diff --git a/bind_change_SPF_qualifier.sh b/bind_change_SPF_qualifier.sh new file mode 100755 index 0000000..0584726 --- /dev/null +++ b/bind_change_SPF_qualifier.sh @@ -0,0 +1,539 @@ +#!/usr/bin/env bash + + +working_dir="$(dirname $(realpath $0))" +conf_file="${working_dir}/conf/bind.conf" + +log_file="$(mktemp)" + +backup_date="$(date +%Y-%m-%d-%H%M)" + +_serial_new=`date +%Y%m%d01` + + +#--------------------------------------- +#----------------------------- +# Base Function(s) +#----------------------------- +#--------------------------------------- + +clean_up() { + + # Perform program exit housekeeping + rm $log_file + exit $1 +} + +echononl(){ + echo X\\c > /tmp/shprompt$$ + if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then + echo -e -n "$*\\c" 1>&2 + else + echo -e -n "$*" 1>&2 + fi + rm /tmp/shprompt$$ +} + +fatal(){ + echo "" + echo -e "[ \033[31m\033[1mError\033[m ]: $*" + echo "" + echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m" + echo "" + clean_up 1 +} + +warn (){ + echo "" + echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*" + echo "" +} + +info (){ + echo "" + echo -e "\t[ \033[33m\033[1mInfo\033[m ]: $*" + echo "" +} + +ok (){ + echo "" + echo -e "\t[ \033[36m\033[1mOk\033[m ]: $*" + echo "" +} + +error(){ + echo "" + echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*" + echo "" +} + +echo_ok() { + echo -e "\033[75G[ \033[32mok\033[m ]" +} +echo_done() { + echo -e "\033[75G[ \033[32mok\033[m ]" +} +echo_failed(){ + echo -e "\033[75G[ \033[1;31mfailed\033[m ]" +} +echo_skipped() { + echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]" +} + +containsElement () { + local e + for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done + return 1 +} + + +## - Test of valid IPv4 Address +## - +## - Returns 0 if valid, > 0 otherwise +## - +is_valid_ipv4() { + local -a octets=( ${1//\./ } ) + local RETURNVALUE=0 + + # return an error if the IP doesn't have exactly 4 octets + [[ ${#octets[@]} -ne 4 ]] && return 1 + + for octet in ${octets[@]} + do + if [[ ${octet} =~ ^[0-9]{1,3}$ ]] + then # shift number by 8 bits, anything larger than 255 will be > 0 + ((RETURNVALUE += octet>>8 )) + else # octet wasn't numeric, return error + return 1 + fi + done + return ${RETURNVALUE} +} + +is_valid_ipv6() { + local _ipv6=$1 + + if [ "$1" != "${1#[0-9a-f]*:}" ] \ + && [ "$1" = "${1#*[^0-9a-f:]}" ] \ + && [ "${1#*[0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f]}" = "${1#*:*:*:*:*:*:*:*:*:}" ]; then + return 0 + else + return 1 + fi +} + +trap clean_up SIGHUP SIGINT SIGTERM + + + +#--------------------------------------- +#----------------------------- +# Setting Defaults +#----------------------------- +#--------------------------------------- + +DEFAULT_CONF_FILE_DIR="/etc/bind" +DEFAULT_BIND_CACHE_DIR="/var/cache/bind" + + + +#--------------------------------------- +#----------------------------- +# Load default values from bind.conf +# +# Overwrites the settings above +# +#----------------------------- +#--------------------------------------- + +#clear +echo "" +echo "" +echononl " Loading default Configuration values from $(basename ${conf_file}).." +if [[ ! -f "$conf_file" ]]; then + echo_skipped +else + source "${conf_file}" > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fatal "$(cat $log_file)" + fi +fi + +[[ -n "$CONF_FILE_DIR" ]] && DEFAULT_CONF_FILE_DIR="$CONF_FILE_DIR" + +[[ -n "$BIND_CACHE_DIR" ]] && DEFAULT_BIND_CACHE_DIR="$BIND_CACHE_DIR" + + +if [[ -n "$ZONE_FILE_MASTER_DIR" ]] ; then + DEFAULT_ZONE_FILE_MASTER_DIR="$ZONE_FILE_MASTER_DIR" +else + DEFAULT_ZONE_FILE_MASTER_DIR="${DEFAULT_CONF_FILE_DIR}/master" +fi + +if [[ -n "$ZONE_FILE_SLAVE_DIR" ]] ; then + DEFAULT_ZONE_FILE_SLAVE_DIR="$ZONE_FILE_SLAVE_DIR" +else + DEFAULT_ZONE_FILE_SLAVE_DIR="${DEFAULT_BIND_CACHE_DIR}" +fi + +if [[ -n "$ZONES_DECLARATION_FILE" ]] ; then + DEFAULT_ZONES_DECLARATION_FILE="$ZONES_DECLARATION_FILE" +else + DEFAULT_ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local" +fi + + +echo "" +_set_spf_qualifier=true + +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Insert current SPF qualifier." +echo "" +echo "" +SPF_CURRENT_QUALIFIER= +while [ "X$SPF_CURRENT_QUALIFIER" = "X" ]; do + echononl "Current SPF Qualifier: " + read SPF_CURRENT_QUALIFIER + ## - To lower case + SPF_CURRENT_QUALIFIER=${SPF_CURRENT_QUALIFIER,,} + + if [ "X$SPF_CURRENT_QUALIFIER" = "X" ]; then + echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n" + SPF_CURRENT_QUALIFIER="" + continue + fi + + if [[ "$SPF_CURRENT_QUALIFIER" != "-all" ]] \ + && [[ "$SPF_CURRENT_QUALIFIER" != "+all" ]] \ + && [[ "$SPF_CURRENT_QUALIFIER" != "~all" ]] \ + && [[ "$SPF_CURRENT_QUALIFIER" != "?all" ]] ; then + + echo -e "\n\t\033[33m\033[1mInvalid qualifier '$SPF_CURRENT_QUALIFIER'\033[m\n" + SPF_CURRENT_QUALIFIER="" + continue + fi +done + + +echo "" +echo -e "\033[32m--\033[m" +echo "" +echo "Enter the new qualifier to be replaced." +echo "" + +SPF_NEW_QUALIFIER= +while [ "X$SPF_NEW_QUALIFIER" = "X" ]; do + echononl "New SPF Qualifier: " + read SPF_NEW_QUALIFIER + ## - To lower case + SPF_NEW_QUALIFIER=${SPF_NEW_QUALIFIER,,} + + if [ "X$SPF_NEW_QUALIFIER" = "X" ]; then + echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n" + SPF_NEW_QUALIFIER="" + continue + fi + + if [[ "$SPF_NEW_QUALIFIER" != "-all" ]] \ + && [[ "$SPF_NEW_QUALIFIER" != "+all" ]] \ + && [[ "$SPF_NEW_QUALIFIER" != "~all" ]] \ + && [[ "$SPF_NEW_QUALIFIER" != "?all" ]] ; then + + echo -e "\n\t\033[33m\033[1mInvalid qualifier '$SPF_CURRENT_QUALIFIER'\033[m\n" + SPF_NEW_QUALIFIER="" + continue + fi + + if [[ "$SPF_NEW_QUALIFIER" = "$SPF_CURRENT_QUALIFIER" ]] ; then + echo -e "\n\t\033[33m\033[1mCurrent and new qualifier are identical!\033[m\n" + SPF_NEW_QUALIFIER="" + continue + fi +done + + +echo "" +echo "" +echo -e "\033[32m--\033[m" +echo "Common parameters" +echo -e "\033[32m--\033[m" + + +echo "" +echo "Insert directory containing the bind configuration files." +echo "" +CONF_FILE_DIR="" +if [[ -n "$DEFAULT_CONF_FILE_DIR" ]] ; then + echononl "Bind Configuration Directory [${DEFAULT_CONF_FILE_DIR}]: " + read CONF_FILE_DIR + if [[ "X$CONF_FILE_DIR" = "X" ]]; then + CONF_FILE_DIR="$DEFAULT_CONF_FILE_DIR" + fi +else + echononl "Bind Configuration Directory: " + read CONF_FILE_DIR + while [ "X$CONF_FILE_DIR" = "X" ] ; do + echo -e "\n\t\033[33m\033[1mSetting 'Bind Configuration Directory' is required!