From jdc@pentarou.parodius.com  Mon Nov 22 05:43:37 2004
Return-Path: <jdc@pentarou.parodius.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BAB1716A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Nov 2004 05:43:37 +0000 (GMT)
Received: from mail.parodius.com (mail.parodius.com [64.62.145.229])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 760A143D55
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Nov 2004 05:43:37 +0000 (GMT)
	(envelope-from jdc@pentarou.parodius.com)
Received: from pentarou.parodius.com (jdc@localhost [127.0.0.1])
	by mail.parodius.com (8.13.1/8.13.1) with ESMTP id iAM5haF7029627
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 21 Nov 2004 21:43:36 -0800 (PST)
	(envelope-from jdc@pentarou.parodius.com)
Received: (from jdc@localhost)
	by pentarou.parodius.com (8.13.1/8.13.1/Submit) id iAM5haek029626;
	Sun, 21 Nov 2004 21:43:36 -0800 (PST)
	(envelope-from jdc)
Message-Id: <200411220543.iAM5haek029626@pentarou.parodius.com>
Date: Sun, 21 Nov 2004 21:43:36 -0800 (PST)
From: Jeremy Chadwick <freebsd@jdc.parodius.com>
Reply-To: Jeremy Chadwick <freebsd@jdc.parodius.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: periodic 470.status-named doesn't work with BIND 9
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         74228
>Category:       conf
>Synopsis:       periodic 470.status-named doesn't work with BIND 9
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 22 05:50:32 GMT 2004
>Closed-Date:    Sun Nov 27 00:47:00 GMT 2005
>Last-Modified:  Sun Nov 27 00:47:00 GMT 2005
>Originator:     Jeremy Chadwick
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
Parodius Networking
>Environment:
FreeBSD medusa.parodius.com 5.3-STABLE FreeBSD 5.3-STABLE #0: Wed Nov 10 04:10:54 PST 2004     root@medusa.parodius.com:/usr/obj/usr/src/sys/MEDUSA  i386
>Description:
	Since the move to BIND 9 for FreeBSD 5.3-STABLE, the 470.status-named
	script does not look for failed AXFR/IFRs correctly.  The fgrep/sed
	string it's using is for BIND 8, and therefore never matches.
>How-To-Repeat:
	Generate a failed AXFR/IXFR 
>Fix:
	periodic script should be updated appropriately.

	To provide a bit of assistance, here's some example failed AXFR/IXFR output:

Nov 19 07:49:25 medusa named[9797]: client 64.62.145.251#2753: zone transfer '10.0.10.in-addr.arpa/AXFR/IN' denied
Nov 19 07:49:25 medusa named[9797]: client 64.62.145.251#3811: zone transfer '0.0.10.in-addr.arpa/AXFR/IN' denied
Nov 19 07:49:31 medusa named[9797]: client 64.62.145.251#4566: zone transfer 'subnet224.145.62.64.in-addr.arpa/AXFR/IN' denied
Nov 19 07:50:10 medusa named[9797]: client 64.62.145.251#3644: zone transfer 'subnet224.145.62.64.in-addr.arpa/AXFR/IN' denied
Nov 19 08:00:10 medusa named[9797]: client 64.62.145.251#2580: zone transfer 'subnet224.145.62.64.in-addr.arpa/AXFR/IN' denied


>Release-Note:
>Audit-Trail:

From: Barry Irwin <bvi@moria.org>
To: bug-followup@FreeBSD.org,  freebsd@jdc.parodius.com
Cc:  
Subject: Re: conf/74228: periodic 470.status-named doesn't work with BIND
 9
Date: Tue, 07 Jun 2005 15:49:23 +0200

 This is a multi-part message in MIME format.
 --------------080103050906090104030004
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 The following Patch will update the script to work with the bind9 format
 
