named_refused: moved fix for proper config+filters from dpatch

debian-releases/squeeze
Yaroslav Halchenko 2008-02-08 00:38:02 -05:00
parent bce05a1285
commit a9ee3c0b47
2 changed files with 9 additions and 12 deletions

View File

@ -9,10 +9,8 @@
[Definition]
# if you want to catch only login erros from specific daemons, use smth like
#_named_rcodes=(?:REFUSED|SERVFAIL)
# To catch all REFUSED queries only
_named_rcodes=REFUSED
#
# Daemon name
_daemon=named
#
@ -28,7 +26,6 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT
#
failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
%(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$

View File

@ -170,13 +170,13 @@ ignoreip = 168.192.0.1
# with bind9 installation. You will need something like this:
#
# logging {
# channel lame-servers_file {
# file "/var/log/named/lame-servers.log" versions 3 size 30m;
# channel security_file {
# file "/var/log/named/security.log" versions 3 size 30m;
# severity dynamic;
# print-time yes;
# };
# category lame-servers {
# lame-servers_file;
# category security {
# security_file;
# };
# }
#
@ -189,7 +189,7 @@ enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
sendmail-whois[name=Named, dest=you@mail.com]
logpath = /var/log/named/lame-servers.log
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1
# This jail blocks TCP traffic for DNS requests.
@ -200,6 +200,6 @@ enabled = false
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you@mail.com]
logpath = /var/log/named/lame-servers.log
logpath = /var/log/named/security.log
ignoreip = 168.192.0.1