Archive for April, 2006

-->

Fri, April 14th, 2006 16:27

Slackware 10.2. DNS. How-To Bind At Chrooted Jail.

First let’s check if the bind package has been installed at all

user@pc:/var/log/packages# ls -l /var/log/packages/ | grep bind
-rw-r--r--  1 root root   3148 Apr  6 14:45 bind-9.3.1-i486-1
user@pc:/var/log/packages#

Yep. Make the jail for it.

user@pc:/var/log/packages# groupadd -g 53 named
user@pc:/var/log/packages# grep named /etc/group
named:x:53:
user@pc:/var/log/packages# useradd -u 53 -g named ⊕
-c "chroot BIND user" -d /var/named/jail -m named
user@pc:/var/log/packages# finger named
Login: named                            Name: chroot BIND user
Directory: /var/named/jail
Never logged in.
No mail.
No Plan.
user@pc:/var/log/packages# cd ~named
user@pc:/var/named/jail#
user@pc:/var/log/packages# cd ~named
user@pc:/var/named/jail# mkdir -p var/{run,named}
user@pc:/var/named/jail# mkdir var/named/data
user@pc:/var/named/jail# mkdir var/named/slave
user@pc:/var/named/jail# ls -l var
total 1
drwxr-xr-x  3 root root 72 Apr 14 17:41 named
drwxr-xr-x  2 root root 48 Apr 14 17:39 run
user@pc:/var/named/jail# chown named.named var/named/slave
user@pc:/var/named/jail# mkdir {dev,etc}
user@pc:/var/named/jail# cp -av /etc/{localtime,named.conf,rndc.key} etc/
`/etc/localtime' -> `etc/localtime'
`/etc/named.conf' -> `etc/named.conf'
`/etc/rndc.key' -> `etc/rndc.key'
user@pc:/var/named/jail#

Make-up ownership and permissions of these directories: 

user@pc:/var/named/jail# chown root.root .
user@pc:/var/named/jail# chmod 0755 .
user@pc:/var/named/jail# chown named.named var/named/data
user@pc:/var/named/jail# chmod 0700 var/named/data
user@pc:/var/named/jail# chown named.named var/run
user@pc:/var/named/jail#

After all one can obtain such a directory structure: 

user@pc:/var/named/jail# ls -lR
.:
total 2
drwxr-xr-x  2 root root  96 Apr 14 18:55 dev
drwxr-xr-x  2 root root 136 Apr 14 18:56 etc
drwxr-xr-x  4 root root  96 Apr 14 17:39 var
./dev:
total 0
crw-rw-rw-  1 root sys  1, 3 Jul 18  1994 null
crw-r--r--  1 root root 1, 8 Dec 11  1995 random
./etc:
total 12
-rw-r--r--  1 root root 815 Apr  6 14:56 localtime
-rw-r--r--  1 root root 679 May  2  2005 named.conf
-rw-------  1 root root  77 Apr  6 14:45 rndc.key
./var:
total 1
drwxr-xr-x  4 root  root  96 Apr 15 00:06 named
drwxr-xr-x  2 named named 48 Apr 14 17:39 run
./var/named:
total 1
drwx------  2 named named 48 Apr 15 00:05 data
drwxr-xr-x  2 named named 48 Apr 14 17:41 slave
./var/named/data:
total 0
./var/named/slave:
total 0
./var/run:
total 0
user@pc:/var/named/jail#

Next start SYSLOGD daemon without –MARK– marks [-m 0] and listening the socket /var/named/jail/dev/log [ -a /var/named/jail/dev/log ]:

@ /etc/rc.d/rc.syslog:
. . .
syslogd_start() {
if [ -x /usr/sbin/syslogd -a -x /usr/sbin/klogd ]; then
echo -n “Starting sysklogd daemons: ”
echo -n “/usr/sbin/syslogd ”

# instead of /usr/sbin/syslogd
/usr/sbin/syslogd -m 0 -a /var/named/jail/dev/log

sleep 1 # prevent syslogd/klogd race condition on SMP kernels
echo “/usr/sbin/klogd -c 3 -x”
# ‘-c 3′ = display level ‘error’ or higher messages on console
# ‘-x’ = turn off broken EIP translation
/usr/sbin/klogd -c 3 -x
fi
}
. . .



(to be continued …)

[TS]

@ Category Handmade
<< Back

Mon, April 10th, 2006 15:30

Slackware 10.2. A Couple Of Words About Logrotate And Syslog.

Save somewhere the original configuration files and current working versions of such files. Sometimes it will be very useful. Because Nobody Knows The Whole Story.

Especially in advance.

Consider the addition of some lines in your /etc/syslog.conf file.
Format entry: facility.priority /path/to/file.

Minus sign in front of the /path/to/file is placed to omit syncing the file after every logging. I never use this minus, let it syncs.
man syslog.conf (and related) sometime helps.

