Get this: <div class="snippet-clipboard-content notranslate position-relative over

Thanks for reporting this <a class="user-mention notranslate" data-hovercard-type="use

<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clip

Result: <div class="snippet-clipboard-content notranslate position-relative overfl

I have Updated and Runned the command getting this output: <div class="snippet-cli

mistaken resolvconf.service about hardening HOT 9 CLOSED

konstruktoid commented on May 29, 2024

mistaken resolvconf.service

from hardening.

Comments (9)

konstruktoid commented on May 29, 2024 1

So that file seemed to exist?

from hardening.

konstruktoid commented on May 29, 2024 1

Thanks for reporting this @hellresistor, I believe this is fixed with 117e27f

from hardening.

konstruktoid commented on May 29, 2024 1

Yeah, it's just verbose output of the systemd dns configuration so that's expected.

from hardening.

konstruktoid commented on May 29, 2024

Can you provide some logs and info about your system?

from hardening.

hellresistor commented on May 29, 2024

how. i am running a basic ubuntu server 18 LTS into a VMware

CPU x4
RAM 2GB (maybe not much ?)
40GB scsi virtual

hardening-tester-200608.log

from hardening.

konstruktoid commented on May 29, 2024

~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.4 LTS
Release:        18.04
Codename:       bionic
tsj@bifrost:~$ stat /etc/systemd/resolved.conf 
  File: /etc/systemd/resolved.conf
  Size: 601             Blocks: 8          IO Block: 4096   regular file
Device: b302h/45826d    Inode: 67136       Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2020-06-08 19:21:50.150141468 +0000
Modify: 2018-04-20 16:55:56.000000000 +0000
Change: 2020-02-03 18:26:20.000000000 +0000
 Birth: -
~$ dpkg -S /etc/systemd/resolved.conf 
systemd: /etc/systemd/resolved.conf
~$ grep -v '^#' /etc/systemd/resolved.conf

[Resolve]
~$

Test script:

#!/bin/bash

RESOLVEDCONF='/etc/systemd/resolved.conf'

function f_resolvedconf {
  echo "[$SCRIPT_COUNT] Systemd/resolved.conf"

  local dnsarray
  local dnslist

  mapfile -t dnsarray < <( grep ^nameserver /etc/resolv.conf | sed 's/^nameserver\s//g' )
  dnslist=${dnsarray[*]}

  if [ ${#dnsarray[@]} -lt 2 ]; then
    dnslist="$dnslist 1.1.1.1"
  fi

  sed -i '/^nameserver/d' /etc/resolv.conf

  for n in $dnslist; do
    echo "nameserver $n" >> /etc/resolv.conf
  done

  sed -i "s/^#DNS=.*/DNS=$dnslist/" "$RESOLVEDCONF"
  sed -i "s/^#FallbackDNS=.*/FallbackDNS=1.0.0.1/" "$RESOLVEDCONF"
  sed -i "s/^#DNSSEC=.*/DNSSEC=allow-downgrade/" "$RESOLVEDCONF"
  sed -i "s/^#DNSOverTLS=.*/DNSOverTLS=opportunistic/" "$RESOLVEDCONF"

  sed -i '/^hosts:/ s/files dns/files resolve dns/' /etc/nsswitch.conf

  systemctl daemon-reload

  if [[ $VERBOSE == "Y" ]]; then
    systemctl status resolvconf.service --no-pager
    echo
  fi

  ((SCRIPT_COUNT++))
}

f_resolvedconf
~$ grep -v '^#' /etc/systemd/resolved.conf

[Resolve]
DNS= 1.1.1.1
FallbackDNS=1.0.0.1
DNSSEC=allow-downgrade

from hardening.

hellresistor commented on May 29, 2024

Result:

tester:~$ sudo bash test.sh
[sudo] password for tester:
[] Systemd/resolved.conf
tester:~$ grep -v '^#' /etc/systemd/resolved.conf

[Resolve]
DNS=127.0.0.53 1.1.1.1
FallbackDNS=1.0.0.1
DNSSEC=allow-downgrade

from hardening.

hellresistor commented on May 29, 2024

Yes! both files. resolve.conf and resolved.conf into directories respectively.

The log file don't have all data registered have clear line instead info

from hardening.

hellresistor commented on May 29, 2024

I have Updated and Runned the command getting this output:

@tester:~$ sudo journalctl -r -n10 -u systemd-resolved --no-pager
-- Logs begin at Sun 2019-11-17 12:46:12 UTC, end at Mon 2020-06-08 20:16:51 UTC. --
Jun 08 19:23:04 tester systemd-resolved[867]: Positive Trust Anchors:
Jun 08 19:23:04 tester systemd[1]: Starting Network Name Resolution...
-- Reboot --
Jun 08 19:22:56 tester systemd[1]: Stopped Network Name Resolution.
Jun 08 19:22:56 tester systemd[1]: Stopping Network Name Resolution...
Jun 08 19:21:46 tester systemd-resolved[878]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Jun 08 19:21:08 tester systemd-resolved[878]: DNSSEC validation failed for question whois.arin.net IN A: failed-auxiliary
Jun 08 19:21:08 tester systemd-resolved[878]: DNSSEC validation failed for question whois.arin.net IN AAAA: failed-auxiliary
Jun 08 19:21:08 tester systemd-resolved[878]: DNSSEC validation failed for question 1.0.0.224.in-addr.arpa IN PTR: failed-auxiliary
Jun 08 19:21:08 tester systemd-resolved[878]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Jun 08 19:20:34 tester systemd[1]: Started Network Name Resolution.

from hardening.

mistaken resolvconf.service about hardening HOT 9 CLOSED

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs