Date: Sat, 18 Nov 2006 11:21:36 -0600 From: "Christian S.J. Peron" <csjp@FreeBSD.ORG> To: Andrew Thompson <thompsa@freebsd.org>, current@freebsd.org Subject: Re: audit records Message-ID: <455F4120.4060607@FreeBSD.ORG> In-Reply-To: <20061116232450.GA16087@heff.fud.org.nz> References: <20061116232450.GA16087@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew, 'localhost' does not resolve to 127.0.0.1 by default, instead it will resolve to ::1 (IPv6). Currently, we are using just a regular subject token which only supports IPv4 tokens, when we should be using subject_ex which allows us to have an IPv6 address for termid. I have some patches that add support for extended subject tokens in the kernel, but there are a few bugs to work through yet, but I am optimistic we can remedy this soon. Thanks! Andrew Thompson wrote: > Hi, > > > I thought i'd try out the new audit system and simulate an invalid login. > I was suprised to see that ssh connections to localhost show up as > 255.255.255.255, is this an error? > > % ssh df@localhost > header,94,10,OpenSSH login,0,Fri Nov 17 12:16:44 2006, + 100 msec > subject,-1,-1,-1,-1,-1,1378,1378,60666,255.255.255.255 > text,invalid user name "df" > return,failure : No such process,4294967295 > trailer,94 > > % ssh df@192.168.0.182 > header,95,10,OpenSSH login,0,Fri Nov 17 12:17:26 2006, + 892 msec > subject,-1,-1,-1,-1,-1,1385,1385,58511,192.168.0.182 > text,invalid user name "df" > return,failure : No such process,4294967295 > trailer,95 > > > > Andrew > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?455F4120.4060607>