Consider the possibility of particular soft combination with its log info. For eg., you can say at /etc/ssh/sshd_config that you want to log from sshd with LOCAL7.INFO priority at file /var/log/local7sshd.log

/etc/ssh/sshd_config:


# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility LOCAL7
LogLevel INFO

/etc/syslog.conf:


# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler# ADDED STUFF

local7.* /var/log/local7sshd.log

It is possible to check if syslog adequate understands the new entry. You should restart syslog after the editting of the syslog.conf and say (man logger):

user@pc # logger -p local7.info hey_dude

Among many other possible configurations of the logrotate package, consider the possibility of such configuration:


/etc/logrotate.conf:

# /etc/logrotate.conf
#
# logrotate is designed to ease administration of systems that generate large
# numbers of log files.  It allows automatic rotation, compression, removal, and
# mailing of log files.  Each log file may be handled daily, weekly, monthly, or
# when it grows too large.
#
# logrotate is normally run daily from root's crontab.
#
# For more details, see "man logrotate".

# rotate log files weekly:
weekly

# keep 52 weeks worth of backlogs:
rotate 52

# create new (empty) log files after rotating old ones:
create

# uncomment this if you want your log files compressed:
compress

# instead of rotation numbers print YYYYMMDD
dateext

# uncomment this if you want your log files compressed
compress

# option .-9. for default gzip compression
compressoptions -9

# next time will be copressed
delaycompress

# some packages install log rotation information in this directory:
include /etc/logrotate.d

# Rotate /var/log/wtmp:
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

# Note that /var/log/lastlog is not rotated.  This is intentional, and it should
# not be.  The lastlog file is a database, and is also a sparse file that takes
# up much less space on the drive than it appears.


user@pc # cat /etc/logrotate.d/syslog

/var/log/cron /var/log/maillog /var/log/syslog {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2>/dev/null || true
endscript
}

This log rotation runs every day at 04:40 via crond (man crond):

user@pc:/etc/cron.daily# crontab -l
# If you don’t want the output of a cron job mailed to you, you have to direct
# any output to /dev/null.  We’ll do this here since these jobs should run
# properly on a newly installed system, but if they don’t the average newbie
# might get quite perplexed about getting strange mail every 5 minutes. :^)
#
# Run the hourly, daily, weekly, and monthly cron jobs.
# Jobs that need different timing may be entered into the crontab as before,
# but most really don’t need greater granularity than this.  If the exact
# times of the hourly, daily, weekly, and monthly cron jobs do not suit your
# needs, feel free to adjust them.
#
# Run hourly cron jobs at 47 minutes after the hour:
47 * * * * /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
#
# Run daily cron jobs at 4:40 every day:
40 4 * * * /usr/bin/run-parts /etc/cron.daily 1> /dev/null
#
# Run weekly cron jobs at 4:30 on the first day of the week:
30 4 * * 0 /usr/bin/run-parts /etc/cron.weekly 1> /dev/null
#
# Run monthly cron jobs at 4:20 on the first day of the month:
20 4 1 * * /usr/bin/run-parts /etc/cron.monthly 1> /dev/null
user@pc:/etc/cron.daily# more /etc/cron.daily/logrotate
#!/bin/sh
/usr/sbin/logrotate /etc/logrotate.conf
user@pc:/etc/cron.daily#

[TS]

@ Category Handmade
<< Back

Mon, April 10th, 2006 13:49

[ENG] Slackware 10.2. How-To Update The Package.

Consider the package update procedure.

Slackware 10.2 original packages are stored:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/slackware

Slackware 10.2 updated packages:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages

The namelist of installed packages in your server:

user@pc # ls -l /var/log/packages

The namelist of removed or updated packages on your server:

user@pc # ls -l /var/log/removed_packages

Updates the old_name_package to new_name_package. Take care about config files of the updated package by yourself.

user@pc # upgradepkg old_name_package%nem_name_pakage

Sample output:

user@pc # upgradepkg openssl-solibs-0.9.7g-i486-1%openssl-solibs-0.9.7g-i486-2
+==============================================================================
| Upgrading openssl-solibs-0.9.7g-i486-1 package using ./openssl-solibs-0.9.7g-i486-2.tgz
+==============================================================================

Pre-installing package openssl-solibs-0.9.7g-i486-2…

Removing package /var/log/packages/openssl-solibs-0.9.7g-i486-1-upgraded-2006-04-06,14:07:50…

Installing package openssl-solibs-0.9.7g-i486-2…
PACKAGE DESCRIPTION:
openssl-solibs: openssl-solibs (OpenSSL shared libraries)
openssl-solibs:
openssl-solibs: These shared libraries provide encryption routines required by
openssl-solibs: programs such as openssh. They are also used by KDE’s Konqueror web
openssl-solibs: browser to provide secure web connections.
openssl-solibs:
openssl-solibs: This product includes software developed by the OpenSSL Project for
openssl-solibs: use in the OpenSSL Toolkit (http://www.openssl.org). This product
openssl-solibs: includes cryptographic software written by Eric Young
openssl-solibs: (eay@cryptsoft.com). This product includes software written by Tim
openssl-solibs: Hudson (tjh@cryptsoft.com).
Executing install script for openssl-solibs-0.9.7g-i486-2…

Package openssl-solibs-0.9.7g-i486-1 upgraded with new package ./openssl-solibs-0.9.7g-i486-2.tgz.

[TS]

@ Category Handmade
<< Back

Fri, April 7th, 2006 14:03

Protected: Armouring Slackware 10.2 Linux

This post is password protected. To view it please enter your password below:

@ Category Handmade
<< Back