rpms/bind
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
bind/bind-chroot.sh

169 lines
6.0 KiB
Bash
Raw Permalink Blame History

#!/bin/sh
# copyright Florin Grad <florin@mandrakesoft.com>
# GPL License
# Source function library.
. /etc/rc.d/init.d/functions
[ -f /etc/sysconfig/syslog ] && . /etc/sysconfig/syslog
[ -f /etc/sysconfig/named ] && . /etc/sysconfig/named
# chroot
if [ "$1" == "-s" -o "$1" == "--status" ]; then
if [ -n "${ROOTDIR}" ]; then
gprintf "\n"
gprintf "ROOTDIR is defined in your /etc/sysconfig/named file.\n"
gprintf "You already appear to have a chroot BIND setup.\n"
gprintf "ROOTDIR=${ROOTDIR}\n"
exit
else
gprintf "Your BIND server is not chrooted.\n"
fi
elif [ "$1" == "-c" -o "$1" == "--chroot" -o "$1" == "-i" -o "$1" == "--interactive" ]; then
if [ -n "${ROOTDIR}" ]; then
gprintf "\n"
gprintf "In your /etc/sysconfig/named file: ROOTDIR=${ROOTDIR} exists\n"
gprintf "You already appear to have a chroot BIND setup.\n"
exit
#interactive
elif [ "$1" == "-i" -o "$1" == "--interactive" ]; then
gprintf "\n"
gprintf "Please enter the ROOTDIR path (ex: /var/lib/named-chroot):\n"
# can't use ctrl-c, we trap all signal.
read answer;
export ROOTDIR="$answer"
#non interactive
elif [ "$1" == "-c" -a -n "$2" -o "$1" == "--chroot" -a -n "$2" ]; then
export ROOTDIR="$2"
else
gprintf "\n"
gprintf "Missing path for chroot.\n"
fi
# create directories and set permissions
mkdir -p ${ROOTDIR}
chmod 700 ${ROOTDIR}
cd ${ROOTDIR}
mkdir -p dev etc var/run
[ -e dev/null ] || mknod dev/null c 1 3
[ -e dev/random ] || mknod dev/random c 1 8
cp /etc/localtime etc/
[ -f /etc/named.conf ] && mv -f /etc/named.conf etc/
[ -f /etc/rndc.conf ] && mv -f /etc/rndc.conf etc/
[ -f /etc/rndc.key ] && mv -f /etc/rndc.key etc/
[ -e /var/named ] && mv -f /var/named var
[ -e /var/run/named/named.pid ] && mv -f /var/run/named var/run
chown -R named.named ${ROOTDIR}
# update /etc/sysconfig/syslog
if ! grep -q "${ROOTDIR}/dev/log" /etc/sysconfig/syslog; then
if ! grep -q ^SYSLOGD_OPTIONS= /etc/sysconfig/syslog; then
gprintf "\n"
gprintf "\nAdding SYSLOGD_OPTIONS in the /etc/sysconfig/syslog file.\n"
echo "SYSLOGD_OPTIONS=\"-a ${ROOTDIR}/dev/log\"" >> /etc/sysconfig/syslog
elif sed 's!^\(SYSLOGD_OPTIONS=".*\)"$!\1 -a '${ROOTDIR}'/dev/log"!' < /etc/sysconfig/syslog > /etc/sysconfig/syslog.new; then
gprintf "\n"
gprintf "\nUpdating SYSLOGD_OPTIONS in the /etc/sysconfig/syslog file.\n"
mv -f /etc/sysconfig/syslog.new /etc/sysconfig/syslog
else
gprintf "\n"
gprintf "\nWarning: Updating /etc/sysconfig/syslog failed! Continuing.\n"
fi
fi
#update the OPTIONS in /etc/sysconfig/named
if grep -q ^OPTIONS= /etc/sysconfig/named; then
if sed 's!^\(OPTIONS=".*\)"$!\1 -c /etc/named.conf"!' < /etc/sysconfig/named > /etc/sysconfig/named.new; then
mv -f /etc/sysconfig/named.new /etc/sysconfig/named
fi
else
gprintf "\nUpdating OPTIONS in /etc/sysconfig/named\n"
gprintf "OPTIONS=\"-c /etc/named.conf\"\n" >> /etc/sysconfig/named
fi
#update the ROOTDIR in /etc/sysconfig/named
gprintf "\nUpdating ROOTDIR in /etc/sysconfig/named\n"
