From: Frank Brehm Date: Mon, 8 Oct 2018 13:26:54 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=cf10d030ca3b3a18ee910df87a2aabebaed28a47;p=config%2Fsarah%2Fetc.git committing changes in /etc after apt run Package changes: +bind9 1:9.10.3.dfsg.P4-12.3+deb9u4 amd64 +bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u4 amd64 +libirs141 1:9.10.3.dfsg.P4-12.3+deb9u4 amd64 --- diff --git a/.etckeeper b/.etckeeper index 9ac3606..ca58c87 100755 --- a/.etckeeper +++ b/.etckeeper @@ -99,10 +99,12 @@ maybe chmod 0755 'apparmor.d/local' maybe chmod 0644 'apparmor.d/local/usr.bin.freshclam' maybe chmod 0644 'apparmor.d/local/usr.sbin.clamd' maybe chmod 0644 'apparmor.d/local/usr.sbin.haveged' +maybe chmod 0644 'apparmor.d/local/usr.sbin.named' maybe chmod 0644 'apparmor.d/usr.bin.freshclam' maybe chmod 0644 'apparmor.d/usr.sbin.clamd' maybe chmod 0644 'apparmor.d/usr.sbin.haveged' maybe chmod 0644 'apparmor.d/usr.sbin.mysqld' +maybe chmod 0644 'apparmor.d/usr.sbin.named' maybe chmod 0755 'apt' maybe chmod 0644 'apt/SALTSTACK-GPG-KEY.pub' maybe chmod 0755 'apt/apt.conf.d' @@ -152,6 +154,27 @@ maybe chmod 0644 'bash_completion.d/grub' maybe chmod 0644 'bash_completion.d/insserv' maybe chmod 0644 'bash_completion.d/salt-common' maybe chmod 0644 'bash_completion.d/tig' +maybe chgrp 'bind' 'bind' +maybe chmod 2755 'bind' +maybe chmod 0644 'bind/bind.keys' +maybe chmod 0644 'bind/db.0' +maybe chmod 0644 'bind/db.127' +maybe chmod 0644 'bind/db.255' +maybe chmod 0644 'bind/db.empty' +maybe chmod 0644 'bind/db.local' +maybe chmod 0644 'bind/db.root' +maybe chgrp 'bind' 'bind/named.conf' +maybe chmod 0644 'bind/named.conf' +maybe chgrp 'bind' 'bind/named.conf.default-zones' +maybe chmod 0644 'bind/named.conf.default-zones' +maybe chgrp 'bind' 'bind/named.conf.local' +maybe chmod 0644 'bind/named.conf.local' +maybe chgrp 'bind' 'bind/named.conf.options' +maybe chmod 0644 'bind/named.conf.options' +maybe chown 'bind' 'bind/rndc.key' +maybe chgrp 'bind' 'bind/rndc.key' +maybe chmod 0640 'bind/rndc.key' +maybe chmod 0644 'bind/zones.rfc1918' maybe chmod 0644 'bindresvport.blacklist' maybe chmod 0755 'binfmt.d' maybe chmod 0755 'ca-certificates' @@ -259,6 +282,7 @@ maybe chmod 0755 'default' maybe chmod 0644 'default/acpid' maybe chmod 0644 'default/amavis-mc' maybe chmod 0644 'default/amavisd-snmp-subagent' +maybe chmod 0644 'default/bind9' maybe chmod 0644 'default/bsdmainutils' maybe chmod 0644 'default/chrony' maybe chmod 0644 'default/console-setup' @@ -691,6 +715,7 @@ maybe chmod 0755 'init.d/amavis' maybe chmod 0755 'init.d/amavis-mc' maybe chmod 0755 'init.d/amavisd-snmp-subagent' maybe chmod 0755 'init.d/atd' +maybe chmod 0755 'init.d/bind9' maybe chmod 0755 'init.d/bootlogs' maybe chmod 0755 'init.d/bootmisc.sh' maybe chmod 0755 'init.d/checkfs.sh' @@ -979,6 +1004,7 @@ maybe chmod 0644 'nail.rc' maybe chmod 0644 'nanorc' maybe chmod 0755 'network' maybe chmod 0755 'network/if-down.d' +maybe chmod 0755 'network/if-down.d/bind9' maybe chmod 0755 'network/if-down.d/clamav-freshclam-ifupdown' maybe chmod 0755 'network/if-down.d/postfix' maybe chmod 0755 'network/if-down.d/upstart' @@ -986,6 +1012,7 @@ maybe chmod 0755 'network/if-post-down.d' maybe chmod 0755 'network/if-post-down.d/chrony' maybe chmod 0755 'network/if-pre-up.d' maybe chmod 0755 'network/if-up.d' +maybe chmod 0755 'network/if-up.d/bind9' maybe chmod 0755 'network/if-up.d/chrony' maybe chmod 0755 'network/if-up.d/clamav-freshclam-ifupdown' maybe chmod 0755 'network/if-up.d/mountnfs' @@ -1200,10 +1227,12 @@ maybe chgrp 'postfix' 'postfix/sender_access.pcre' maybe chmod 0640 'postfix/sender_access.pcre' maybe chmod 0755 'ppp' maybe chmod 0755 'ppp/ip-down.d' +maybe chmod 0755 'ppp/ip-down.d/bind9' maybe chmod 0755 'ppp/ip-down.d/chrony' maybe chmod 0755 'ppp/ip-down.d/clamav-freshclam-ifupdown' maybe chmod 0755 'ppp/ip-down.d/postfix' maybe chmod 0755 'ppp/ip-up.d' +maybe chmod 0755 'ppp/ip-up.d/bind9' maybe chmod 0755 'ppp/ip-up.d/chrony' maybe chmod 0755 'ppp/ip-up.d/clamav-freshclam-ifupdown' maybe chmod 0755 'ppp/ip-up.d/postfix' @@ -1385,6 +1414,7 @@ maybe chmod 0644 'udev/rules.d/90-memory-hotplug.rules' maybe chmod 0644 'udev/udev.conf' maybe chmod 0755 'ufw' maybe chmod 0755 'ufw/applications.d' +maybe chmod 0644 'ufw/applications.d/bind9' maybe chmod 0644 'ufw/applications.d/dovecot-imapd' maybe chmod 0644 'ufw/applications.d/dovecot-pop3d' maybe chmod 0644 'ufw/applications.d/nginx' diff --git a/apparmor.d/local/usr.sbin.named b/apparmor.d/local/usr.sbin.named new file mode 100644 index 0000000..c72fe2d --- /dev/null +++ b/apparmor.d/local/usr.sbin.named @@ -0,0 +1,2 @@ +# Site-specific additions and overrides for usr.sbin.named. +# For more details, please see /etc/apparmor.d/local/README. diff --git a/apparmor.d/usr.sbin.named b/apparmor.d/usr.sbin.named new file mode 100644 index 0000000..43e27c0 --- /dev/null +++ b/apparmor.d/usr.sbin.named @@ -0,0 +1,67 @@ +# vim:syntax=apparmor +# Last Modified: Fri Jun 1 16:43:22 2007 +#include + +/usr/sbin/named { + #include + #include + + capability net_bind_service, + capability setgid, + capability setuid, + capability sys_chroot, + capability sys_resource, + + # /etc/bind should be read-only for bind + # /var/lib/bind is for dynamically updated zone (and journal) files. + # /var/cache/bind is for slave/stub data, since we're not the origin of it. + # See /usr/share/doc/bind9/README.Debian.gz + /etc/bind/** r, + /var/lib/bind/** rw, + /var/lib/bind/ rw, + /var/cache/bind/** lrw, + /var/cache/bind/ rw, + + # gssapi + /etc/krb5.keytab kr, + /etc/bind/krb5.keytab kr, + + # ssl + /etc/ssl/openssl.cnf r, + + # GeoIP data files for GeoIP ACLs + /usr/share/GeoIP/** r, + + # dnscvsutil package + /var/lib/dnscvsutil/compiled/** rw, + + @{PROC}/net/if_inet6 r, + @{PROC}/*/net/if_inet6 r, + @{PROC}/sys/net/ipv4/ip_local_port_range r, + /usr/sbin/named mr, + /{,var/}run/named/named.pid w, + /{,var/}run/named/session.key w, + # support for resolvconf + /{,var/}run/named/named.options r, + + # some people like to put logs in /var/log/named/ instead of having + # syslog do the heavy lifting. + /var/log/named/** rw, + /var/log/named/ rw, + + # gssapi + /var/lib/sss/pubconf/krb5.include.d/** r, + /var/lib/sss/pubconf/krb5.include.d/ r, + /var/lib/sss/mc/initgroups r, + /etc/gss/mech.d/ r, + + # ldap + /etc/ldap/ldap.conf r, + /{,var/}run/slapd-*.socket rw, + + # dynamic updates + /var/tmp/DNS_* rw, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/bind/bind.keys b/bind/bind.keys new file mode 100644 index 0000000..db22d4b --- /dev/null +++ b/bind/bind.keys @@ -0,0 +1,69 @@ +# The bind.keys file is used to override the built-in DNSSEC trust anchors +# which are included as part of BIND 9. As of the current release, the only +# trust anchors it contains are those for the DNS root zone ("."), and for +# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors +# for any other zones MUST be configured elsewhere; if they are configured +# here, they will not be recognized or used by named. +# +# The built-in trust anchors are provided for convenience of configuration. +# They are not activated within named.conf unless specifically switched on. +# To use the built-in root key, set "dnssec-validation auto;" in +# named.conf options. To use the built-in DLV key, set +# "dnssec-lookaside auto;". Without these options being set, +# the keys in this file are ignored. +# +# This file is NOT expected to be user-configured. +# +# These keys are current as of Feburary 2017. If any key fails to +# initialize correctly, it may have expired. In that event you should +# replace this file with a current version. The latest version of +# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys. + +managed-keys { + # ISC DLV: See https://www.isc.org/solutions/dlv for details. + # + # NOTE: The ISC DLV zone is being phased out as of February 2017; + # the key will remain in place but the zone will be otherwise empty. + # Configuring "dnssec-lookaside auto;" to activate this key is + # harmless, but is no longer useful and is not recommended. + dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 + brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ + 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 + ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk + Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM + QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt + TDN0YUuWrBNh"; + + # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml + # for current trust anchor information. + # + # These keys are activated by setting "dnssec-validation auto;" + # in named.conf. + # + # This key (19036) is to be phased out starting in 2017. It will + # remain in the root zone for some time after its successor key + # has been added. It will remain this file until it is removed from + # the root zone. + . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF + FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX + bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD + X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz + W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS + Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq + QxA+Uk1ihz0="; + + # This key (20326) is to be published in the root zone in 2017. + # Servers which were already using the old key (19036) should + # roll seamlessly to this new one via RFC 5011 rollover. Servers + # being set up for the first time can use the contents of this + # file as initializing keys; thereafter, the keys in the + # managed key database will be trusted and maintained + # automatically. + . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 + +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv + ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF + 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e + oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd + RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN + R1AkUTV74bU="; +}; diff --git a/bind/db.0 b/bind/db.0 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/bind/db.0 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/bind/db.127 b/bind/db.127 new file mode 100644 index 0000000..cd05bef --- /dev/null +++ b/bind/db.127 @@ -0,0 +1,13 @@ +; +; BIND reverse data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +1.0.0 IN PTR localhost. diff --git a/bind/db.255 b/bind/db.255 new file mode 100644 index 0000000..e3aabdb --- /dev/null +++ b/bind/db.255 @@ -0,0 +1,12 @@ +; +; BIND reverse data file for broadcast zone +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/bind/db.empty b/bind/db.empty new file mode 100644 index 0000000..8a12858 --- /dev/null +++ b/bind/db.empty @@ -0,0 +1,14 @@ +; BIND reverse data file for empty rfc1918 zone +; +; DO NOT EDIT THIS FILE - it is used for multiple zones. +; Instead, copy it, edit named.conf, and use that copy. +; +$TTL 86400 +@ IN SOA localhost. root.localhost. ( + 1 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 86400 ) ; Negative Cache TTL +; +@ IN NS localhost. diff --git a/bind/db.local b/bind/db.local new file mode 100644 index 0000000..2f272d4 --- /dev/null +++ b/bind/db.local @@ -0,0 +1,14 @@ +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA localhost. root.localhost. ( + 2 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS localhost. +@ IN A 127.0.0.1 +@ IN AAAA ::1 diff --git a/bind/db.root b/bind/db.root new file mode 100644 index 0000000..f0b79d2 --- /dev/null +++ b/bind/db.root @@ -0,0 +1,90 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: February 17, 2016 +; related version of root zone: 2016021701 +; +; formerly NS.INTERNIC.NET +; +. 3600000 NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file diff --git a/bind/named.conf b/bind/named.conf new file mode 100644 index 0000000..880786a --- /dev/null +++ b/bind/named.conf @@ -0,0 +1,11 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; diff --git a/bind/named.conf.default-zones b/bind/named.conf.default-zones new file mode 100644 index 0000000..355338b --- /dev/null +++ b/bind/named.conf.default-zones @@ -0,0 +1,30 @@ +// prime the server with knowledge of the root servers +zone "." { + type hint; + file "/etc/bind/db.root"; +}; + +// be authoritative for the localhost forward and reverse zones, and for +// broadcast zones as per RFC 1912 + +zone "localhost" { + type master; + file "/etc/bind/db.local"; +}; + +zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; +}; + +zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; +}; + +zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; +}; + + diff --git a/bind/named.conf.local b/bind/named.conf.local new file mode 100644 index 0000000..7a57b10 --- /dev/null +++ b/bind/named.conf.local @@ -0,0 +1,8 @@ +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + diff --git a/bind/named.conf.options b/bind/named.conf.options new file mode 100644 index 0000000..b1bef51 --- /dev/null +++ b/bind/named.conf.options @@ -0,0 +1,26 @@ +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + // forwarders { + // 0.0.0.0; + // }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; +}; + diff --git a/bind/rndc.key b/bind/rndc.key new file mode 100644 index 0000000..6ee49f4 --- /dev/null +++ b/bind/rndc.key @@ -0,0 +1,4 @@ +key "rndc-key" { + algorithm hmac-md5; + secret "QZWrR209/0Vzozjh+86Tww=="; +}; diff --git a/bind/zones.rfc1918 b/bind/zones.rfc1918 new file mode 100644 index 0000000..03b5546 --- /dev/null +++ b/bind/zones.rfc1918 @@ -0,0 +1,20 @@ +zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; +zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; + +zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; diff --git a/default/bind9 b/default/bind9 new file mode 100644 index 0000000..866a94e --- /dev/null +++ b/default/bind9 @@ -0,0 +1,5 @@ +# run resolvconf? +RESOLVCONF=no + +# startup options for the server +OPTIONS="-u bind" diff --git a/group b/group index 8d08e5a..7cf51b2 100644 --- a/group +++ b/group @@ -65,3 +65,4 @@ wireshark:x:122: opendkim:x:123: _chrony:x:124: nagios:x:125: +bind:x:126: diff --git a/group- b/group- index 42bec92..8d08e5a 100644 --- a/group- +++ b/group- @@ -64,3 +64,4 @@ ulog:x:121: wireshark:x:122: opendkim:x:123: _chrony:x:124: +nagios:x:125: diff --git a/gshadow b/gshadow index 3161bcb..be8f763 100644 --- a/gshadow +++ b/gshadow @@ -65,3 +65,4 @@ wireshark:!:: opendkim:!:: _chrony:!:: nagios:!:: +bind:!:: diff --git a/gshadow- b/gshadow- index f3e9dcb..3161bcb 100644 --- a/gshadow- +++ b/gshadow- @@ -64,3 +64,4 @@ ulog:!:: wireshark:!:: opendkim:!:: _chrony:!:: +nagios:!:: diff --git a/init.d/bind9 b/init.d/bind9 new file mode 100755 index 0000000..59d8e3d --- /dev/null +++ b/init.d/bind9 @@ -0,0 +1,145 @@ +#!/bin/sh -e + +### BEGIN INIT INFO +# Provides: bind9 +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Should-Start: $network $syslog +# Should-Stop: $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop bind9 +# Description: bind9 is a Domain Name Server (DNS) +# which translates ip addresses to and from internet names +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +# for a chrooted server: "-u bind -t /var/lib/named" +# Don't modify this line, change or create /etc/default/bind9. +OPTIONS="" +RESOLVCONF=no + +test -f /etc/default/bind9 && . /etc/default/bind9 + +test -x /usr/sbin/rndc || exit 0 + +. /lib/lsb/init-functions +PIDFILE=/run/named/named.pid + +check_network() { + if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then + IFCONFIG_OPTS="-au" + else + IFCONFIG_OPTS="" + fi + if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then + #log_action_msg "No networks configured." + return 1 + fi + return 0 +} + +case "$1" in + start) + log_daemon_msg "Starting domain name service..." "bind9" + + modprobe capability >/dev/null 2>&1 || true + + # dirs under /run can go away on reboots. + mkdir -p /run/named + chmod 775 /run/named + chown root:bind /run/named >/dev/null 2>&1 || true + + if [ ! -x /usr/sbin/named ]; then + log_action_msg "named binary missing - not starting" + log_end_msg 1 + fi + + if ! check_network; then + log_action_msg "no networks configured" + log_end_msg 1 + fi + + if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \ + --pidfile ${PIDFILE} -- $OPTIONS; then + if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named + fi + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + + stop) + log_daemon_msg "Stopping domain name service..." "bind9" + if ! check_network; then + log_action_msg "no networks configured" + log_end_msg 1 + fi + + if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d