Merge lp:~sbeattie/ubuntu/natty/logwatch/logwatch-fixups into lp:ubuntu/natty/logwatch
- Natty (11.04)
- logwatch-fixups
- Merge into natty
Proposed by
Steve Beattie
Status: | Merged |
---|---|
Merged at revision: | 15 |
Proposed branch: | lp:~sbeattie/ubuntu/natty/logwatch/logwatch-fixups |
Merge into: | lp:ubuntu/natty/logwatch |
Diff against target: |
437 lines (+174/-30) 5 files modified
debian/changelog (+17/-0) debian/dist.conf/services/cron.conf (+1/-1) logwatch.8 (+2/-3) scripts/logwatch.pl (+12/-4) scripts/services/named (+142/-22) |
To merge this branch: | bzr merge lp:~sbeattie/ubuntu/natty/logwatch/logwatch-fixups |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Martin Pitt | Approve | ||
Review via email: mp+51817@code.launchpad.net |
Commit message
Description of the change
Security update for CVE-2011-1018 (submitted to debian, debian bug 615995), fixes for bug 719898, bug 584229, and bug 564796.
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'debian/changelog' |
2 | --- debian/changelog 2010-09-06 14:57:14 +0000 |
3 | +++ debian/changelog 2011-03-01 21:01:38 +0000 |
4 | @@ -1,3 +1,20 @@ |
5 | +logwatch (7.3.6.cvs20090906-1ubuntu4) natty; urgency=low |
6 | + |
7 | + * SECURITY UPDATE: privileged code execution via badly named logfiles |
8 | + - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile |
9 | + names don't contain '. |
10 | + - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 |
11 | + - CVE-2011-1018 |
12 | + * debian/dist.conf/services/cron.conf: adjust to capture cron entries, |
13 | + thanks to Oliver Brakmann (LP: #719898) |
14 | + * scripts/services/named: update to upstream version to correctly |
15 | + capture more information (LP: #584229) |
16 | + - http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/services/named?revision=19 |
17 | + * logwatch.8: replace examples containing obsolete --print argument |
18 | + with --output=stdout (LP: #564796) |
19 | + |
20 | + -- Steve Beattie <sbeattie@ubuntu.com> Tue, 01 Mar 2011 12:00:08 -0800 |
21 | + |
22 | logwatch (7.3.6.cvs20090906-1ubuntu3) maverick; urgency=low |
23 | |
24 | * conf/logfiles/*, debian/dist.conf/logfiles/*: |
25 | |
26 | === modified file 'debian/dist.conf/services/cron.conf' |
27 | --- debian/dist.conf/services/cron.conf 2005-11-19 16:39:24 +0000 |
28 | +++ debian/dist.conf/services/cron.conf 2011-03-01 21:01:38 +0000 |
29 | @@ -1,3 +1,3 @@ |
30 | LogFile = syslog |
31 | -*OnlyService = (CROND|\/USR\/SBIN\/CRON|\/usr\/sbin\/cron) |
32 | +*OnlyService = (CRON|cron|CROND|\/USR\/SBIN\/CRON|\/usr\/sbin\/cron) |
33 | |
34 | |
35 | === modified file 'logwatch.8' |
36 | --- logwatch.8 2009-10-05 09:20:31 +0000 |
37 | +++ logwatch.8 2011-03-01 21:01:38 +0000 |
38 | @@ -66,7 +66,6 @@ |
39 | .IP "\fB--mailto\fR address" |
40 | Mail the results to the email address or user specified in |
41 | .I address. |
42 | -This option overrides the \-\-print option. |
43 | .IP "\fB--range\fR range" |
44 | You can specify a date-range to process. Common ranges are |
45 | .I Yesterday, Today, All, |
46 | @@ -121,12 +120,12 @@ |
47 | information. |
