root@linux:/home/vagrant# strace /vagrant/openbsm/bin/auditdistd/auditdistd -c /vagrant/auditdistd-sender.conf -F -dddddddddddd execve("/vagrant/openbsm/bin/auditdistd/auditdistd", ["/vagrant/openbsm/bin/auditdistd/"..., "-c", "/vagrant/auditdistd-sender.conf", "-F", "-dddddddddddd"], [/* 17 vars */]) = 0 brk(NULL) = 0x5571a660c000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d06ce4000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=21339, ...}) = 0 mmap(NULL, 21339, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f1d06cde000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\340\7\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=2686672, ...}) = 0 mmap(NULL, 4795968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d06631000 mprotect(0x7f1d06896000, 2093056, PROT_NONE) = 0 mmap(0x7f1d06a95000, 180224, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x264000) = 0x7f1d06a95000 mmap(0x7f1d06ac1000, 11840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d06ac1000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/x86_64-linux-gnu/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\211\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=442920, ...}) = 0 mmap(NULL, 2538392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d063c5000 mprotect(0x7f1d06427000, 2097152, PROT_NONE) = 0 mmap(0x7f1d06627000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x62000) = 0x7f1d06627000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pa\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=135440, ...}) = 0 mmap(NULL, 2212936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d061a8000 mprotect(0x7f1d061c0000, 2093056, PROT_NONE) = 0 mmap(0x7f1d063bf000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f1d063bf000 mmap(0x7f1d063c1000, 13384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d063c1000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\r\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=14640, ...}) = 0 mmap(NULL, 2109680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d05fa4000 mprotect(0x7f1d05fa7000, 2093056, PROT_NONE) = 0 mmap(0x7f1d061a6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f1d061a6000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\3\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1689360, ...}) = 0 mmap(NULL, 3795360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f1d05c05000 mprotect(0x7f1d05d9a000, 2097152, PROT_NONE) = 0 mmap(0x7f1d05f9a000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x195000) = 0x7f1d05f9a000 mmap(0x7f1d05fa0000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f1d05fa0000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d06cdc000 arch_prctl(ARCH_SET_FS, 0x7f1d06cdd500) = 0 mprotect(0x7f1d05f9a000, 16384, PROT_READ) = 0 mprotect(0x7f1d061a6000, 4096, PROT_READ) = 0 mprotect(0x7f1d063bf000, 4096, PROT_READ) = 0 mprotect(0x7f1d06a95000, 122880, PROT_READ) = 0 mprotect(0x7f1d06627000, 16384, PROT_READ) = 0 mprotect(0x5571a5876000, 4096, PROT_READ) = 0 mprotect(0x7f1d06ce7000, 4096, PROT_READ) = 0 munmap(0x7f1d06cde000, 21339) = 0 set_tid_address(0x7f1d06cdd7d0) = 6587 set_robust_list(0x7f1d06cdd7e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f1d061adbd0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f1d061b90c0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f1d061adc60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1d061b90c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 brk(NULL) = 0x5571a660c000 brk(0x5571a662d000) = 0x5571a662d000 open("/vagrant/auditdistd-sender.conf", O_RDONLY) = 3 ioctl(3, TCGETS, 0x7ffd3687d1b0) = -1 ENOTTY (Inappropriate ioctl for device) ioctl(3, TCGETS, 0x7ffd3687d1d0) = -1 ENOTTY (Inappropriate ioctl for device) fstat(3, {st_mode=S_IFREG|0644, st_size=268, ...}) = 0 read(3, "sender {\n\thost \"freebsd\" {\n\t\trem"..., 8192) = 268 read(3, "", 4096) = 0 read(3, "", 8192) = 0 ioctl(3, TCGETS, 0x7ffd3687c8f0) = -1 ENOTTY (Inappropriate ioctl for device) close(3) = 0 uname({sysname="Linux", nodename="linux", ...