lo.named + fi + pid=$(/usr/sbin/rndc stop -p | awk '/^pid:/ {print $2}') || true + if [ -z "$pid" ]; then # no pid found, so either not running, or error + pid=$(pgrep -f ^/usr/sbin/named) || true + start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/named \ + --pidfile ${PIDFILE} -- $OPTIONS + fi + if [ -n "$pid" ]; then + sig=0 + n=1 + while kill -$sig $pid 2>/dev/null; do + if [ $n -eq 1 ]; then + echo "waiting for pid $pid to die" + fi + if [ $n -eq 11 ]; then + echo "giving up on pid $pid with kill -0; trying -9" + sig=9 + fi + if [ $n -gt 20 ]; then + echo "giving up on pid $pid" + break + fi + n=$(($n+1)) + sleep 1 + done + fi + log_end_msg 0 + ;; + + reload|force-reload) + log_daemon_msg "Reloading domain name service..." "bind9" + if ! check_network; then + log_action_msg "no networks configured" + log_end_msg 1 + fi + + /usr/sbin/rndc reload >/dev/null && log_end_msg 0 || log_end_msg 1 + ;; + + restart) + if ! check_network; then + log_action_msg "no networks configured" + exit 1 + fi + + $0 stop + $0 start + ;; + + status) + ret=0 + status_of_proc -p ${PIDFILE} /usr/sbin/named bind9 2>/dev/null || ret=$? + exit $ret + ;; + + *) + log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/network/if-down.d/bind9 b/network/if-down.d/bind9 new file mode 100755 index 0000000..68a02c6 --- /dev/null +++ b/network/if-down.d/bind9 @@ -0,0 +1,15 @@ +#!/bin/sh -e +# Called when an interface disconnects +# Written by LaMont Jones + +# kick named as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/sbin ]; then + exit 0 +fi + +# if named is running, reconfig it. +rndc reconfig >/dev/null 2>&1 & + +exit 0 diff --git a/network/if-up.d/bind9 b/network/if-up.d/bind9 new file mode 100755 index 0000000..d17195a --- /dev/null +++ b/network/if-up.d/bind9 @@ -0,0 +1,15 @@ +#!/bin/sh -e +# Called when a new interface comes up +# Written by LaMont Jones + +# kick named as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/sbin ]; then + exit 0 +fi + +# if named is running, reconfig it. +rndc reconfig >/dev/null 2>&1 & + +exit 0 diff --git a/passwd b/passwd index 08f01b4..ddff25d 100644 --- a/passwd +++ b/passwd @@ -39,3 +39,4 @@ opendkim:x:114:123::/var/run/opendkim:/bin/false _apt:x:115:65534::/nonexistent:/bin/false _chrony:x:116:124:Chrony daemon,,,:/var/lib/chrony:/bin/false nagios:x:117:125::/var/lib/nagios:/bin/false +bind:x:118:126::/var/cache/bind:/bin/false diff --git a/passwd- b/passwd- index baba87e..ddff25d 100644 --- a/passwd- +++ b/passwd- @@ -38,3 +38,5 @@ taurec:x:1000:100:Jörn Valentin:/home/taurec:/bin/bash opendkim:x:114:123::/var/run/opendkim:/bin/false _apt:x:115:65534::/nonexistent:/bin/false _chrony:x:116:124:Chrony daemon,,,:/var/lib/chrony:/bin/false +nagios:x:117:125::/var/lib/nagios:/bin/false +bind:x:118:126::/var/cache/bind:/bin/false diff --git a/ppp/ip-down.d/bind9 b/ppp/ip-down.d/bind9 new file mode 100755 index 0000000..68a02c6 --- /dev/null +++ b/ppp/ip-down.d/bind9 @@ -0,0 +1,15 @@ +#!/bin/sh -e +# Called when an interface disconnects +# Written by LaMont Jones + +# kick named as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/sbin ]; then + exit 0 +fi + +# if named is running, reconfig it. +rndc reconfig >/dev/null 2>&1 & + +exit 0 diff --git a/ppp/ip-up.d/bind9 b/ppp/ip-up.d/bind9 new file mode 100755 index 0000000..d17195a --- /dev/null +++ b/ppp/ip-up.d/bind9 @@ -0,0 +1,15 @@ +#!/bin/sh -e +# Called when a new interface comes up +# Written by LaMont Jones + +# kick named as needed + +# If /usr isn't mounted yet, silently bail. +if [ ! -d /usr/sbin ]; then + exit 0 +fi + +# if named is running, reconfig it. +rndc reconfig >/dev/null 2>&1 & + +exit 0 diff --git a/rc0.d/K04bind9 b/rc0.d/K04bind9 new file mode 120000 index 0000000..63fcfdd --- /dev/null +++ b/rc0.d/K04bind9 @@ -0,0 +1 @@ +../init.d/bind9 \ No newline at end of file diff --git a/rc0.d/K04sendsigs b/rc0.d/K04sendsigs deleted file mode 120000 index 56bed94..0000000 --- a/rc0.d/K04sendsigs +++ /dev/null @@ -1 +0,0 @@ -../init.d/sendsigs \ No newline at end of file diff --git a/rc0.d/K05rsyslog b/rc0.d/K05rsyslog deleted file mode 120000 index 7000c51..0000000 --- a/rc0.d/K05rsyslog +++ /dev/null @@ -1 +0,0 @@ -../init.d/rsyslog \ No newline at end of file diff --git a/rc0.d/K05sendsigs b/rc0.d/K05sendsigs new file mode 120000 index 0000000..56bed94 --- /dev/null +++ b/rc0.d/K05sendsigs @@ -0,0 +1 @@ +../init.d/sendsigs \ No newline at end of file diff --git a/rc0.d/K06hwclock.sh b/rc0.d/K06hwclock.sh deleted file mode 120000 index c2b57ec..0000000 --- a/rc0.d/K06hwclock.sh +++ /dev/null @@ -1 +0,0 @@ -../init.d/hwclock.sh \ No newline at end of file diff --git a/rc0.d/K06rsyslog b/rc0.d/K06rsyslog new file mode 120000 index 0000000..7000c51 --- /dev/null +++ b/rc0.d/K06rsyslog @@ -0,0 +1 @@ +../init.d/rsyslog \ No newline at end of file diff --git a/rc0.d/K06umountnfs.sh b/rc0.d/K06umountnfs.sh deleted file mode 120000 index c4ed87a..0000000 --- a/rc0.d/K06umountnfs.sh +++ /dev/null @@ -1 +0,0 @@ -../init.d/umountnfs.sh \ No newline at end of file diff --git a/rc0.d/K07hwclock.sh b/rc0.d/K07hwclock.sh new file mode 120000 index 0000000..c2b57ec --- /dev/null +++ b/rc0.d/K07hwclock.sh @@ -0,0 +1 @@ +../init.d/hwclock.sh \ No newline at end of file diff --git a/rc0.d/K07networking b/rc0.d/K07networking deleted file mode 120000 index bd5b2c2..0000000 --- a/rc0.d/K07networking +++ /dev/null @@ -1 +0,0 @@ -../init.d/networking \ No newline at end of file diff --git a/rc0.d/K07umountnfs.sh b/rc0.d/K07umountnfs.sh new file mode 