48 | .RE |
49 | .SH EXAMPLES |
50 | -.B logwatch --service ftpd-xferlog --range all --detail high --print --archives |
51 | +.B logwatch --service ftpd-xferlog --range all --detail high --output=stdout --archives |
52 | .RS |
53 | This will print out all FTP transfers that are stored in all current and archived |
54 | xferlogs. |
55 | .RE |
56 | -.B logwatch --service pam_pwdb --range yesterday --detail high --print |
57 | +.B logwatch --service pam_pwdb --range yesterday --detail high --output=stdout |
58 | .RS |
59 | This will print out login information for the previous day... |
60 | .RE |
61 | |
62 | === modified file 'scripts/logwatch.pl' |
63 | --- scripts/logwatch.pl 2009-10-05 09:20:31 +0000 |
64 | +++ scripts/logwatch.pl 2011-03-01 21:01:38 +0000 |
65 | @@ -738,6 +738,10 @@ |
66 | my $DestFile = $TempDir . $LogFile . "-archive"; |
67 | my $Archive; |
68 | foreach $Archive (@{$LogFileData{$LogFile}{'archives'}}) { |
69 | + if ($Archive =~ /'/) { |
70 | + print "File $Archive has invalid embedded quotes. File ignored.\n"; |
71 | + next; |
72 | + } |
73 | my $CheckTime; |
74 | # We need to find out what's the earliest log we need |
75 | my @time_t = TimeBuild(); |
76 | @@ -765,15 +769,15 @@ |
77 | my @FileStat = stat($Archive); |
78 | if ($CheckTime <= ($FileStat[9])) { |
79 | if (($Archive =~ m/gz$/) && (-f "$Archive") && (-s "$Archive")) { |
80 | - my $arguments = "$Archive >> $DestFile"; |
81 | + my $arguments = "'${Archive}' >> $DestFile"; |
82 | system("$Config{'pathtozcat'} $arguments") == 0 |
83 | or die "system '$Config{'pathtozcat'} $arguments' failed: $?" |
84 | } elsif (($Archive =~ m/bz2$/) && (-f "$Archive") && (-s "$Archive")) { |
85 | - my $arguments = "$Archive 2>/dev/null >> $DestFile"; |
86 | + my $arguments = "'${Archive}' 2>/dev/null >> $DestFile"; |
87 | system("$Config{'pathtobzcat'} $arguments") == 0 |
88 | or die "system '$Config{'pathtobzcat'} $arguments' failed: $?" |
89 | } elsif ((-f "$Archive") && (-s "$Archive")) { |
90 | - my $arguments = "$Archive >> $DestFile"; |
91 | + my $arguments = "'${Archive}' >> $DestFile"; |
92 | system("$Config{'pathtocat'} $arguments") == 0 |
93 | or die "system '$Config{'pathtocat'} $arguments' failed: $?" |
94 | } #End if/elsif existence |
95 | @@ -785,6 +789,10 @@ |
96 | foreach my $ThisFile (@FileList) { |
97 | #Existence check for files -mgt |
98 | next unless (-f $ThisFile); |
99 | + if ($ThisFile =~ /'/) { |
100 | + print "File $ThisFile has invalid embedded quotes. File ignored.\n"; |
101 | + next; |
102 | + } |
103 | if (! -r $ThisFile) { |
104 | print "File $ThisFile is not readable. Check permissions."; |
105 | if ($> != 0) { |
106 | @@ -794,7 +802,7 @@ |
107 | next; |
108 | } |
109 | #FIXME - We have a bug report for filenames with spaces, can be caught here needs test -mgt |
110 | - $FileText .= ($ThisFile . " "); |
111 | + $FileText .= ("'" . $ThisFile . "' "); |
112 | } #End foreach ThisFile |
113 | |
114 | # remove the ENV entries set by previous service |
115 | |
116 | === modified file 'scripts/services/named' |
117 | --- scripts/services/named 2009-10-05 09:20:31 +0000 |
