Description of problem: msec, I believe, is changing /etc/host.conf to insert the antispoofing lines every hour . Unfotunately the latest glibc (I believe) regards this as an error and put out an error message everytime you use dns. (eg ping, ssh,....) /etc/host.conf: line 3: bad command `nospoof on' /etc/host.conf: line 4: bad command `spoofalert on') From the man page for host.conf, Since glibc 2.0.7, the following keywords and environment variable have been recognized but never implemented: The entries include nospoof, spoolalter, and spoof However glibc-2.29-19.mga7 seems to have introduced these as an error and reports it. Thus every command that uses the resolver gives those idiotic error messages in the logs and on the console. I have the standard msec error level. Version-Release number of selected component (if applicable): How reproducible: Alway. Every hour /etc/host.conf is replaced with one with the bad lines. Steps to Reproduce: do ping to anywhere, and see the errors 1. 2. 3.
glibc-2.29/resolv/res_hconf.c ... static const struct cmd { const char name[11]; uint8_t cb; unsigned int arg; } cmd[] = { {"order", CB_none, 0}, {"trim", CB_arg_trimdomain_list, 0}, {"multi", CB_arg_bool, HCONF_FLAG_MULTI}, {"reorder", CB_arg_bool, HCONF_FLAG_REORDER} }; Note no "spoof" command. See also static void parse_line (const char *fname, int line_num, const char *str)
Thank you for pointing this out. It would be nice to confirm: > msec, I believe, is changing /etc/host.conf to insert the antispoofing lines for example by cleaning the file of the offending lines, awaiting a pass of msec, then showing the altered file. Certainly there is no justification for having at all the keywords: nospoof spoofalert spoof because as you point out, "Since glibc 2.0.7, the following keywords ... have been recognized but never implemented". And are no longer even recognised. msec has no registered nor evident maintainer, so assigning this globally; CC'ing Raphael who did past commits for it.
Assignee: bugsquad => pkg-bugsCC: (none) => lewyssmith, mageiaSource RPM: msec-2.7-1.mga7 => msec-2.7-1.mga7.src.rpm
Are you sure this is being done by mcc? On my Mageia 7 x86-64 system, just after cron.hourly ran ... [root@x7 ~]# cat /etc/host.conf order hosts,bind multi on [root@x7 ~]# grep -r nospoof /usr/share /usr/share/zsh/5.7.1/functions/Completion/Solaris/_dladm: 'protection:value:(mac-nospoof ip-nospoof dhcp-nospoof restricted)' /usr/share/vim/syntax/hostconf.vim: \ nospoof msec is installed, and ran it's hourly checks.
CC: (none) => davidwhodgins
Hi, Is your system a fresh install ? Upgraded from which version ? Can you provide the content of at least : /etc/host.conf /etc/security/msec/security.conf Can you provide too the content of the : /etc/security/msec/$BASE_LEVEL And all modified files in /etc returned by : $ rpm -V msec Can you provide the result of : $ rpm -qa | sort | uniq To find which files are modified on your system : # rpm -Va On my server a mageia 7 x86_64 too system, I have : $ cat /etc/host.conf order hosts,bind multi on My /etc/security/msec/security.conf content : BASE_LEVEL=webserver I have : $ rpm -q glibc msec systemd glibc-2.29-19.mga7 msec-2.7-1.mga7 systemd-241-8.5.mga7 Don't see a problem with my msec.hourly or anything in my case... Best regards
Yes, it is definitely being done by msec. It is the "SPOOF" entries in /etc/security/msec/level* entries: ENABLE_DNS_SPOOFING_PROTECTION= and ENABLE_IP_SPOOFING_PROTECTION=. which is implemented in /usr/share/msec/network.py >grep hostconf /usr/share/msec/plugins * network.py: hostconf = self.configfiles.get_config_file(HOSTCONF) network.py: val = hostconf.get_match('nospoof\s+on') network.py: hostconf.replace_line_matching('nospoof', 'nospoof on', 1) network.py: hostconf.replace_line_matching('spoofalert', 'spoofalert on', (alert != 0)) network.py: hostconf.remove_line_matching('nospoof') network.py: hostconf.remove_line_matching('spoofalert') Just as examples.
(In reply to Raphael Gertz from comment #4) > My /etc/security/msec/security.conf content : > BASE_LEVEL=webserver webserver level has the SPOOF items turned off. standard, secure, as examples have them turned on. But these SPOOF items do not belong there at all since those items in host.conf were never implemented in glibc anyway, and now they give error messages.
@Dave Would you like to cross-check comment 6? @Raphael Thanks for your intervention.
(In reply to w unruh from comment #5) > Yes, it is definitely being done by msec. It is the "SPOOF" entries in > /etc/security/msec/level* entries: ENABLE_DNS_SPOOFING_PROTECTION= > and ENABLE_IP_SPOOFING_PROTECTION=. > > which is implemented in /usr/share/msec/network.py > > >grep hostconf /usr/share/msec/plugins * > network.py: hostconf = self.configfiles.get_config_file(HOSTCONF) # grep -iIr hostconf /usr/share/msec /usr/share/msec/plugins/msec.py:HOSTCONF = '/etc/host.conf' /usr/share/msec/plugins/network.py:HOSTCONF = '/etc/host.conf' # rpm -q -f /usr/share/msec/plugins/network.py msec-2.7-1.mga7 What is the output of "rpm -q msec"?
info:14.0[unruh]>rpm -q msec msec-2.7-1.mga7 Given your grep output, I have reinstalled msec, just in case I replaced the files with the ones from Mga5. I do not remember doing so. Now I do not find that hostconf lines after reinstallation. Sorry, this might have been a wild goose chase after all.
Closing the bug
Status: NEW => RESOLVEDResolution: (none) => INVALID