Andrew, 'localhost' does not resolve to 127.0.0.1 by default, instead it will resolve to ::1 (IPv6). Currently, we are using just a regular subject token which only supports IPv4 tokens, when we should be using subject_ex which allows us to have an IPv6 address for termid. I have some patches that add support for extended subject tokens in the kernel, but there are a few bugs to work through yet, but I am optimistic we can remedy this soon. Thanks! Andrew Thompson wrote: > Hi, > > > I thought i'd try out the new audit system and simulate an invalid login. > I was suprised to see that ssh connections to localhost show up as > 255.255.255.255, is this an error? > > % ssh df_at_localhost > header,94,10,OpenSSH login,0,Fri Nov 17 12:16:44 2006, + 100 msec > subject,-1,-1,-1,-1,-1,1378,1378,60666,255.255.255.255 > text,invalid user name "df" > return,failure : No such process,4294967295 > trailer,94 > > % ssh df_at_192.168.0.182 > header,95,10,OpenSSH login,0,Fri Nov 17 12:17:26 2006, + 892 msec > subject,-1,-1,-1,-1,-1,1385,1385,58511,192.168.0.182 > text,invalid user name "df" > return,failure : No such process,4294967295 > trailer,95 > > > > Andrew > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" > > >Received on Sat Nov 18 2006 - 16:22:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:03 UTC