118 | +++ scripts/services/named 2011-03-01 21:01:38 +0000 |
119 | @@ -1,7 +1,22 @@ |
120 | ########################################################################## |
121 | -# $Id: named,v 1.58 2009/06/02 14:55:45 mike Exp $ |
122 | +# $Id: named,v 1.62 2011/01/06 22:53:00 stefan Exp $ |
123 | ########################################################################## |
124 | # $Log: named,v $ |
125 | +# Revision 1.62 2011/01/06 22:53:00 stefan |
126 | +# add: deferred zone transfers |
127 | +# fix: TTL differs in rdataset |
128 | +# |
129 | +# Revision 1.61 2010/09/18 17:35:00 stefan |
130 | +# add: bad zone transfer request |
131 | +# |
132 | +# Revision 1.60 2010/05/10 00:25:00 stefan |
133 | +# fix: clients-per-query, |
134 | +# add: more lines to ignore, refused notify, client query denied, retry |
135 | +# limit exceeded, too many open file, no SOA, checkhints |
136 | +# |
137 | +# Revision 1.59.1 2010/05/04 22:25:00 stefan |
138 | +# More refresh: and RCODE handling |
139 | +# |
140 | # Revision 1.58 2009/06/02 14:55:45 mike |
141 | # Fedora patch from Ivan Varekova -mgt |
142 | # |
143 | @@ -110,7 +125,7 @@ |
144 | ## Logwatch project reserves the right to not accept such |
145 | ## contributions. If you have made significant |
146 | ## contributions to this script and want to claim |
147 | -## copyright please contact logwatch-devel@logwatch.org. |
148 | +## copyright please contact logwatch-devel@lists.sourceforge.net. |
149 | ######################################################### |
150 | |
151 | use Logwatch ':ip'; |
152 | @@ -199,11 +214,11 @@ |
153 | ($ThisLine =~ /binding TCP socket: address in use/) or |
154 | ($ThisLine =~ /dbus_mgr initialization failed. D-BUS service is disabled./) or |
155 | ($ThisLine =~ /dbus_svc_add_filter failed/) or |
156 | - ($ThisLine =~ /isc_log_open 'named.run' failed: permission denied/) or |
157 | - ($ThisLine =~ /weak RSASHA1 \(5\) key found \(exponent=3\)/) or |
158 | - ($ThisLine =~ /Bad file descriptor/) or |
159 | + ($ThisLine =~ /isc_log_open 'named.run' failed: permission denied/) or |
160 | + ($ThisLine =~ /weak RSASHA1 \(5\) key found \(exponent=3\)/) or |
161 | + ($ThisLine =~ /Bad file descriptor/) or |
162 | ($ThisLine =~ /open: .*: file not found/) or |
163 | - ($ThisLine =~ /queries: client [0-9.#:]* view localhost_resolver: query: .* IN .*/) or |
164 | + ($ThisLine =~ /queries: client [\.0-9a-fA-F#:]* view localhost_resolver: query: .* IN .*/) or |
165 | ($ThisLine =~ /zone .*: NS '.*' is a CNAME \(illegal\)/) or |
166 | ($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or |
167 | ($ThisLine =~ /zone .*: loading from master file .* failed/) or |
168 | @@ -212,8 +227,30 @@ |
169 | ($ThisLine =~ /.*: unexpected end of input/) or |
170 | ($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or |
171 | ($ThisLine =~ /too many timeouts resolving '.*' .*: reducing the advertised EDNS UDP packet size to .* octets/) or |
172 | - ($ThisLine =~ /reloading zones succeeded/) |
173 | - # too many timeouts resolving 'ns-ext.nrt1.isc.org/AAAA' (in '.'?): disabling EDNS: 3 Time(s) |