}) = 0 getpid() = 6587 fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 write(1, "(6587) [DEBUG][2] Configuration:"..., 33(6587) [DEBUG][2] Configuration: ) = 33 getpid() = 6587 write(1, "(6587) [DEBUG][2] Global:\n", 28(6587) [DEBUG][2] Global: ) = 28 getpid() = 6587 write(1, "(6587) [DEBUG][2] pidfile: /"..., 55(6587) [DEBUG][2] pidfile: /var/run/auditdistd.pid ) = 55 getpid() = 6587 write(1, "(6587) [DEBUG][2] timeout: 2"..., 34(6587) [DEBUG][2] timeout: 20 ) = 34 getpid() = 6587 write(1, "(6587) [DEBUG][2] Sender only,"..., 48(6587) [DEBUG][2] Sender only, not listening. ) = 48 getpid() = 6587 write(1, "(6587) [DEBUG][2] Hosts:\n", 27(6587) [DEBUG][2] Hosts: ) = 27 getpid() = 6587 write(1, "(6587) [DEBUG][2] name: free"..., 36(6587) [DEBUG][2] name: freebsd ) = 36 getpid() = 6587 write(1, "(6587) [DEBUG][2] role: se"..., 37(6587) [DEBUG][2] role: sender ) = 37 getpid() = 6587 write(1, "(6587) [DEBUG][2] version:"..., 35(6587) [DEBUG][2] version: 0 ) = 35 getpid() = 6587 write(1, "(6587) [DEBUG][2] localadd"..., 36(6587) [DEBUG][2] localaddr: ) = 36 getpid() = 6587 write(1, "(6587) [DEBUG][2] remotead"..., 56(6587) [DEBUG][2] remoteaddr: tls://192.168.10.11 ) = 56 getpid() = 6587 write(1, "(6587) [DEBUG][2] remote: "..., 38(6587) [DEBUG][2] remote: (nil) ) = 38 getpid() = 6587 write(1, "(6587) [DEBUG][2] director"..., 61(6587) [DEBUG][2] directory: /var/log/audit/auditdistd ) = 61 getpid() = 6587 write(1, "(6587) [DEBUG][2] compress"..., 39(6587) [DEBUG][2] compression: 0 ) = 39 getpid() = 6587 write(1, "(6587) [DEBUG][2] checksum"..., 36(6587) [DEBUG][2] checksum: 0 ) = 36 getpid() = 6587 write(1, "(6587) [DEBUG][2] pid: 0\n", 31(6587) [DEBUG][2] pid: 0 ) = 31 getpid() = 6587 write(1, "(6587) [DEBUG][2] conn: (n"..., 36(6587) [DEBUG][2] conn: (nil) ) = 36 rt_sigaction(SIGHUP, {sa_handler=SIG_DFL, sa_mask=[HUP], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d05c38030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d05c38030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTERM, {sa_handler=SIG_DFL, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d05c38030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGCHLD, {sa_handler=0x5571a565a160, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1d05c38030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [HUP INT TERM CHLD], NULL, 8) = 0 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1d06cdd7d0) = 6588 close(3) = 0 getpid() = 6587 write(1, "(6587) [INFO] Started successful"..., 36(6587) [INFO] Started successfully. ) = 36 rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) select(5, [4], NULL, NULL, {tv_sec=5, tv_usec=0}(6588) [DEBUG][1] [freebsd] (sender) Privileges successfully dropped using chroot+setgid+setuid. (6588) [INFO] [freebsd] (sender) Privileges successfully dropped. ) = 1 (in [4], left {tv_sec=4, tv_usec=994374}) rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) recvfrom(4, "\1\0", 2, MSG_WAITALL, NULL, NULL) = 2 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f1d06cdd7d0) = 6589 close(5) = 0 sendto(4, "\0\0", 2, MSG_NOSIGNAL, NULL, 0) = 2 sendto(4, "tls\0", 4, MSG_NOSIGNAL, NULL, 0) = 4 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[3]}], msg_controllen=24, msg_flags=0}, 0) = 0 close(3) = 0 rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) select(5, [4], NULL, NULL, {tv_sec=4, tv_usec=994374}(6589) [DEBUG][1] [TLS sandbox] (client) Privileges successfully dropped using chroot+setgid+setuid. (6589) [DEBUG][1] [TLS sandbox] (client) Privileges successfully dropped. ^Cstrace: Process 6587 detached root@linux:/home/vagrant# root@linux:/home/vagrant# strace /vagrant/openbsm/bin/auditdistd/auditdistd -c /vagrant/auditdistd-sender.conf -F -dddddddddddd execve("/vagrant/openbsm/bin/auditdistd/auditdistd", ["/vagrant/openbsm/bin/auditdistd/"..., "-c", "/vagrant/auditdistd-sender.conf", "-F", "-dddddddddddd"], [/* 17 vars */]) = 0 brk(NULL) = 0x5580695a4000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d7597000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=21339, ...