Comments (9)
So that file seemed to exist?
from hardening.
Thanks for reporting this @hellresistor, I believe this is fixed with 117e27f
from hardening.
Yeah, it's just verbose output of the systemd dns configuration so that's expected.
from hardening.
Can you provide some logs and info about your system?
from hardening.
how. i am running a basic ubuntu server 18 LTS into a VMware
CPU x4
RAM 2GB (maybe not much ?)
40GB scsi virtual
from hardening.
~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
tsj@bifrost:~$ stat /etc/systemd/resolved.conf
File: /etc/systemd/resolved.conf
Size: 601 Blocks: 8 IO Block: 4096 regular file
Device: b302h/45826d Inode: 67136 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-06-08 19:21:50.150141468 +0000
Modify: 2018-04-20 16:55:56.000000000 +0000
Change: 2020-02-03 18:26:20.000000000 +0000
Birth: -
~$ dpkg -S /etc/systemd/resolved.conf
systemd: /etc/systemd/resolved.conf
~$ grep -v '^#' /etc/systemd/resolved.conf
[Resolve]
~$
Test script:
#!/bin/bash
RESOLVEDCONF='/etc/systemd/resolved.conf'
function f_resolvedconf {
echo "[$SCRIPT_COUNT] Systemd/resolved.conf"
local dnsarray
local dnslist
mapfile -t dnsarray < <( grep ^nameserver /etc/resolv.conf | sed 's/^nameserver\s//g' )
dnslist=${dnsarray[*]}
if [ ${#dnsarray[@]} -lt 2 ]; then
dnslist="$dnslist 1.1.1.1"
fi
sed -i '/^nameserver/d' /etc/resolv.conf
for n in $dnslist; do
echo "nameserver $n" >> /etc/resolv.conf
done
sed -i "s/^#DNS=.*/DNS=$dnslist/" "$RESOLVEDCONF"
sed -i "s/^#FallbackDNS=.*/FallbackDNS=1.0.0.1/" "$RESOLVEDCONF"
sed -i "s/^#DNSSEC=.*/DNSSEC=allow-downgrade/" "$RESOLVEDCONF"
sed -i "s/^#DNSOverTLS=.*/DNSOverTLS=opportunistic/" "$RESOLVEDCONF"
sed -i '/^hosts:/ s/files dns/files resolve dns/' /etc/nsswitch.conf
systemctl daemon-reload
if [[ $VERBOSE == "Y" ]]; then
systemctl status resolvconf.service --no-pager
echo
fi
((SCRIPT_COUNT++))
}
f_resolvedconf
~$ grep -v '^#' /etc/systemd/resolved.conf
[Resolve]
DNS= 1.1.1.1
FallbackDNS=1.0.0.1
DNSSEC=allow-downgrade
from hardening.
Result:
tester:~$ sudo bash test.sh
[sudo] password for tester:
[] Systemd/resolved.conf
tester:~$ grep -v '^#' /etc/systemd/resolved.conf
[Resolve]
DNS=127.0.0.53 1.1.1.1
FallbackDNS=1.0.0.1
DNSSEC=allow-downgrade
from hardening.
Yes! both files. resolve.conf and resolved.conf into directories respectively.
The log file don't have all data registered have clear line instead info
from hardening.
I have Updated and Runned the command getting this output:
@tester:~$ sudo journalctl -r -n10 -u systemd-resolved --no-pager
-- Logs begin at Sun 2019-11-17 12:46:12 UTC, end at Mon 2020-06-08 20:16:51 UTC. --
Jun 08 19:23:04 tester systemd-resolved[867]: Positive Trust Anchors:
Jun 08 19:23:04 tester systemd[1]: Starting Network Name Resolution...
-- Reboot --
Jun 08 19:22:56 tester systemd[1]: Stopped Network Name Resolution.
Jun 08 19:22:56 tester systemd[1]: Stopping Network Name Resolution...
Jun 08 19:21:46 tester systemd-resolved[878]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Jun 08 19:21:08 tester systemd-resolved[878]: DNSSEC validation failed for question whois.arin.net IN A: failed-auxiliary
Jun 08 19:21:08 tester systemd-resolved[878]: DNSSEC validation failed for question whois.arin.net IN AAAA: failed-auxiliary
Jun 08 19:21:08 tester systemd-resolved[878]: DNSSEC validation failed for question 1.0.0.224.in-addr.arpa IN PTR: failed-auxiliary
Jun 08 19:21:08 tester systemd-resolved[878]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Jun 08 19:20:34 tester systemd[1]: Started Network Name Resolution.
from hardening.
Related Issues (20)
- Login Loop HOT 5
- [BUG] Missing `/usr/sbin` in `PATH` results in `acct` log rotation failure in `/etc/cron.daily/acct` HOT 3
- [BUG] logrotate fails with `duplicate log entry for /var/log/{wtmp,btmp}` error HOT 3
- [BUG] HOT 3
- [BUG] fstab gets replaced with only a few lines HOT 3
- jenkins installation issue on linux ec2 HOT 4
- How is this issue related to this repository?
- Question: su: Permision denied HOT 1
- Documentation: functions in documentation does not reflect actual functions in the code HOT 2
- [BUG] run the runTestHosts.sh fails with error HOT 3
- [BUG] IPv6 Error HOT 2
- Increase /var partitions HOT 1
- [BUG] ping not available on minimized 22.04.2 installation. HOT 3
- apt-get update HOT 1
- [BUG] dpkg Errors after Executing the Hardening Script HOT 2
- [BUG] Missing dot HOT 1
- [Question] UFW firewall rules. HOT 1
- Nginx dont show web after hardening HOT 8
- After running the hardening script, we are unable to log in with the root user credentials HOT 8
- git clone is different HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hardening.