174 | + ($ThisLine =~ /reloading zones succeeded/) or |
175 | + ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or |
176 | + ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or |
177 | + ($ThisLine =~ /the working directory is not writable/) or |
178 | + ($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9]*, [0-9]*\]/) or |
179 | + ($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or |
180 | + ($ThisLine =~ /using up to [0-9]* sockets/) or |
181 | + ($ThisLine =~ /built with/) or |
182 | + ($ThisLine =~ /TTL differs in rdataset, adjusting [0-9]* -> [0-9]*/) or |
183 | + ($ThisLine =~ /max open files \([0-9]*\) is smaller than max sockets \([0-9]*\)/) or |
184 | + ($ThisLine =~ /clients-per-query (?:de|in)creased to .*/) or |
185 | + ($ThisLine =~ /^must-be-secure resolving '.*': .*/) or |
186 | + ($ThisLine =~ /^(error \()?no valid (DS|KEY|RRSIG)\)? resolving '.*': .*/) or |
187 | + ($ThisLine =~ /^not insecure resolving '.*': .*/) or |
188 | + ($ThisLine =~ /^validating \@0x[[:xdigit:]]+: .* DS: must be secure failure/) or |
189 | + ($ThisLine =~ /^(error \()?broken trust chain\)? resolving '.*': .*/) or |
190 | + ($ThisLine =~ /journal file [^ ]* does not exist, creating it/) or |
191 | + ($ThisLine =~ /serial number \(\d+\) received from master/) or |
192 | + ($ThisLine =~ /zone is up to date/) or |
193 | + ($ThisLine =~ /refresh in progress, refresh check queued/) or |
194 | + ($ThisLine =~ /refresh: NODATA response from master/) or |
195 | + ($ThisLine =~ /update with no effect/) or |
196 | + # ignore this line because the following line describes the error |
197 | + ($ThisLine =~ /unexpected error/) |
198 | ) { |
199 | # Don't care about these... |
200 | } elsif ( |
201 | @@ -234,6 +271,8 @@ |
202 | $ShutdownNamedFail++; |
203 | } elsif ( ($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: zone transfer '(.+)' denied/ ) ) { |
204 | $DeniedZoneTransfers{$Host}{$Zone}++; |
205 | + } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) { |
206 | + $DeferredZoneTransfers{$Zone}++; |
207 | } elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" loaded/ ) ) { |
208 | $ZoneLoaded{"cache $Zone"}++; |
209 | } elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" .* loaded/ ) ) { |
210 | @@ -260,6 +299,11 @@ |
211 | $ZoneReceivedNotify{$Zone}++; |
212 | } elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) { |
213 | $ZoneReceivedNotify{$Zone}++; |
214 | + } elsif ( ($Zone) = ( $ThisLine =~ /zone (.+)\/IN: refused notify from non-master/ ) ) { |
215 | + $ZoneRefusedNotify{$Zone}++; |
216 | +# } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\d\.a-fA-F:]+) bad zone transfer request: '(.+)': (.+)$/ ) ) { |
217 | + } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: bad zone transfer request: '(.+)\/IN': (.+)/ ) ) { |
218 | + $BadZone{$Reason}{"$Rhost ($Ldom)"}++; |
219 | } elsif ( ($Host) = ( $ThisLine =~ /([^ ]+) has CNAME and other data \(invalid\)/ ) ) { |
220 | push @CNAMEAndOther, $Host; |
221 | } elsif ( ($File,$Line,$Entry,$Error) = ( $ThisLine =~ /dns_master_load: ([^:]+):(\d+): ([^ ]+): (.+)$/ ) ) { |
