Date: Tue, 7 Jun 2005 13:50:30 GMT From: Barry Irwin <bvi@moria.org> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/74228: periodic 470.status-named doesn't work with BIND 9 Message-ID: <200506071350.j57DoUei004024@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/74228; it has been noted by GNATS.
From: Barry Irwin <bvi@moria.org>
To: bug-followup@FreeBSD.org, freebsd@jdc.parodius.com
Cc:
Subject: Re: conf/74228: periodic 470.status-named doesn't work with BIND
9
Date: Tue, 07 Jun 2005 15:49:23 +0200
This is a multi-part message in MIME format.
--------------080103050906090104030004
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The following Patch will update the script to work with the bind9 format
- --- /etc/periodic/daily/470.status-named Fri Nov 5 03:27:17 2004
+++ 470.status-named.NEW Tue Jun 7 15:30:10 2005
@@ -30,10 +30,8 @@
echo 'Checking for denied zone transfers (AXFR and IXFR):'
start=`date -v-1d '+%b %e'`
- - rc=$(catmsgs |
- - fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR
from \[.*\]\.[[:digit:]]\+ for' | \
- - sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]*
for "\(.*\)".*$/\2 from \1/'
- - sort -f | uniq -ic | (
+ rc=$(catmsgs | fgrep -E ".*named\[[[:digit:]]+\]: client
[[[:digit:]]+\." | sed -e "s/\#[[:digit:]]*:.*zone.transfer.[']*/ /g" \
+ -e "s/request: \'//g" -e "s/\/[AXFR|IN].*$//g" | awk '{print $8
" from " $7 }' | \ sort -f | uniq -ic | (
usedns=0
if [ X"${daily_status_named_usedns}" != X"" ]; then
case $daily_status_named_usedns in
Output now looks sane:
Checking for denied zone transfers (AXFR and IXFR):
8 moria.org from 146.231.115.1
8 moria.org.ict.ru.ac.za from 146.231.115.1
1 moria.org.ict.ru.ac.za from 146.231.115.33
8 moria.org.ru.ac.za from 146.231.115.1
1 moria.org.ru.ac.za from 146.231.115.33
and with daily_status_named_usedns enabled the output looks like
Checking for denied zone transfers (AXFR and IXFR):
8 moria.org from 146.231.115.1 (server.rucus.ru.ac.za.)
8 moria.org.ict.ru.ac.za from 146.231.115.1 (server.rucus.ru.ac.za.)
1 moria.org.ict.ru.ac.za from 146.231.115.33 (shell.rucus.ru.ac.za.)
8 moria.org.ru.ac.za from 146.231.115.1 (server.rucus.ru.ac.za.)
1 moria.org.ru.ac.za from 146.231.115.33 (shell.rucus.ru.ac.za.)
Ive tested this on 5.4 and 5.3 and it seems to work. The actual;
parsing code can probably be seriously optimised still - possibly
introduce an additional sed expression and remove the awk
Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFCpaXilAmSjHZESvYRAr+DAKD129nrxLEtYWupX8GoKyTX6z6PKgCgnFuz
Ksv/Oe5fxSFdkbrnOECXwwY=
=IVHm
-----END PGP SIGNATURE-----
--------------080103050906090104030004
Content-Type: text/plain;
name="bind9.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="bind9.patch"
--- /etc/periodic/daily/470.status-named Fri Nov 5 03:27:17 2004
+++ 470.status-named.NEW Tue Jun 7 15:30:10 2005
@@ -30,10 +30,8 @@
echo 'Checking for denied zone transfers (AXFR and IXFR):'
start=`date -v-1d '+%b %e'`
- rc=$(catmsgs |
- fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \
- sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/'
- sort -f | uniq -ic | (
+ rc=$(catmsgs | fgrep -E ".*named\[[[:digit:]]+\]: client [[[:digit:]]+\." | sed -e "s/\#[[:digit:]]*:.*zone.transfer.[']*/ /g" \
+ -e "s/request: \'//g" -e "s/\/[AXFR|IN].*$//g" | awk '{print $8 " from " $7 }' | \ sort -f | uniq -ic | (
usedns=0
if [ X"${daily_status_named_usedns}" != X"" ]; then
case $daily_status_named_usedns in
--------------080103050906090104030004--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506071350.j57DoUei004024>