Differences

This shows you the differences between two versions of the page.

--- jessie_bind_chroot [2015/12/18 16:17] – admin
+++ jessie_bind_chroot [2016/01/25 08:33] (current) – [Long story short:] admin
@@ Line 5: / Line 5: @@
 For Jessie, edit /etc/systemd/system/multi-user.target.wants/bind9.service to add options "-t /var/bind9/chroot":
+<code>
 [Unit]
 Description=BIND Domain Name Server
@@ Line 17: / Line 19: @@
 [Install]
 WantedBy=multi-user.target
+</code>
 For Jessie, after changing the above unit file, reload it with:
+<code>
 systemctl daemon-reload
+</code>
 Now create the chroot directory structure:
-mkdir -p /var/bind9/chroot/{etc,dev,var/cache/bind,var/run/named}
+<code>
+mkdir -p /var/bind9/chroot/{etc,dev,var/cache/bind,var/run/named,var/log}
+</code>
 Create the required device special files and set the correct permissions:
+<code>
 mknod /var/bind9/chroot/dev/null c 1 3
 mknod /var/bind9/chroot/dev/random c 1 8
 chmod 660 /var/bind9/chroot/dev/{null,random}
+chown bind /var/bind9/chroot/dev/random
+</code>
 Move the current config directory into the new chroot directory:
+<code>
 mv /etc/bind /var/bind9/chroot/etc
+</code>
 Now create a symbolic link in /etc for compatibility:
+<code>
 ln -s /var/bind9/chroot/etc/bind /etc/bind
+</code>
 If you want to use the local timezone in the chroot (e.g. for syslog):
+<code>
 cp /etc/localtime /var/bind9/chroot/etc/
+</code>
 Change the ownership on the files you've just moved over and the rest of the newly created chroot directory structure:
+<code>
 chown -R bind:bind /etc/bind/*
 chmod 775 /var/bind9/chroot/var/{cache/bind,run/named}
 chgrp bind /var/bind9/chroot/var/{cache/bind,run/named}
+</code>
-Edit the PIDFILE variable in vi  to the correct path:
+Edit the PIDFILE variable to the correct path:
+<code>
 PIDFILE=/var/bind9/chroot/var/run/named/named.pid
+</code>
 Finally tell rsyslog to listen to the bind logs in the correct place:
+<code>
 echo "\$AddUnixListenSocket /var/bind9/chroot/dev/log" > /etc/rsyslog.d/bind-chroot.conf
+</code>
 Restart rsyslog and start bind:
+<code>
 /etc/init.d/rsyslog restart; /etc/init.d/bind9 start
+</code>
+====Logging====
+/etc/logrotate.d/named
+<code>
+/var/bind9/chroot/var/log/bind.log {
+        daily
+        compress
+        delaycompress
+        rotate 5
+        missingok
+        postrotate
+                [ -e /etc/init.d/bind9 ] && /etc/init.d/bind9 reload > /dev/null 2>&1 || true
+        endscript
+}
+/var/bind9/chroot/var/log/security_info.log {
+        daily
+        compress
+        delaycompress
+        rotate 5
+        missingok
+        postrotate
+                [ -e /etc/init.d/bind9 ] && /etc/init.d/bind9 reload > /dev/null 2>&1 || true
+        endscript
+}
+/var/bind9/chroot/var/log/update_debug.log {
+        daily
+        compress
+        delaycompress
+        rotate 5
+        missingok
+        postrotate
+                [ -e /etc/init.d/bind9 ] && /etc/init.d/bind9 reload > /dev/null 2>&1 || true
+        endscript
+}
+</code>
-====in short:====
+====Long story short:====
 <code>
 apt-get install bind9 bind9-doc
@@ Line 72: / Line 119: @@
 systemctl daemon-reload
-mkdir -p /var/bind9/chroot/{etc,dev,var/cache/bind,var/run/named}
+mkdir -p /var/bind9/chroot/{etc,dev,var/cache/bind,var/run/named,var/log}
 mknod /var/bind9/chroot/dev/null c 1 3
 mknod /var/bind9/chroot/dev/random c 1 8
 chmod 660 /var/bind9/chroot/dev/{null,random}
+chown bind /var/bind9/chroot/dev/random
 mv /etc/bind /var/bind9/chroot/etc
 ln -s /var/bind9/chroot/etc/bind /etc/bind
@@ Line 83: / Line 131: @@
 chmod 775 /var/bind9/chroot/var/{cache/bind,run/named}
 chgrp bind /var/bind9/chroot/var/{cache/bind,run/named}
+chown bind /var/bind9/chroot/dev/random
+touch /var/bind9/chroot/var/log/{bind.log,update_debug.log,security_info.log}
+ln -s /var/bind9/chroot/var/log/ /var/log/bind
+chgrp bind /var/bind9/chroot/var/log/*.log
 vi /etc/init.d/bind9
@@ Line 90: / Line 142: @@
 /etc/init.d/rsyslog restart; /etc/init.d/bind9 start
 </code>
+  * Add the logrotate script from above