222 | @@ -280,7 +324,10 @@ |
223 | } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query \(cache\) denied/ ) ) { |
224 | $FullClient = LookupIP ($Client); |
225 | $DeniedQuery{$FullClient}++; |
226 | - } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+:(?: view ([^ ]+):)? update '(.*)' denied/)) { |
227 | + } elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query '.*\/IN' denied/ ) ) { |
228 | + $FullClient = LookupIP ($Client); |
229 | + $DeniedQueryNoCache{$FullClient}++; |
230 | + } elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+:(?: view ([^ ]+):)? update '(.*)' denied/)) { |
231 | $ViewName = ($ViewName ? "/$ViewName" : ""); |
232 | $UpdateDenied{"$Rhost ($Ldom$ViewName)"}++; |
233 | } elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+: update forwarding '(.*)' denied/)) { |
234 | @@ -297,9 +344,12 @@ |
235 | $MasterFailure{"$Zone from $Host"}{$Reason}++; |
236 | } elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: non-authoritative answer from master/)) { |
237 | $NonAuthoritative{$Zone}++; |
238 | - } elsif ( ($ThisLine =~ /unexpected RCODE \((.*)\) resolving/) ){ |
239 | + } elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: retry limit for master \S+ exceeded/) ) { |
240 | + $RetryLimit{$Zone}++; |
241 | + } elsif ( ($ThisLine =~ /(?:error \()?unexpected RCODE\)? \(?(.*?)\)? resolving/) ){ |
242 | $UnexpRCODE{$1}++; |
243 | - } elsif ( ($ThisLine =~ /FORMERR resolving '[^ ]+: [0-9.#]+/) ) { |
244 | + } elsif ( ($ThisLine =~ /(?:error \()?FORMERR\)? resolving '[^ ]+: [.0-9a-fA-F:#]+/) or |
245 | + ($ThisLine =~ /DNS format error from [^ ]+ resolving [^ ]+( for client [^ ]+)?: .*/) ) { |
246 | chomp($ThisLine); |
247 | $FormErr{$ThisLine}++; |
248 | } elsif ( ($ThisLine =~ /found [0-9]* CPU(s)?, using [0-9]* worker thread(s)?/) ) { |
249 | @@ -314,7 +364,10 @@ |
250 | (($ErrorText) = ($ThisLine =~ /^(.* REQUIRE.* failed.*)$/)) or |
251 | (($ErrorText) = ($ThisLine =~ /(.*: fatal error)/)) ) { |
252 | $NError{$ErrorText}++; |
253 | - } elsif ( ($From,$Log) = ($ThisLine =~ /invalid command from ([.0-9]*)#[0-9]*: (.*)/) ) { |
254 | + } elsif ( (($ErrorText) = ($ThisLine =~ /^(internal_accept: fcntl\(\) failed: Too many open files)/)) or |
255 | + (($ErrorText) = ($ThisLine =~ /^(socket: too many open file descriptors)/)) ) { |
256 | + $ErrOpenFiles{$ErrorText}++; |
257 | + } elsif ( ($From,$Log) = ($ThisLine =~ /invalid command from ([\.0-9a-fA-F:]*)#[0-9]*: (.*)/) ) { |
258 | $CCMessages{"$From,$Log"}++; |
259 | } elsif ( (($Log) = ($ThisLine =~ /(freezing .*zone.*)/)) or |
260 | (($Log) = ($ThisLine =~ /(thawing .*zone.*)/)) ) { |
261 | @@ -323,14 +376,18 @@ |
262 | $UnknownCCCommands{$CCC}++; |
263 | } elsif (($CCC) = ($ThisLine =~ /received control channel command '(.*)'/)) { |
264 | $CCCommands{$CCC}++; |
265 | - } elsif (($Name,$Address) = ($ThisLine =~ /network unreachable resolving '(.*)': (.*)/)) { |
266 | + } elsif (($Name,$Address) = ($ThisLine =~ /(?:error \()?network unreachable\)? resolving '(.*)': (.*)/)) { |
267 | $NUR{$Name}{$Address}++; |
