212728 – ports-mgmt/jailaudit: breaks when auditdistd is running

Bug 212728 - ports-mgmt/jailaudit: breaks when auditdistd is running

Summary: ports-mgmt/jailaudit: breaks when auditdistd is running

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-16 13:25 UTC by Xavier Garcia
Modified:	2017-03-05 11:01 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (cryx-ports)

Attachments
jailaudit patch (538 bytes, patch) 2016-09-16 13:25 UTC, Xavier Garcia	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Xavier Garcia 2016-09-16 13:25:18 UTC

Created attachment 174831 [details]
jailaudit patch

jailaudit fails when auditdistd is running in the server.

auditdistd creates several jails to isolate the processes in charge of transmitting the audit traces generated by auditd. These jails have a setup and naming convention that is not expected by jailaudit (namely, not having base installed), causing it to fail.

See https://wiki.freebsd.org/auditdistd for more information

Exemple of the execution in 10.3-RELEASE:

# jailaudit generate

Downloading a current audit database:
pkgng support enabled, using /usr/local/sbin/pkg version 1.8.7.

jexec: execvp: ls: No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: Unable to determine ABI
pkg: Cannot parse configuration file!
jexec: execvp: ls: No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: Unable to determine ABI
pkg: Cannot parse configuration file!
jexec: execvp: ls: No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: Unable to determine ABI
pkg: Cannot parse configuration file!
jexec: execvp: ls: No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: open(/bin/sh): No such file or directory
pkg: Unable to determine ABI
pkg: Cannot parse configuration file!


You can find attached a patch that only accesses the jails when '/var/db/pkg' exists.

Comment 1 cryx-freebsd 2016-09-20 08:08:05 UTC

Could you give me an example of the jls output while the audistd jails are running? I rather would like not to use /var/db/pkg as reference if a generate for a jail should be run.

Comment 2 Xavier Garcia 2016-09-20 08:34:05 UTC


Jailhost that is running auditdistd in sender mode (client)

   JID  IP Address      Hostname                            Path
     2  10.10.11.10     my-jail                            /usr/jails/my-jail
    43  -               auditdistd: sender (hostname)      /var/empty
    45  -               proto_tls client: tls://10.10.10.1 /var/empty


Server that is receiving all the auditd traces (server)

   JID  IP Address      Hostname                            Path

     2  -               auditdistd: sender (hostname)       /var/empty
     3  -               proto_tls client: tls://10.10.10.1  /var/empty
     5  -               proto_tls server                    /var/empty
     6  -               auditdistd: receiver (hostname)     /var/empty
     7  -               proto_tls server                    /var/empty
     6  -               auditdistd: receiver (client1)      /var/empty
     7  -               proto_tls server                    /var/empty
     8  -               auditdistd: receiver (client2)      /var/empty
     9  -               proto_tls server                    /var/empty
    10  -               auditdistd: receiver (client3)      /var/empty
    11  -               proto_tls server                    /var/empty
    12  -               auditdistd: receiver (client4)      /var/empty
    13  -               proto_tls server                    /var/empty

Comment 3 cryx-freebsd 2016-09-20 09:48:56 UTC

Will be fixed in version 1.5.2, jailaudit will ignore jails with root path /var/empty

see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212847

Comment 4 Xavier Garcia 2016-09-20 13:01:04 UTC

I have tested the new version in the lab and it works fine with the exception of the newly installed servers, that don't have jails running yet. In this case, we only have auditdistd jails running.

 # jls
   JID  IP Address      Hostname                      Path
     8  -               auditdistd: sender (hostname) /var/empty
     9  -               proto_tls client: tls://10.30 /var/empty 

# jailaudit generate

Downloading a current audit database:
pkgng support enabled, using /usr/local/sbin/pkg version 1.8.7.

cat: /usr/local/jailaudit/tmp/_jailaudit_allports: No such file or directory



The error seems to happen in line 80. The the JLS function returns an empty list (because we don't have jails running) and line 83 is expecting the temporary file with the list of ports to exists.

Comment 5 cryx-freebsd 2016-09-22 12:20:16 UTC

Will be fixed in 1.5.2 too.

Comment 6 Martin Wilke freebsd_committer

2017-03-05 11:01:58 UTC

Hi, 

1.5.2 is in ports.