 - --- /etc/periodic/daily/470.status-named        Fri Nov  5 03:27:17 2004
 +++ 470.status-named.NEW        Tue Jun  7 15:30:10 2005
 @@ -30,10 +30,8 @@
         echo 'Checking for denied zone transfers (AXFR and IXFR):'
 
         start=`date -v-1d '+%b %e'`
 - -       rc=$(catmsgs |
 - -           fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR
 from \[.*\]\.[[:digit:]]\+ for' | \
 - -           sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]*
 for "\(.*\)".*$/\2 from \1/'
 - -           sort -f | uniq -ic | (
 +       rc=$(catmsgs | fgrep -E ".*named\[[[:digit:]]+\]: client
 [[[:digit:]]+\." | sed -e "s/\#[[:digit:]]*:.*zone.transfer.[']*/ /g" \
 +      -e "s/request: \'//g"  -e "s/\/[AXFR|IN].*$//g" |  awk '{print $8
 " from " $7 }' | \ sort -f | uniq -ic | (
                 usedns=0
                 if [ X"${daily_status_named_usedns}" != X"" ]; then
                         case $daily_status_named_usedns in
 
 Output now looks sane:
 Checking for denied zone transfers (AXFR and IXFR):
 8 moria.org from 146.231.115.1
 8 moria.org.ict.ru.ac.za from 146.231.115.1
 1 moria.org.ict.ru.ac.za from 146.231.115.33
 8 moria.org.ru.ac.za from 146.231.115.1
 1 moria.org.ru.ac.za from 146.231.115.33
 
 
 and with daily_status_named_usedns enabled the output looks like
 Checking for denied zone transfers (AXFR and IXFR):
 8 moria.org from 146.231.115.1 (server.rucus.ru.ac.za.)
 8 moria.org.ict.ru.ac.za from 146.231.115.1 (server.rucus.ru.ac.za.)
 1 moria.org.ict.ru.ac.za from 146.231.115.33 (shell.rucus.ru.ac.za.)
 8 moria.org.ru.ac.za from 146.231.115.1 (server.rucus.ru.ac.za.)
 1 moria.org.ru.ac.za from 146.231.115.33 (shell.rucus.ru.ac.za.)
 
 Ive tested this on 5.4 and 5.3 and it seems to work.  The actual;
 parsing code can probably be seriously optimised still - possibly
 introduce an additional sed expression and remove the awk
 
 Barry
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (MingW32)
 
 iD8DBQFCpaXilAmSjHZESvYRAr+DAKD129nrxLEtYWupX8GoKyTX6z6PKgCgnFuz
 Ksv/Oe5fxSFdkbrnOECXwwY=
 =IVHm
 -----END PGP SIGNATURE-----
 
 --------------080103050906090104030004
 Content-Type: text/plain;
  name="bind9.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="bind9.patch"
 
 --- /etc/periodic/daily/470.status-named	Fri Nov  5 03:27:17 2004
 +++ 470.status-named.NEW	Tue Jun  7 15:30:10 2005
 @@ -30,10 +30,8 @@
  	echo 'Checking for denied zone transfers (AXFR and IXFR):'
  
  	start=`date -v-1d '+%b %e'`
 -	rc=$(catmsgs |
 -	    fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \
 -	    sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/'
 -	    sort -f | uniq -ic | (
 +	rc=$(catmsgs | fgrep -E ".*named\[[[:digit:]]+\]: client [[[:digit:]]+\." | sed -e "s/\#[[:digit:]]*:.*zone.transfer.[']*/ /g" \
 +      -e "s/request: \'//g"  -e "s/\/[AXFR|IN].*$//g" |  awk '{print $8 " from " $7 }' | \ sort -f | uniq -ic | (
  		usedns=0
  		if [ X"${daily_status_named_usedns}" != X"" ]; then
  			case $daily_status_named_usedns in
 
 --------------080103050906090104030004--
 
Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Sat Sep 24 20:04:57 GMT 2005 
Responsible-Changed-Why:  

I look after BIND bits 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74228 

