/[packages]/cauldron/dhcp/current/SOURCES/dhcpd-chroot.sh
ViewVC logotype

Contents of /cauldron/dhcp/current/SOURCES/dhcpd-chroot.sh

Parent Directory Parent Directory | Revision Log Revision Log


Revision 16733 - (show annotations) (download) (as text)
Thu Jan 13 23:42:18 2011 UTC (10 years, 5 months ago) by dmorgan
File MIME type: application/x-sh
File size: 5632 byte(s)
imported package dhcp
1 #!/bin/bash
2 #
3 # dhcpd-chroot.sh is a modified bind-chroot.sh script that enables the
4 # dhcpd server to run in a chroot jail under an unprivileged user
5 # account (dhcpd). It requires that the ISC DHCP software is patched
6 # with the paranoia patch (listed below) by Ari Edelkind.
7 #
8 # http://www.episec.com/people/edelkind/patches/dhcp/dhcp-3.0+paranoia.patch
9 #
10 # The current ISC DHCP software should have this patch applied,
11 # otherwise you shouldn't be able to lurk in here reading this.
12 #
13 # Copyright Fri Dec 24 2004:
14 #
15 # bind-chroot.sh: Florin Grad <florin@mandrakesoft.com>
16 # dhcpd-chroot.sh: Oden Eriksson <oeriksson@mandrakesoft.com>
17 #
18 # GPL License
19
20 # Source function library.
21 . /etc/rc.d/init.d/functions
22
23 [ -f /etc/sysconfig/dhcpd ] && . /etc/sysconfig/dhcpd
24
25 # chroot
26 if [ "$1" == "-s" -o "$1" == "--status" ]; then
27
28 if [ -n "${ROOTDIR}" ]; then
29 echo ""
30 echo "ROOTDIR is defined in your /etc/sysconfig/dhcpd file."
31 echo "You already appear to have a chroot ISC DHCPD setup."
32 echo "ROOTDIR=${ROOTDIR}"
33 exit
34 else
35 echo "Your ISC DHCPD server is not chrooted."
36 fi
37
38 elif [ "$1" == "-c" -o "$1" == "--chroot" -o "$1" == "-i" -o "$1" == "--interactive" ]; then
39
40 if [ -n "${ROOTDIR}" ]; then
41 echo ""
42 echo "In your /etc/sysconfig/dhcpd file: ROOTDIR=${ROOTDIR} exists"
43 echo "You already appear to have a chroot ISC DHCPD setup."
44 exit
45
46 #interactive
47 elif [ "$1" == "-i" -o "$1" == "--interactive" ]; then
48 echo ""
49 echo "Please enter the ROOTDIR path (ex: /var/lib/dhcpd-chroot):"
50 # can't use ctrl-c, we trap all signal.
51 read answer;
52 export ROOTDIR="$answer"
53 #non interactive
54 elif [ "$1" == "-c" -a -n "$2" -o "$1" == "--chroot" -a -n "$2" ]; then
55 export ROOTDIR="$2"
56 else
57 echo ""
58 echo "Missing path for chroot."
59 fi
60
61 echo "I have to stop the ISC DHCP server before continuing..."
62 PIDFILE="/var/run/dhcpd/dhcpd.pid"
63 [ -f ${PIDFILE} ] && kill -9 `cat ${PIDFILE}` >/dev/null 2>&1
64 [ -f ${ROOTDIR}/${PIDFILE} ] && kill -9 `cat ${ROOTDIR}/${PIDFILE}` >/dev/null 2>&1
65 usleep 3600; rm -f ${PIDFILE} ${ROOTDIR}/${PIDFILE} >/dev/null 2>&1
66
67 # add the dhcpd user
68 /usr/sbin/useradd -r -M -s /dev/false -c "system user for dhcpd" -d ${ROOTDIR} dhcpd 2> /dev/null || :
69
70 # create directories and set permissions
71 mkdir -p ${ROOTDIR}
72 chmod 700 ${ROOTDIR}
73 cd ${ROOTDIR}
74 mkdir -p dev etc var/run/dhcpd var/lib/dhcp
75 [ -e dev/null ] || mknod dev/null c 1 3
76 [ -e dev/random ] || mknod dev/random c 1 8
77 cp /etc/localtime etc/
78 # [ -f /etc/dhcpd.conf ] && cp -f /etc/dhcpd.conf etc/
79 [ -f /var/lib/dhcp/dhcpd.leases ] && cp -f /var/lib/dhcp/dhcpd.leases var/lib/dhcp/
80 [ -f /var/lib/dhcp/dhcpd.leases~ ] && cp -f /var/lib/dhcp/dhcpd.leases~ var/lib/dhcp/
