On domenica 04 maggio 2008, alle 09:38, Marc Haber wrote: > tags #475983 wontfix > thanks > > On Mon, Apr 14, 2008 at 11:06:14AM +0200, Guido Bozzetto wrote: > > I suggest the following changes to the rule 31_aide_bind9 to > > automatically create the correct rules with bind9 running into a chroot > > environment. ... > > correctly initialize the aide's BINDCHROOT variable:
> I currently think that this is driving the magic "too far". If one > decides to run bind chrooted, that one should also be able to modify > the aide rules themselves. OK, it's clear. I think is usefull to insert something like example: - directly in commented lines into 31_aide_bind9: #! /bin/bash # # # Automagically extract chroot directory # . /etc/default/bind9 # set $OPTIONS # for i in $@;do # if [ "$1" == "-t" ] # then echo "@@define BINDCHROOT $2"; break # else shift # fi # done # # Or manually set chroot directory # # BINDCHROOT=/var/cache/bind cat << !EOF @@ifdef BINDCHROOT @@{BINDCHROOT}/dev/log$ LowLogs @@{BINDCHROOT}/dev VarDir @@endif @@{BINDCHROOT}/var/cache/bind VarFile @@{BINDCHROOT}/var/log/bind/queries\.log$ Logs @@{BINDCHROOT}/var/log/bind/queries\.log\.0$ LoSerMemberLog @@{BINDCHROOT}/var/log/bind/queries\.log\.[1-8]$ SerMemberLog @@{BINDCHROOT}/var/log/bind/queries\.log\.9$ HiSerMemberLog @@{BINDCHROOT}/var/log/bind VarDir @@{BINDCHROOT}/var/run/bind/run/named\.pid$ VarFile @@{BINDCHROOT}/var/run/bind/run$ VarDir !EOF - Surely is better to divide the proposed 31_aide_bind9 script in 2 parts like inn2 (cfr.: 30_inn2_vars and 31_aide_inn2) so the commented part is the 30_bind9_vars script - Introduce /usr/share/doc/aide-common/examples/30_bind9_vars: #! /bin/bash # # Initilize BINDCHROOT variable for 31_aide_bind9 while bind9 run # in a chroot environment. # # Automagically extract chroot directory . /etc/default/bind9 set $OPTIONS for i in $@;do if [ "$1" == "-t" ] then echo "@@define BINDCHROOT $2"; break else shift fi done # # Manually set chroot directory #BINDCHROOT=/var/cache/bind In the aide 0.13.1-10 about the rule 31_aide_bind9 I thing that: - is misleading the name "BINDCHROOT", if initalized with the chroot dir of bind9 don't work correctly. If is not defined BINDCHROOT the rule 31_aide_bind9 work correctly and so is useless the @@define BINDCHROOT /var assignment. See the first example in the mail. - the named.pid file is in /var/run/bind/run and not in the /var/run/bind directory. See the binary named: ~# strings /usr/sbin/named|grep named\.pid /var/run/bind/run/named.pid - in the /etc/bind9/named.conf.options installation file of bind9 there is the directive directory "/var/cache/bind"; so is usefull to introduce: @@{BINDCHROOT}/cache/bind VarFile (I think is better: @@{BINDCHROOT}/var/cache/bind VarFile) I hope that is usefull, thank you for your attention. Guido Bozzetto. -- Guido Bozzetto - Systems & Network Administrator - CCDA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]