In 25.10.2.1 an error is thrown sometimes when a cron job is executed:
timeREDACTED nas CRON\[181341\]: (root) CMD (PATH=“/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/root/bin” midclt call cronjob.run 4 true > /dev/null 2> /dev/null)
timeREDACTED nas truenas_audit_handler.py\[178074\]: Traceback (most recent call last):
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 774, in
timeREDACTED nas truenas_audit_handler.py\[178074\]: main()
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 770, in main
timeREDACTED nas truenas_audit_handler.py\[178074\]: loop.run_until_complete(handler.run())
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/lib/python3.11/asyncio/base_events.py”, line 654, in run_until_complete
timeREDACTED nas truenas_audit_handler.py\[178074\]: return future.result()
timeREDACTED nas truenas_audit_handler.py\[178074\]: ^^^^^^^^^^^^^^^
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 723, in run
timeREDACTED nas truenas_audit_handler.py\[178074\]: await self.handle_auditd_msg()
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 709, in handle_auditd_msg
timeREDACTED nas truenas_audit_handler.py\[178074\]: await self.send_completed(\*completed)
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 671, in send_completed
timeREDACTED nas truenas_audit_handler.py\[178074\]: json_data = audit_entry_to_json(msgid, data)
timeREDACTED nas truenas_audit_handler.py\[178074\]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 589, in audit_entry_to_json
timeREDACTED nas truenas_audit_handler.py\[178074\]: \__generate_event_data(entry, to_write\[‘TNAUDIT’\])
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 516, in \__generate_event_data
timeREDACTED nas truenas_audit_handler.py\[178074\]: if (new_event_data := \__parse_raw_msg(item, data_out\[‘event_data’\])) is not None:
timeREDACTED nas truenas_audit_handler.py\[178074\]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 490, in \__parse_raw_msg
timeREDACTED nas truenas_audit_handler.py\[178074\]: return \__parse_pam(msg_type, parts)
timeREDACTED nas truenas_audit_handler.py\[178074\]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
timeREDACTED nas truenas_audit_handler.py\[178074\]: File “/usr/local/libexec/truenas_audit_handler.py”, line 441, in \__parse_pam
timeREDACTED nas truenas_audit_handler.py\[178074\]: key, value = item.split(‘=’, 1)
timeREDACTED nas truenas_audit_handler.py\[178074\]: ^^^^^^^^^^
timeREDACTED nas truenas_audit_handler.py\[178074\]: ValueError: not enough values to unpack (expected 2, got 1)
The audit message that triggers this looks like this (I think the issue is with hostname=Unix socket, it’s treated as 2 values):
type=USER_AUTH msg=audit(REDACTED): pid=1617 uid=0 auid=REDACTED ses=REDACTED subj=unconfined msg='op=PAM:authentication grantors=pam_access acct="root" exe="/usr/bin/python3.11" hostname=UNIX socket (pid=548287 uid=0 gid=0) addr=? terminal=? res=success'UID="root" AUID="unset" UID="root" GID="root"
To silence the error I used this hack:
--- /usr/local/libexec/truenas_audit_handler.broken.py
+++ /usr/local/libexec/truenas_audit_handler.py
@@ -438,6 +438,8 @@
# Everything after pam function is variable
for item in msg_parts[AuditMsgPamBase.FUNCTION.idx + 1:]:
+ if item == "socket":
+ continue
key, value = item.split('=', 1)
if value[0] == '"':