From owner-freebsd-current@FreeBSD.ORG Sat Nov 18 17:22:00 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 963CE16A415; Sat, 18 Nov 2006 17:22:00 +0000 (UTC) (envelope-from csjp@FreeBSD.ORG) Received: from ems01.seccuris.com (ems01.seccuris.com [204.112.0.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9458043D53; Sat, 18 Nov 2006 17:21:47 +0000 (GMT) (envelope-from csjp@FreeBSD.ORG) Received: from [10.8.0.2] (unknown [10.8.0.2]) by ems01.seccuris.com (Postfix) with ESMTP id 46D2E462E5C; Sat, 18 Nov 2006 12:22:30 -0600 (CST) Message-ID: <455F4120.4060607@FreeBSD.ORG> Date: Sat, 18 Nov 2006 11:21:36 -0600 From: "Christian S.J. Peron" User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025) MIME-Version: 1.0 To: Andrew Thompson , current@freebsd.org References: <20061116232450.GA16087@heff.fud.org.nz> In-Reply-To: <20061116232450.GA16087@heff.fud.org.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: audit records X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2006 17:22:00 -0000 Andrew, 'localhost' does not resolve to 127.0.0.1 by default, instead it will resolve to ::1 (IPv6). Currently, we are using just a regular subject token which only supports IPv4 tokens, when we should be using subject_ex which allows us to have an IPv6 address for termid. I have some patches that add support for extended subject tokens in the kernel, but there are a few bugs to work through yet, but I am optimistic we can remedy this soon. Thanks! Andrew Thompson wrote: > Hi, > > > I thought i'd try out the new audit system and simulate an invalid login. > I was suprised to see that ssh connections to localhost show up as > 255.255.255.255, is this an error? > > % ssh df@localhost > header,94,10,OpenSSH login,0,Fri Nov 17 12:16:44 2006, + 100 msec > subject,-1,-1,-1,-1,-1,1378,1378,60666,255.255.255.255 > text,invalid user name "df" > return,failure : No such process,4294967295 > trailer,94 > > % ssh df@192.168.0.182 > header,95,10,OpenSSH login,0,Fri Nov 17 12:17:26 2006, + 892 msec > subject,-1,-1,-1,-1,-1,1385,1385,58511,192.168.0.182 > text,invalid user name "df" > return,failure : No such process,4294967295 > trailer,95 > > > > Andrew > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > > >