Bug#635202: auditd: cannot bind tcp listener socket

John Feuerstein Sat, 23 Jul 2011 11:45:18 -0700

Package: auditd
Version: 1.7.13-1.2
Severity: important
Tags: patch

Setting tcp_listen_port in /etc/audit/auditd.conf to listen for audit
records from remote systems results in auditd failing to start:


# auditd -f
...
Init complete, auditd 1.7.13 listening for events (startup state enable)
Cannot bind tcp listener socket to port 60
The audit daemon is exiting.


Looking at the strace:

bind(6, {sa_family=0x200 /* AF_??? */,
sa_data="\0<\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = -1 EAFNOSUPPORT (Address
family not supported by protocol)


This trivial patch fixes it (as well as the same error in audisp-remote):

diff --git a/audisp/plugins/remote/audisp-remote.c 
b/audisp/plugins/remote/audisp-remote.c
index e6af791..69eb081 100644
--- a/audisp/plugins/remote/audisp-remote.c
+++ b/audisp/plugins/remote/audisp-remote.c
@@ -816,7 +816,7 @@ static int init_sock(void)
                struct sockaddr_in address;
                
                memset (&address, 0, sizeof(address));
-               address.sin_family = htons(AF_INET);
+               address.sin_family = AF_INET;
                address.sin_port = htons(config.local_port);
                address.sin_addr.s_addr = htonl(INADDR_ANY);
 
diff --git a/src/auditd-listen.c b/src/auditd-listen.c
index a58e9d4..5546afb 100644
--- a/src/auditd-listen.c
+++ b/src/auditd-listen.c
@@ -819,7 +819,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct 
daemon_conf *config )
                        (char *)&one, sizeof (int));
 
        memset (&address, 0, sizeof(address));
-       address.sin_family = htons(AF_INET);
+       address.sin_family = AF_INET;
        address.sin_port = htons(config->tcp_listen_port);
        address.sin_addr.s_addr = htonl(INADDR_ANY);


Note that this was fixed upstream starting with version 2.1.1:
https://fedorahosted.org/audit/changeset/505
 

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages auditd depends on:
ii  libaudit0             1.7.13-1.2         Dynamic library for security audit
ii  libc6                 2.13-10            Embedded GNU C Library: Shared lib
ii  libgssapi-krb5-2      1.9.1+dfsg-1+b1    MIT Kerberos runtime libraries - k
ii  libkrb5-3             1.9.1+dfsg-1+b1    MIT Kerberos runtime libraries
ii  libwrap0              7.6.q-21           Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-27             Linux Standard Base 3.2 init scrip

auditd recommends no packages.

Versions of packages auditd suggests:
ii  audispd-plugins       1.7.13-1.2         Plugins for the audit event dispat

-- 
John Feuerstein <[email protected]>



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Bug#635202: auditd: cannot bind tcp listener socket

Reply via email to