120000 index 0000000..c4ed87a --- /dev/null +++ b/rc0.d/K07umountnfs.sh @@ -0,0 +1 @@ +../init.d/umountnfs.sh \ No newline at end of file diff --git a/rc0.d/K08networking b/rc0.d/K08networking new file mode 120000 index 0000000..bd5b2c2 --- /dev/null +++ b/rc0.d/K08networking @@ -0,0 +1 @@ +../init.d/networking \ No newline at end of file diff --git a/rc0.d/K08umountfs b/rc0.d/K08umountfs deleted file mode 120000 index d29c125..0000000 --- a/rc0.d/K08umountfs +++ /dev/null @@ -1 +0,0 @@ -../init.d/umountfs \ No newline at end of file diff --git a/rc0.d/K09umountfs b/rc0.d/K09umountfs new file mode 120000 index 0000000..d29c125 --- /dev/null +++ b/rc0.d/K09umountfs @@ -0,0 +1 @@ +../init.d/umountfs \ No newline at end of file diff --git a/rc0.d/K09umountroot b/rc0.d/K09umountroot deleted file mode 120000 index f486c50..0000000 --- a/rc0.d/K09umountroot +++ /dev/null @@ -1 +0,0 @@ -../init.d/umountroot \ No newline at end of file diff --git a/rc0.d/K10halt b/rc0.d/K10halt deleted file mode 120000 index 576e1ef..0000000 --- a/rc0.d/K10halt +++ /dev/null @@ -1 +0,0 @@ -../init.d/halt \ No newline at end of file diff --git a/rc0.d/K10umountroot b/rc0.d/K10umountroot new file mode 120000 index 0000000..f486c50 --- /dev/null +++ b/rc0.d/K10umountroot @@ -0,0 +1 @@ +../init.d/umountroot \ No newline at end of file diff --git a/rc0.d/K11halt b/rc0.d/K11halt new file mode 120000 index 0000000..576e1ef --- /dev/null +++ b/rc0.d/K11halt @@ -0,0 +1 @@ +../init.d/halt \ No newline at end of file diff --git a/rc1.d/K04bind9 b/rc1.d/K04bind9 new file mode 120000 index 0000000..63fcfdd --- /dev/null +++ b/rc1.d/K04bind9 @@ -0,0 +1 @@ +../init.d/bind9 \ No newline at end of file diff --git a/rc1.d/K05rsyslog b/rc1.d/K05rsyslog deleted file mode 120000 index 7000c51..0000000 --- a/rc1.d/K05rsyslog +++ /dev/null @@ -1 +0,0 @@ -../init.d/rsyslog \ No newline at end of file diff --git a/rc1.d/K06rsyslog b/rc1.d/K06rsyslog new file mode 120000 index 0000000..7000c51 --- /dev/null +++ b/rc1.d/K06rsyslog @@ -0,0 +1 @@ +../init.d/rsyslog \ No newline at end of file diff --git a/rc2.d/S03bind9 b/rc2.d/S03bind9 new file mode 120000 index 0000000..63fcfdd --- /dev/null +++ b/rc2.d/S03bind9 @@ -0,0 +1 @@ +../init.d/bind9 \ No newline at end of file diff --git a/rc2.d/S03chrony b/rc2.d/S03chrony deleted file mode 120000 index 53f1361..0000000 --- a/rc2.d/S03chrony +++ /dev/null @@ -1 +0,0 @@ -../init.d/chrony \ No newline at end of file diff --git a/rc2.d/S03cron b/rc2.d/S03cron deleted file mode 120000 index b7a1f29..0000000 --- a/rc2.d/S03cron +++ /dev/null @@ -1 +0,0 @@ -../init.d/cron \ No newline at end of file diff --git a/rc2.d/S03fail2ban b/rc2.d/S03fail2ban deleted file mode 120000 index 625bcdc..0000000 --- a/rc2.d/S03fail2ban +++ /dev/null @@ -1 +0,0 @@ -../init.d/fail2ban \ No newline at end of file diff --git a/rc2.d/S03mysql b/rc2.d/S03mysql deleted file mode 120000 index 4fa2088..0000000 --- a/rc2.d/S03mysql +++ /dev/null @@ -1 +0,0 @@ -../init.d/mysql \ No newline at end of file diff --git a/rc2.d/S03nginx b/rc2.d/S03nginx deleted file mode 120000 index 16a8734..0000000 --- a/rc2.d/S03nginx +++ /dev/null @@ -1 +0,0 @@ -../init.d/nginx \ No newline at end of file diff --git a/rc2.d/S03rsync b/rc2.d/S03rsync deleted file mode 120000 index 3f11f90..0000000 --- a/rc2.d/S03rsync +++ /dev/null @@ -1 +0,0 @@ -../init.d/rsync \ No newline at end of file diff --git a/rc2.d/S04chrony b/rc2.d/S04chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc2.d/S04chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc2.d/S04cron b/rc2.d/S04cron new file mode 120000 index 0000000..b7a1f29 --- /dev/null +++ b/rc2.d/S04cron @@ -0,0 +1 @@ +../init.d/cron \ No newline at end of file diff --git a/rc2.d/S04dovecot b/rc2.d/S04dovecot deleted file mode 120000 index 8ead3e7..0000000 --- a/rc2.d/S04dovecot +++ /dev/null @@ -1 +0,0 @@ -../init.d/dovecot \ No newline at end of file diff --git a/rc2.d/S04fail2ban b/rc2.d/S04fail2ban new file mode 120000 index 0000000..625bcdc --- /dev/null +++ b/rc2.d/S04fail2ban @@ -0,0 +1 @@ +../init.d/fail2ban \ No newline at end of file diff --git a/rc2.d/S04mysql b/rc2.d/S04mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc2.d/S04mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc2.d/S04nginx b/rc2.d/S04nginx new file mode 120000 index 0000000..16a8734 --- /dev/null +++ b/rc2.d/S04nginx @@ -0,0 +1 @@ +../init.d/nginx \ No newline at end of file diff --git a/rc2.d/S04rsync b/rc2.d/S04rsync new file mode 120000 index 0000000..3f11f90 --- /dev/null +++ b/rc2.d/S04rsync @@ -0,0 +1 @@ +../init.d/rsync \ No newline at end of file diff --git a/rc2.d/S05dovecot b/rc2.d/S05dovecot new file mode 120000 index 0000000..8ead3e7 --- /dev/null +++ b/rc2.d/S05dovecot @@ -0,0 +1 @@ +../init.d/dovecot \ No newline at end of file diff --git a/rc2.d/S05postfix b/rc2.d/S05postfix deleted file mode 120000 index 81e743c..0000000 --- a/rc2.d/S05postfix +++ /dev/null @@ -1 +0,0 @@ -../init.d/postfix \ No newline at end of file diff --git a/rc2.d/S06postfix b/rc2.d/S06postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc2.d/S06postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc2.d/S06rc.local b/rc2.d/S06rc.local deleted file mode 120000 index fb4ee0a..0000000 --- a/rc2.d/S06rc.local +++ /dev/null @@ -1 +0,0 @@ -../init.d/rc.local \ No newline at end of file diff --git a/rc2.d/S06rmnologin b/rc2.d/S06rmnologin deleted file mode 120000 index 3000cf9..0000000 --- a/rc2.d/S06rmnologin +++ /dev/null @@ -1 +0,0 @@ -../init.d/rmnologin \ No newline