[Pkg-aide-maintainers] Bug#475983: Suggestion: bind9 chroot rule

Guido Bozzetto reportbug at G-B.it
Mon Apr 14 09:06:14 UTC 2008 

Package: aide
Version: 0.13.1-9
Severity: wishlist
Tags: patch

I suggest the following changes to the rule 31_aide_bind9 to
automatically create the correct rules with bind9 running into a chroot
environment.
I suppose that the changes to bind9 standard installation are into
/etc/default/bind9: at the variable OPTIONS is added "-t <chroot>" to
permit the use of a previously created chroot environment for bind in
the <chroot> directory. 
The following aide's rule automatically extract the chroot directory,
if bind start with "-t" option, and correctly initialize the aide's
BINDCHROOT variable:

#! /bin/bash
. /etc/default/bind9
set $OPTIONS
for i in $@;do
  if [ "$1" == "-t" ]; then
    echo "@@define BINDCHROOT $2"
    break
  else
    shift
  fi
done
cat << !EOF
@@ifdef BINDCHROOT
@@{BINDCHROOT}/dev/log$ LowLogs
@@{BINDCHROOT}/dev VarDir
@@endif
@@{BINDCHROOT}/var/cache/bind VarFile
@@{BINDCHROOT}/var/log/bind/queries\.log$ Logs
@@{BINDCHROOT}/var/log/bind/queries\.log\.[0-8]$ RotatedLogs
@@{BINDCHROOT}/var/log/bind/queries\.log\.9$ RotatedLogs+ARF
@@{BINDCHROOT}/var/log/bind VarDir
@@{BINDCHROOT}/var/run/bind/run/named\.pid$ VarFile
@@{BINDCHROOT}/var/run/bind/run$ VarDir
!EOF

The changed /etc/default/bind9 is:

OPTIONS="-u bind"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes
OPTIONS="$OPTIONS -t $(grep ^bind: /etc/passwd|cut -f6 -d:)"

The important configuration directives in
~bind/etc/bind/named.conf are:

options {
        directory "/var/cache/bind";
};
# logging {
# 	channel "file-queries" {
# 		file "/var/log/bind/queries.log" versions 5 size 256m;
# 	};
#	category "queries" {
# 		"file-queries";
# 	};
# };

Thank you  for your attention,
                                       Guido Bozzetto.

-- System Information:
Debian Release: lenny/sid
  APT prefers stable
  APT policy: (560, 'stable'), (545, 'proposed-updates'), (540, 'stable'), (460, 'testing'), (445, 'testing-proposed-updates'), (440, 'testing'), (20, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=it_IT, LC_CTYPE=it_IT (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages aide depends on:
ii  aide-common        0.13.1-9              Advanced Intrusion Detection Envir
ii  bsd-mailx [mailx]  8.1.2-0.20071201cvs-2 A simple mail user agent
ii  liblockfile1       1.06.1                NFS-safe locking library, includes
ii  mailx              1:20071201-2          Transitional package for mailx ren
ii  ucf                3.006                 Update Configuration File: preserv

Versions of packages aide recommends:
ii  cron                          3.0pl1-100 management of regular background p

-- debconf information excluded

More information about the Pkg-aide-maintainers mailing list