}) = 0 mmap(NULL, 21339, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc6d7591000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\340\7\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=2686672, ...}) = 0 mmap(NULL, 4795968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc6d6ee4000 mprotect(0x7fc6d7149000, 2093056, PROT_NONE) = 0 mmap(0x7fc6d7348000, 180224, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x264000) = 0x7fc6d7348000 mmap(0x7fc6d7374000, 11840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc6d7374000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/x86_64-linux-gnu/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\211\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=442920, ...}) = 0 mmap(NULL, 2538392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc6d6c78000 mprotect(0x7fc6d6cda000, 2097152, PROT_NONE) = 0 mmap(0x7fc6d6eda000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x62000) = 0x7fc6d6eda000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pa\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=135440, ...}) = 0 mmap(NULL, 2212936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc6d6a5b000 mprotect(0x7fc6d6a73000, 2093056, PROT_NONE) = 0 mmap(0x7fc6d6c72000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7fc6d6c72000 mmap(0x7fc6d6c74000, 13384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc6d6c74000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\r\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=14640, ...}) = 0 mmap(NULL, 2109680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc6d6857000 mprotect(0x7fc6d685a000, 2093056, PROT_NONE) = 0 mmap(0x7fc6d6a59000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fc6d6a59000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\3\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1689360, ...}) = 0 mmap(NULL, 3795360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc6d64b8000 mprotect(0x7fc6d664d000, 2097152, PROT_NONE) = 0 mmap(0x7fc6d684d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x195000) = 0x7fc6d684d000 mmap(0x7fc6d6853000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc6d6853000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc6d758f000 arch_prctl(ARCH_SET_FS, 0x7fc6d7590500) = 0 mprotect(0x7fc6d684d000, 16384, PROT_READ) = 0 mprotect(0x7fc6d6a59000, 4096, PROT_READ) = 0 mprotect(0x7fc6d6c72000, 4096, PROT_READ) = 0 mprotect(0x7fc6d7348000, 122880, PROT_READ) = 0 mprotect(0x7fc6d6eda000, 16384, PROT_READ) = 0 mprotect(0x5580686ea000, 4096, PROT_READ) = 0 mprotect(0x7fc6d759a000, 4096, PROT_READ) = 0 munmap(0x7fc6d7591000, 21339) = 0 set_tid_address(0x7fc6d75907d0) = 6593 set_robust_list(0x7fc6d75907e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fc6d6a60bd0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc6d6a6c0c0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fc6d6a60c60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc6d6a6c0c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 brk(NULL) = 0x5580695a4000 brk(0x5580695c5000) = 0x5580695c5000 open("/vagrant/auditdistd-sender.conf", O_RDONLY) = 3 ioctl(3, TCGETS, 0x7ffe5bd55b90) = -1 ENOTTY (Inappropriate ioctl for device) ioctl(3, TCGETS, 0x7ffe5bd55bb0) = -1 ENOTTY (Inappropriate ioctl for device) fstat(3, {st_mode=S_IFREG|0644, st_size=268, ...}) = 0 read(3, "sender {\n\thost \"freebsd\" {\n\t\trem"..., 8192) = 268 read(3, "", 4096) = 0 read(3, "", 8192) = 0 ioctl(3, TCGETS, 0x7ffe5bd552d0) = -1 ENOTTY (Inappropriate ioctl for device) close(3) = 0 uname({sysname="Linux", nodename="linux", ...