Bind9 in chroot onder woody
Stappenplan om bind9 onder woody volledig in een chroot te krijgen inclusief  alle libary's

# Begonnen met een basis installatie Debian:
apt-get install bind9


# Daarna Bind even stoppen
/etc/init.d/bind9 stop



cd /
mkdir -p /var/chroot/named
adduser --home /var/chroot/named/home --uid 200 --disabled-password named
#####################################################
Adding user named...
Adding new group named (200).
Adding new user named (200) with group named.
Creating home directory /var/chroot/named/home.
Copying files from /etc/skel
Changing the user information for named
Enter the new value, or press return for the default
Full Name []: Bind Named User
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/n] y
#####################################################

cd /var/chroot/named
mkdir -p bin dev etc/bind lib var/run/bind var/cache/bind
ln -s bin sbin
ln -s . usr
cp /usr/sbin/named bin/.
cp /sbin/ldconfig bin/.
cp /lib/ld-2.2.5.so /lib/ld-linux.so.2 /usr/lib/libisc.so.4 /usr/lib/libisc.so.4.1.0 /usr/lib/libisccc.so.0 /usr/lib/libisccfg.so.0 /usr/lib/libdns.so.5 /usr/lib/libcrypto.so.0.9.
6 /lib/libnsl.so.1 /lib/libpthread.so.0 /lib/libc.so.6 /lib/libc-2.2.5.so /lib/libdl.so.2 /lib/libnss_compat-2.2.5.so /lib/libnss_nis-2.2.5.so /lib/libnss_files-2.2.5.so /lib/libn
ss_compat.so.2 /usr/lib/liblwres.so.1 lib/.

cp /etc/bind/* etc/bind/.
cp /etc/localtime etc/.
chown -R named.named etc/bind
chown -R named.named var/run/
chown -R named.named var/cache/
chroot /var/chroot/named /sbin/ldconfig -v
mknod dev/null c 1 3
mknod /var/chroot/named/dev/random c 1 8
chmod 666 /var/chroot/named/dev/{null,random}
echo "named:x:200:200:Bind Named User,,,:/home:/dev/null" > etc/passwd
echo "named:x:200:" > etc/group


# Voor de logging volgende wijziggen in /etc/init.d/syslogd:
SYSLOGD="-a /var/chroot/named/dev/log"


# Init script van bind9 aanpassen /etc/init.d/bind9.
OPTS="-u named"
start-stop-daemon --chroot /var/chroot/named --start --quiet
--pidfile /var/run/bind/named.pid --exec /usr/sbin/named -- $OPTS


# Named kan nu gestart worden binnen de chroot
/etc/init.d/bind9 start



# Om te controleren of bind daadwerkelijk in een chroot omgeveing draait incl. alle libary's
apt-get install lsof

# PID opvragen
pidof named

# gegeven lsof controleren
lsof -p PID

##########################################################################################
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 407 root cwd DIR 72,8 4096 2076705 /var/chroot/named/var/cache/bind
named 407 root rtd DIR 72,8 4096 1896833 /var/chroot/named
named 407 root txt REG 72,8 248680 1913186 /var/chroot/named/bin/named
named 407 root mem REG 72,8 90210 1978595 /var/chroot/named/lib/ld-linux.so.2
named 407 root mem REG 72,8 53780 1978611 /var/chroot/named/lib/liblwres.so.1
named 407 root mem REG 72,8 956548 1978600 /var/chroot/named/lib/libdns.so.5
named 407 root mem REG 72,8 771908 1978601 /var/chroot/named/lib/libcrypto.so.0.9.6
named 407 root mem REG 72,8 54596 1978599 /var/chroot/named/lib/libisccfg.so.0
named 407 root mem REG 72,8 24408 1978598 /var/chroot/named/lib/libisccc.so.0
named 407 root mem REG 72,8 197320 1978596 /var/chroot/named/lib/libisc.so.4
named 407 root mem REG 72,8 69472 1978602 /var/chroot/named/lib/libnsl.so.1
named 407 root mem REG 72,8 102172 1978603 /var/chroot/named/lib/libpthread.so.0
named 407 root mem REG 72,8 1153784 1978604 /var/chroot/named/lib/libc.so.6
named 407 root mem REG 72,8 8008 1978606 /var/chroot/named/lib/libdl.so.2
named 407 root mem REG 72,8 40152 1978610 /var/chroot/named/lib/libnss_compat.so.2
named 407 root mem REG 72,8 32668 1978609 /var/chroot/named/lib/libnss_files-2.2.5.so
named 407 root 0u CHR 1,3 1929538 /var/chroot/named/dev/null
named 407 root 1u CHR 1,3 1929538 /var/chroot/named/dev/null
named 407 root 2u CHR 1,3 1929538 /var/chroot/named/dev/null
named 407 root 3r FIFO 0,5 1738 pipe
named 407 root 4w FIFO 0,5 1738 pipe
named 407 root 5r FIFO 0,5 1739 pipe
named 407 root 6w FIFO 0,5 1739 pipe
named 407 root 7u IPv4 1750 UDP *:32768
named 407 root 8u IPv4 1745 UDP 127.0.0.1:domain
named 407 root 9u IPv4 1746 TCP 127.0.0.1:domain (LISTEN)
named 407 root 10u IPv4 1748 UDP dl380.castel.nl:domain
named 407 root 11u IPv4 1749 TCP dl380.castel.nl:domain (LISTEN)
named 407 root 12u IPv4 1751 TCP 127.0.0.1:953 (LISTEN)
named 407 root 13r CHR 1,8 1929539 /var/chroot/named/dev/random
#########################################################################################

# Secure rndc (Volgende commando maakt onder Debian een rndc.key aan)
rndc-confgen -a -t /var/chroot/named/ -u named


# Controleer in logging of vogende langs komt bij hertart:
command channel listening on 127.0.0.1#953


# Wil je dat rndc ook nog naar andere IPs luisterd zet dan het volgende in named.conf:
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndc-key; };

inet (IP buitenkant) allow { 127.0.0.1; # localhost
(IP host); # IP toegankelijke host
} keys { rndc-key; };
};


DENK HIERAAN!!!
De rndc.key moet overgezet worden naar de host waarvan men connect.
Plaats rndc.key in /etc/bind/ en in /var/chroot/named/etc/bind/


 
Datum: 6 Mei 2004                      Voor: Eislon.nl
designed by eislon.nl