268 | - } elsif (($Name,$Address) = ($ThisLine =~ /host unreachable resolving '(.*)': (.*)/)) { |
269 | + } elsif (($Name,$Address) = ($ThisLine =~ /(?:error \()?host unreachable\)? resolving '(.*)': (.*)/)) { |
270 | $HUR{$Name}{$Address}++; |
271 | + } elsif (($Client) = ($ThisLine =~ /client ([\da-fA-F.:]+)(?:#\d*:)? notify question section contains no SOA/)) { |
272 | + $NoSOA{$Client}++; |
273 | + } elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) { |
274 | + $Hints{$Hint}++; |
275 | } else { |
276 | # Report any unmatched entries... |
277 | # remove PID from named messages |
278 | - $ThisLine =~ s/(client [.0-9]+)\S+/$1/; |
279 | + $ThisLine =~ s/(client [\.0-9a-fA-F:]+)\S+/$1/; |
280 | chomp($ThisLine); |
281 | $OtherList{$ThisLine}++; |
282 | } |
283 | @@ -368,6 +425,13 @@ |
284 | } |
285 | } |
286 | |
287 | +if ( ( $Detail >= 5 ) and (keys %ZoneRefusedNotify) ) { |
288 | + print "\nZones refused notify:\n"; |
289 | + foreach $ThisOne (sort {$a cmp $b} keys %ZoneRefusedNotify) { |
290 | + print " $ThisOne: $ZoneRefusedNotify{$ThisOne} Time(s)\n"; |
291 | + } |
292 | +} |
293 | + |
294 | if ( ($Detail >= 5) and (keys %ChannelAddFail) ) { |
295 | print "\nCan't add command channel:\n"; |
296 | foreach $Channel (sort {$a cmp $b} keys %ChannelAddFail) { |
297 | @@ -383,7 +447,7 @@ |
298 | foreach $Zone (sort {$a cmp $b} keys %MasterFailure) { |
299 | print " $Zone:\n"; |
300 | foreach $Reason (sort {$a cmp $b} keys %{$MasterFailure{$Zone}}) { |
301 | - print " $Reason: $MasterFailure{$Zone}{$Reason}++ Time(s)\n"; |
302 | + print " $Reason: $MasterFailure{$Zone}{$Reason} Time(s)\n"; |
303 | } |
304 | } |
305 | } |
306 | @@ -395,7 +459,13 @@ |
307 | foreach my $Zone (keys %{$DeniedZoneTransfers{$Host}}) { |
308 | print " $Zone: $DeniedZoneTransfers{$Host}{$Zone} Time(s)\n"; |
309 | } |
310 | - print "\n"; |
311 | + } |
312 | +} |
313 | + |
314 | +if ( ( $Detail >= 5 ) and (keys %DeferredZoneTransfers) ) { |
315 | + print "\nDeferred Zone Transfers:\n"; |
316 | + foreach my $Zone (keys %DeferredZoneTransfers) { |
317 | + print " $Zone: $DeferredZoneTransfers{$Zone} Time(s)\n"; |
318 | } |
319 | } |
320 | |
321 | @@ -416,6 +486,16 @@ |
322 | } |
323 | } |
324 | |
325 | +if ( ( $Detail >= 10 ) and (keys %BadZone) ) { |
326 | + print "\nBad Zone Transfer Request:\n"; |
327 | + foreach $Reason (keys %BadZone) { |
328 | + print " Reason: $Reason\n"; |
329 | + foreach $ThisOne (sort {$a cmp $b} (keys %{$BadZone{$Reason}}) ) { |
330 | + print " $ThisOne: $BadZone{$Reason}{$ThisOne} Time(s)\n"; |
331 | + } |
332 | + } |
333 | +} |
334 | + |
335 | if ( ( $Detail >= 5 ) and (keys %DeniedTCPClient) ) { |
336 | print "\nno more TCP clients warning:\n"; |
337 | foreach $ThisOne (keys %DeniedTCPClient) { |
338 | @@ -424,12 +504,19 @@ |
339 | } |
340 | |
341 | if ( ( $Detail >= 5 ) and (keys %DeniedQuery) ) { |
342 | - print "\nQueries (cache) that were denied:\n"; |
343 | + print "\nQueries (cached) that were denied:\n"; |
344 | foreach $ThisOne (keys %DeniedQuery) { |
345 | print " from $ThisOne: $DeniedQuery{$ThisOne} Time(s)\n"; |
