Hello everyone,
We've been having an increasing number of errors in the kernel script, showing up in the daily LogWatch email report:
According to this post, the lines in question (100 & 102) have to do with IPTables setup. Indeed we've had some intrusion attempts coming up that we attempted to block with the IPTables firewall: changes were made to the setup to block (DROP) 10 IPs over the course of the last week or so.
If I look at iptables --list, addresses blocked show either as IPs or as domains (such as this.is.our.domain), even though I stored them as IPs using iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP; if the script processes the same strings as those shown on the list, then the above bitwise operations would fail when encountering a word rather than a number. Is that indeed the case?
I'm currently looking at the IPTables manual (http://www.netfilter.org/documentation/index.html), but would appreciate if someone would chip in on this issue, and suggest corrective steps.
Thanks,
Eric
We've been having an increasing number of errors in the kernel script, showing up in the daily LogWatch email report:
The offending lines compare IPs for matching:Use of uninitialized value in bitwise or (|) at /etc/log.d/scripts/services/kernel line 100, <STDIN> line 828266.
Use of uninitialized value in left bitshift (<<) at /etc/log.d/scripts/services/kernel line 102, <STDIN> line 828266.
Code:
sub compIP {
my ($a1,$a2,$a3,$a4,$aval,$bval);
# get numeric values for a and b
($a1,$a2,$a3,$a4) = split /\./,$a;
$aval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;
($a1,$a2,$a3,$a4) = split /\./,$b;
$bval = ($a1 << 24) | ($a2 << 16) | ($a3 << 8) | $a4;
return $aval <=> $bval;
}
If I look at iptables --list, addresses blocked show either as IPs or as domains (such as this.is.our.domain), even though I stored them as IPs using iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP; if the script processes the same strings as those shown on the list, then the above bitwise operations would fail when encountering a word rather than a number. Is that indeed the case?
I'm currently looking at the IPTables manual (http://www.netfilter.org/documentation/index.html), but would appreciate if someone would chip in on this issue, and suggest corrective steps.
Thanks,
Eric