File "install_bind9_chroot.sh"
Full path: /www/wwwroot/fabriciovc.eti.br/downloads/scripts/apache/install_bind9_chroot.sh
File size: 8.02 KiB (8216 bytes)
MIME-type: text/x-shellscript
Charset: utf-8
#!/bin/sh
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# NOTA DE LICENCA #
# #
# Este trabalho esta licenciado sob uma Licenca Creative Commons Atribuicao- #
# Compartilhamento pela mesma Licenca 2.5 Brasil. Para ver uma copia desta #
# licenca, visite http://creativecommons.org/licenses/by-sa/2.5/br/ #
# ou envie uma carta para Creative Commons, 171 Second Street, Suite 300, #
# San Francisco, California 94105, USA. #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# Criado em 24/03/2009 - Ultima alteracao em 24/03/2009 #
# Desenvolvido por Fabricio Vaccari Constanski #
# Contato pelo Email fabriciovc[em]fabriciovc.eti.br #
# Funcao: Script que instala e configura o bind9 e modo chroot. #
# #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#-- COMANDOS ------------------------------------------------------------------
APTITUDE=`which aptitude`
CAT=`which cat`
CHMOD=`which chmod`
CHOWN=`which chown`
DATA=`which date`
LN=`which ln`
MKDIR=`which mkdir`
MKNOD=`which mknod`
MV=`which mv`
SLEEP=`which sleep`
#------------------------------------------------------------------------------
#-- CAMINHOS ------------------------------------------------------------------
PATH_BIND="/srv/bind"
#------------------------------------------------------------------------------
#-- VARIAVEIS -----------------------------------------------------------------
echo -n "Forneca o nome do dominio a ser configurado (dominio.com.br): "
read DOMAIN
echo -n "Forneca a faixa de IP da rede valida (ip/mask): "
read NETWOTK_RANGE
echo -n "Forneca o endereco IP do servidor NS1 (ip): "
read NS1_IP
echo -n "Forneca o endereco IP do servidor NS2 (ip): "
read NS2_IP
echo -n "Forneca o endereco IP do servidor MX (ip): "
read MX_IP
echo -n "Forneca o endereco IP do servidor WWW (ip): "
read WWW_IP
echo
#------------------------------------------------------------------------------
#-- INSTALACAO DO PACOTE ------------------------------------------------------
echo "A instalacao sera iniciada em 5 segundos"
${SLEEP} 5
${APTITUDE} update
${APTITUDE} install bind9 dnsutils -y
/etc/init.d/bind9 stop
#------------------------------------------------------------------------------
#-- ARVORE DE DIRETORIOS ------------------------------------------------------
${MKDIR} -p ${PATH_BIND}/etc
${MKDIR} -p ${PATH_BIND}/dev
${MKDIR} -p ${PATH_BIND}/var/cache/bind
${MKDIR} -p ${PATH_BIND}/var/log
${MKDIR} -p ${PATH_BIND}/var/run/bind/run
${MV} /etc/bind ${PATH_BIND}/etc
$LN -s ${PATH_BIND}/etc/bind /etc/bind
${MKNOD} ${PATH_BIND}/dev/null c 1 3
${MKNOD} ${PATH_BIND}/dev/random c 1 8
#------------------------------------------------------------------------------
#-- AJUSTANDO O ARQUIVO /etc/default/bind9 ------------------------------------
${CAT} <<EOF > /etc/default/bind9
# run resolvconf?
RESOLVCONF=yes
# startup options for the server
#OPTIONS="-u bind"
OPTIONS="-u nobody -t /srv/bind"
EOF
#------------------------------------------------------------------------------
#-- AJUSTANDO O ARQUIVO /etc/default/syslogd ----------------------------------
${CAT} <<EOF > /etc/default/syslogd
#
# Top configuration file for syslogd
#
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
#
## For remote UDP logging use SYSLOGD="-r"
#
#SYSLOGD=""
SYSLOGD="-a /srv/bind/var/log"
EOF
#------------------------------------------------------------------------------
#-- AJUSTANDO O ARQUIVO /etc/resolv.conf --------------------------------------
${CAT} <<EOF > /etc/resolv.conf
domain ${DOMAIN}
nameserver 127.0.0.1
EOF
#------------------------------------------------------------------------------
#-- AJUSTANDO O ARQUIVO /srv/bind/etc/bind/named.conf.options -----------------
${MV} ${PATH_BIND}/etc/bind/named.conf.options ${PATH_BIND}/etc/bind/named.conf.options.orig
${CAT} <<EOF > ${PATH_BIND}/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on { 127.0.0.1/32; ${NETWOTK_RANGE}; };
allow-query { any; };
allow-recursion { 127.0.0.1/32; };
allow-transfer { none; };
version "Nao Disponivel";
};
EOF
#------------------------------------------------------------------------------
#-- AJUSTANDO O ARQUIVO /srv/bind/etc/bind/named.conf.local -------------------
${MV} ${PATH_BIND}/etc/bind/named.conf.local ${PATH_BIND}/etc/bind/named.conf.local.orig
${CAT} <<EOF > ${PATH_BIND}/etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "${DOMAIN}" {
type master;
file "db.${DOMAIN}";
allow-transfer { ${NS2_IP}; };
};
EOF
#------------------------------------------------------------------------------
#-- AJUSTANDO O ARQUIVO /srv/bind/var/cache/bind/db.dominio.com.br ------------
${CAT} <<EOF > ${PATH_BIND}/var/cache/bind/db.${DOMAIN}
`echo '$TTL 86400'`
@ IN SOA dns.${DOMAIN}. root.dns.${DOMAIN}. (
`date +%Y%m%d`01 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ) ; Minimum
; NS
@ IN NS ns1.${DOMAIN}.
@ IN NS ns2.${DOMAIN}.
@ IN MX 0 mail.${DOMAIN}.
; NAME SERVERS
@ IN A ${NS1_IP}
ns1 IN A ${NS1_IP}
ns2 IN A ${NS2_IP}
dns IN A ${NS1_IP}
; MAIL
mail IN A ${MX_IP}
imap IN CNAME mail
pop IN CNAME mail
smtp IN CNAME mail
webmail IN CNAME mail
; WEB
adm IN A ${WWW_IP}
www IN A ${WWW_IP}
ftp IN CNAME www
dbadmin IN CNAME www
mailadmin IN CNAME www
; PARA REVERSO
srv1 IN A ${NS1_IP}
;srv2 IN A 200.1.1.2
;srv3 IN A 200.1.1.3
;srv4 IN A 200.1.1.4
;srv5 IN A 200.1.1.5
EOF
#------------------------------------------------------------------------------
#-- AJUSTANDO PESMISSOES ------------------------------------------------------
${CHMOD} 666 ${PATH_BIND}/dev/null
${CHMOD} 666 ${PATH_BIND}/dev/random
${CHOWN} -R nobody:nogroup ${PATH_BIND}/var/*
${CHOWN} -R nobody:nogroup ${PATH_BIND}/etc/bind
#------------------------------------------------------------------------------
#-- REINCIANDO OS SERVICOS ----------------------------------------------------
/etc/init.d/sysklogd stop
/etc/init.d/sysklogd start
#/etc/init.d/bind9 stop
#/etc/init.d/bind9 start
#------------------------------------------------------------------------------
#-- MENSAGEM DE FINALIZACAO ---------------------------------------------------
echo
echo "INSTALACAO FINALIZADA"
echo "Faca os ajustes necessarios e reinicie o servico *bind9*"
echo
#------------------------------------------------------------------------------
exit 0