The great AT Linux/BSD/*NIX FAQ project!

[Barnaby W. Füi]

btw, anyone interested in a faq about setting up a chrooted bind?

 

[n0cmonkey]

Originally posted by: BingBongWongFooey
btw, anyone interested in a faq about setting up a chrooted bind?

Is it that tough? I thought it came with the necessary adjustments to do this out of the box...

EDIT: BIND8
BIND4

 

[Barnaby W. Füi]

Originally posted by: n0cmonkey

Originally posted by: BingBongWongFooey
btw, anyone interested in a faq about setting up a chrooted bind?

Is it that tough? I thought it came with the necessary adjustments to do this out of the box...

EDIT: BIND8
BIND4

nope it was pretty damn easy, i found a great little guide and it worked perfect, but i can see how a newbie would be confused by parts of it.

then again, why would a newbie run bind?

oh and yeah, bind comes in ready-to-chroot form, but you still have to build the jail, add users, make/get an init script, etc.

also note that many topics in the faq can be considered easy by many, but hard to others.

 

[Poontos]

This is the best I have from earlier this year.

# BIND 9.2.1 Chroot Jail - FreeBSD 4.x (Cannot firm every 4.x version)
# 20020622

### edit /etc/master.password (vipw) and add:
# bind:x:uid:gid:BIND User Account:/chroot/path_to_jail:/path_to_nologin

### edit /etc/group and add:
# bind:x:gid:

### set up the directory structure as follows:

/chroot
+-- named
+-- dev
+-- etc
| +-- namedb
| +-- slave
+-- var
| +-- run
+-- bin

### With these commands
# mkdir -p /chroot/named
# cd /chroot/named
# mkdir -p dev etc/namedb/slave var/run bin

### Place the BIND data
# cp -p /etc/named.conf /chroot/named/etc
# cp -a /var/named/* /chroot/named/etc/namedb

### Give ownership to bind who needs write in these dirs
# chown -R bind:bind /chroot/named/etc/namedb/slave
# chown bind:bind /chroot/named/var/run

### Create special files for named
# mknod /chroot/named/dev/null c 2 2
# mknod /chroot/named/dev/random c 2 3
# chmod 666 /chroot/named/dev/{null,random}
# cp /etc/localtime /chroot/named/etc

### Edit rc.conf to start logging for named in the jail
# ee /etc/defaults/rc.conf

### edit syslogd_flags= to reflect:
# syslogd_flags="-s -l /chroot/named/dev/log"

### You must now restart syslogd. A simple HUP will not work!!

### Tighten Permissions
# chown root /chroot
# chmod 700 /chroot
# chown bind:bind /chroot/named
# chmod 700 /chroot/named

### Do not do this step!!! Testing only!! It can be very dangerous!! (I've warned you)
# chflags schg /chroot/named/etc/*(*)

### Copy named binary into the jail
### If using current BIND
# cp /path_to_named_binary/named /chroot/named/bin

### If preparing to install new BIND
# find / -name named

### rename any named binaries that are currently found with the above command for backup

### Install BIND
# ./configure && make && make install (default configure script should work ok)

### Set up the Init script (/etc/defaults/rc.conf)
# Change the existing lines to reflect below:
# named_program="/chroot/named/bin/named"
# named_flags="-u bind -t /chroot/named/ -c /etc/namedb/named.conf"


### Edit a couple lines in the options section of named.conf
# directory "/etc/namedb";
# pid-file "/var/run/named.pid";
# statistics-file "/var/run/named.stats";

### Create the pid file
# touch /chroot/named/var/run/named.pid

### Copy the new named binary to the jail (ONLY if you upgraded!)
# find /usr -name named
# cp /path_to_new_binary/named /chroot/named/bin

### Make sure no other instances of named are running
# ps aux | grep named

### If they are, kill them
# kill `cat /var/run/named.pid` (or equiv pid number)

### Then manually start the new name server for the first time.
### The switches below are: -u=user -t=top level directory -c=config file location
# /chroot/named/bin/named -u bind -t /chroot/named -c /chroot/named/etc/namedb/named.conf

### Now start syslog manually for the first time.
# /usr/sbin/syslogd -s -l /chroot/named/dev/log/

 

[Mucman]

Wow! Glad I don't run bind , maybe a simple how-to on setting up djbdns module, dns-cache (of course there are plenty of good ones already out there)

 

[Barnaby W. Füi]

Originally posted by: Mucman
Wow! Glad I don't run bind , maybe a simple how-to on setting up djbdns module, dns-cache (of course there are plenty of good ones already out there)

installing bind and even in a chroot is easy. learning how to USE bind is what is hard, however it pays off in the long run IMO. (just like learning anything...even if you only absorb a few things, thats still adding to your knowledge and experience...everything helps)

 

[Mucman]

