ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

LF_BIND doesn't seem to work

https://mail.forum.configserver.com/viewtopic.php?t=8300

Page 1 of 1

LF_BIND doesn't seem to work

Posted: 09 Dec 2014, 21:25
by rectifier
I can't seem to get LF_BIND to work at all. CENTOS 5.11, BIND 9.9.5.

RESTRICT_SYSLOG = "2"
...
LF_BIND = "100"
LF_BIND_PERM = "1"
...
BIND_LOG = "/var/log/messages"

I'm getting thousands of lines in /var/log/messages like this:

Code: Select all

Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#39122 (*****.com): view external: query (cache) '*****.com/A/IN' denied
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#39122 (*****.com): view external: rate limit drop REFUSED error response to 185.49.69.0/24
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#4078 (*****.com): view external: query (cache) '*****.com/A/IN' denied
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#4078 (*****.com): view external: rate limit slip REFUSED error response to 185.49.69.0/24
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#61209 (*****.com): view external: query (cache) '*****.com/A/IN' denied
Looking at the regex, it doesn't seem to be matching the domain name in brackets after the ip:port. Is there something I can change myself to make this work?

Re: LF_BIND doesn't seem to work

Posted: 09 Dec 2014, 21:49
by rectifier
Actually got this to work with the custom regex:

Code: Select all

#BIND
        if (($config{LF_BIND}) and ($globlogs{BIND_LOG}{$lgfile}) and ($line =~ /^(\S+|\S+\s+\d+\s+\S+) \S+ named\[\d+\]: client (\S+)\#\d+\s\(\S+\)\:( view external\:)? (update|zone transfer|query \(cache\)) \'.*\' denied$/)) {
        $ip = $2; $acc = ""; $ip =~ s/^::ffff://;
                if (checkip($ip)) {return ("bind triggered by","$ip|$acc","bind")} else {return}
        }
Don't know if that's generic enough, but it works for me.

Re: LF_BIND doesn't seem to work

Posted: 01 Jan 2015, 09:38
by ForumAdmin
This has been added in csf v7.57:
http://blog.configserver.com/

Re: LF_BIND doesn't seem to work

Posted: 01 Jan 2015, 23:52
by rectifier
Excellent, thank you!
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited