-
Notifications
You must be signed in to change notification settings - Fork 73
/
setup
executable file
·122 lines (98 loc) · 3.38 KB
/
setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash
# Bind9 Basic Setup
#
# Description: The following shell script sets up Bind9 with basic configuration
# primarily having the server act as an open DNS resolver for certain
# vulnerabilities (i.e. DNSRCE).
#
# Author: Juxhin Dyrmishi Brigjaj
# Version: 1.0.0
#
# Usage: setup DOMAIN_NAME DOMAIN_IP
# setup foo.bid 1.1.1.1
# setup -h
# setup --help
# Set initial placeholder value for the user domain
DOMAIN_NAME=""
DOMAIN_IP=""
# Config for /etc/bind/named.conf.log
readonly BIND_NAMED_CONF_LOG="
"
# Load utility shells
source "$(dirname "$0")/inc/log.sh"
source "$(dirname "$0")/inc/utils.sh"
source "$(dirname "$0")/inc/color.sh"
function usage_general {
echo -e "
Usage: ${0#\.\/} DOMAIN_NAME DOMAIN_IP
${0#\.\/} foo.bid 1.1.1.1
${0#\.\/} -h
${0#\.\/} --help
Provision Bind9 for specified domain name to act as an open DNS resolver.
Options:
-h, --help Print this help message
"
exit
}
# Update APT repository and install Bind9 package
function install_dependencies {
log "IN" "Update APT and installing Bind9 package"
apt update
apt install bind9 logrotate -y
}
# Setup any paths that are required, such as log path
function setup_paths {
log "IN" "Setting up paths and permissions for Bind9 logs"
mkdir -p /var/log/named
chown -R bind:root /var/log/named
chmod -R 775 /var/log/named
}
# Update all Bind9 (and other) configs to setup
function update_configs {
log "IN" "Updating all Bind9 configurations"
local -r BASE_BIND_PATH="/etc/bind"
log "DB" "Adding db.local to ${BASE_BIND_PATH}/db.local"
verify_file_exists "${BASE_BIND_PATH}/db.local"
truncate -s 0 ${BASE_BIND_PATH}/db.local
awk -v domain_name="${DOMAIN_NAME}" -v domain_ip="${DOMAIN_IP}" '{ gsub("DOMAIN_NAME", domain_name); gsub("DOMAIN_IP", domain_ip); print $0 }' "${PWD}/_config/db.local" > "${BASE_BIND_PATH}/db.local"
# Add the domain zone into the list of zones to have permission to answer to queries
echo "
zone \"${DOMAIN_NAME}\" {
type master;
file \"/etc/bind/db.local\";
};
" >> "${BASE_BIND_PATH}/named.conf.default-zones"
log "DB" "Adding named.conf.options to ${BASE_BIND_PATH}/named.conf.options"
verify_file_exists "${BASE_BIND_PATH}/named.conf.options"
truncate -s 0 "${BASE_BIND_PATH}/named.conf.options"
cat "${PWD}/_config/named.conf.options" > "${BASE_BIND_PATH}/named.conf.options"
log "DB" "Creating named.conf.log and including it in named.conf"
touch "${BASE_BIND_PATH}/named.conf.log"
cat "${PWD}/_config/named.conf.log" > "${BASE_BIND_PATH}/named.conf.log"
echo "include \"/etc/bind/named.conf.log\";" >> "${BASE_BIND_PATH}/named.conf"
log "DB" "Setting up lograte for bind"
touch "/etc/logrotate.d/bind"
cat "${PWD}/_config/logrotate" > "/etc/logrotate.d/bind"
log "DB" "Overwrite Bind9 default file"
cat "${PWD}/_config/bind9" > "/etc/default/bind9"
log "IN" "Reloading logrotate to take effect on new Bind9 logs"
logrotate -d "/etc/logrotate.d/bind"
log "IN" "Restarting Bind9 service"
systemctl restart bind9
}
function main {
install_dependencies
setup_paths
update_configs
}
# Preflight checks
# Show usage if no arguments are passed
if [ "$1" = "" ]; then
usage_general
fi
case $1 in
-h | --help ) usage_general
esac
DOMAIN_NAME="${1}"
DOMAIN_IP="${2}"
main