Script pour enfermer Bind dans un chroot
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

77 lines
2.3 KiB

  1. #!/bin/sh
  2. # Gregory Colpart <reg@debian.org>
  3. # chroot (or re-chroot) script for bind9
  4. # tested on Debian Wheezy/Jessie/Stretch
  5. # Exec this script after `(apt-get|aptitude|apt) install bind9`
  6. # and after *each* bind9 upgrade
  7. # When the script is finished, ensure you have
  8. # 'OPTIONS="-u bind -t /var/chroot-bind"' in /etc/default/bind9
  9. # and /etc/init.d/bind9 (re)start
  10. #
  11. # for Jessie/systemd only:
  12. # cp -a /lib/systemd/system/bind9.service /etc/systemd/system/
  13. # and modify section [Service] to have :
  14. # EnvironmentFile=-/etc/default/bind9
  15. # ExecStart=/usr/sbin/named -f $OPTIONS
  16. # essential dirs
  17. mkdir -p /var/chroot-bind
  18. mkdir -p /var/chroot-bind/bin /var/chroot-bind/dev /var/chroot-bind/etc \
  19. /var/chroot-bind/lib /var/chroot-bind/usr/lib \
  20. /var/chroot-bind/usr/sbin /var/chroot-bind/var/cache/bind \
  21. /var/chroot-bind/var/log /var/chroot-bind/var/run/named/ \
  22. /var/chroot-bind/run/named/
  23. # for conf
  24. if [ ! -h "/etc/bind" ]; then
  25. mv /etc/bind/ /var/chroot-bind/etc/
  26. ln -s /var/chroot-bind/etc/bind/ /etc/bind
  27. fi
  28. # for logs
  29. touch /var/chroot-bind/var/log/bind.log
  30. if [ ! -h "/var/log/bind.log" ]; then
  31. ln -s /var/chroot-bind/var/log/bind.log /var/log/bind.log
  32. fi
  33. # for pid
  34. if [ -f "/var/run/named/named.pid" ]; then
  35. cat /var/run/named/named.pid > /var/chroot-bind/var/run/named/named.pid
  36. rm -f /var/run/named/named.pid
  37. fi
  38. if [ ! -e "/var/chroot-bind/dev/random" ]; then
  39. mknod /var/chroot-bind/dev/random c 1 8
  40. chmod 666 /var/chroot-bind/dev/random
  41. fi
  42. if [ ! -e "/var/chroot-bind/dev/urandom" ]; then
  43. mknod /var/chroot-bind/dev/urandom c 1 9
  44. chmod 666 /var/chroot-bind/dev/urandom
  45. fi
  46. # essential dev (hum, null is required ??)
  47. #mknod /var/chroot-bind/dev/null c 1 3
  48. #chmod 666 /var/chroot-bind/dev/{null,random}
  49. # essential libs
  50. for i in `ldd $(which named) | grep -v linux-vdso.so.1 | cut -d">" -f2 | cut -d"(" -f1` \
  51. /usr/lib/x86_64-linux-gnu/openssl-1.0.*/engines/libgost.so ; do
  52. install -D $i /var/chroot-bind/${i##/}
  53. done
  54. # essential (hum, bash is required ??)
  55. #cp /bin/bash /var/chroot-bind/bin/
  56. cp /usr/sbin/named /var/chroot-bind/usr/sbin/
  57. # minimal passwd & group file (hum, is required ??)
  58. #grep "bind\|root" /etc/passwd > /var/chroot-bind/etc/passwd
  59. #grep "bind\|root" /etc/group > /var/chroot-bind/etc/group
  60. # just bind
  61. chown -R bind.bind /var/chroot-bind/