Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 13 Apr 2001 09:20:47 -0600 (MDT)
From:      Nate Williams <nate@yogotech.com>
To:        Peter Pentchev <roam@orbitel.bg>
Cc:        freebsd-bugs@FreeBSD.ORG
Subject:   Re: misc/26529: /etc/security in 4.x-stable needs a little FIX !
Message-ID:  <15063.6479.67067.213091@nomad.yogotech.com>
In-Reply-To: <200104130920.f3D9K2H02354@freefall.freebsd.org>
References:  <200104130920.f3D9K2H02354@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
>  > /etc/security greps for "unapproved AXFR from" and the new bind
>  > logging method is "denied AXFR from", no big deal.
>  > 
>  > So no AXFR denied are being included in the security report.
>  > >How-To-Repeat:
>  > run periodic daily. no denied AXFR will be included.
>  > as the wrong grep is being used.
>  > >Fix:
>  > 1 line patch, no big deal.
>  > ----------------------------------------------------------------------------
>  > *** security.old        Wed Apr 11 02:00:06 2001
>  > --- security    Wed Apr 11 02:00:26 2001
>  > ***************
>  > *** 201,207 ****
>  >   #
>  >   separator
>  >   echo "$host checking for denied secondary zone transfers:"
>  > ! n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc
>  > -l)
>  >   [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>  >   
>  >   rm -f ${TMP}
>  > --- 201,207 ----
>  >   #
>  >   separator
>  >   echo "$host checking for denied secondary zone transfers:"
>  > ! n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l)
>  >   [ $n -gt 0 -a $rc -lt 1 ] && rc=1
>  >   
>  >   rm -f ${TMP}
>  
>  Maybe this should be something like:
>  
>    grep -i '\(unapproved\|denied\) AXFR from'
>  
>  or
>    egrep -i '(unapproved|denied) AXFR from;
>  
>  to allow for people still running old versions of BIND (not that anyone
>  should be..)

People running FreeBSD 4.X and later get the newer version of BIND
automagically, so they certainly shouldn't be running an older version
of BIND.  They might be running something *other* than BIND, but that's
another argument in itself.




Nate

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15063.6479.67067.213091>