346 | } |
347 | } |
348 | |
349 | +if ( ( $Detail >= 10 ) and (keys %DeniedQueryNoCache) ) { |
350 | + print "\nQueries (not cached) that were denied:\n"; |
351 | + foreach $ThisOne (sort {$a cmp $b} keys %DeniedQueryNoCache) { |
352 | + print " from $ThisOne: $DeniedQueryNoCache{$ThisOne} Time(s)\n"; |
353 | + } |
354 | +} |
355 | + |
356 | if ( ( $Detail >= 10 ) and (@CNAMEAndOther) ) { |
357 | print "\nThese hosts have CNAME and other data (invalid):\n"; |
358 | foreach $ThisOne (@CNAMEAndOther) { |
359 | @@ -461,13 +548,27 @@ |
360 | } |
361 | } |
362 | |
363 | +if ( ($Detail >= 10) and (keys %RetryLimit) ) { |
364 | + print "\nRetry limit exceeded for these zones:\n"; |
365 | + foreach $Zone (sort {$a cmp $b} keys %RetryLimit) { |
366 | + print " $Zone: $RetryLimit{$Zone} Time(s)\n"; |
367 | + } |
368 | +} |
369 | + |
370 | +if ( ($Detail >= 10) and (keys %NoSOA) ) { |
371 | + print "\nNotify question sections of these clients contained no SOA:\n"; |
372 | + foreach $Client (sort {$a cmp $b} keys %NoSOA) { |
373 | + print " $Client: $NoSOA{$Client} Time(s)\n"; |
374 | + } |
375 | +} |
376 | + |
377 | if ( ( $Detail >= 10 ) and (keys %NetworkUnreachable) ) { |
378 | print "\nNetwork is unreachable for:\n"; |
379 | foreach $ThisOne (sort {$a cmp $b} keys %NetworkUnreachable) { |
380 | print " $ThisOne:\n"; |
381 | foreach $Host (sort {$a cmp $b} keys %{$NetworkUnreachable{$ThisOne}}) { |
382 | print " $Host: $NetworkUnreachable{$ThisOne}{$Host} Time(s)\n"; |
383 | - } |
384 | + } |
385 | } |
386 | } |
387 | |
388 | @@ -497,7 +598,7 @@ |
389 | print " $ThisOne:\n"; |
390 | foreach $Message (sort {$a cmp $b} keys %{$ZoneUpdates{$ThisOne}}) { |
391 | print " $Message: $ZoneUpdates{$ThisOne}{$Message} Time(s)\n"; |
392 | - } |
393 | + } |
394 | } |
395 | } |
396 | |
397 | @@ -576,6 +677,14 @@ |
398 | } |
399 | } |
400 | |
401 | +if (keys %ErrOpenFiles) { |
402 | + print "\n The following seams to be caused by the patches for CVE-2008-1447."; |
403 | + print "\n Please update your bind.\n"; |
404 | + foreach $ThisOne (keys %ErrOpenFiles) { |
405 | + print " " . $ThisOne . ": " . $ErrOpenFiles{$ThisOne} . " Time(s)\n"; |
406 | + } |
407 | +} |
408 | + |
409 | if ((keys %CCMessages) or (keys %CCMessages2)){ |
410 | print "\n Messages from control channel\n"; |
411 | foreach (keys %CCMessages) { |
412 | @@ -594,7 +703,14 @@ |
413 | } |
414 | foreach $ThisOne (keys %UnknownCCCommands) { |
415 | print " " . $ThisOne . "(unknown command): " . $CCCommands{$ThisOne} . " Time(s)\n"; |
416 | - } |
417 | + } |
418 | +} |
419 | + |
420 | +if (keys %Hints) { |
421 | + print "\nCheckhints:\n"; |
422 | + foreach $ThisOne (sort {$a cmp $b} keys %Hints) { |
423 | + print " " .$ThisOne .": $Hints{$ThisOne} Time(s)\n"; |
424 | + } |
425 | } |
426 | |
427 | if (keys %OtherList) { |
428 | @@ -607,4 +723,8 @@ |
429 | exit(0); |
430 | |
431 | # vi: shiftwidth=3 tabstop=3 syntax=perl et |
432 | - |
433 | +# Local Variables: |
434 | +# mode: perl |
435 | +# perl-indent-level: 3 |
436 | +# indent-tabs-mode: nil |
437 | +# End: |
This looks fine, thanks!