LF_BIND doesn't seem to work

Post Reply
rectifier
Junior Member
Posts: 5
Joined: 09 Dec 2014, 21:10

LF_BIND doesn't seem to work

Post by rectifier »

I can't seem to get LF_BIND to work at all. CENTOS 5.11, BIND 9.9.5.

RESTRICT_SYSLOG = "2"
...
LF_BIND = "100"
LF_BIND_PERM = "1"
...
BIND_LOG = "/var/log/messages"

I'm getting thousands of lines in /var/log/messages like this:

Code: Select all

Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#39122 (*****.com): view external: query (cache) '*****.com/A/IN' denied
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#39122 (*****.com): view external: rate limit drop REFUSED error response to 185.49.69.0/24
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#4078 (*****.com): view external: query (cache) '*****.com/A/IN' denied
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#4078 (*****.com): view external: rate limit slip REFUSED error response to 185.49.69.0/24
Dec 10 07:04:40 myserver named[28324]: client 185.49.69.255#61209 (*****.com): view external: query (cache) '*****.com/A/IN' denied
Looking at the regex, it doesn't seem to be matching the domain name in brackets after the ip:port. Is there something I can change myself to make this work?
Last edited by rectifier on 12 Dec 2014, 21:15, edited 1 time in total.
Top
rectifier
Junior Member
Posts: 5
Joined: 09 Dec 2014, 21:10

Re: LF_BIND doesn't seem to work

Post by rectifier »

Actually got this to work with the custom regex:

Code: Select all

#BIND
        if (($config{LF_BIND}) and ($globlogs{BIND_LOG}{$lgfile}) and ($line =~ /^(\S+|\S+\s+\d+\s+\S+) \S+ named\[\d+\]: client (\S+)\#\d+\s\(\S+\)\:( view external\:)? (update|zone transfer|query \(cache\)) \'.*\' denied$/)) {
        $ip = $2; $acc = ""; $ip =~ s/^::ffff://;
                if (checkip($ip)) {return ("bind triggered by","$ip|$acc","bind")} else {return}
        }
Don't know if that's generic enough, but it works for me.
Top
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: LF_BIND doesn't seem to work

Post by ForumAdmin »

This has been added in csf v7.57:
http://blog.configserver.com/
Top
rectifier
Junior Member
Posts: 5
Joined: 09 Dec 2014, 21:10

Re: LF_BIND doesn't seem to work

Post by rectifier »

Excellent, thank you!
Top
Post Reply

Return to “Suggestions (csf)”