[Pkg-aide-maintainers] Bug#475983: Bug#475983: Suggestion: bind9 chroot rule

Guido Bozzetto reportbug at G-B.it
Mon May 5 08:46:26 UTC 2008


On domenica 04 maggio 2008, alle 09:38, Marc Haber wrote:
> tags #475983 wontfix
> thanks
> 
> On Mon, Apr 14, 2008 at 11:06:14AM +0200, Guido Bozzetto wrote:
> > I suggest the following changes to the rule 31_aide_bind9 to
> > automatically create the correct rules with bind9 running into a chroot
> > environment.
...
> > correctly initialize the aide's BINDCHROOT variable:

> I currently think that this is driving the magic "too far". If one
> decides to run bind chrooted, that one should also be able to modify
> the aide rules themselves.

OK, it's clear.

I think is usefull to insert something like example:
- directly in commented lines into 31_aide_bind9:

#! /bin/bash
#
# # Automagically extract chroot directory
# . /etc/default/bind9
# set $OPTIONS
# for i in $@;do
#   if [ "$1" == "-t" ]
#     then echo "@@define BINDCHROOT $2"; break
#     else shift
#   fi
# done
# # Or manually set chroot directory
# # BINDCHROOT=/var/cache/bind
cat << !EOF
@@ifdef BINDCHROOT
@@{BINDCHROOT}/dev/log$ LowLogs
@@{BINDCHROOT}/dev VarDir
@@endif
@@{BINDCHROOT}/var/cache/bind VarFile
@@{BINDCHROOT}/var/log/bind/queries\.log$ Logs
@@{BINDCHROOT}/var/log/bind/queries\.log\.0$ LoSerMemberLog
@@{BINDCHROOT}/var/log/bind/queries\.log\.[1-8]$ SerMemberLog
@@{BINDCHROOT}/var/log/bind/queries\.log\.9$ HiSerMemberLog
@@{BINDCHROOT}/var/log/bind VarDir
@@{BINDCHROOT}/var/run/bind/run/named\.pid$ VarFile
@@{BINDCHROOT}/var/run/bind/run$ VarDir
!EOF

- Surely is better to divide the proposed 31_aide_bind9 script
in 2 parts like inn2 (cfr.: 30_inn2_vars and 31_aide_inn2) so the
commented part is the 30_bind9_vars script

- Introduce /usr/share/doc/aide-common/examples/30_bind9_vars:

#! /bin/bash
#
# Initilize BINDCHROOT variable for 31_aide_bind9 while bind9 run
# in a chroot environment.
#
# Automagically extract chroot directory
. /etc/default/bind9
set $OPTIONS
for i in $@;do
  if [ "$1" == "-t" ]
    then echo "@@define BINDCHROOT $2"; break
    else shift
  fi
done
#
# Manually set chroot directory
#BINDCHROOT=/var/cache/bind


In the aide 0.13.1-10 about the rule 31_aide_bind9 I thing that:
- is misleading the name "BINDCHROOT", if initalized with the chroot
  dir of bind9 don't work correctly. If is not defined BINDCHROOT
  the rule 31_aide_bind9 work correctly and so is useless the 
@@define BINDCHROOT /var
  assignment. See the first example in the mail.
- the named.pid file is in /var/run/bind/run and not in the
  /var/run/bind directory. See the binary named:
~# strings /usr/sbin/named|grep named\.pid
/var/run/bind/run/named.pid
- in the /etc/bind9/named.conf.options installation file of bind9
  there is the directive
directory "/var/cache/bind";
  so is usefull to introduce:
@@{BINDCHROOT}/cache/bind VarFile
  (I think is better: @@{BINDCHROOT}/var/cache/bind VarFile)

I hope that is usefull, thank you for your attention.

                                Guido Bozzetto.

-- 
Guido Bozzetto - Systems & Network Administrator - CCDA





More information about the Pkg-aide-maintainers mailing list