Archive

Splunk LEA - opsec_pull_cert issue

Path Finder

I've followed the documentation and I've arrived at this stage many times but can't figure it out. I'm not much of *nix expert so I'm hoping it's something others will find simple.

My configuration is Splunk 5.0.3 (tried both i686 and x86_64) on CentOS 6.4 (x86_64).
I've installed pam.i686 and glibc.i686

The error I'm getting is:
./opsec_pull_cert: error while loading shared libraries: libcpc++-libc6.1-2.so.3: cannot open shared object file: No such file or directory

I found this ancient post at CP site but get "Segmentation Fault" when I create the symbolic link.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Any help at this point will be godsend.

  • Costas
Tags (2)
1 Solution

Splunk Employee
Splunk Employee

libcpc++-libc6.1-2.so.3 is shipped with the APP.
Check the bin directory to ensure is it available.

/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin

[root@ChubbybunnyCentOS bin]# ls -lhtr libcpc++-libc6.1-2.so.3 ; md5sum libcpc++-libc6.1-2.so.3
-rwxr-xr-x. 1 root root 1.3M May 20 11:32 libcpc++-libc6.1-2.so.3
2bf1dc1686785a300e12bb72ac08d4ad libcpc++-libc6.1-2.so.3

View solution in original post

Communicator

You need to use the 32bit version of libpam and other libraries like :

sudo apt-get install libstdc++6:i386 libgcc1:i386 libc6-i386 libpam-modules:i386

On Debian 7, if you're unable to install 32-bit packages, the reason is because newer Debian distributions need to enable the installation of i386 packages on amd64 systems. Use the following command to enable installation of i386 packages:

sudo dpkg --add-architecture i386
sudo apt-get update

After enabling i386 package installation on amd64 systems, execute the following command to install all required packages:

sudo apt-get install libstdc++6:i386 libgcc1:i386 libc6-i386 libpam-modules:i386
0 Karma

Path Finder

This solution worked for me -

Download these libraries in /lib dir
libpamc.so.0.82.1
libpam_misc.so.0.82.0
libpam.so.0.82.2
libaudit.so.1.0.0

Create Symbolic lync
ln -s libpamc.so.0.82.1 libpamc.so.0
ln -s libpam_misc.so.0.82.0 libpam_misc.so.0
ln -s libpam.so.0.82.2 libpam.so.0
ln -s libaudit.so.1.0.0 libaudit.so.1

check ls -al in /lib dir

lrwxrwxrwx 1 root root 17 Aug 21 16:15 libpamc.so.0 -> libpamc.so.0.82.1
-rwxr-xr-x 1 root root 13764 Aug 21 16:11 libpamc.so.0.82.1
lrwxrwxrwx 1 root root 21 Aug 21 16:18 libpam_misc.so.0 -> libpam_misc.so.0.82.0
-rwxr-xr-x 1 root root 9704 Aug 21 16:11 libpam_misc.so.0.82.0
lrwxrwxrwx 1 root root 16 Aug 21 16:18 libpam.so.0 -> libpam.so.0.82.2
-rwxr-xr-x 1 root root 50816 Aug 21 16:12 libpam.so.0.82.2
lrwxrwxrwx 1 root root 17 Aug 21 16:29 libaudit.so.1 -> libaudit.so.1.0.0
-rwxr-xr-x 1 root root 112224 Aug 21 16:27 libaudit.so.1.0.0

0 Karma

Splunk Employee
Splunk Employee

I got the same error as Jason with the libcpc++ library not found, and fixed by using the ln -s to the library that comes with the apps. Now when I run the pullcert.sh, i got the following error :

../opsec-tools/opsec_pull_cert: error while loading shared libraries: libpam.so.0: cannot open shared object file: No such file or directory

Any suggestion ?

Paul

0 Karma

Splunk Employee
Splunk Employee

In addition to the libc, you probably also need to link or install to libpamc. Per the documentation, these are required: http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements#Linux

0 Karma

Motivator

I got this to work today by using the library in the app:

ln -s /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/libcpc++-libc6.1-2.so.3 /lib/libcpc++-libc6.1-2.so.3

See my recent answer for other libraries necessary on ubuntu/debian: http://answers.splunk.com/answers/82392/checkpoint-opsec-lea-client-script/107439

Path Finder

Thank you! I copied this to /usr/lib and the command ran successfully!

0 Karma

Splunk Employee
Splunk Employee

libcpc++-libc6.1-2.so.3 is shipped with the APP.
Check the bin directory to ensure is it available.

/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin

[root@ChubbybunnyCentOS bin]# ls -lhtr libcpc++-libc6.1-2.so.3 ; md5sum libcpc++-libc6.1-2.so.3
-rwxr-xr-x. 1 root root 1.3M May 20 11:32 libcpc++-libc6.1-2.so.3
2bf1dc1686785a300e12bb72ac08d4ad libcpc++-libc6.1-2.so.3

View solution in original post

Path Finder

This file existed for me...
But I still needed to install the pam module.
https://answers.splunk.com/answers/108996/error-while-configuring-check-point-opsec-lea-linux-app.ht...

0 Karma

Path Finder
0 Karma

Splunk Employee
Splunk Employee

are you using the Splunk> Technology Add-on for Check Point OPSEC LEA?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!