Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

21.7. The syslog daemon

We must tell syslogd the syslog daemon program about the new chrooted service, since normally, processes talk to syslogd through /dev/log. As a result of the chroot jail, this won't be possible, so syslogd needs to be told to listen to /chroot/named/dev/log instead of the default dev/log. To do this, edit the syslog startup script file to specify additional places to listen.

Edit the syslog script file vi +24 /etc/rc.d/init.d/syslog and change the line:
 daemon syslogd -m 0
 
To read:
 daemon syslogd -m 0 -a /chroot/named/dev/log
 

The default named script file of ISC BIND/DNS starts the daemon named outside the chroot jail. We must change it to start named from the chroot jail. Edit the named script file vi /etc/rc.d/init.d/named and change the lines:

  1.  [ -f /usr/sbin/named ] || exit 0
     
    To read:
     [ -f /chroot/named/usr/sbin/named ] || exit 0
     

  2.  [ -f /etc/named.conf ] || exit 0
     
    To read:
     [ -f /chroot/named/etc/named.conf ] || exit 0
     

  3.  daemon named
     
    To read:
     daemon /chroot/named/usr/sbin/named -t /chroot/named/ -unamed -gnamed
     

The -t

option tells named to start up using the new chroot environment.

The -u

option specifies the user to run as.

The -g

option specifies the group to run as.

In BIND 8.2 version, the ndc command of ISC BIND/DNS software became a binary file; before, it was a script file, which renders the shipped ndc useless in this setting. To fix it, the ISC BIND/DNS package must be compiled again from source. To do this, in the top level of ISC BIND/DNS source directory.

  1. For ndc utility:
     [root@deep] /# cp bind-src.tar.gz /vat/tmp
     [root@deep] /# cd /var/tmp/
     [root@deep ]/tmp# tar xzpf bind-src.tar.gz
     [root@deep ]/tmp# cd src
     [root@deep ]/src# cp port/linux/Makefile.set port/linux/Makefile.set-orig
     

  2. Edit the Makefile.set file, vi port/linux/Makefile.set to make the changes listed below:
     'CC=egcs -D_GNU_SOURCE'
     'CDEBUG=-O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions -g
     'DESTBIN=/usr/bin'
     'DESTSBIN=/chroot/named/usr/sbin'
     'DESTEXEC=/chroot/named/usr/sbin'
     'DESTMAN=/usr/man'
     'DESTHELP=/usr/lib'
     'DESTETC=/etc'
     'DESTRUN=/chroot/named/var/run'
     'DESTLIB=/usr/lib/bind/lib'
     'DESTINC=/usr/lib/bind/include'
     'LEX=flex -8 -I'
     'YACC=yacc -d'
     'SYSLIBS=-lfl'
     'INSTALL=install'
     'MANDIR=man'
     'MANROFF=cat'
     'CATEXT=$$N'
     'PS=ps p'
     'AR=ar crus'
     'RANLIB=:'
      

  3. The difference between the Makefile we used before and this one is that we modify the DESTSBIN=, DESTEXEC=, and DESTRUN= lines to point to the chrooted directory of BIND/DNS. With this modification, the ndc program knows where to find named.
     
     [root@deep ]/src# make clean
     [root@deep ]/src# make
     [root@deep ]/src# cp bin/ndc/ndc /usr/sbin/
     [root@deep ]/src# cp: overwrite `/usr/sbin/ndc'? y
     [root@deep ]/src# strip /usr/sbin/ndc 
     
    We build the binary file, then copy the result of ndc program to /usr/sbin and overwrite the old one. We dont forget to strip our new ndc binary for better performance.

 
 
  Published under the terms of the Open Publication License Design by Interspire