\033[m\n" + echononl "Bind Configuration Directory: " + read CONF_FILE_DIR + done +fi + +[[ -n "$ZONES_DECLARATION_FILE" ]] || DEFAULT_ZONES_DECLARATION_FILE="${CONF_FILE_DIR}/named.conf.local" + + +echo "" +echo -e "\033[32m--\033[m" + +echo "" +echo "Insert zones declaration file." +echo "" +ZONES_DECLARATION_FILE="" +if [[ -n "$DEFAULT_ZONES_DECLARATION_FILE" ]] ; then + echononl "Zones Declaration File [${DEFAULT_ZONES_DECLARATION_FILE}]: " + read ZONES_DECLARATION_FILE + if [[ "X$ZONES_DECLARATION_FILE" = "X" ]]; then + ZONES_DECLARATION_FILE="$DEFAULT_ZONES_DECLARATION_FILE" + fi +else + echononl "Zones Declaration File: " + read ZONES_DECLARATION_FILE + while [ "X$ZONES_DECLARATION_FILE" = "X" ] ; do + echo -e "\n\t\033[33m\033[1mSetting 'Zones Declaration File' is required!\033[m\n" + echononl "Zones Declaration File: " + read ZONES_DECLARATION_FILE + done +fi + + +echo "" +echo -e "\033[32m--\033[m" + +echo "" +echo "Insert the directory, where your zone-files resides." +echo "" +echo "" +ZONE_FILE_MASTER_DIR="" +if [[ -n "$DEFAULT_ZONE_FILE_MASTER_DIR" ]] ; then + echononl "Zone File Directory (master) [${DEFAULT_ZONE_FILE_MASTER_DIR}]: " + read ZONE_FILE_MASTER_DIR + if [[ "X$ZONE_FILE_MASTER_DIR" = "X" ]]; then + ZONE_FILE_MASTER_DIR="$DEFAULT_ZONE_FILE_MASTER_DIR" + fi +else + echononl "Zone File Directory (master): " + read ZONE_FILE_MASTER_DIR + while [ "X$ZONE_FILE_MASTER_DIR" = "X" ] ; do + echo -e "\n\t\033[33m\033[1mSetting 'Zone File Directory (master)' is required!\033[m\n" + echononl "Zone File Directory (master): " + read ZONE_FILE_MASTER_DIR + done +fi + + +clear +echo "" +echo "" +echo -e "\033[21G\033[32mReplace IP-Address(es)\033[m" +echo "" + +echo "" +echo "Current SPF Qualifier......................: ${SPF_CURRENT_QUALIFIER}" +echo "New SPF Qualifier..........................: ${SPF_NEW_QUALIFIER}" +echo "" +echo "Bind Configuration Directory...............: $CONF_FILE_DIR" +echo "Zones Declaration File.....................: $ZONES_DECLARATION_FILE" +echo "Zone File Directory (master)...............: $ZONE_FILE_MASTER_DIR" +#echo "Zone File Suffix...........................: $ZONE_FILE_SUFFIX" + +echo "" +OK= +while [ "$OK" != "yes" -o "$OK" != "no" ] ; do + echononl "Parameters ok? [yes/no]: " + read OK + ## - To lower case + OK=${OK,,} + if [ "X$OK" = "X" ]; then + echo -e "\n\t\033[33m\033[1mAn entry is required!\033[m\n" + OK="" + continue + fi + if [ "$OK" != "yes" -o "$OK" != "no" ] ; then + break + fi + echo -e "\n\t\033[33m\033[1mWrong entry!\033[m\n" +done +[[ $OK = "yes" ]] || fatal Repeat execution with different parameters + +echo "" + + +echononl "\tBackup directory '${ZONE_FILE_MASTER_DIR}'.." +cp -a "${ZONE_FILE_MASTER_DIR}" "${ZONE_FILE_MASTER_DIR}.${backup_date}" > $log_file 2>&1 +if [[ $? -eq 0 ]]; then + echo_ok +else + echo_failed + fatal "$(cat $log_file)" +fi + +echo "" +echo "" +echo -e "\033[37m\033[1mDetermine zone files conatining SPF record requested for change..