Originally posted by: BingBongWongFooey

Originally posted by: Mucman
Wow! Glad I don't run bind , maybe a simple how-to on setting up djbdns module, dns-cache (of course there are plenty of good ones already out there)

installing bind and even in a chroot is easy. learning how to USE bind is what is hard, however it pays off in the long run IMO. (just like learning anything...even if you only absorb a few things, thats still adding to your knowledge and experience...everything helps)

True, I feel like I should install bind just so I can say I know it! If I was to start a DNS server from scratch though, I would go with djbdns. Of course someone has to know how to adminster the millions of bind DNS servers out there. I have the DNS & BIND book by O'Reilly, but I bought it as a primer on how DNS works. Oh well, add another program I have to learn

btw, I just tried out nessus! Pretty darn sweet... here are some screenies and the HTML output it gave me... pretty handy for any administrators out there :

Nessus working
Nessus finished
Nessus HTML output

 

[n0cmonkey]

Originally posted by: Mucman

Originally posted by: BingBongWongFooey

Originally posted by: Mucman
Wow! Glad I don't run bind , maybe a simple how-to on setting up djbdns module, dns-cache (of course there are plenty of good ones already out there)

installing bind and even in a chroot is easy. learning how to USE bind is what is hard, however it pays off in the long run IMO. (just like learning anything...even if you only absorb a few things, thats still adding to your knowledge and experience...everything helps)

True, I feel like I should install bind just so I can say I know it! If I was to start a DNS server from scratch though, I would go with djbdns. Of course someone has to know how to adminster the millions of bind DNS servers out there. I have the DNS & BIND book by O'Reilly, but I bought it as a primer on how DNS works. Oh well, add another program I have to learn

BIND is easy, and its free. djbdns is easy, but its not free. The reason I used BIND4 on my home network for a while was because of the fact it comes installed on OpenBSD by default.

btw, I just tried out nessus! Pretty darn sweet... here are some screenies and the HTML output it gave me... pretty handy for any administrators out there :

Nessus working
Nessus finished
Nessus HTML output

I was always partial to SATAN myself...

 

[Barnaby W. Füi]

Originally posted by: Mucman

True, I feel like I should install bind just so I can say I know it!

thats the main reason i didnt go with djbdns or others, bind is the standard, and knowing can/will payoff someday.

If I was to start a DNS server from scratch though, I would go with djbdns.

i've never used it so i dont have much room to talk about it, but djbdns is just damn weird. it installs directories in / like /packages, etc. thats weird. secure code, sure, but its non-free and just kinda.....weird.. plus hey, bind is free, works well, etc etc. its not *that* hard to use, add a few lines to named.conf for a zone, then make your zone file (there are examples everywhere), and thats it.

I have the DNS & BIND book by O'Reilly, but I bought it as a primer on how DNS works. Oh well, add another program I have to learn

i already knew bind somewhat when i read that book, but it filled in alot of the blanks for me, good book.

 

[Poontos]

When did djbdns start costing $$, and how much?

 

[n0cmonkey]

Originally posted by: Poontos
When did djbdns start costing $$, and how much?

It is free as in beer, just not free as in speech. The license is un-free.

 

[Poontos]

Originally posted by: n0cmonkey

Originally posted by: Poontos
When did djbdns start costing $$, and how much?

It is free as in beer, just not free as in speech. The license is un-free.

I know we have higher taxes up north here, but this does not equate to beer being free of charge.

So, in summary:

To purchase djbdns, you fire up your Internet connection, your favourite FTP client, and download away. Which equals "free" in the purchase sense. E.g. You do not send someone money to use the software. And BigBong refers to the format of djbdns as being not very easy to understand?

And n0c says the license is "un-free", which means you send money to someone to use the software? Can we please speak un-weird language in here.

 

[hobgadling]

Free as in beer

Free as in speech

HTH

--Hob

 

[n0cmonkey]

Originally posted by: Poontos

Originally posted by: n0cmonkey

Originally posted by: Poontos
When did djbdns start costing $$, and how much?

It is free as in beer, just not free as in speech. The license is un-free.

I know we have higher taxes up north here, but this does not equate to beer being free of charge.

So, in summary:

To purchase djbdns, you fire up your Internet connection, your favourite FTP client, and download away. Which equals "free" in the purchase sense. E.g. You do not send someone money to use the software. And BigBong refers to the format of djbdns as being not very easy to understand?

And n0c says the license is "un-free", which means you send money to someone to use the software? Can we please speak un-weird language in here.

Sorry, English is the only language I know well enough to try and explain this. If you want, I can try German, but Ill have to look a few words up first since I havent used it in a while.

Explanation:
Free is a crappy word. It can mean no cost, or it could mean a right. No cost is equated to free beer. A right, like freedom of speech, is equated with free speech. In the English language there are atleast 2 ways software can be "free". First it can be freeware, as in costing no money, as in free beer. Second it can have a license which is considered free, as in speech. The BSD license is a free license. The license djbdns falls under does not allow many of the things needed by a "free" license. Therefor, djbdns is un-free as in you dont have to pay money for it, but you are restricted in what you an do with the software. That help at alll or am I wasting my tiime trying to explain "free" to you?

