Hello, There was a bug reported to day that I think merits an email and/or discussion.
https://bugzilla.redhat.com/show_bug.cgi?id=695419 ================================= audisp-remote does > memset (&address, 0, sizeof(address)); > address.sin_family = htons(AF_INET); > address.sin_port = htons(config.local_port); > address.sin_addr.s_addr = htonl(INADDR_ANY); which shows in strace as > bind(3, {sa_family=0x200 /* AF_??? */, > sa_data="\0<\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0 For some reason the call still succeeds, but a correct invocation would not call htons on AF_INET. ================================ The reason it succeeds is because there is a matching mistake in auditd. So, what this means is that remote logging is not using IPv4, but something else. I committed a patch to fix this in trunk: https://fedorahosted.org/audit/changeset/505 This would cause new systems and old systems to not be able to talk to one another. Regarding RHEL, remote logging has been tech preview, meaning that its alpha code and likely buggy but available so you can see where this is heading. So, I think we can just change it to be correct. For Fedora, there is no tech preview and everything is supported...but it has a short life. However, what the code was doing is clearly wrong. So, I am thinking to fix this all the way back to F-13 if I can. Regarding other distributions...not sure what the support status is or how they would like to choose to solve this. Anyone have any thoughts on this? -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