}) = 0 getpid() = 6593 fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 write(1, "(6593) [DEBUG][2] Configuration:"..., 33(6593) [DEBUG][2] Configuration: ) = 33 getpid() = 6593 write(1, "(6593) [DEBUG][2] Global:\n", 28(6593) [DEBUG][2] Global: ) = 28 getpid() = 6593 write(1, "(6593) [DEBUG][2] pidfile: /"..., 55(6593) [DEBUG][2] pidfile: /var/run/auditdistd.pid ) = 55 getpid() = 6593 write(1, "(6593) [DEBUG][2] timeout: 2"..., 34(6593) [DEBUG][2] timeout: 20 ) = 34 getpid() = 6593 write(1, "(6593) [DEBUG][2] Sender only,"..., 48(6593) [DEBUG][2] Sender only, not listening. ) = 48 getpid() = 6593 write(1, "(6593) [DEBUG][2] Hosts:\n", 27(6593) [DEBUG][2] Hosts: ) = 27 getpid() = 6593 write(1, "(6593) [DEBUG][2] name: free"..., 36(6593) [DEBUG][2] name: freebsd ) = 36 getpid() = 6593 write(1, "(6593) [DEBUG][2] role: se"..., 37(6593) [DEBUG][2] role: sender ) = 37 getpid() = 6593 write(1, "(6593) [DEBUG][2] version:"..., 35(6593) [DEBUG][2] version: 0 ) = 35 getpid() = 6593 write(1, "(6593) [DEBUG][2] localadd"..., 36(6593) [DEBUG][2] localaddr: ) = 36 getpid() = 6593 write(1, "(6593) [DEBUG][2] remotead"..., 56(6593) [DEBUG][2] remoteaddr: tls://192.168.10.11 ) = 56 getpid() = 6593 write(1, "(6593) [DEBUG][2] remote: "..., 38(6593) [DEBUG][2] remote: (nil) ) = 38 getpid() = 6593 write(1, "(6593) [DEBUG][2] director"..., 61(6593) [DEBUG][2] directory: /var/log/audit/auditdistd ) = 61 getpid() = 6593 write(1, "(6593) [DEBUG][2] compress"..., 39(6593) [DEBUG][2] compression: 0 ) = 39 getpid() = 6593 write(1, "(6593) [DEBUG][2] checksum"..., 36(6593) [DEBUG][2] checksum: 0 ) = 36 getpid() = 6593 write(1, "(6593) [DEBUG][2] pid: 0\n", 31(6593) [DEBUG][2] pid: 0 ) = 31 getpid() = 6593 write(1, "(6593) [DEBUG][2] conn: (n"..., 36(6593) [DEBUG][2] conn: (nil) ) = 36 rt_sigaction(SIGHUP, {sa_handler=SIG_DFL, sa_mask=[HUP], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fc6d64eb030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fc6d64eb030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTERM, {sa_handler=SIG_DFL, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fc6d64eb030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGCHLD, {sa_handler=0x5580684ce160, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fc6d64eb030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [HUP INT TERM CHLD], NULL, 8) = 0 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fc6d75907d0) = 6594 close(3) = 0 getpid() = 6593 write(1, "(6593) [INFO] Started successful"..., 36(6593) [INFO] Started successfully. ) = 36 rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) select(5, [4], NULL, NULL, {tv_sec=5, tv_usec=0}(6594) [DEBUG][1] [freebsd] (sender) Privileges successfully dropped using chroot+setgid+setuid. (6594) [INFO] [freebsd] (sender) Privileges successfully dropped. ) = 1 (in [4], left {tv_sec=4, tv_usec=995267}) rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) recvfrom(4, "\1\0", 2, MSG_WAITALL, NULL, NULL) = 2 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fc6d75907d0) = 6595 close(5) = 0 sendto(4, "\0\0", 2, MSG_NOSIGNAL, NULL, 0) = 2 sendto(4, "tls\0", 4, MSG_NOSIGNAL, NULL, 0) = 4 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[3]}], msg_controllen=24, msg_flags=0}, 0) = 0 close(3) = 0 rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) select(5, [4], NULL, NULL, {tv_sec=4, tv_usec=995267}(6595) [DEBUG][1] [TLS sandbox] (client) Privileges successfully dropped using chroot+setgid+setuid. (6595) [DEBUG][1] [TLS sandbox] (client) Privileges successfully dropped. (6587) [INFO] Termination signal received, exiting. (6587) [INFO] Terminating worker process (adhost=freebsd, role=sender, pid=6588). ^Cstrace: Process 6593 detached root@linux:/home/vagrant# strace /vagrant/openbsm/bin/auditdistd/auditdistd -c /vagrant/auditdistd-sender.conf -F -dddddddddddd execve("/vagrant/openbsm/bin/auditdistd/auditdistd", ["/vagrant/openbsm/bin/auditdistd/"..., "-c", "/vagrant/auditdistd-sender.conf", "-F", "-dddddddddddd"], [/* 17 vars */]) = 0 brk(NULL) = 0x55e167708000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84caf05000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=21339, ...}) = 0 mmap(NULL, 21339, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f84caeff000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\340\7\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=2686672, ...