gprintf "ROOTDIR=\"${ROOTDIR}\"\n" >> /etc/sysconfig/named
gprintf "\n"
gprintf "\nChroot configuration for BIND is complete.\n"
gprintf "\nYou should review your ${ROOTDIR}/etc/named.conf\n"
gprintf "\nand make any necessary changes.\n"
gprintf "\n"
gprintf "\nRun \"/sbin/service named restart\" when you are done.\n"
gprintf "\n"
# unchroot
elif [ "$1" == "-u" -o "$1" == "--unchroot" ]; then
if ! grep -q "^ROOTDIR=" /etc/sysconfig/named; then
gprintf "\n"
gprintf "Your bind is not currently chrooted\n"
gprintf "\n"
exit
fi
gprintf "\n"
gprintf "Removing ROOTDIR from /etc/sysconfig/named\n"
sed -e '/^\(ROOTDIR=".*\)"$/d' < /etc/sysconfig/named > /etc/sysconfig/named.new
mv -f /etc/sysconfig/named.new /etc/sysconfig/named
gprintf "Cleaning the OPTIONS in /etc/sysconfig/named\n"
sed -e 's|-c /etc/named.conf[ \t]*||' < /etc/sysconfig/named > /etc/sysconfig/named.new
mv -f /etc/sysconfig/named.new /etc/sysconfig/named
sed -e 's|[ \t][ \t]*"|"|' < /etc/sysconfig/named > /etc/sysconfig/named.new
mv -f /etc/sysconfig/named.new /etc/sysconfig/named
gprintf "Cleaning the SYSLOGD_OPTIONS in /etc/sysconfig/syslog\n"
sed -e 's|-a '${ROOTDIR}'/dev/log[ \t]*||' < /etc/sysconfig/syslog > /etc/sysconfig/syslog.new
mv -f /etc/sysconfig/syslog.new /etc/sysconfig/syslog
sed -e 's|[ \t][ \t]*"|"|' < /etc/sysconfig/syslog > /etc/sysconfig/syslog.new
mv -f /etc/sysconfig/syslog.new /etc/sysconfig/syslog
gprintf "\n"
gprintf "Moving the following files to their original location :\n"
gprintf "/etc/named.conf\n"
gprintf "/etc/rndc.conf\n"
gprintf "/etc/rndc.key\n"
gprintf "/var/named/*\n"
gprintf "/var/run/named\n"
gprintf "/etc/named.conf\n"
[ -f /etc/named.conf ] || mv -f ${ROOTDIR}/etc/named.conf /etc/
[ -f /etc/rndc.conf ] || mv -f ${ROOTDIR}/etc/rndc.conf /etc/
[ -f /etc/rndc.key ] || mv -f ${ROOTDIR}/etc/rndc.key /etc/
[ -e /var/named ] || mv -f ${ROOTDIR}/var/named /var
[ -e /var/run/named ] || mv -f ${ROOTDIR}/var/run/named /var/run
[ -f /etc/named.conf ] && chown -R named.named /etc/named.conf
[ -f /etc/rndc.conf ] && chown -R named.named /etc/rndc.conf
[ -f /etc/rndc.key ] && chown -R named.named /etc/rndc.key
[ -e /var/named ] && chown -R named.named /var/named
[ -e /var/run/named ] && chown -R named.named /var/run/named
touch /var/run/named/named.pid
[ -f /var/run/named/named.pid ] && chown -R named.named /var/run/named
gprintf "\n"
gprintf "Removing the ${ROOTDIR}\n"
rm -rf ${ROOTDIR}
gprintf "\nYour bind server is not chrooted anymore."
gprintf "\n"
gprintf "\nRun \"/sbin/service named restart\" when you are done.\n"
gprintf "\n"
#usage
else
gprintf "\nUsage: chroot_bind.sh [arguments]"
gprintf "\n"
gprintf "\n\t-s, --status \t\t(current bind configuration type)"
gprintf "\n"
gprintf "\narguments:"
gprintf "\n\t-i, --interactive \t(so you can choose your path)"
gprintf "\n"
gprintf "\n\t-c, --chroot \t\t(default: /var/lib/named-chroot)"
gprintf "\n"
gprintf "\n\t-u, --unchroot \t\t(back to the original configuration)"
gprintf "\n"
fi
Reference in New Issue View Git Blame Copy Permalink