And for the record, the GPL is a restrictive license.

 

[Poontos]

"Sorry, English is the only language I know well enough to try and explain this. If you want, I can try German, but Ill have to look a few words up first since I havent used it in a while."

There are different variations of the English language, and there are phrases, jargon, and terms that aren't typically taught in English class, or throughout secondary and post-secondary school.

If you notice, in these URL's (1) and #2, they are referred to as "jargon" in the directory structure. I would not expect everyone in the world, nor in I.T. to know all the jargon out there.

So yes, you were writing in "English", but more specifically software jargon.

Thanks for coming out, and have a great weekend!

P.S. Thanks for the links hobgadling, they were of useful assistance.

 

[hobgadling]

No problem Poontos...if you're interested in the computer geek subculture at all you'll want to read through the rest of the jargon file, lots of interesting tidbits you can pick up there like that.

--Hob

 

[n0cmonkey]

Originally posted by: Poontos
"Sorry, English is the only language I know well enough to try and explain this. If you want, I can try German, but Ill have to look a few words up first since I havent used it in a while."

There are different variations of the English language, and there are phrases, jargon, and terms that aren't typically taught in English class, or throughout secondary and post-secondary school.

If you notice, in these URL's (1) and #2, they are referred to as "jargon" in the directory structure. I would not expect everyone in the world, nor in I.T. to know all the jargon out there.

So yes, you were writing in "English", but more specifically software jargon.

Thanks for coming out, and have a great weekend!

P.S. Thanks for the links hobgadling, they were of useful assistance.

I dont consider the definintions of the word free to be computer jargon.

 

[Electrode]

Hmm, looks like work on FAQs has stagnated.

Are there any other pressing issues that everyone seems to be asking, or has the FAQ project attained its goal of answering every frequently-asked question that people here have?

 

[MainFramed]

Originally posted by: Electrode
Hmm, looks like work on FAQs has stagnated.

Are there any other pressing issues that everyone seems to be asking, or has the FAQ project attained its goal of answering every frequently-asked question that people here have?

im sure there are more.....

 

[BDawg]

How about this -

In XFree86 (4.2.1), how do you set a resolution beneath the max resolution.

By default, the Xserver sets a virtual resolution equal to the max resolution of the monitor+video card. If you specify a resolution less than the maximum, you get a screen at that resolution, but you also have a virtual resolution = max, which means you can scroll across the screen for more space.

How do you just set a resolution without a virtual resolution? 4.0 was supposed to make this kind of stuff easier.

 

[amphibious]

I've got two questions, and probably more on the way as I just installed Debian.

First, I'm having problems running X because it can't find my mouse. I configured it (to the best of my ability) but still no dice. It's a Logitech Optical Mouseman USB... this is probably a simple beginner mistake.

Second, I haven't gotten to this point yet (since X isn't working), but can anyone point me toward a tutorial or give me a quick rundown of what I'm going to want to do when I get into it.

thanks!

 

[BDawg]

Originally posted by: amphibious
I've got two questions, and probably more on the way as I just installed Debian.

First, I'm having problems running X because it can't find my mouse. I configured it (to the best of my ability) but still no dice. It's a Logitech Optical Mouseman USB... this is probably a simple beginner mistake.

Second, I haven't gotten to this point yet (since X isn't working), but can anyone point me toward a tutorial or give me a quick rundown of what I'm going to want to do when I get into it.

thanks!

Have you checked the debian site? I know redhat has pretty good tutorials. Don't expect much help from xfree86.org. The documentation is kind of sparse.

 

[amphibious]

Originally posted by: BDawg


Have you checked the debian site? I know redhat has pretty good tutorials. Don't expect much help from xfree86.org. The documentation is kind of sparse.

Yeah, I've looked at the Debian site for the mouse stuff... nothing that I don't already know. LHD is giving me CGI errors right now so I can't see if my mouse has some wierd problem. The part that worries me a little is in the mouse config stuff it never gives me an option for a USB mouse, I wonder if that could be the problem. It does give a Logitech Mouseman option, which I've chosen, obviously, to no avail.

 

[Electrode]

While there is a way to make it not use a virtual desktop at the maximum size, I do not know it. It has something to do with the mode lines in /etc/X11/XF86Config.

The method I use is stupid but functional: stop X, remove the resolutions higher than what you want to use from the mode line for your color depth, then start X again.

Hopefully someone will chime in with a better answer.

 

[BDawg]

Originally posted by: Electrode
While there is a way to make it not use a virtual desktop at the maximum size, I do not know it. It has something to do with the mode lines in /etc/X11/XF86Config.

The method I use is stupid but functional: stop X, remove the resolutions higher than what you want to use from the mode line for your color depth, then start X again.

Hopefully someone will chime in with a better answer.

XFree 4 was supposed to remove the need for scanlines.