diff --git a/ChangeLog b/ChangeLog index 08719d26..e1b815bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition - postfix backend switched to `systemd` (gh-3527) * `action.d/firewallcmd-ipset.conf`: - rename `ipsettype` to `ipsetbackend` (gh-2620), parameter `ipsettype` will be used now to the real set type (gh-3760) +* `action.d/xarf-login-attack.conf` - ignore errors or warnings in output of `dig` provided as comment (gh-4068) * `filter.d/apache-noscript.conf` - consider new log-format with "AH02811: stderr from /..." (gh-3900) * `filter.d/apache-overflows.conf` - consider AH10244: invalid URI path (gh-3778, gh-3900) * `filter.d/asterisk.conf` - fixed RE for "no matching endpoint" with retry info (like `after X tries in Y ms`) at end, diff --git a/config/action.d/xarf-login-attack.conf b/config/action.d/xarf-login-attack.conf index f348b2c4..00da7f79 100644 --- a/config/action.d/xarf-login-attack.conf +++ b/config/action.d/xarf-login-attack.conf @@ -44,7 +44,13 @@ actioncheck = actionban = oifs=${IFS}; RESOLVER_ADDR="%(addr_resolver)s" if [ "" -gt 0 ]; then echo "try to resolve $RESOLVER_ADDR"; fi - ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | tr -d '"') + ADDRESSES=$(dig +short -t txt -q $RESOLVER_ADDR | grep -v ';;' | tr -d '"') + if [ "" -gt 0 ]; then echo "returned address $ADDRESSES"; fi + if [ -z "$ADDRESSES" ]; then + echo "address for $RESOLVER_ADDR cannot be found or timeout from dig"; + if [ "" -gt 0 ]; then exit 1; fi + exit 0 + fi IFS=,; ADDRESSES=$(echo $ADDRESSES) IFS=${oifs} IP= @@ -55,13 +61,11 @@ actionban = oifs=${IFS}; TLP= PORT= DATE=`LC_ALL=C date --date=@