81 chown -R dhcpd:dhcpd ${ROOTDIR}
82
83 #update the OPTIONS in /etc/sysconfig/dhcpd
84 if grep -q ^OPTIONS= /etc/sysconfig/dhcpd; then
85 if sed 's!^\(OPTIONS=".*\)"$!\1 -user dhcpd -group dhcpd"!' < /etc/sysconfig/dhcpd > /etc/sysconfig/dhcpd.new; then
86 mv -f /etc/sysconfig/dhcpd.new /etc/sysconfig/dhcpd
87 fi
88 else
89 echo "Updating OPTIONS in /etc/sysconfig/dhcpd"
90 echo "OPTIONS=\"-user dhcpd -group dhcpd\"" >> /etc/sysconfig/dhcpd
91 fi
92
93 #update the ROOTDIR in /etc/sysconfig/dhcpd
94 echo "Updating ROOTDIR in /etc/sysconfig/dhcpd"
95 echo "ROOTDIR=\"${ROOTDIR}\"" >> /etc/sysconfig/dhcpd
96
97 echo ""
98 echo "Chroot configuration for ISC DHCPD is complete."
99 echo "You should review your ${ROOTDIR}/etc/dhcpd.conf"
100 echo "and make any necessary changes."
101 echo ""
102 echo "Run \"/sbin/service dhcpd restart\" when you are done."
103 echo ""
104
105 # unchroot
106 elif [ "$1" == "-u" -o "$1" == "--unchroot" ]; then
107
108 if ! grep -q "^ROOTDIR=" /etc/sysconfig/dhcpd; then
109 echo ""
110 echo "Your dhcpd is not currently chrooted"
111 echo ""
112 exit
113 fi
114
115 echo "I have to stop the ISC DHCP server before continuing..."
116 PIDFILE="/var/run/dhcpd/dhcpd.pid"
117 [ -f ${PIDFILE} ] && kill -9 `cat ${PIDFILE}` >/dev/null 2>&1
118 [ -f ${ROOTDIR}/${PIDFILE} ] && kill -9 `cat ${ROOTDIR}/${PIDFILE}` >/dev/null 2>&1
119 usleep 3600; rm -f ${PIDFILE} ${ROOTDIR}/${PIDFILE} >/dev/null 2>&1
120
121 echo ""
122 echo "Removing ROOTDIR from /etc/sysconfig/dhcpd"
123 sed -e '/^\(ROOTDIR=".*\)"$/d' < /etc/sysconfig/dhcpd > /etc/sysconfig/dhcpd.new
124 mv -f /etc/sysconfig/dhcpd.new /etc/sysconfig/dhcpd
125 echo "Cleaning the OPTIONS in /etc/sysconfig/dhcpd"
126 sed -e 's|-user dhcpd -group dhcpd[ ]*||' < /etc/sysconfig/dhcpd > /etc/sysconfig/dhcpd.new
127 mv -f /etc/sysconfig/dhcpd.new /etc/sysconfig/dhcpd
128 sed -e 's|[ ][ ]*"|"|' < /etc/sysconfig/dhcpd > /etc/sysconfig/dhcpd.new
129 mv -f /etc/sysconfig/dhcpd.new /etc/sysconfig/dhcpd
130 echo ""
131 echo "Moving the following files to their original location :"
132 # echo "/etc/dhcpd.conf"
133 echo "/var/lib/dhcp/dhcpd.leases"
134 echo "/var/lib/dhcp/dhcpd.leases~"
135 # [ -f /etc/dhcpd.conf ] || mv -f ${ROOTDIR}/etc/dhcpd.conf /etc/
136 [ -f /var/lib/dhcp/dhcpd.leases~ ] || mv -f ${ROOTDIR}/var/lib/dhcp/dhcpd.leases~ /var/lib/dhcp/
137 [ -f /var/lib/dhcp/dhcpd.leases ] || mv -f ${ROOTDIR}/var/lib/dhcp/dhcpd.leases /var/lib/dhcp/
138 #chown -R dhcpd:dhcpd /var/run/dhcpd
139
140 echo ""
141 echo "Removing the ${ROOTDIR}"
142 rm -rf ${ROOTDIR}
143 echo "Your dhcpd server is not chrooted anymore."
144 echo ""
145 echo "Run \"/sbin/service dhcpd restart\" when you are done."
146 echo ""
147
148 #usage
149 else
150 echo ""
151 echo "Usage: $0 [arguments]"
152 echo ""
153 echo -e "\t-s, --status (current dhcpd configuration type)"
154 echo ""
155 echo "arguments:"
156 echo -e "\t-i, --interactive (so you can choose your path)"
157 echo ""
158 echo -e "\t-c, --chroot (choose a chroot location. ex: /var/lib/dhcpd-chroot)"
159 echo ""
160 echo -e "\t-u, --unchroot (back to the original configuration)"
161 echo ""
162 fi

Properties

Name Value
svn:eol-style native
svn:executable *

  ViewVC Help
Powered by ViewVC 1.1.28