From 5057d983bfd3606705688aaad7ceb1a249d491ce Mon Sep 17 00:00:00 2001 From: Christoph Date: Thu, 3 Aug 2017 23:39:28 +0200 Subject: [PATCH] - bind_set_new_serial.sh, bind_set_renew_tlsa.sh: redesign code, add configuration file support - Add 'script bind_rndc_sync_clean.sh'. - bind_get_domain_by_hostname.sh: minor changes at code order. - Adjust sample configuration file 'bind.conf.sample'. --- bind_get_domain_by_hostname.sh | 18 +- bind_rndc_sync_clean.sh | 356 +++++++++++++++++++++++++++++++++ bind_set_new_serial.sh | 295 ++++++++++++++++++++------- bind_set_renew_tlsa.sh | 272 +++++++++++++++++++------ conf/bind.conf.sample | 18 ++ 5 files changed, 817 insertions(+), 142 deletions(-) create mode 100755 bind_rndc_sync_clean.sh diff --git a/bind_get_domain_by_hostname.sh b/bind_get_domain_by_hostname.sh index 9d17e8b..8d20696 100755 --- a/bind_get_domain_by_hostname.sh +++ b/bind_get_domain_by_hostname.sh @@ -5,6 +5,15 @@ conf_file="${working_dir}/conf/bind.conf" log_file="$(mktemp)" + +#--------------------------------------- +#----------------------------- +# Setting Defaults +#----------------------------- +#--------------------------------------- + +DEFAULT_CONF_FILE_DIR="/etc/bind" + #--------------------------------------- #----------------------------- # Base Function(s) @@ -138,15 +147,6 @@ if [[ -z "$hostname" ]] ; then fi -#--------------------------------------- -#----------------------------- -# Setting Defaults -#----------------------------- -#--------------------------------------- - -DEFAULT_CONF_FILE_DIR="/etc/bind" - - #--------------------------------------- #----------------------------- diff --git a/bind_rndc_sync_clean.sh b/bind_rndc_sync_clean.sh new file mode 100755 index 0000000..e8d3582 --- /dev/null +++ b/bind_rndc_sync_clean.sh @@ -0,0 +1,356 @@ +#!/usr/bin/env bash +# - +# - Syncing changes in the journal file for a given zone, or a zone related to +# - a given hostname +# - +# - Return (Exit) Codes: +# - success: +# - 0: Zone is synced, journalfile ist removed. +# - error: +# - 10: Invalid Hostname/Domain given +# - 11: No zonefile found +# - 12: Hostname/Domain not supported +# - 13: Syncing zonefile with jounal file failed +# - 99: Fatal error +# - +# - Usage: ./bind_rndc_sync_clean.sh +# - +# - Example: ./bind_rndc_sync_clean.sh a.mx.oopen.de + + +#--------------------------------------- +#----------------------------- +# Setting Defaults +#----------------------------- +#--------------------------------------- + +DEFAULT_CONF_FILE_DIR="/etc/bind" +DEFAULT_BIND_USER="bind" +DEFAULT_BIND_GROUP="bind" + + +#*************************************** +#----------------------------- +# Don't make changes after this +#----------------------------- +#*************************************** + + +working_dir="$(dirname $(realpath $0))" +conf_file="${working_dir}/conf/bind.conf" + +log_file="$(mktemp)" + + +#--------------------------------------- +#----------------------------- +# Base Function(s) +#----------------------------- +#--------------------------------------- +usage() { + echo + [ -n "$1" ] && echo -e "Error: $1\n" + + cat< | + + Script syncs changes in the journal file for a given zone, or a zone related to + a given hostname + + Return (Exit) Codes: + success: + 0: Zone is synced, journalfile ist removed. + error: + 10: Invalid Hostname/Domain given + 11: No zonefile found + 12: Hostname/Domain not supported + 13: Syncing zonefile with jounal file failed + 99: Fatal error + + + Options: + + -h + Prints this help. + + -q + Rund in silent mode. + + + Example: $(basename $0) oopen.de + +EOF +clean_up 99 +} + + +clean_up() { + + # Perform program exit housekeeping + rm $log_file + exit $1 +} + +echononl(){ + if $verbose ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ + fi +} + +fatal(){ + echo "" + echo -e "[ \033[31m\033[1mError\033[m ]: $*" + echo "" + echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m" + echo "" + clean_up 99 +} + +warn (){ + if $verbose ; then + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" + fi +} + +info (){ + if $verbose ; then + echo "" + echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" + echo "" + fi +} + +ok (){ + if $verbose ; then + echo "" + echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*" + echo "" + fi +} + +error(){ + if $verbose ; then + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" + fi +} + +echo_ok() { + if $verbose ; then + echo -e "\033[75G[ \033[32mok\033[m ]" + fi +} +echo_failed(){ + if $verbose ; then + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + fi +} +echo_skipped() { + if $verbose ; then + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + fi +} + +containsElement () { + local e + for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done + return 1 +} + +trap clean_up SIGHUP SIGINT SIGTERM + + +# - Test whether stdout (file descriptor 1) is a terminal or not (e.g. cron +# - or if you pipe the output to some other program) +# +if [[ -t 1 ]] ; then + verbose=true +else + verbose=false +fi + + +while getopts hq opt ; do + case $opt in + q) verbose=false + ;; + h) usage + ;; + *) + ;; + esac +done + +shift $(expr $OPTIND - 1) +if [[ $# -ne 1 ]] ; then + if $verbose ; then + usage "wrong number of arguments" + else + clean_up 99 + fi +fi + +# - Parameter "check" can be used, to test whether this script +# - is accessable (e.g. from a script on a remote host) +# - +if [[ "$1" = "check" ]]; then + info "Script \033[1m$(basename $0)\033[m was successfully invoked, but its only a test." + clean_up 0 +fi + + +host_name=$1 + + +$verbose && echo "" + +if [[ -z "$host_name" ]] ; then + fatal "No hostname/domain given!" +fi + + + +#--------------------------------------- +#----------------------------- +# Load default values from bind.conf +# +# Overwrites the settings above +# +#----------------------------- +#--------------------------------------- + +if $verbose ; then + clear + echo "" + echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .." + echo "" +fi + + +info "Given hostname/domain: \033[1m${host_name}\033[m" + + +echononl "\t Loading default Configuration values from $(basename ${conf_file}).." +if [[ ! -f "$conf_file" ]]; then + echo_skipped +else + source "${conf_file}" > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fatal "$(cat $log_file)" + fi +fi + +[[ -n "$CONF_FILE_DIR" ]] || CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR" +[[ -n "$ZONES_DECLARATION_FILE" ]] || ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local" +[[ -n "$BIND_USER" ]] || BIND_USER="$DEFAULT_BIND_USER" +[[ -n "$BIND_GROUP" ]] || BIND_GROUP="$DEFAULT_BIND_GROUP" + +$verbose && echo "" + + + +# - Validate Syntax of given domain +# - +valid_domain_regex="^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$" +echononl "\tValidate syntax of given domain.." +if [[ $host_name =~ $valid_domain_regex ]]; then + if [[ ! $host_name =~ \. ]]; then + echo_failed + error "Invalid hostname/domain \"$1\" given!" + clean_up 10 + else + echo_ok + fi +else + echo_failed + error "Invalid hostname/domain ($1) given!" + clean_up 10 +fi + + +# - Determin zone (domain) +# - +_failed=false +_host_name=$host_name +_tmp_host_name=$(echo ${_host_name//\./\\.}) +while ! grep -e "$_tmp_host_name" $ZONES_DECLARATION_FILE > /dev/null 2>&1 ; do + _host_name=${_host_name#*.} + _tmp_host_name=$(echo ${_host_name//\./\\.