Previous Post
« Slackware 10.2. A Couple Of Words About Logrotate And Syslog.

  

Next Post
Семинар в конце мая 2006. »
Fri, April 14th, 2006 16:27

Slackware 10.2. DNS. How-To Bind At Chrooted Jail.

First let’s check if the bind package has been installed at all

user@pc:/var/log/packages# ls -l /var/log/packages/ | grep bind
-rw-r--r--  1 root root   3148 Apr  6 14:45 bind-9.3.1-i486-1
user@pc:/var/log/packages#

Yep. Make the jail for it.

user@pc:/var/log/packages# groupadd -g 53 named
user@pc:/var/log/packages# grep named /etc/group
named:x:53:
user@pc:/var/log/packages# useradd -u 53 -g named ⊕
-c "chroot BIND user" -d /var/named/jail -m named
user@pc:/var/log/packages# finger named
Login: named                            Name: chroot BIND user
Directory: /var/named/jail
Never logged in.
No mail.
No Plan.
user@pc:/var/log/packages# cd ~named
user@pc:/var/named/jail#
user@pc:/var/log/packages# cd ~named
user@pc:/var/named/jail# mkdir -p var/{run,named}
user@pc:/var/named/jail# mkdir var/named/data
user@pc:/var/named/jail# mkdir var/named/slave
user@pc:/var/named/jail# ls -l var
total 1
drwxr-xr-x  3 root root 72 Apr 14 17:41 named
drwxr-xr-x  2 root root 48 Apr 14 17:39 run
user@pc:/var/named/jail# chown named.named var/named/slave
user@pc:/var/named/jail# mkdir {dev,etc}
user@pc:/var/named/jail# cp -av /etc/{localtime,named.conf,rndc.key} etc/
`/etc/localtime' -> `etc/localtime'
`/etc/named.conf' -> `etc/named.conf'
`/etc/rndc.key' -> `etc/rndc.key'
user@pc:/var/named/jail#
Make-up ownership and permissions of these directories:
user@pc:/var/named/jail# chown root.root .
user@pc:/var/named/jail# chmod 0755 .
user@pc:/var/named/jail# chown named.named var/named/data
user@pc:/var/named/jail# chmod 0700 var/named/data
user@pc:/var/named/jail# chown named.named var/run
user@pc:/var/named/jail#
After all one can obtain such a directory structure:
user@pc:/var/named/jail# ls -lR
.:
total 2
drwxr-xr-x  2 root root  96 Apr 14 18:55 dev
drwxr-xr-x  2 root root 136 Apr 14 18:56 etc
drwxr-xr-x  4 root root  96 Apr 14 17:39 var
./dev:
total 0
crw-rw-rw-  1 root sys  1, 3 Jul 18  1994 null
crw-r--r--  1 root root 1, 8 Dec 11  1995 random
./etc:
total 12
-rw-r--r--  1 root root 815 Apr  6 14:56 localtime
-rw-r--r--  1 root root 679 May  2  2005 named.conf
-rw-------  1 root root  77 Apr  6 14:45 rndc.key
./var:
total 1
drwxr-xr-x  4 root  root  96 Apr 15 00:06 named
drwxr-xr-x  2 named named 48 Apr 14 17:39 run
./var/named:
total 1
drwx------  2 named named 48 Apr 15 00:05 data
drwxr-xr-x  2 named named 48 Apr 14 17:41 slave
./var/named/data:
total 0
./var/named/slave:
total 0
./var/run:
total 0
user@pc:/var/named/jail#
Next start SYSLOGD daemon without –MARK– marks [-m 0] and listening the socket /var/named/jail/dev/log [ -a /var/named/jail/dev/log ]:

@ /etc/rc.d/rc.syslog:
. . .
syslogd_start() {
if [ -x /usr/sbin/syslogd -a -x /usr/sbin/klogd ]; then
echo -n “Starting sysklogd daemons: ”
echo -n “/usr/sbin/syslogd ”

# instead of /usr/sbin/syslogd
/usr/sbin/syslogd -m 0 -a /var/named/jail/dev/log

sleep 1 # prevent syslogd/klogd race condition on SMP kernels
echo “/usr/sbin/klogd -c 3 -x”
# ‘-c 3′ = display level ‘error’ or higher messages on console
# ‘-x’ = turn off broken EIP translation
/usr/sbin/klogd -c 3 -x
fi
}
. . .

 




(to be continued …)

[TS]

@ Category Handmade



Previous Post
« Slackware 10.2. A Couple Of Words About Logrotate And Syslog.

 

Next Post
Семинар в конце мая 2006. »