Bug 26529
| Summary: | /etc/security in 4.x-stable needs a little FIX ! | ||
|---|---|---|---|
| Product: | Base System | Reporter: | duwde <duwde> |
| Component: | misc | Assignee: | nate |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
On Thu, Apr 12, 2001 at 10:27:21PM -0700, duwde@duwde.com.br wrote: > > >Number: 26529 > >Category: misc > >Synopsis: /etc/security in 4.x-stable needs a little FIX ! > >Originator: Fabio Vilan Dias > >Release: 4.x-stable LATEST as of Apr/13/2001 > >Organization: > Isec Information Security Ltda > >Environment: > bash-2.04$ uname -a > FreeBSD mobile.x.gov 4.3-RC FreeBSD 4.3-RC #26: Wed Apr 11 01:37:47 BRT 2001 duwde@mobile.x.gov:/usr/obj/usr/src/sys/MOBILE i386 > > >Description: > As we can see in /usr/src/contrib/bind/CHANGES line 495 > there was a little change in the logging method since > BIND 8.2.3-T1A, thus affecting all new versions. > (8.2.3-REL is the 4.x-stable version) > > -- line 495 /usr/src/contrib/bind/CHANGES > 940. [clarity] unapproved -> denied in log messages. > -- > > /etc/security greps for "unapproved AXFR from" and the new bind > logging method is "denied AXFR from", no big deal. > > So no AXFR denied are being included in the security report. > >How-To-Repeat: > run periodic daily. no denied AXFR will be included. > as the wrong grep is being used. > >Fix: > 1 line patch, no big deal. > ---------------------------------------------------------------------------- > *** security.old Wed Apr 11 02:00:06 2001 > --- security Wed Apr 11 02:00:26 2001 > *************** > *** 201,207 **** > # > separator > echo "$host checking for denied secondary zone transfers:" > ! n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc > -l) > [ $n -gt 0 -a $rc -lt 1 ] && rc=1 > > rm -f ${TMP} > --- 201,207 ---- > # > separator > echo "$host checking for denied secondary zone transfers:" > ! n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l) > [ $n -gt 0 -a $rc -lt 1 ] && rc=1 > > rm -f ${TMP} Maybe this should be something like: grep -i '\(unapproved\|denied\) AXFR from' or egrep -i '(unapproved|denied) AXFR from; to allow for people still running old versions of BIND (not that anyone should be..) G'luck, Peter -- If this sentence were in Chinese, it would say something else. State Changed From-To: open->suspended - Applied to the HEAD v1.49, will be merged to stable after permission from the RE. Responsible Changed From-To: freebsd-bugs->nate I committed the fix. State Changed From-To: suspended->closed - Merged to -stable, Rev. 1.36.2.12 |
As we can see in /usr/src/contrib/bind/CHANGES line 495 there was a little change in the logging method since BIND 8.2.3-T1A, thus affecting all new versions. (8.2.3-REL is the 4.x-stable version) -- line 495 /usr/src/contrib/bind/CHANGES 940. [clarity] unapproved -> denied in log messages. -- /etc/security greps for "unapproved AXFR from" and the new bind logging method is "denied AXFR from", no big deal. So no AXFR denied are being included in the security report. Fix: 1 line patch, no big deal. ---------------------------------------------------------------------------- ------------------------------------------------------------------------------DvNikbV9yRbdAJDbrNYaDCm1YAByg4RrolMCzJPCiYGsRaLI Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" *** security.old Wed Apr 11 02:00:06 2001 --- security Wed Apr 11 02:00:26 2001 *************** *** 201,207 **** # separator echo "$host checking for denied secondary zone transfers:" ! n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc -l) [ $n -gt 0 -a $rc -lt 1 ] && rc=1 rm -f ${TMP} --- 201,207 ---- # separator echo "$host checking for denied secondary zone transfers:" ! n=$(catmsgs | grep -i "denied AXFR from" | tee /dev/stderr | wc -l) [ $n -gt 0 -a $rc -lt 1 ] && rc=1 rm -f ${TMP} How-To-Repeat: run periodic daily. no denied AXFR will be included. as the wrong grep is being used.