From 4509f6d0e42122aa83baa0201a2380dbc5382ee4 Mon Sep 17 00:00:00 2001
From: Romain Dessort <rdessort@evolix.fr>
Date: Thu, 12 May 2016 12:23:58 -0400
Subject: [PATCH] IS_BINDCHROOT is relevant only if bind listen to public
 interface.

---
 evocheck.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/evocheck.sh b/evocheck.sh
index 0e2c4f5..2aeeabf 100755
--- a/evocheck.sh
+++ b/evocheck.sh
@@ -321,7 +321,7 @@ if [ -e /etc/debian_version ]; then
     
     # Verification si bind est chroote
     if [ "$IS_BINDCHROOT" = 1 ]; then
-        if is_installed bind9; then
+        if is_installed bind9 && $(netstat -utpln |grep "/named" |grep :53 |grep -qv 127.0.0.1); then
             if grep -q '^OPTIONS=".*-t' /etc/default/bind9 && grep -q '^OPTIONS=".*-u' /etc/default/bind9; then
                 if [ "$(md5sum /usr/sbin/named |cut -f 1 -d ' ')" != "$(md5sum /var/chroot-bind/usr/sbin/named |cut -f 1 -d ' ')" ]; then
                     echo 'IS_BINDCHROOT FAILED!'