Commit 69eb2b99 authored by Mike Hibler's avatar Mike Hibler
Browse files

Make sure that ntp.conf default lines include 'noquery'.

parent 2f900e68
#!/usr/bin/perl -w #!/usr/bin/perl -w
# #
# Copyright (c) 2000-2013 University of Utah and the Flux Group. # Copyright (c) 2000-2014 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -198,11 +198,27 @@ while (<NTP>) { ...@@ -198,11 +198,27 @@ while (<NTP>) {
/^driftfile[\s]*(\/.*)$/ && do { /^driftfile[\s]*(\/.*)$/ && do {
$driftfile = $1; $driftfile = $1;
}; };
/^restrict\s+default\s+noserve$/ && do { # Make sure the default is to not allow queries to prevent
# "modlist" amplification attacks in older ntpds
/^restrict\s+default\s.*/ && do {
if ($_ !~ /noquery/) {
print NEW "# XXX Emulab added 'noquery'\n";
print NEW "$_ noquery\n";
} else {
print NEW "$_\n";
}
$needrestrict = 1; $needrestrict = 1;
last SWITCH1;
}; };
/^restrict\s+-4\s+default\s.*nomodify/ && do { /^restrict\s+-[46]\s+default\s.*/ && do {
if ($_ !~ /noquery/) {
print NEW "# XXX Emulab added 'noquery'\n";
print NEW "$_ noquery\n";
} else {
print NEW "$_\n";
}
$needrestrict = 1; $needrestrict = 1;
last SWITCH1;
}; };
# Make a note if there were restrict lines # Make a note if there were restrict lines
/^restrict\s+(\S+)$/ && do { /^restrict\s+(\S+)$/ && do {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment