Date: Mon, 05 Feb 2001 00:28:23 +0000 From: Brian Somers <brian@Awfulhak.org> To: freebsd-audit@FreeBSD.org Cc: Brian Somers <brian@Awfulhak.org> Subject: Reporting failed secondary dns transfers from /etc/security Message-ID: <200102050028.f150SNa01592@hak.lan.Awfulhak.org>
next in thread | raw e-mail | index | archive | help
Hi,
Any thoughts/objections to this ? It's half of a suggestion made by
glenn@intextonline.com in April 2000 (posted to freebsd-bugs). The
other half is to display the output of ``netstat -rn'' - something I
don't plan on adding as it wouldn't fit in very well with people
running routing daemons.
I'll commit this in a few days if nobody objects.
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
Index: security
===================================================================
RCS file: /home/ncvs/src/etc/security,v
retrieving revision 1.46
diff -u -r1.46 security
--- security 2001/02/03 01:28:46 1.46
+++ security 2001/02/05 00:20:55
@@ -197,6 +197,13 @@
n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l)
[ $n -gt 0 -a $rc -lt 1 ] && rc=1
+# Show denied secondary bind transfer attempts
+#
+separator
+echo "$host checking for denied secondary zone transfers:"
+n=$(catmsgs | grep -i "unapproved AXFR from" | tee /dev/stderr | wc -l)
+[ $n -gt 0 -a $rc -lt 1 ] && rc=1
+
rm -f ${TMP}
exit $rc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102050028.f150SNa01592>