}) + if [[ ! $_tmp_host_name =~ \. ]]; then + _failed=true + break + fi +done + +if $_failed ; then + error "Given hostname/domain \"$1\" not supported by this nameserver!" + clean_up 11 +else + domain=$_host_name +fi + + +# - Determine zonefile (by reading bind configuration) +# - +_found=false +declare -i _number=0 +regex_zone="^[[:space:]]*zone[[:space:]]+\"$_tmp_host_name\"" +regex_file="^[[:space:]]*file" +while IFS='' read -r line || [[ -n "$line" ]] ; do + if [[ $line =~ $regex_zone ]]; then + _found=true + fi + if $_found ; then + if [[ $line =~ $regex_file ]]; then + zone_file=`echo $line | awk '{print$2}'` + shopt -s extglob + if [[ $zone_file =~ \; ]]; then + zone_file=${zone_file%%*(\;)} + fi + if [[ $zone_file =~ ^\" ]]; then + zone_file=${zone_file##*(\")} + zone_file=${zone_file%%*(\")} + fi + shopt -u extglob + let number++ + break + fi + fi +done < $ZONES_DECLARATION_FILE + +if [[ $number -eq 0 ]] ; then + error "No Zonefile (master) found for domain \"$domain\" ." + clean_up 12 +fi + + +# - Reload Zone +# - +echononl "\tSyncing changes in the journal file for zone \"$domain\".." +#rndc sync -clean $domain > /dev/null 2>&1 +rndc sync $domain > /dev/null 2>&1 +if [[ $? -eq 0 ]]; then + echo_ok + info "Zone was synced ($domain)" + clean_up 0 +else + echo_failed + error "Syncing Zone ($domain) failed!" + clean_up 13 +fi + +$verbose && echo "" +clean_up 99 diff --git a/bind_set_new_serial.sh b/bind_set_new_serial.sh index ffe9838..a64d720 100755 --- a/bind_set_new_serial.sh +++ b/bind_set_new_serial.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash - +# - # - Sets new serial and reloads zone # - # - Return (Exit) Codes: @@ -18,78 +18,155 @@ # - # - example: ./nd_set_new_serial.sh a.mx.open.de -# - -## -- Variable definitions -## -- +#--------------------------------------- +#----------------------------- +# Setting Defaults +#----------------------------- +#--------------------------------------- -# - Bind configuration file containing zone definitions -# - -ZONE_CONF_FILE=/etc/bind/named.conf.local +DEFAULT_CONF_FILE_DIR="/etc/bind" +DEFAULT_BIND_USER="bind" +DEFAULT_BIND_GROUP="bind" -BIND_USER=bind -BIND_GROUP=bind -## -- -## -- End: Variable definitions +#*************************************** +#----------------------------- +# Don't make changes after this +#----------------------------- +#*************************************** -## *** -## *** Don't make changes after this line *** -## *** -## --- some functions -## --- +working_dir="$(dirname $(realpath $0))" +conf_file="${working_dir}/conf/bind.conf" + +log_file="$(mktemp)" + + +#--------------------------------------- +#----------------------------- +# Base Function(s) +#----------------------------- +#--------------------------------------- + +usage() { + echo + [ -n "$1" ] && echo -e "Error: $1\n" + + cat< | + + Script increases the serial for a given domain or a given hostname concerning domain. + + Parameter "check" can be used, to test whether this script is accessable (e.g. from a + further script on a remote host). Nothing will be done, scripts returns '0'. + + + Return (Exit) Codes: + success: + 0: Serial is replaced and Zone is reloaded + error: + 10: Invalid Hostname/Domain given + 15: Hostname/Domain not supported + 11: No zonefile found + 12: Determin new Serial failed + 13: Increasing Serial failed + 14: Reloading Zone failed + 99: Fatal error + + + Options: + + -h + Prints this help. + + -q + Rund in silent mode. + + + Example: $(basename $0) oopen.de + +EOF +clean_up 1 +} + +clean_up() { + + # Perform program exit housekeeping + rm $log_file + exit $1 +} + echononl(){ - echo X\\c > /tmp/shprompt$$ - if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then - echo -e -n "$*\\c" 1>&2 - else - echo -e -n "$*" 1>&2 + if $verbose ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ fi - rm /tmp/shprompt$$ } fatal(){ - echo "" - echo -e "[ \033[31m\033[1mError\033[m ]: $*" - echo "" - echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m" - echo "" - exit 1 + if $verbose ; then + echo "" + echo -e "[ \033[31m\033[1mError\033[m ]: $*" + echo "" + echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m" + echo "" + clean_up 99 + fi } warn (){ - echo "" - echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" - echo "" + if $verbose ; then + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" + fi } info (){ - echo "" - echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" - echo "" + if $verbose ; then + echo "" + echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*" + echo "" + fi } ok (){ - echo "" - echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*" - echo "" + if $verbose ; then + echo "" + echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*" + echo "" + fi } error(){ - echo "" - echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" - echo "" + if $verbose ; then + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" + fi } echo_ok() { - echo -e "\033[75G[ \033[32mok\033[m ]" + if $verbose ; then + echo -e "\033[75G[ \033[32mok\033[m ]" + fi } echo_failed(){ - echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + if $verbose ; then + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + fi } echo_skipped() { - echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + if $verbose ; then + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + fi } containsElement () { @@ -98,21 +175,99 @@ containsElement () { return 1 } -## --- -## --- END: functions + +trap clean_up SIGHUP SIGINT SIGTERM + + +# - Test whether stdout (file descriptor 1) is a terminal or not (e.g. cron +# - or if you pipe the output to some other program) +# +if [[ -t 1 ]] ; then + verbose=true +else + verbose=false +fi + + +while getopts hq opt ; do + case $opt in + q) verbose=false + ;; + h) usage + ;; + *) + ;; + esac +done + +shift $(expr $OPTIND - 1) +if [[ $# -ne 1 ]] ; then + if $verbose ; then + usage "wrong number of arguments" + else + clean_up 99 + fi +fi # - Parameter "check" can be used, to test whether this script # - is accessable (e.g. from a script on a remote host) # - if [[ "$1" = "check" ]]; then - echo "\$1: $1" - exit 0 + info "Script \033[1m$(basename $0)\033[m was successfully invoked, but its only a test." + clean_up 0 fi + host_name=$1 -echo "" +$verbose && echo "" + +if [[ -z "$host_name" ]] ; then + fatal "No hostname/domain given!" +fi + + + +#--------------------------------------- +#----------------------------- +# Load default values from bind.conf +# +# Overwrites the settings above +# +#----------------------------- +#--------------------------------------- + +if $verbose ; then + clear + echo "" + echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .." + echo "" +fi + + +info "Given hostname: \033[1m${host_name}\033[m" + + +echononl "\t Loading default Configuration values from $(basename ${conf_file}).." +if [[ ! -f "$conf_file" ]]; then + echo_skipped +else + source "${conf_file}" > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fatal "$(cat $log_file)" + fi +fi + +[[ -n "$CONF_FILE_DIR" ]] || CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR" +[[ -n "$ZONES_DECLARATION_FILE" ]] || ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local" +[[ -n "$BIND_USER" ]] || BIND_USER="$DEFAULT_BIND_USER" +[[ -n "$BIND_GROUP" ]] || BIND_GROUP="$DEFAULT_BIND_GROUP" + +$verbose && echo "" # - Validate Syntax of given domain @@ -122,15 +277,15 @@ echononl "\tValidate syntax of given domain.." if [[ $host_name =~ $valid_domain_regex ]]; then if [[ ! $host_name =~ \. ]]; then echo_failed - error "Invalid hostname/domain \"$1\" given!" - exit 10 + error "Invalid hostname/domain \"$host_name\" given!" + clean_up 10 else echo_ok fi else echo_failed - error "Invalid hostname/domain ($1) given!" - exit 10 + error "Invalid hostname/domain \"$host_name\" given!" + clean_up 10 fi @@ -139,7 +294,7 @@ fi _failed=false _host_name=$host_name _tmp_host_name=$(echo ${_host_name//\./\\.