}) = 0 mmap(NULL, 4795968, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f84ca852000 mprotect(0x7f84caab7000, 2093056, PROT_NONE) = 0 mmap(0x7f84cacb6000, 180224, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x264000) = 0x7f84cacb6000 mmap(0x7f84cace2000, 11840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84cace2000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/x86_64-linux-gnu/libssl.so.1.1", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\211\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=442920, ...}) = 0 mmap(NULL, 2538392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f84ca5e6000 mprotect(0x7f84ca648000, 2097152, PROT_NONE) = 0 mmap(0x7f84ca848000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x62000) = 0x7f84ca848000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pa\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=135440, ...}) = 0 mmap(NULL, 2212936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f84ca3c9000 mprotect(0x7f84ca3e1000, 2093056, PROT_NONE) = 0 mmap(0x7f84ca5e0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f84ca5e0000 mmap(0x7f84ca5e2000, 13384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84ca5e2000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\r\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=14640, ...}) = 0 mmap(NULL, 2109680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f84ca1c5000 mprotect(0x7f84ca1c8000, 2093056, PROT_NONE) = 0 mmap(0x7f84ca3c7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f84ca3c7000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\3\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1689360, ...}) = 0 mmap(NULL, 3795360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f84c9e26000 mprotect(0x7f84c9fbb000, 2097152, PROT_NONE) = 0 mmap(0x7f84ca1bb000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x195000) = 0x7f84ca1bb000 mmap(0x7f84ca1c1000, 14752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84ca1c1000 close(3) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84caefd000 arch_prctl(ARCH_SET_FS, 0x7f84caefe500) = 0 mprotect(0x7f84ca1bb000, 16384, PROT_READ) = 0 mprotect(0x7f84ca3c7000, 4096, PROT_READ) = 0 mprotect(0x7f84ca5e0000, 4096, PROT_READ) = 0 mprotect(0x7f84cacb6000, 122880, PROT_READ) = 0 mprotect(0x7f84ca848000, 16384, PROT_READ) = 0 mprotect(0x55e166874000, 4096, PROT_READ) = 0 mprotect(0x7f84caf08000, 4096, PROT_READ) = 0 munmap(0x7f84caeff000, 21339) = 0 set_tid_address(0x7f84caefe7d0) = 6598 set_robust_list(0x7f84caefe7e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f84ca3cebd0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f84ca3da0c0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f84ca3cec60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f84ca3da0c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 brk(NULL) = 0x55e167708000 brk(0x55e167729000) = 0x55e167729000 open("/vagrant/auditdistd-sender.conf", O_RDONLY) = 3 ioctl(3, TCGETS, 0x7ffdb5500ae0) = -1 ENOTTY (Inappropriate ioctl for device) ioctl(3, TCGETS, 0x7ffdb5500b00) = -1 ENOTTY (Inappropriate ioctl for device) fstat(3, {st_mode=S_IFREG|0644, st_size=268, ...}) = 0 read(3, "sender {\n\thost \"freebsd\" {\n\t\trem"..., 8192) = 268 read(3, "", 4096) = 0 read(3, "", 8192) = 0 ioctl(3, TCGETS, 0x7ffdb5500220) = -1 ENOTTY (Inappropriate ioctl for device) close(3) = 0 uname({sysname="Linux", nodename="linux", ...