at end of file diff --git a/rc2.d/S07rc.local b/rc2.d/S07rc.local new file mode 120000 index 0000000..fb4ee0a --- /dev/null +++ b/rc2.d/S07rc.local @@ -0,0 +1 @@ +../init.d/rc.local \ No newline at end of file diff --git a/rc2.d/S07rmnologin b/rc2.d/S07rmnologin new file mode 120000 index 0000000..3000cf9 --- /dev/null +++ b/rc2.d/S07rmnologin @@ -0,0 +1 @@ +../init.d/rmnologin \ No newline at end of file diff --git a/rc3.d/S03bind9 b/rc3.d/S03bind9 new file mode 120000 index 0000000..63fcfdd --- /dev/null +++ b/rc3.d/S03bind9 @@ -0,0 +1 @@ +../init.d/bind9 \ No newline at end of file diff --git a/rc3.d/S03chrony b/rc3.d/S03chrony deleted file mode 120000 index 53f1361..0000000 --- a/rc3.d/S03chrony +++ /dev/null @@ -1 +0,0 @@ -../init.d/chrony \ No newline at end of file diff --git a/rc3.d/S03cron b/rc3.d/S03cron deleted file mode 120000 index b7a1f29..0000000 --- a/rc3.d/S03cron +++ /dev/null @@ -1 +0,0 @@ -../init.d/cron \ No newline at end of file diff --git a/rc3.d/S03fail2ban b/rc3.d/S03fail2ban deleted file mode 120000 index 625bcdc..0000000 --- a/rc3.d/S03fail2ban +++ /dev/null @@ -1 +0,0 @@ -../init.d/fail2ban \ No newline at end of file diff --git a/rc3.d/S03mysql b/rc3.d/S03mysql deleted file mode 120000 index 4fa2088..0000000 --- a/rc3.d/S03mysql +++ /dev/null @@ -1 +0,0 @@ -../init.d/mysql \ No newline at end of file diff --git a/rc3.d/S03nginx b/rc3.d/S03nginx deleted file mode 120000 index 16a8734..0000000 --- a/rc3.d/S03nginx +++ /dev/null @@ -1 +0,0 @@ -../init.d/nginx \ No newline at end of file diff --git a/rc3.d/S03rsync b/rc3.d/S03rsync deleted file mode 120000 index 3f11f90..0000000 --- a/rc3.d/S03rsync +++ /dev/null @@ -1 +0,0 @@ -../init.d/rsync \ No newline at end of file diff --git a/rc3.d/S04chrony b/rc3.d/S04chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc3.d/S04chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc3.d/S04cron b/rc3.d/S04cron new file mode 120000 index 0000000..b7a1f29 --- /dev/null +++ b/rc3.d/S04cron @@ -0,0 +1 @@ +../init.d/cron \ No newline at end of file diff --git a/rc3.d/S04dovecot b/rc3.d/S04dovecot deleted file mode 120000 index 8ead3e7..0000000 --- a/rc3.d/S04dovecot +++ /dev/null @@ -1 +0,0 @@ -../init.d/dovecot \ No newline at end of file diff --git a/rc3.d/S04fail2ban b/rc3.d/S04fail2ban new file mode 120000 index 0000000..625bcdc --- /dev/null +++ b/rc3.d/S04fail2ban @@ -0,0 +1 @@ +../init.d/fail2ban \ No newline at end of file diff --git a/rc3.d/S04mysql b/rc3.d/S04mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc3.d/S04mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc3.d/S04nginx b/rc3.d/S04nginx new file mode 120000 index 0000000..16a8734 --- /dev/null +++ b/rc3.d/S04nginx @@ -0,0 +1 @@ +../init.d/nginx \ No newline at end of file diff --git a/rc3.d/S04rsync b/rc3.d/S04rsync new file mode 120000 index 0000000..3f11f90 --- /dev/null +++ b/rc3.d/S04rsync @@ -0,0 +1 @@ +../init.d/rsync \ No newline at end of file diff --git a/rc3.d/S05dovecot b/rc3.d/S05dovecot new file mode 120000 index 0000000..8ead3e7 --- /dev/null +++ b/rc3.d/S05dovecot @@ -0,0 +1 @@ +../init.d/dovecot \ No newline at end of file diff --git a/rc3.d/S05postfix b/rc3.d/S05postfix deleted file mode 120000 index 81e743c..0000000 --- a/rc3.d/S05postfix +++ /dev/null @@ -1 +0,0 @@ -../init.d/postfix \ No newline at end of file diff --git a/rc3.d/S06postfix b/rc3.d/S06postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc3.d/S06postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc3.d/S06rc.local b/rc3.d/S06rc.local deleted file mode 120000 index fb4ee0a..0000000 --- a/rc3.d/S06rc.local +++ /dev/null @@ -1 +0,0 @@ -../init.d/rc.local \ No newline at end of file diff --git a/rc3.d/S06rmnologin b/rc3.d/S06rmnologin deleted file mode 120000 index 3000cf9..0000000 --- a/rc3.d/S06rmnologin +++ /dev/null @@ -1 +0,0 @@ -../init.d/rmnologin \ No newline at end of file diff --git a/rc3.d/S07rc.local b/rc3.d/S07rc.local new file mode 120000 index 0000000..fb4ee0a --- /dev/null +++ b/rc3.d/S07rc.local @@ -0,0 +1 @@ +../init.d/rc.local \ No newline at end of file diff --git a/rc3.d/S07rmnologin b/rc3.d/S07rmnologin new file mode 120000 index 0000000..3000cf9 --- /dev/null +++ b/rc3.d/S07rmnologin @@ -0,0 +1 @@ +../init.d/rmnologin \ No newline at end of file diff --git a/rc4.d/S03bind9 b/rc4.d/S03bind9 new file mode 120000 index 0000000..63fcfdd --- /dev/null +++ b/rc4.d/S03bind9 @@ -0,0 +1 @@ +../init.d/bind9 \ No newline at end of file diff --git a/rc4.d/S03chrony b/rc4.d/S03chrony deleted file mode 120000 index 53f1361..0000000 --- a/rc4.d/S03chrony +++ /dev/null @@ -1 +0,0 @@ -../init.d/chrony \ No newline at end of file diff --git a/rc4.d/S03cron b/rc4.d/S03cron deleted file mode 120000 index b7a1f29..0000000 --- a/rc4.d/S03cron +++ /dev/null @@ -1 +0,0 @@ -../init.d/cron \ No newline at end of file diff --git a/rc4.d/S03fail2ban b/rc4.d/S03fail2ban deleted file mode 120000 index 625bcdc..0000000 --- a/rc4.d/S03fail2ban +++ /dev/null @@ -1 +0,0 @@ -../init.d/fail2ban \ No newline at end of file diff --git a/rc4.d/S03mysql b/rc4.d/S03mysql deleted file mode 120000 index 4fa2088..0000000 --- a/rc4.d/S03mysql +++ /dev/null @@ -1 +0,0 @@ -../init.d/mysql \ No newline at end of file diff --git a/rc4.d/S03nginx b/rc4.d/S03nginx deleted file mode 120000 index 16a8734..0000000 --- a/rc4.d/S03nginx +++ /dev/null @@ -1 +0,0 @@ -../init.d/nginx \ No newline at end of file diff --git a/rc4.d/S03rsync b/rc4.d/S03rsync deleted file mode 120000 index 3f11f90..0000000 --- a/rc4.d/S03rsync +++ /dev/null @@ -1 +0,0 @@ -../init.d/rsync \ No newline at end of file diff --git a/rc4.d/S04chrony b/rc4.d/S04chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc4.d/S04chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc4.d/S04cron b/rc4.d/S04cron new file mode 120000 index 0000000..b7a1f29 --- /dev/null +++ b/rc4.d/S04cron @@ -0,0 +1 @@ +../init.d/cron \ No newline at end of file diff --git a/rc4.d/S04dovecot b/rc4.d/S04dovecot deleted file mode 120000 index 8ead3e7..0000000 --- a/rc4.d/S04dovecot +++ /dev/null @@ -1 +0,0 @@ -../init.d/dovecot \ No newline at end of file diff --git a/rc4.d/S04fail2ban b/rc4.d/S04fail2ban new file mode 120000 index 0000000..625bcdc --- /dev/null +++ b/rc4.d/S04fail2ban @@ -0,0 +1 @@ +../init.d/fail2ban \ No newline at end of file diff --git a/rc4.d/S04mysql b/rc4.d/S04mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc4.d/S04mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc4.d/S04nginx b/rc4.d/S04nginx new file mode 120000 index 0000000..16a8734 --- /dev/null +++ b/rc4.d/S04nginx @@ -0,0 +1 @@ +../init.d/nginx \ No newline at end of file diff --git a/rc4.d/S04rsync b/rc4.d/S04rsync new file mode 120000 index 0000000..3f11f90 --- /dev/null +++ b/rc4.d/S04rsync @@ -0,0 +1 @@ +../init.d/rsync \ No newline at end of file diff --git a/rc4.d/S05dovecot b/rc4.d/S05dovecot new file mode 120000 index 0000000..8ead3e7 --- /dev/null +++ b/rc4.d/S05dovecot @@ -0,0 +1 @@ +../init.d/dovecot \ No newline at end of file diff --git a/rc4.d/S05postfix b/rc4.d/S05postfix deleted file mode 120000 index 81e743c..0000000 --- a/rc4.d/S05postfix +++ /dev/null @@ -1 +0,0 @@ -../init.d/postfix \ No newline at end of file diff --git a/rc4.d/S06postfix b/rc4.d/S06postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc4.d/S06postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc4.d/S06rc.local b/rc4.d/S06rc.local deleted file mode 120000 index fb4ee0a..0000000 --- a/rc4.d/S06rc.local +++ /dev/null @@ -1 +0,0 @@ -../init.d/rc.local \ No newline at end of file diff --git a/rc4.d/S06rmnologin b/rc4.d/S06rmnologin deleted file mode 120000 index 3000cf9..0000000 --- a/rc4.d/S06rmnologin +++ /dev/null @@ -1 +0,0 @@ -../init.d/rmnologin \ No newline at end of file diff --git a/rc4.d/S07rc.local b/rc4.d/S07rc.local new file mode 120000 index 0000000..fb4ee0a --- /dev/null +++ b/rc4.d/S07rc.local @@ -0,0 +1 @@ +../init.d/rc.local \ No newline at end of file diff --git a/rc4.d/S07rmnologin b/rc4.d/S07rmnologin new file mode 120000 index 0000000..3000cf9 --- /dev/null +++ b/rc4.d/S07rmnologin @@ -0,0 +1 @@ +../init.d/rmnologin \ No newline at end of file diff --git a/rc5.d/S03bind9 b/rc5.d/S03bind9 new file mode 120000 index 0000000..63fcfdd --- /dev/null +++ b/rc5.d/S03bind9 @@ -0,0 +1 @@ +../init.d/bind9 \ No newline at end of file diff --git a/rc5.d/S03chrony b/rc5.d/S03chrony deleted file mode 120000 index 53f1361..0000000 --- a/rc5.d/S03chrony +++ /dev/null @@ -1 +0,0 @@ -../init.d/chrony \ No newline at end of file diff --git a/rc5.d/S03cron b/rc5.d/S03cron deleted file mode 120000 index b7a1f29..0000000 --- a/rc5.d/S03cron +++ /dev/null @@ -1 +0,0 @@ -../init.d/cron \ No newline at end of file diff --git a/rc5.d/S03fail2ban b/rc5.d/S03fail2ban deleted file mode 120000 index 625bcdc..0000000 --- a/rc5.d/S03fail2ban +++ /dev/null @@ -1 +0,0 @@ -../init.d/fail2ban \ No newline at end of file diff --git a/rc5.d/S03mysql b/rc5.d/S03mysql deleted file mode 120000 index 4fa2088..0000000 --- a/rc5.d/S03mysql +++ /dev/null @@ -1 +0,0 @@ -../init.d/mysql \ No newline at end of file diff --git a/rc5.d/S03nginx b/rc5.d/S03nginx deleted file mode 120000 index 16a8734..0000000 --- a/rc5.d/S03nginx +++ /dev/null @@ -1 +0,0 @@ -../init.d/nginx \ No newline at end of file diff --git a/rc5.d/S03rsync b/rc5.d/S03rsync deleted file mode 120000 index 3f11f90..0000000 --- a/rc5.d/S03rsync +++ /dev/null @@ -1 +0,0 @@ -../init.d/rsync \ No newline at end of file diff --git a/rc5.d/S04chrony b/rc5.d/S04chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc5.d/S04chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc5.d/S04cron b/rc5.d/S04cron new file mode 120000 index 0000000..b7a1f29 --- /dev/null +++ b/rc5.d/S04cron @@ -0,0 +1 @@ +../init.d/cron \ No newline at end of file diff --git a/rc5.d/S04dovecot b/rc5.d/S04dovecot deleted file mode 120000 index 8ead3e7..0000000 --- a/rc5.d/S04dovecot +++ /dev/null @@ -1 +0,0 @@ -../init.d/dovecot \ No newline at end of file diff --git a/rc5.d/S04fail2ban b/rc5.d/S04fail2ban new file mode 120000 index 0000000..625bcdc --- /dev/null +++ b/rc5.d/S04fail2ban @@ -0,0 +1 @@ +../init.d/fail2ban \ No newline at end of file diff --git a/rc5.d/S04mysql b/rc5.d/S04mysql new file mode 120000 index 0000000..4fa2088 --- /dev/null +++ b/rc5.d/S04mysql @@ -0,0 +1 @@ +../init.d/mysql \ No newline at end of file diff --git a/rc5.d/S04nginx b/rc5.d/S04nginx new file mode 120000 index 0000000..16a8734 --- /dev/null +++ b/rc5.d/S04nginx @@ -0,0 +1 @@ +../init.d/nginx \ No newline at end of file diff --git a/rc5.d/S04rsync b/rc5.d/S04rsync new file mode 120000 index 0000000..3f11f90 --- /dev/null +++ b/rc5.d/S04rsync @@ -0,0 +1 @@ +../init.d/rsync \ No newline at end of file diff --git a/rc5.d/S05dovecot b/rc5.d/S05dovecot new file mode 120000 index 0000000..8ead3e7 --- /dev/null +++ b/rc5.d/S05dovecot @@ -0,0 +1 @@ +../init.d/dovecot \ No newline at end of file diff --git a/rc5.d/S05postfix b/rc5.d/S05postfix deleted file mode 120000 index 81e743c..0000000 --- a/rc5.d/S05postfix +++ /dev/null @@ -1 +0,0 @@ -../init.d/postfix \ No newline at end of file diff --git a/rc5.d/S06postfix b/rc5.d/S06postfix new file mode 120000 index 0000000..81e743c --- /dev/null +++ b/rc5.d/S06postfix @@ -0,0 +1 @@ +../init.d/postfix \ No newline at end of file diff --git a/rc5.d/S06rc.local b/rc5.d/S06rc.local deleted file mode 120000 index fb4ee0a..0000000 --- a/rc5.d/S06rc.local +++ /dev/null @@ -1 +0,0 @@ -../init.d/rc.local \ No newline at end of file diff --git a/rc5.d/S06rmnologin b/rc5.d/S06rmnologin deleted file mode 120000 index 3000cf9..0000000 --- a/rc5.d/S06rmnologin +++ /dev/null @@ -1 +0,0 @@ -../init.d/rmnologin \ No newline at end of file diff --git a/rc5.d/S07rc.local b/rc5.d/S07rc.local new file mode 120000 index 0000000..fb4ee0a --- /dev/null +++ b/rc5.d/S07rc.local @@ -0,0 +1 @@ +../init.d/rc.local \ No newline at end of file diff --git a/rc5.d/S07rmnologin b/rc5.d/S07rmnologin new file mode 120000 index 0000000..3000cf9 --- /dev/null +++ b/rc5.d/S07rmnologin @@ -0,0 +1 @@ +../init.d/rmnologin \ No newline at end of file diff --git a/rc6.d/K04bind9 b/rc6.d/K04bind9 new file mode 120000 index 0000000..63fcfdd --- /dev/null +++ b/rc6.d/K04bind9 @@ -0,0 +1 @@ +../init.d/bind9 \ No newline at end of file diff --git a/rc6.d/K04sendsigs b/rc6.d/K04sendsigs deleted file mode 120000 index 56bed94..0000000 --- a/rc6.d/K04sendsigs +++ /dev/null @@ -1 +0,0 @@ -../init.d/sendsigs \ No newline at end of file diff --git a/rc6.d/K05rsyslog b/rc6.d/K05rsyslog deleted file mode 120000 index 7000c51..0000000 --- a/rc6.d/K05rsyslog +++ /dev/null @@ -1 +0,0 @@ -../init.d/rsyslog \ No newline at end of file diff --git a/rc6.d/K05sendsigs b/rc6.d/K05sendsigs new file mode 120000 index 0000000..56bed94 --- /dev/null +++ b/rc6.d/K05sendsigs @@ -0,0 +1 @@ +../init.d/sendsigs \ No newline at end of file diff --git a/rc6.d/K06hwclock.sh b/rc6.d/K06hwclock.sh deleted file mode 120000 index c2b57ec..0000000 --- a/rc6.d/K06hwclock.sh +++ /dev/null @@ -1 +0,0 @@ -../init.d/hwclock.sh \ No newline at end of file diff --git a/rc6.d/K06rsyslog b/rc6.d/K06rsyslog new file mode 120000 index 0000000..7000c51 --- /dev/null +++ b/rc6.d/K06rsyslog @@ -0,0 +1 @@ +../init.d/rsyslog \ No newline at end of file diff --git a/rc6.d/K06umountnfs.sh b/rc6.d/K06umountnfs.sh deleted file mode 120000 index c4ed87a..0000000 --- a/rc6.d/K06umountnfs.sh +++ /dev/null @@ -1 +0,0 @@ -../init.d/umountnfs.sh \ No newline at end of file diff --git a/rc6.d/K07hwclock.sh b/rc6.d/K07hwclock.sh new file mode 120000 index 0000000..c2b57ec --- /dev/null +++ b/rc6.d/K07hwclock.sh @@ -0,0 +1 @@ +../init.d/hwclock.sh \ No newline at end of file diff --git a/rc6.d/K07networking b/rc6.d/K07networking deleted file mode 120000 index bd5b2c2..0000000 --- a/rc6.d/K07networking +++ /dev/null @@ -1 +0,0 @@ -../init.d/networking \ No newline at end of file diff --git a/rc6.d/K07umountnfs.sh b/rc6.d/K07umountnfs.sh new file mode 120000 index 0000000..c4ed87a --- /dev/null +++ b/rc6.d/K07umountnfs.sh @@ -0,0 +1 @@ +../init.d/umountnfs.sh \ No newline at end of file diff --git a/rc6.d/K08networking b/rc6.d/K08networking new file mode 120000 index 0000000..bd5b2c2 --- /dev/null +++ b/rc6.d/K08networking @@ -0,0 +1 @@ +../init.d/networking \ No newline at end of file diff --git a/rc6.d/K08umountfs b/rc6.d/K08umountfs deleted file mode 120000 index d29c125..0000000 --- a/rc6.d/K08umountfs +++ /dev/null @@ -1 +0,0 @@ -../init.d/umountfs \ No newline at end of file diff --git a/rc6.d/K09umountfs b/rc6.d/K09umountfs new file mode 120000 index 0000000..d29c125 --- /dev/null +++ b/rc6.d/K09umountfs @@ -0,0 +1 @@ +../init.d/umountfs \ No newline at end of file diff --git a/rc6.d/K09umountroot b/rc6.d/K09umountroot deleted file mode 120000 index f486c50..0000000 --- a/rc6.d/K09umountroot +++ /dev/null @@ -1 +0,0 @@ -../init.d/umountroot \ No newline at end of file diff --git a/rc6.d/K10reboot b/rc6.d/K10reboot deleted file mode 120000 index a28e7a4..0000000 --- a/rc6.d/K10reboot +++ /dev/null @@ -1 +0,0 @@ -../init.d/reboot \ No newline at end of file diff --git a/rc6.d/K10umountroot b/rc6.d/K10umountroot new file mode 120000 index 0000000..f486c50 --- /dev/null +++ b/rc6.d/K10umountroot @@ -0,0 +1 @@ +../init.d/umountroot \ No newline at end of file diff --git a/rc6.d/K11reboot b/rc6.d/K11reboot new file mode 120000 index 0000000..a28e7a4 --- /dev/null +++ b/rc6.d/K11reboot @@ -0,0 +1 @@ +../init.d/reboot \ No newline at end of file diff --git a/shadow b/shadow index d3ac9f3..20f6035 100644 --- a/shadow +++ b/shadow @@ -39,3 +39,4 @@ opendkim:*:17261:0:99999:7::: _apt:*:17366:0:99999:7::: _chrony:*:17366:0:99999:7::: nagios:!:17452:0:99999:7::: +bind:*:17812:0:99999:7::: diff --git a/shadow- b/shadow- index d3ac9f3..20f6035 100644 --- a/shadow- +++ b/shadow- @@ -39,3 +39,4 @@ opendkim:*:17261:0:99999:7::: _apt:*:17366:0:99999:7::: _chrony:*:17366:0:99999:7::: nagios:!:17452:0:99999:7::: +bind:*:17812:0:99999:7::: diff --git a/systemd/system/multi-user.target.wants/bind9.service b/systemd/system/multi-user.target.wants/bind9.service new file mode 120000 index 0000000..d7c8ee4 --- /dev/null +++ b/systemd/system/multi-user.target.wants/bind9.service @@ -0,0 +1 @@ +/lib/systemd/system/bind9.service \ No newline at end of file diff --git a/ufw/applications.d/bind9 b/ufw/applications.d/bind9 new file mode 100644 index 0000000..6cd6fca --- /dev/null +++ b/ufw/applications.d/bind9 @@ -0,0 +1,5 @@ +[Bind9] +title=Internet Domain Name Server +description=The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. +ports=53 +