}) -while ! grep -e "$_tmp_host_name" $ZONE_CONF_FILE > /dev/null 2>&1 ; do +while ! grep -e "$_tmp_host_name" $ZONES_DECLARATION_FILE > /dev/null 2>&1 ; do _host_name=${_host_name#*.} _tmp_host_name=$(echo ${_host_name//\./\\.}) if [[ ! $_tmp_host_name =~ \. ]]; then @@ -149,7 +304,7 @@ while ! grep -e "$_tmp_host_name" $ZONE_CONF_FILE > /dev/null 2>&1 ; do done if $_failed ; then - error "Given hostname/domain \"$1\" not supported by this nameserver!" + error "Given hostname/domain \"${_host_name}\" not supported by this nameserver!" else domain=$_host_name fi @@ -181,15 +336,15 @@ while IFS='' read -r line || [[ -n "$line" ]] ; do break fi fi -done < $ZONE_CONF_FILE - -zone_file_dir=`dirname $zone_file` +done < $ZONES_DECLARATION_FILE if [[ $number -eq 0 ]] ; then error "No Zonefile (master) found for domain \"$domain\" ." - exit 11 + clean_up 11 fi +zone_file_dir=`dirname $zone_file` + echononl "\tBackup existing directory containg zonefiles.." if [[ -d "$zone_file_dir" ]] ; then @@ -198,13 +353,13 @@ if [[ -d "$zone_file_dir" ]] ; then echo_ok else echo_failed - echo "" - exit 99 + error "Backup directory 'zone_file_dir' containg zonefiles failed!" + clean_up 99 fi else echo_failed error "Zonefile directory not found for domain \"$domain\" ." - exit 99 + clean_up 99 fi @@ -226,7 +381,7 @@ fi if $_failed ; then echo_failed error "Determin Serial failed!" - exit 12 + clean_up 12 else echo_ok fi @@ -241,17 +396,17 @@ if [[ $? -eq 0 ]]; then else echo_failed error "Increasing Serial failed!" - exit 13 + clean_up 13 fi -echo "" +$verbose && echo "" echononl "\tCorrect Owner for $zone_file .." chown $BIND_USER:$BIND_GROUP $zone_file if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - exit 99 + clean_up 99 fi echononl "\tCorrect permissions on $zone_file .." chmod 644 $zone_file @@ -259,7 +414,7 @@ if [[ $? -eq 0 ]] ; then echo_ok else echo_failed - exit 99 + clean_up 99 fi @@ -270,12 +425,12 @@ rndc reload $domain > /dev/null 2>&1 if [[ $? -eq 0 ]]; then echo_ok info "Serial increased and zone reloaded ($domain)" - exit 0 + clean_up 0 else echo_failed error "Increasing Serial failed!" - exit 13 + clean_up 13 fi -echo -exit 99 +$verbose && echo "" +clean_up 99 diff --git a/bind_set_renew_tlsa.sh b/bind_set_renew_tlsa.sh index ad22371..8e39fbb 100755 --- a/bind_set_renew_tlsa.sh +++ b/bind_set_renew_tlsa.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash - -# - Replaces a TLSA Record +# - +# - Adds/Replaces a TLSA Record # - # - Return (Exit) Codes: # - success: @@ -15,67 +15,140 @@ # 21: Adding Record failed # - 99: Fatal error # - -# - example: -# - ./replace_dns_tlsa.sh _25._tcp.mail.initiativenserver.de. IN TLSA 3 1 1 aab3a46b387dd543ed8d... +# - Example: +# - bind_set_renew_tlsa.sh _25._tcp.mail.initiativenserver.de. IN TLSA 3 1 1 aab3a46b387dd543ed8d... -## -- Variable definitions -## -- +#--------------------------------------- +#----------------------------- +# Setting Defaults +#----------------------------- +#--------------------------------------- -# - Bind configuration file containing zone definitions -# - -ZONE_CONF_FILE=/etc/bind/named.conf.local - -BIND_USER=bind -BIND_GROUP=bind - -## -- -## -- End: Variable definitions +DEFAULT_CONF_FILE_DIR="/etc/bind" +DEFAULT_BIND_USER="bind" +DEFAULT_BIND_GROUP="bind" -## *** -## *** Don't make changes after this line *** -## *** +#*************************************** +#----------------------------- +# Don't make changes after this +#----------------------------- +#*************************************** -## --- some functions -## --- +working_dir="$(dirname $(realpath $0))" +conf_file="${working_dir}/conf/bind.conf" + +log_file="$(mktemp)" + + +#--------------------------------------- +#----------------------------- +# Base Function(s) +#----------------------------- +#--------------------------------------- + +usage() { + echo + [ -n "$1" ] && echo -e "Error: $1\n" + + cat< | + + Script adds a new or updates an existing TLSA Record + + Parameter "check" can be used, to test whether this script is accessable (e.g. from a + further script on a remote host). Nothing will be done, scripts returns '0'. + + Return (Exit) Codes: + success: + 0: TLSA record is up to date + 1: TLSA record replaced + 2: New TLSA record written + error: + 10: Invalid TLSA record given + 11: No zonefile for TLSA record found + 15: Hostname/Domain not supported + 20: Replacing record failed + 21: Adding Record failed + 99: Fatal error + + + Options: + + -h + Prints this help. + + -q + Rund in silent mode. + + + Example: + $(basename $0) _25._tcp.mail.initiativenserver.de. IN TLSA 3 1 1 aab3a46b387dd543ed8d... + +EOF +clean_up 1 +} + +clean_up() { + + # Perform program exit housekeeping + rm $log_file + exit $1 +} + echononl(){ - echo X\\c > /tmp/shprompt$$ - if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then - echo -e -n "$*\\c" 1>&2 - else - echo -e -n "$*" 1>&2 + if $verbose ; then + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ fi - rm /tmp/shprompt$$ } warn (){ - echo "" - echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" - echo "" + if $verbose ; then + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" + fi } info (){ - echo "" - echo -e "\t[ \033[33m\033[1mInfo\033[m ]: $*" - echo "" + if $verbose ; then + echo "" + echo -e "\t[ \033[33m\033[1mInfo\033[m ]: $*" + echo "" + fi } error(){ - echo "" - echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" - echo "" + if $verbose ; then + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" + fi } echo_ok() { - echo -e "\033[75G[ \033[32mok\033[m ]" + if $verbose ; then + echo -e "\033[75G[ \033[32mok\033[m ]" + fi } echo_failed(){ - echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + if $verbose ; then + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" + fi } echo_skipped() { - echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + if $verbose ; then + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" + fi } backup_dir () { @@ -87,29 +160,101 @@ backup_dir () { echo_ok else echo_failed - echo "" - exit 99 + error "Backup directory \"$dir_to_backup\" failed!" + clean_up 99 fi else echo_failed error "Directory \"$dir_to_backup\" not found. No Backup written!" - exit 99 + clean_up 99 fi } -## --- -## --- END: functions +trap clean_up SIGHUP SIGINT SIGTERM + + +# - Test whether stdout (file descriptor 1) is a terminal or not (e.g. cron +# - or if you pipe the output to some other program) +# +if [[ -t 1 ]] ; then + verbose=true +else + verbose=false +fi + + +while getopts hq opt ; do + case $opt in + q) verbose=false + ;; + h) usage + ;; + *) + ;; + esac +done + +shift $(expr $OPTIND - 1) +#if [[ $# -ne 1 ]] ; then +# if $verbose ; then +# usage "wrong number of arguments" +# else +# clean_up 99 +# fi +#fi # - Parameter "check" can be used, to test whether this script # - is accessable (e.g. from a script on a remote host) # - if [[ "$1" = "check" ]]; then - echo "\$1: $1" - exit 0 + info "Script \033[1m$(basename $0)\033[m was successfully invoked, but its only a test." + clean_up 0 fi +#--------------------------------------- +#----------------------------- +# Load default values from bind.conf +# +# Overwrites the settings above +# +#----------------------------- +#--------------------------------------- + +if $verbose ; then + clear + echo "" + echo -e "\033[32mRunning script \033[1m"$(basename $0)"\033[m .." + echo "" +fi + + +info "Given TLSA Record: \n\t\033[1m$@\033[m" + + +echononl "\t Loading default Configuration values from $(basename ${conf_file}).." +if [[ ! -f "$conf_file" ]]; then + echo_skipped +else + source "${conf_file}" > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fatal "$(cat $log_file)" + fi +fi + +[[ -n "$CONF_FILE_DIR" ]] || CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR" +[[ -n "$ZONES_DECLARATION_FILE" ]] || ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local" +[[ -n "$BIND_USER" ]] || BIND_USER="$DEFAULT_BIND_USER" +[[ -n "$BIND_GROUP" ]] || BIND_GROUP="$DEFAULT_BIND_GROUP" + +$verbose && echo "" + + + # - Split given Record into an array # - declare -a record_arr=($@); @@ -130,7 +275,7 @@ elif [[ ${#record_arr[@]} -eq 8 ]]; then else error "Invalid TLSA record given!" - exit 10 + clean_up 10 fi @@ -160,7 +305,7 @@ done _failed=false _hostname=$hostname _tmp_hostname=$(echo ${_hostname//\./\\.}) -while ! grep -e "$_tmp_hostname" $ZONE_CONF_FILE > /dev/null 2>&1 ; do +while ! grep -e "$_tmp_hostname" $ZONES_DECLARATION_FILE > /dev/null 2>&1 ; do _hostname=${_hostname#*.} _tmp_hostname=$(echo ${_hostname//\./\\.}) if [[ ! $_tmp_hostname =~ \. ]]; then @@ -203,14 +348,14 @@ while IFS='' read -r line || [[ -n "$line" ]] ; do break fi fi -done < $ZONE_CONF_FILE +done < $ZONES_DECLARATION_FILE if [[ $number -eq 0 ]] ; then error "No Zonefile (master) found for domain \"$domain\" ." - exit 11 + clean_up 11 fi -zone_file_dir=`dirname $zone_file` +zone_file_dir="$(dirname $zone_file)" # - Backup existing zone file directory # - @@ -226,8 +371,7 @@ if grep -E "^$record_name.+$record_type" $zone_file > /dev/null 2>&1 ; then fi if grep -E "$search_string" $zone_file | grep $record_hash > /dev/null 2>&1 ; then info "TLSA record is already up to date.." - echo "" - exit 0 + clean_up 0 else _replac_string=${record_arr[@]} # - Backup Zone directory @@ -238,16 +382,16 @@ if grep -E "^$record_name.+$record_type" $zone_file > /dev/null 2>&1 ; then perl -i -n -p -e "s#^${record_name}.+${record_type}.*#$_replac_string#" $zone_file if [[ $? -eq 0 ]] ; then echo_ok - echo "" - exit 1 + $verbose && echo "" + clean_up 1 else echo_failed - echo "" + error "Replacing TLSA Record failed!" exit 20 fi fi else - warn "No Record for replacing fount in zonefile \"`basename $zone_file`\"!" + warn "No Record for replacing fount in zonefile \"$(basename $zone_file)\"!" declare -i _count @@ -277,7 +421,7 @@ else _count=`grep -Eo "$search_string" $zone_file | wc -l` if [[ $_count -eq 0 ]]; then error "No place for adding a new TLSA record found. Check manually!" - exit 99 + clean_up 99 fi fi fi @@ -332,7 +476,8 @@ else echo_ok else echo_failed - exit 99 + error "Setting ownership for '$zone_file' failed!" + clean_up 99 fi echononl "\tCorrect permissions on $zone_file .." chmod 644 $zone_file @@ -340,12 +485,13 @@ else echo_ok else echo_failed - exit 99 + error "Correct permissions on '$zone_file' failed!" + clean_up 99 fi - echo "" - exit 2 + $verbose && echo "" + clean_up 2 fi -echo -exit 99 +$verbose && echo "" +clean_up 99 diff --git a/conf/bind.conf.sample b/conf/bind.conf.sample index 3386ce9..ed0d4ff 100644 --- a/conf/bind.conf.sample +++ b/conf/bind.conf.sample @@ -4,6 +4,24 @@ # --- # ---------------------------------------------------- +# - BIND_USER +# - +# - The user under which the nameservice is running +# - +# - Defaults to 'bind' +# - +#BIND_USER=bind + + +# - BIND_GROUP +# - +# - The group under which the nameservice is running +# - +# - Defaults to 'bind' +# - +#BIND_GROUP=bind + + # - CONF_FILE_DIR # - # - Directory containing bind configuration files