Date: Fri, 13 Apr 2001 02:20:02 -0700 (PDT) From: Peter Pentchev <roam@orbitel.bg> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/26529: /etc/security in 4.x-stable needs a little FIX ! Message-ID: <200104130920.f3D9K2H02354@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/26529; it has been noted by GNATS.
From: Peter Pentchev <roam@orbitel.bg>
To: duwde@duwde.com.br
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/26529: /etc/security in 4.x-stable needs a little FIX !
Date: Fri, 13 Apr 2001 12:13:48 +0300
On Thu, Apr 12, 2001 at 10:27:21PM -0700, duwde@duwde.com.br wrote:
>
> >Number: 26529
> >Category: misc
> >Synopsis: /etc/security in 4.x-stable needs a little FIX !
> >Originator: Fabio Vilan Dias
> >Release: 4.x-stable LATEST as of Apr/13/2001
> >Organization:
> Isec Information Security Ltda
> >Environment:
> bash-2.04$ uname -a
> FreeBSD mobile.x.gov 4.3-RC FreeBSD 4.3-RC #26: Wed Apr 11 01:37:47 BRT 2001 duwde@mobile.x.gov:/usr/obj/usr/src/sys/MOBILE i386
>
> >Description:
> As we can see in /usr/src/contrib/bind/CHANGES line 495
> there was a little change in the logging method since
> BIND 8.2.3-T1A, thus affecting all new versions.
> (8.2.3-REL is the 4.x-stable version)
>
> -- line 495 /usr/src/contrib/bind/CHANGES
> 940. [clarity] unapproved -> denied in log messages.
> --
>
> /etc/security greps for "unapproved AXFR from" and the new bind
> logging method is "denied AXFR from", no big deal.
>
> So no AXFR denied are being included in the security report.
> >How-To-Repeat:
> run periodic daily. no denied AXFR will be included.
> as the wrong grep is being used.
> >Fix:
> 1 line patch, no big deal.
> ----------------------------------------------------------------------------
> *** security.old Wed Apr 11 02:00:06 2001
> --- security Wed Apr 11 02:00:26 2001
> ***************
> *** 201,207 ****
> #
> separator
> echo "$host checking for denied secondary zone transfers:"
> ! n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc
> -l)
> [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>
> rm -f ${TMP}
> --- 201,207 ----
> #
> separator
> echo "$host checking for denied secondary zone transfers:"
> ! n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l)
> [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>
> rm -f ${TMP}
Maybe this should be something like:
grep -i '\(unapproved\|denied\) AXFR from'
or
egrep -i '(unapproved|denied) AXFR from;
to allow for people still running old versions of BIND (not that anyone
should be..)
G'luck,
Peter
--
If this sentence were in Chinese, it would say something else.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104130920.f3D9K2H02354>