From owner-freebsd-bugs  Thu Apr 12 22:30: 8 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id C67EB37B443
	for <freebsd-bugs@hub.freebsd.org>; Thu, 12 Apr 2001 22:30:00 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f3D5U0o27981;
	Thu, 12 Apr 2001 22:30:00 -0700 (PDT)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6705437B424
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 12 Apr 2001 22:27:21 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f3D5RLB27430;
	Thu, 12 Apr 2001 22:27:21 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200104130527.f3D5RLB27430@freefall.freebsd.org>
Date: Thu, 12 Apr 2001 22:27:21 -0700 (PDT)
From: duwde@duwde.com.br
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: misc/26529: /etc/security in 4.x-stable needs a little FIX !
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         26529
>Category:       misc
>Synopsis:       /etc/security in 4.x-stable needs a little FIX !
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 12 22:30:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Fabio Vilan Dias
>Release:        4.x-stable LATEST as of Apr/13/2001
>Organization:
Isec Information Security Ltda
>Environment:
bash-2.04$ uname -a
FreeBSD mobile.x.gov 4.3-RC FreeBSD 4.3-RC #26: Wed Apr 11 01:37:47 BRT 2001     duwde@mobile.x.gov:/usr/obj/usr/src/sys/MOBILE  i386

>Description:
As we can see in /usr/src/contrib/bind/CHANGES line 495
there was a little change in the logging method since 
BIND 8.2.3-T1A, thus affecting all new versions. 
(8.2.3-REL is the 4.x-stable version)

-- line 495 /usr/src/contrib/bind/CHANGES
 940.   [clarity]       unapproved -> denied in log messages.
--

/etc/security greps for "unapproved AXFR from" and the new bind
logging method is "denied AXFR from", no big deal.

So no AXFR denied are being included in the security report.
>How-To-Repeat:
run periodic daily. no denied AXFR will be included.
as the wrong grep is being used.
>Fix:
1 line patch, no big deal.
----------------------------------------------------------------------------
*** security.old        Wed Apr 11 02:00:06 2001
--- security    Wed Apr 11 02:00:26 2001
***************
*** 201,207 ****
  #
  separator
  echo "$host checking for denied secondary zone transfers:"
! n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc
-l)
  [ $n -gt 0 -a $rc -lt 1 ] && rc=1
  
  rm -f ${TMP}
--- 201,207 ----
  #
  separator
  echo "$host checking for denied secondary zone transfers:"
! n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l)
  [ $n -gt 0 -a $rc -lt 1 ] && rc=1
  
  rm -f ${TMP}

----------------------------------------------------------------------------
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message