From: Barry Irwin <b.irwin@ru.ac.za>
To: bug-followup@FreeBSD.org,  freebsd@jdc.parodius.com
Cc:  
Subject: Re: conf/74228: periodic 470.status-named doesn't work with BIND
 9
Date: Mon, 24 Oct 2005 16:24:35 +0200

 This is a multi-part message in MIME format.
 --------------040905020605020207000900
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 After some further tweaking, I've removed out the need for awk , and
 reduced it to a single sed statement, this is the same as the original.
 - --
 - --
 Barry Irwin (CISSP)
 Senior Lecturer	                Tel:+27 466038626 Fax:+27 466361915
 Department of Computer Science  http://www.cs.ru.ac.za 		
 Rhodes University, Grahamstown, South Africa  	
 Email: b.irwin @ ru.ac.za       Web: http://lair.moria.org/
 PGP-ID: 0x76444AF6
 PGP: CED6 2DCF A0CC 71D4 B2B8  0E14 9409 928C 7644 4AF6
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (MingW32)
 
 iD8DBQFDXO6elAmSjHZESvYRAptVAJ9rvFonK5Xq7ABEspvztt0S5cub0ACfUCUP
 +TD5Uy7DQNJOcuSxdUOJE9M=
 =n0ow
 -----END PGP SIGNATURE-----
 
 --------------040905020605020207000900
 Content-Type: text/plain;
  name="bind9.patch-v2.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="bind9.patch-v2.txt"
 
 --- /etc/periodic/daily/470.status-named        Fri Nov  5 03:27:17 2004
 +++ 470.status-named-nice       Mon Oct 24 16:18:37 2005
 @@ -1,7 +1,6 @@
  #!/bin/sh
  #
 -# $FreeBSD: src/etc/periodic/daily/470.status-named,v 1.6 2003/11/07 21:55:35 ru Exp $
 -#
 +# $FreeBSD: src/etc/periodic/daily/470.status-named,v 1.6-MODIFIED 2003/11/07 21:55:35 ru Exp $
 
  # If there is a global system configuration file, suck it in.
  #
 @@ -30,10 +29,10 @@
         echo 'Checking for denied zone transfers (AXFR and IXFR):'
 
         start=`date -v-1d '+%b %e'`
 -       rc=$(catmsgs |
 -           fgrep '^'"$start"'.*named\[[[:digit:]]\+\]: denied [AI]XFR from \[.*\]\.[[:digit:]]\+ for' | \
 -           sed -e 's/.*: denied [AI]XFR from \[\(.*\)\]\.[[:digit:]]* for "\(.*\)".*$/\2 from \1/'
 -           sort -f | uniq -ic | (
 +       rc=$(catmsgs |
 +               fgrep -E ".*named\[[[:digit:]]+\]: client [[[:digit:]]+\..*zone transfer.*denied$" |
 +               sed -e "s/.*client \(.*\)#[[:digit:]]*:.*\'\(.*\)\/AXFR.*denied$/\2 from \1/" |
 +               sort -f | uniq -ic | (
                 usedns=0
                 if [ X"${daily_status_named_usedns}" != X"" ]; then
                         case $daily_status_named_usedns in
 
 --------------040905020605020207000900--
State-Changed-From-To: open->patched 
State-Changed-By: dougb 
State-Changed-When: Tue Nov 22 22:23:54 GMT 2005 
State-Changed-Why:  

Thanks for bringing this to my attention. I've updated 
HEAD with a fix that is relevant for BIND 9.3.1. I will 
MFC that fix once it's had a chance to settle. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74228 
State-Changed-From-To: patched->closed 
State-Changed-By: dougb 
State-Changed-When: Sun Nov 27 00:46:10 GMT 2005 
State-Changed-Why:  

The fix has now been MFC'ed to RELENG_[56]. It's not 
appropriate for RELENG_4, since BIND 8 is still used 
in the base there. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74228 
>Unformatted:
