加强linux操作系统DNS服务安全
生活随笔
收集整理的這篇文章主要介紹了
加强linux操作系统DNS服务安全
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
拓?fù)鋱D:
代碼:
- #!/bin/bash #2017-12-3 #by-duwentaodomain_name="hetian.com" rip=`ifconfig?eth0|grep?Mask|awk?-F?":"?'{print?$2}'|awk?-F?"?"?'{print?$1}'|awk?-F?"."?'{print?$3"."$2"."$1}'` ip=`ifconfig?eth0|grep?Mask|awk?-F?":"?'{print?$2}'|awk?-F?"?"?'{print?$1}'` ip_last=`ifconfig?eth0|grep?Mask|awk?-F?":"?'{print?$2}'|awk?-F?"?"?'{print?$1}'|awk?-F?"."?'{print?$4}'` named="/etc/named.conf"??????????????????????????????????#主配文件 Forward_parsing_file="/var/named/$domain_name.zone"?????????????#正向解析文件 Reverse_parsing_file="/var/named/$rip.in-addr.arpa.zone"?#反向解析文件#check?the?yum?allocation?of?right?and?wrong? function?Check_Yum(?){yum?clean?all>/dev/null?2>&1??#判斷yum配置文件的格式是否正確if?[?$??-ne?'0'?];thenecho?-e?"\033[31m?yum?allocation?is?wrong?\033[0m"Repair_Yumelse#定義變量用來查看yum有多少安裝包Yum_Num=`yum?repolist?all|grep?repolist|awk?-F?":"?'{print?$2}'|sed?s'/,//'g|sed?s'/?//'g`if?[?$Yum_Num?-eq??0?];thenecho?-e?"\033[31m?yum?allocation?is?wrong?\033[0m"Repair_Yumelse?echo?-e?"\033[32m?yum?allocation?is?right?\033[0m" fifi}#repair?yum function?Repair_Yum(?) {dvd_file="/etc/yum.repos.d/dvd.repo"read?-p?"Do?you?want?to?repair?yum?y/n:"?checkif?[?"$check"?=?"y"?-o?"$check"?=?"yes"?-o?"$check"?=?"Y"?];thenmount?/dev/cdrom?/mnt?1>/dev/null?2>&1??if?[?-f?$dvd_file?];thenrm?-rf??$dvd_filetouch?$dvd_file cat?>>?$dvd_file?<<?+END+ [dvd] name=dvd baseurl=file:///mnt gpgcheck=0 +END+elsetouch?$dvd_file cat?>>?$dvd_file?<<?+END+ [dvd] name=dvd baseurl=file:///mnt gpgcheck=0 +END+echo?-e?"\033[31m?Please?run?it?again?and?see?the?repair?results?\033[0m"exit?0fielif?[?"$check"?=?"n"?-o?"$check"?=?"N"?-o?"$check"?=?"no"?];thenecho?-e?"\033[31m?yum?allocation?is?wrong,Please?configure?it?manually?\033[0m"exit?0?elsewhile?[[?1?<?2?]]doecho?-e?"\033[31m?Your?input?is?wrong,please?try?again?\033[0m"Repair_Yumdonefi???}#install?dns?server function?Install_DNS_Server(?) {#把原有的卸載干凈yum?remove?bind*?-yrm?-rf?/var/named/*rm?-rf??/etc/named.conf.rpm*#開始安全dns服務(wù)yum?install?bind?bind-libs?bind-utils?-y/etc/init.d/named?restart?>?/dev/null?2>&1if?[?$??-eq?0?];thenecho?-e?"\033[32m?DNS?server?install?sucessful?\033[0m"elseecho?-e?"\033[31m?DNS?server?install?failed?try?again?\033[0m"fi}#Edit?named?configuration?filefunction?Edit_Conf?(?) {#修改 sed?-i?'/^include/d'?$named????????????????? sed?-i?s'/127.0.0.1/any/'g?$named sed?-i?s'/localhost/any/'g?$named? sed?-i?'/recursion/i?version?"I?do?not?tell?you";'?$named????#隱藏版本號(hào) sed?-i?s'/recursion?yes/recursion?no/'g?$named? ?????#關(guān)閉rescursion功能,防止spoofig sed?-i?'/recursion/i?fetch-glue?no;'?$named??????????????????#關(guān)閉glue?fetching功能##Edit?named?configuration?file cat?>>?$named?<<?+END+zone?"$domain_name"?IN{type?master;file?"$Forward_parsing_file";};zone?"$rip.in-addr.arpa"?IN{type?master;file?"$Reverse_parsing_file";};include?"/etc/named.rfc1912.zones"; include?"/etc/named.root.key";+END+#Edit?Forward?and?Reverse?configuration?file #Edit?Forward??configuration?file if?[?!?-f?$Forward_parsing_file??];thentouch?$Forward_parsing_file elserm?-rf?$Forward_parsing_filetouch?$Forward_parsing_file ficat?>>?$Forward_parsing_file?<<?+END+ \$TTL?1D @???IN?SOA??$domain_name.??root.$domain_name.?(0???;?serial1D??;?refresh1H??;?retry1W??;?expire3H?)???;?minimum @?????IN?????NS?????dns.smile.com. dns???IN?????A??????$ip mail??IN?????A??????$ip www???IN?????A??????$ip+END+#Edit?Reverse?configuration?fileif?[?!?-f?$Reverse_parsing_file??];thentouch?$Reverse_parsing_file elserm?-rf?$Reverse_parsing_filetouch?$Reverse_parsing_file ficat?>>?$Reverse_parsing_file?<<?+END+\$TTL?86400 @???IN?SOA??$rip.in-addr.arpa.?root.$domain_name.?(0???;?serial1D??;?refresh1H??;?retry1W??;?expire3H?)???;?minimum @?????IN?????NS?????dns.$domain_name. $ip_last???IN????PTR?????www.$domain_name. $ip_last???IN????PTR?????mail.$domain_name.+END+#修改權(quán)限 chgrp?named?$named???????? chgrp?named?$Reverse_parsing_file chgrp?named?$Forward_parsing_fileecho?"nameserver?$ip"?>>?/etc/resolv.conf /etc/init.d/named?restart}#copy function?copy(?) {scp?-r?/root/shell/DNS_Server_masters.sh?root@172.24.10.106:/rootif?[?$??-ne?'0'?];thenecho?-e?"\033[31m?拷貝失敗?\033[0m"?elseecho?-e?"\033[32m?拷貝成功?\033[0m"?fissh?-l?root?172.24.10.106?'/bin/bash?/root/DNS_Server_masters.sh' }#chenge_DNS_slave function?chenge_DNS_slave?(?) {#修改 sed?-i?'/^include/d'?$named sed?-i?s'/127.0.0.1/any/'g?$named sed?-i?s'/localhost/any/'g?$named sed?-i?'/recursion/i?version?"I?do?not?tell?you";'?$named????#隱藏版本號(hào) sed?-i?s'/recursion?yes/recursion?no/'g?$named???????????????#關(guān)閉rescursion功能,防止spoofig sed?-i?'/recursion/i?fetch-glue?no;'?$named??????????????????#關(guān)閉glue?fetching功能##Edit?named?configuration?file cat?>>?$named?<<?+END+zone?"$domain_name"?IN{type?slave;file?"$Forward_parsing_file";masters?{172.24.10.105;}; };zone?"$rip.in-addr.arpa"?IN{type?slave;file?"$Reverse_parsing_file";masters?{172.24.10.105;}; };include?"/etc/named.rfc1912.zones"; include?"/etc/named.root.key";+END+chmod?g+w??/var/named/ echo?"nameserver?$ip"?>>?/etc/resolv.conf service?named?restart }#echo?menu function?menu?(?) {echo?-e?"\033[32m?1.檢查yum是否配置正確?\033[0m"echo?-e?"\033[32m?2.安裝DNS服務(wù)?\033[0m"echo?-e?"\033[32m?3.修改DNS-master服務(wù)的配置文件?\033[0m"echo?-e?"\033[32m?4.拷貝文件到目標(biāo)主機(jī)并且進(jìn)入目標(biāo)主機(jī)\033[0m"echo?-e?"\033[32m?5.修改目標(biāo)機(jī)的主配文件\033[0m"echo?-e?"\033[32m?exit.輸入exit或者ctrl+c退出?\033[0m"echo?-e?"\033[32m?help.請(qǐng)輸入1|2|3|help|exit?\033[0m" read?-p?"請(qǐng)選擇你菜單:"?menucase?$menu?in1)?Check_Yum;;2)?Install_DNS_Server;;3)?if?[?`rpm?-qa?|grep?bind-9.8|wc?-l`?-ne?1?];thenecho?-e?"\033[31m?請(qǐng)確保已經(jīng)安裝DNS服務(wù)?\033[0m"fiEdit_Conf;;4)copy;;5)?chenge_DNS_slave;;help)echo?-e?"\033[32m?help.請(qǐng)輸入1|2|3|4?\033[0m"menu;;exit)?exit?0;;*)echo?-e?"\033[31m?輸入有誤,請(qǐng)重新輸入?\033[0m"menu;;esac}while?[[?1?<?2?]] do hostname=`hostname`if?[?"$hostname"?=??"DNS_SERVER_1"??];thenecho?"當(dāng)前設(shè)備是DNS_SERVER_1:請(qǐng)選擇你菜單:"?menuelseecho?"當(dāng)前設(shè)備是$hostname:請(qǐng)選擇你菜單:"menufi done
執(zhí)行結(jié)果:
優(yōu)酷視頻
微信公眾號(hào):
轉(zhuǎn)載于:https://blog.51cto.com/tdcqvip/2047790
總結(jié)
以上是生活随笔為你收集整理的加强linux操作系统DNS服务安全的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: have sb do / have sb
- 下一篇: MVVM架构~knockoutjs系列之