From owner-freebsd-questions Sat May 12 7:52:58 2001 Delivered-To: freebsd-questions@freebsd.org Received: from prime.gushi.org (prime.gushi.org [208.23.118.172]) by hub.freebsd.org (Postfix) with ESMTP id 9A0D337B423 for ; Sat, 12 May 2001 07:52:55 -0700 (PDT) (envelope-from danm@prime.gushi.org) Received: from localhost (danm@localhost) by prime.gushi.org (8.11.3/8.11.3) with ESMTP id f4CEYbq79304; Sat, 12 May 2001 10:34:47 -0400 (EDT) Date: Sat, 12 May 2001 10:34:26 -0400 (EDT) From: "Dan Mahoney, System Admin" To: Kris Kennaway Cc: questions@freebsd.org Subject: Re: onitoring named In-Reply-To: <20010511223649.A37725@xor.obsecurity.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 11 May 2001, Kris Kennaway wrote: > On Sat, May 12, 2001 at 01:17:56AM -0400, Dan Mahoney, System Admin wrote: > > Hi all. I noticed recently that I've had a high occurence of named dying > > on various machines. What would I put in a crontab to restart it only if > > it's not running? I'm not sure how to format the if statement. > > Aren't you at all worried WHY they're dying? I bet you're running > older versions than 8.2.3-RELEASE and you're suffering the effects of > (attempted, possibly successful) root penetration. 8.2.3-RELEASE, running as bind:bind, in a chroot jail. I've had four different nameds on four different nameservers die on me recently, running various freebsd variants. I think there may be a new exploit out. -Dan Mahoney > > Kris > -- "You're a thucking reyer!" -Richard Bozzello, who believed tongue piercing was painless. --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org finger danm@prime.gushi.org for pgp public key and tel# --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message