From owner-freebsd-bugs Fri Apr 13 8:20:55 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 23D0F37B443 for ; Fri, 13 Apr 2001 08:20:52 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id JAA20104; Fri, 13 Apr 2001 09:20:48 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id JAA01966; Fri, 13 Apr 2001 09:20:47 -0600 (MDT) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15063.6479.67067.213091@nomad.yogotech.com> Date: Fri, 13 Apr 2001 09:20:47 -0600 (MDT) To: Peter Pentchev Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: misc/26529: /etc/security in 4.x-stable needs a little FIX ! In-Reply-To: <200104130920.f3D9K2H02354@freefall.freebsd.org> References: <200104130920.f3D9K2H02354@freefall.freebsd.org> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > /etc/security greps for "unapproved AXFR from" and the new bind > > logging method is "denied AXFR from", no big deal. > > > > So no AXFR denied are being included in the security report. > > >How-To-Repeat: > > run periodic daily. no denied AXFR will be included. > > as the wrong grep is being used. > > >Fix: > > 1 line patch, no big deal. > > ---------------------------------------------------------------------------- > > *** security.old Wed Apr 11 02:00:06 2001 > > --- security Wed Apr 11 02:00:26 2001 > > *************** > > *** 201,207 **** > > # > > separator > > echo "$host checking for denied secondary zone transfers:" > > ! n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc > > -l) > > [ $n -gt 0 -a $rc -lt 1 ] && rc=1 > > > > rm -f ${TMP} > > --- 201,207 ---- > > # > > separator > > echo "$host checking for denied secondary zone transfers:" > > ! n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l) > > [ $n -gt 0 -a $rc -lt 1 ] && rc=1 > > > > rm -f ${TMP} > > Maybe this should be something like: > > grep -i '\(unapproved\|denied\) AXFR from' > > or > egrep -i '(unapproved|denied) AXFR from; > > to allow for people still running old versions of BIND (not that anyone > should be..) People running FreeBSD 4.X and later get the newer version of BIND automagically, so they certainly shouldn't be running an older version of BIND. They might be running something *other* than BIND, but that's another argument in itself. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message