.so.1.0.0

0 Karma

ppang
Splunk Employee
Splunk Employee

I got the same error as Jason with the libcpc++ library not found, and fixed by using the ln -s to the library that comes with the apps. Now when I run the pullcert.sh, i got the following error :

../opsec-tools/opsec_pull_cert: error while loading shared libraries: libpam.so.0: cannot open shared object file: No such file or directory

Any suggestion ?

Paul

0 Karma

araitz
Splunk Employee
Splunk Employee

In addition to the libc, you probably also need to link or install to libpamc. Per the documentation, these are required: http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements#Linux

0 Karma

Jason
Motivator

I got this to work today by using the library in the app:

ln -s /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/libcpc++-libc6.1-2.so.3 /lib/libcpc++-libc6.1-2.so.3

See my recent answer for other libraries necessary on ubuntu/debian: http://answers.splunk.com/answers/82392/checkpoint-opsec-lea-client-script/107439

clymbouris
Path Finder

Thank you! I copied this to /usr/lib and the command ran successfully!

0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

libcpc++-libc6.1-2.so.3 is shipped with the APP.
Check the bin directory to ensure is it available.

/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin

[root@ChubbybunnyCentOS bin]# ls -lhtr libcpc++-libc6.1-2.so.3 ; md5sum libcpc++-libc6.1-2.so.3
-rwxr-xr-x. 1 root root 1.3M May 20 11:32 libcpc++-libc6.1-2.so.3
2bf1dc1686785a300e12bb72ac08d4ad libcpc++-libc6.1-2.so.3

willamwar
Path Finder

This file existed for me...
But I still needed to install the pam module.
https://answers.splunk.com/answers/108996/error-while-configuring-check-point-opsec-lea-linux-app.ht...

0 Karma

clymbouris
Path Finder
0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

are you using the Splunk> Technology Add-on for Check Point OPSEC LEA?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...