jessie_bind_chroot
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
jessie_bind_chroot [2015/12/18 16:16] – created admin | jessie_bind_chroot [2016/01/25 08:33] (current) – [Long story short:] admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | =====Chrooted bind9 on Jessie===== | ||
+ | |||
credits to: https:// | credits to: https:// | ||
For Jessie, edit / | For Jessie, edit / | ||
+ | |||
+ | < | ||
[Unit] | [Unit] | ||
Description=BIND Domain Name Server | Description=BIND Domain Name Server | ||
Line 15: | Line 19: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
+ | </ | ||
For Jessie, after changing the above unit file, reload it with: | For Jessie, after changing the above unit file, reload it with: | ||
+ | < | ||
systemctl daemon-reload | systemctl daemon-reload | ||
+ | </ | ||
Now create the chroot directory structure: | Now create the chroot directory structure: | ||
- | mkdir -p / | + | < |
+ | mkdir -p / | ||
+ | </ | ||
Create the required device special files and set the correct permissions: | Create the required device special files and set the correct permissions: | ||
+ | < | ||
mknod / | mknod / | ||
mknod / | mknod / | ||
chmod 660 / | chmod 660 / | ||
+ | chown bind / | ||
+ | </ | ||
Move the current config directory into the new chroot directory: | Move the current config directory into the new chroot directory: | ||
+ | < | ||
mv /etc/bind / | mv /etc/bind / | ||
+ | </ | ||
Now create a symbolic link in /etc for compatibility: | Now create a symbolic link in /etc for compatibility: | ||
+ | < | ||
ln -s / | ln -s / | ||
+ | </ | ||
If you want to use the local timezone in the chroot (e.g. for syslog): | If you want to use the local timezone in the chroot (e.g. for syslog): | ||
+ | < | ||
cp / | cp / | ||
+ | </ | ||
Change the ownership on the files you've just moved over and the rest of the newly created chroot directory structure: | Change the ownership on the files you've just moved over and the rest of the newly created chroot directory structure: | ||
+ | < | ||
chown -R bind:bind /etc/bind/* | chown -R bind:bind /etc/bind/* | ||
chmod 775 / | chmod 775 / | ||
chgrp bind / | chgrp bind / | ||
+ | </ | ||
+ | Edit the PIDFILE variable to the correct path: | ||
+ | < | ||
+ | PIDFILE=/ | ||
+ | </ | ||
+ | Finally tell rsyslog to listen to the bind logs in the correct place: | ||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | Restart rsyslog and start bind: | ||
+ | < | ||
+ | / | ||
+ | </ | ||
- | Edit the PIDFILE variable in vi to the correct path: | + | ====Logging==== |
- | PIDFILE=/ | + | / |
+ | < | ||
+ | / | ||
+ | daily | ||
+ | compress | ||
+ | delaycompress | ||
+ | rotate 5 | ||
+ | missingok | ||
+ | postrotate | ||
+ | [ -e /etc/init.d/bind9 ] && / | ||
+ | endscript | ||
+ | } | ||
- | Finally tell rsyslog to listen to the bind logs in the correct place: | + | / |
+ | daily | ||
+ | compress | ||
+ | delaycompress | ||
+ | rotate 5 | ||
+ | missingok | ||
+ | postrotate | ||
+ | [ -e / | ||
+ | endscript | ||
+ | } | ||
- | echo " | + | / |
+ | daily | ||
+ | compress | ||
+ | delaycompress | ||
+ | rotate 5 | ||
+ | missingok | ||
+ | postrotate | ||
+ | [ -e /etc/init.d/bind9 ] && /etc/init.d/bind9 reload > /dev/null 2>&1 || true | ||
+ | endscript | ||
+ | } | ||
- | Restart rsyslog and start bind: | + | </ |
+ | ====Long story short:==== | ||
+ | < | ||
+ | apt-get install bind9 bind9-doc | ||
+ | service bind9 stop | ||
+ | vi / | ||
+ | |||
+ | change ExecStart line to: ExecStart=/ | ||
+ | |||
+ | systemctl daemon-reload | ||
+ | mkdir -p / | ||
+ | mknod / | ||
+ | mknod / | ||
+ | chmod 660 / | ||
+ | chown bind / | ||
+ | mv /etc/bind / | ||
+ | ln -s / | ||
+ | dpkg-reconfigure tzdata | ||
+ | cp / | ||
+ | chown -R bind:bind /etc/bind/* | ||
+ | chmod 775 / | ||
+ | chgrp bind / | ||
+ | chown bind / | ||
+ | touch / | ||
+ | ln -s / | ||
+ | chgrp bind / | ||
+ | vi / | ||
+ | |||
+ | change PID line to: PIDFILE=/ | ||
+ | |||
+ | echo " | ||
/ | / | ||
+ | </ | ||
+ | |||
+ | * Add the logrotate script from above |
jessie_bind_chroot.1450455419.txt.gz · Last modified: 2015/12/19 14:59 (external edit)