}) = 0 getpid() = 6598 fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 write(1, "(6598) [DEBUG][2] Configuration:"..., 33(6598) [DEBUG][2] Configuration: ) = 33 getpid() = 6598 write(1, "(6598) [DEBUG][2] Global:\n", 28(6598) [DEBUG][2] Global: ) = 28 getpid() = 6598 write(1, "(6598) [DEBUG][2] pidfile: /"..., 55(6598) [DEBUG][2] pidfile: /var/run/auditdistd.pid ) = 55 getpid() = 6598 write(1, "(6598) [DEBUG][2] timeout: 2"..., 34(6598) [DEBUG][2] timeout: 20 ) = 34 getpid() = 6598 write(1, "(6598) [DEBUG][2] Sender only,"..., 48(6598) [DEBUG][2] Sender only, not listening. ) = 48 getpid() = 6598 write(1, "(6598) [DEBUG][2] Hosts:\n", 27(6598) [DEBUG][2] Hosts: ) = 27 getpid() = 6598 write(1, "(6598) [DEBUG][2] name: free"..., 36(6598) [DEBUG][2] name: freebsd ) = 36 getpid() = 6598 write(1, "(6598) [DEBUG][2] role: se"..., 37(6598) [DEBUG][2] role: sender ) = 37 getpid() = 6598 write(1, "(6598) [DEBUG][2] version:"..., 35(6598) [DEBUG][2] version: 0 ) = 35 getpid() = 6598 write(1, "(6598) [DEBUG][2] localadd"..., 36(6598) [DEBUG][2] localaddr: ) = 36 getpid() = 6598 write(1, "(6598) [DEBUG][2] remotead"..., 56(6598) [DEBUG][2] remoteaddr: tls://192.168.10.11 ) = 56 getpid() = 6598 write(1, "(6598) [DEBUG][2] remote: "..., 38(6598) [DEBUG][2] remote: (nil) ) = 38 getpid() = 6598 write(1, "(6598) [DEBUG][2] director"..., 61(6598) [DEBUG][2] directory: /var/log/audit/auditdistd ) = 61 getpid() = 6598 write(1, "(6598) [DEBUG][2] compress"..., 39(6598) [DEBUG][2] compression: 0 ) = 39 getpid() = 6598 write(1, "(6598) [DEBUG][2] checksum"..., 36(6598) [DEBUG][2] checksum: 0 ) = 36 getpid() = 6598 write(1, "(6598) [DEBUG][2] pid: 0\n", 31(6598) [DEBUG][2] pid: 0 ) = 31 getpid() = 6598 write(1, "(6598) [DEBUG][2] conn: (n"..., 36(6598) [DEBUG][2] conn: (nil) ) = 36 rt_sigaction(SIGHUP, {sa_handler=SIG_DFL, sa_mask=[HUP], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f84c9e59030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[INT], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f84c9e59030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTERM, {sa_handler=SIG_DFL, sa_mask=[TERM], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f84c9e59030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGCHLD, {sa_handler=0x55e166658160, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f84c9e59030}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [HUP INT TERM CHLD], NULL, 8) = 0 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f84caefe7d0) = 6599 close(3) = 0 getpid() = 6598 write(1, "(6598) [INFO] Started successful"..., 36(6598) [INFO] Started successfully. ) = 36 rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) select(5, [4], NULL, NULL, {tv_sec=5, tv_usec=0}(6599) [DEBUG][1] [freebsd] (sender) Privileges successfully dropped using chroot+setgid+setuid. (6599) [INFO] [freebsd] (sender) Privileges successfully dropped. ) = 1 (in [4], left {tv_sec=4, tv_usec=995979}) rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) recvfrom(4, "\1\0", 2, MSG_WAITALL, NULL, NULL) = 2 socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 5]) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f84caefe7d0) = 6600 close(5) = 0 sendto(4, "\0\0", 2, MSG_NOSIGNAL, NULL, 0) = 2 sendto(4, "tls\0", 4, MSG_NOSIGNAL, NULL, 0) = 4 sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[3]}], msg_controllen=24, msg_flags=0}, 0) = 0 close(3) = 0 rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) select(5, [4], NULL, NULL, {tv_sec=4, tv_usec=995979}(6600) [DEBUG][1] [TLS sandbox] (client) Privileges successfully dropped using chroot+setgid+setuid. (6600) [DEBUG][1] [TLS sandbox] (client) Privileges successfully dropped. (6593) [INFO] Termination signal received, exiting. (6593) [INFO] Terminating worker process (adhost=freebsd, role=sender, pid=6594). ) = 0 (Timeout) rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = 17 (SIGCHLD) wait4(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGPIPE}], WNOHANG, NULL) = 6600 getpid() = 6598 write(2, "(6598) ", 7(6598) ) = 7 write(2, "[ERROR]", 7[ERROR]) = 7 write(2, " ", 1 ) = 1 write(2, "Sandbox process killed (pid=6600"..., 45Sandbox process killed (pid=6600, signal=13).) = 45 write(2, "\n", 1 ) = 1 wait4(-1, 0x7ffdb5500b6c, WNOHANG, NULL) = 0 select(5, [4], NULL, NULL, {tv_sec=0, tv_usec=0}) = 0 (Timeout) rt_sigtimedwait([HUP INT TERM CHLD], NULL, {tv_sec=0, tv_nsec=0}, 8) = -1 EAGAIN (Resource temporarily unavailable) ^C(6598) [INFO] Termination signal received, exiting. (6598) [INFO] Terminating worker process (adhost=freebsd, role=sender, pid=6599). strace: Process 6598 detached