Package: auditd Version: 1.7.13-1.2 Severity: important Tags: patch Setting tcp_listen_port in /etc/audit/auditd.conf to listen for audit records from remote systems results in auditd failing to start:
# auditd -f ... Init complete, auditd 1.7.13 listening for events (startup state enable) Cannot bind tcp listener socket to port 60 The audit daemon is exiting. Looking at the strace: bind(6, {sa_family=0x200 /* AF_??? */, sa_data="\0<\0\0\0\0\0\0\0\0\0\0\0\0"}, 16) = -1 EAFNOSUPPORT (Address family not supported by protocol) This trivial patch fixes it (as well as the same error in audisp-remote): diff --git a/audisp/plugins/remote/audisp-remote.c b/audisp/plugins/remote/audisp-remote.c index e6af791..69eb081 100644 --- a/audisp/plugins/remote/audisp-remote.c +++ b/audisp/plugins/remote/audisp-remote.c @@ -816,7 +816,7 @@ static int init_sock(void) struct sockaddr_in address; memset (&address, 0, sizeof(address)); - address.sin_family = htons(AF_INET); + address.sin_family = AF_INET; address.sin_port = htons(config.local_port); address.sin_addr.s_addr = htonl(INADDR_ANY); diff --git a/src/auditd-listen.c b/src/auditd-listen.c index a58e9d4..5546afb 100644 --- a/src/auditd-listen.c +++ b/src/auditd-listen.c @@ -819,7 +819,7 @@ int auditd_tcp_listen_init ( struct ev_loop *loop, struct daemon_conf *config ) (char *)&one, sizeof (int)); memset (&address, 0, sizeof(address)); - address.sin_family = htons(AF_INET); + address.sin_family = AF_INET; address.sin_port = htons(config->tcp_listen_port); address.sin_addr.s_addr = htonl(INADDR_ANY); Note that this was fixed upstream starting with version 2.1.1: https://fedorahosted.org/audit/changeset/505 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages auditd depends on: ii libaudit0 1.7.13-1.2 Dynamic library for security audit ii libc6 2.13-10 Embedded GNU C Library: Shared lib ii libgssapi-krb5-2 1.9.1+dfsg-1+b1 MIT Kerberos runtime libraries - k ii libkrb5-3 1.9.1+dfsg-1+b1 MIT Kerberos runtime libraries ii libwrap0 7.6.q-21 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip auditd recommends no packages. Versions of packages auditd suggests: ii audispd-plugins 1.7.13-1.2 Plugins for the audit event dispat -- John Feuerstein <j...@feurix.com> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org