On Mon, 2002-12-30 at 12:17, E.B. Dreger wrote:
> EC> Actually, your solution looks insufficiantly paranoid to me.
>
> I agree. If a better way of which I'm unaware exists, please
> speak up. :-)
I can suggest something like this:
#!/bin/sh
GNUPGHOME=/var/dnsrefresh
WGET=/usr/bin/wget
GPG=/usr/local/bin/gpg
KEYID=C1D27AF9
export GNUPGHOME
umask 077
if [ ! -d $GNUPGHOME ]; then
mkdir $GNUPGHOME
fi
if cd $GNUPGHOME; then :; else
echo Could not chdir to $GPGHOME 1>&2
exit 1
fi
if gpg --list-keys $KEYID; then :; else
gpg --recv-keys --keyserver hkp://wwwkeys.pgp.net $KEYID
fi
if $WGET -N ftp://ftp.rs.internic.net/domain/named.cache \
ftp://ftp.rs.internic.net/domain/named.cache.sig
then :; else
echo Could not get files by FTP 1>&2
exit 1
fi
if $GPG --verify named.cache.sig; then :; else
echo Signature not verified 1>&2
exit 1
fi
if cp named.cache /etc/named/db.cache
kill -HUP `cat /var/run/named.pid`
else
echo Failed to replace root cache file 1>&2
exit 1
fi
echo Success
# that's all
Eugene
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