\033[m" + +_found=false +_is_master=false +zonefiles_arr=() +zone_file="" +regex_master="type[[:space:]]+master" +regex_file="^[[:space:]]*file" +while IFS='' read -r _line || [[ -n $_line ]] ; do + + if [[ $_line =~ ^[[:space:]]*zone[[:space:]]+ ]]; then + _found=true + zone="$(echo $_line | awk '{print$2}')" + shopt -s extglob + if [[ $zone =~ \; ]]; then + zone=${zone%%*(\;)} + fi + if [[ $zone =~ ^\" ]]; then + zone=${zone##*(\")} + zone=${zone%%*(\")} + fi + shopt -u extglob + fi + if $_found ; then + if [[ $_line =~ $regex_file ]]; then + zone_file=$(echo $_line | awk '{print$2}') + shopt -s extglob + if [[ $zone_file =~ \; ]]; then + zone_file=${zone_file%%*(\;)} + fi + if [[ $zone_file =~ ^\" ]]; then + zone_file=${zone_file##*(\")} + zone_file=${zone_file%%*(\")} + fi + shopt -u extglob + fi + if [[ $_line =~ $regex_master ]]; then + _is_master=true + fi + if [[ "$_line" =~ ^[[:space:]]*\}[[:space:]]*\; ]]; then + if $_is_master && [[ -n "$zone_file" ]]; then + + if $(grep -q -E "\s*.*IN\s*TXT\s*\"v=spf1.*${SPF_CURRENT_QUALIFIER}\"" "$zone_file") ; then + + if [ ${#zonefiles_arr[@]} -eq 0 ] ; then + zonefiles_arr+=("${zone_file}:$zone") + else + if ! containsElement "${zone_file}:$zone" "${zonefiles_arr[@]}" ; then + zonefiles_arr+=("${zone_file}:$zone") + fi + fi + fi + fi + _is_master=false + _found=false + zone_file="" + fi + fi +done < "$ZONES_DECLARATION_FILE" + +echo "" + + +for _val in ${zonefiles_arr[@]} ; do + + IFS=':' read -a _val_arr <<< "${_val}" + + zone_file="${_val_arr[0]}" + zone="${_val_arr[1]}" + + echo -e "\tEditing \033[1m$zone_file\033[m .." + + _replaced=false + + ## - setze neue ipv4 adresse + ## - + echononl "\t Change SPF Qualifier to value '${SPF_NEW_QUALIFIER}'.." + + _replaced=false + + perl -i -n -p -e "s#^(.*IN\s+TXT\s+\"v=spf1.*)${SPF_CURRENT_QUALIFIER}\"#\1${SPF_NEW_QUALIFIER}\"#" $zone_file > /dev/null 2>&1 + + if [[ $? -eq 0 ]]; then + echo_ok + _replaced=true + else + echo_failed + fi + + # - Calculate new serial + # - + echo "" + echononl "\t Calculate new serial" + if $_replaced ; then + declare -i __serial=`grep -e "[0-9]\{10\}" $zone_file | grep serial | awk '{print$1}'` + while [ ! $_serial_new -gt $__serial ]; do + let _serial_new++ + done + echo_done + else + echo_skipped + fi + + # - Set new serial + # - + echononl "\t Increase Serial for zone file \"`basename $zone_file`\"" + if $_replaced ; then + perl -i -n -p -e "s#^(\s*)\s$__serial(.*)#\1 $_serial_new\2#" $zone_file > /dev/null 2>&1 + if [ "$?" = "0" ]; then + echo_ok + else + echo_failed + error "Increasing Serial for zone file \"`basename $zone_file`\" failed!" + fi + else + echo_skipped + fi + + # - Reload Zone + # - + echononl "\t Reload zone '${zone}'" + if $_replaced ; then + /usr/sbin/rndc reload $zone > /dev/null 2>&1 + if [[ $? -gt 0 ]]; then + echo_failed + else + echo_ok + fi + else + echo_skipped + fi + + echo + +done + +if [[ -d "${ZONE_FILE_MASTER_DIR}.${backup_date}" ]] ; then + diff -Nur "${ZONE_FILE_MASTER_DIR}" "${ZONE_FILE_MASTER_DIR}.${backup_date}" > /dev/null 2>&1 + if [[ $? -eq 0 ]]; then + info "No zone file has changed.\n\t Removing previously created backup" + echononl "\tDelete '${ZONE_FILE_MASTER_DIR}.${backup_date}'.." + rm -rf "${ZONE_FILE_MASTER_DIR}.${backup_date}" > $log_file 2>&1 + if [[ $? -eq 0 ]]; then + echo_ok + else + echo_failed + fi + fi +fi + + +echo "" +clean_up 0