Enhancing the security of Linux operating system DNS services

Topology diagram:

• Code:

  
  

• #!/bin/bash#2017-12-3#by-duwentaodomain_name= "hetian.com" rip= ' ifconfig eth0|grep mask|awk -f   ":"   ' {print $2} ' |awk -f  " "   ' {print $1} ' |awk -f  "."   ' {print $3 '. " $ "." $ ' ip= ' ifconfig eth0|grep mask|awk -f  ': '   ' {print $2} ' |awk -f  '   '   ' {print $1} ' ip_last= ' ifconfig eth0|grep mask|awk -f  ': '   ' {print  $2} ' |awk -f  '   '   ' {print $1} ' |awk -f  '. "   ' {print $4} ' named= '/etc/named.conf '                                      #主配文件Forward_parsing_file = "/var/named/$domain _name.zone"                #正向解析文件Reverse_parsing_file = "/var/named/$ Rip.in-addr.arpa.zone "  #反向解析文件 #check&nbSp;the yum allocation of right and wrong function check_yum ( )  {yum clean all>/dev/null 2>&1   #判断yum配置文件的格式是否正确if  [ $?  -ne  ' 0 '  ];thenecho -e  ' \033[31m yum allocation is wrong \ 033[0m "                repair_ yumelse# define variables to see how many packages Yum has installed yum_num= ' yum repolist all|grep repolist|awk -f  ': '   ' { print $2} ' |sed s '/,//' g|sed s '/ //' G ' if [  $Yum _num -eq  0 ]; thenecho -e  "\033[31m yum allocation is wrong \033[0m" Repair_Yumelse  echo -e  "\033[32m yum allocation is right \033[0m" fifi }  #repair  yumfunction repair_yum ( ) {   dvd_file= "/etc/yum.repos.d/dvd.repo"     read -p  "do you want to repair yum y/n: " check   if [ " $ Check  =  y  -o  $check  =  "yes"  -o  "$check"  =  "y"  ]; thenmount /dev/cdrom /mnt 1>/dev/null 2>&1  if [ -f $ dvd_file ];then   rm -rf   $dvd _file   touch  $dvd _ filecat >>  $dvd _file << +end+[dvd]name=dvdbaseurl=file:///mntgpgcheck=0+end+         else   touch  $dvd _filecat >>   $dvd _file << +end+[dvd]name=dvdbaseurl=file:///mntgpgcheck=0+end+echo -e  "\033 [31m please run it again and see the repair results \033[0m] exit 0        fi   elif [  "$check"   =  "n"  -o  "$chEck " = " N " -o " $check " = " no " ];thenecho -e " \033[31m yum  allocation is wrong,please configure it manually \033[0m "exit 0     elsewhile [[ 1 < 2 ]]doecho -e  "\033[31m your  input is wrong,please try again \033[0m "Repair_yumdone   fi &NBSP;&NBSP;&NBSP,} #install  dns serverfunction install_dns_server ( ) {#把原有的卸载干净yum   remove bind* -yrm -rf /var/named/*rm -rf  /etc/named.conf.rpm* #开始安全dns服务yum  install bind bind-libs bind-utils -y/etc/init.d/named restart > / dev/null 2>&1if [ $? -eq 0 ];thenecho -e  "\033[32m DNS  server install sucessful \033[0m "elseecho -e " \033[31m DNS server  install failed try again \033[0m "fi} #Edit  named configuration filefunction Edit_Conf  ( ) {#修改sed  -i  '/^include/d '   $named                   sed -i s '/127.0.0.1/any/' g  $namedsed  -i s '/ localhost/any/' g  $named  sed -i  '/recursion/i version  ' i do not  Tell you ";"   $named      #隐藏版本号sed  -i s '/recursion yes/recursion no/' g $ named       #关闭rescursion功能 to prevent spoofigsed -i  '/recursion/i  fetch-glue no; '   $named                     #关闭glue  fetching Features # #Edit  named configuration filecat >>  $named  << +END+zone  "$domain _name"  in{    type master;    file  "$Forward _parsing_file"; }; zone  "$rip. In-addr.arpa"  IN{     type master;    file  "$Reverse _parsing_file"; };  include  "/etc/named.rfc1912.zones";include  "/etc/named.root.key";  +end+ #Edit  forward  and reverse configuration file#edit forward  configuration fileif  [ ! -f  $Forward _parsing_file  ];then    touch  $Forward _parsing_fileelse    rm -rf  $Forward _parsing_file    touch   $Forward _parsing_fileficat >>  $Forward _parsing_file << +end+\ $TTL   1d@   in soa   $domain _name.  root. $domain _name.  (                     0    ; serial                     1D  ; refresh                     1H  ; retry                     1W   ; expire                     3H )    ; minimum@     IN      NS     dns.smile.com.dns   IN      A       $ipmail   IN     A        $ipwww    IN     A        $ip  +end+#edit reverse configuration fileif [ ! -f  $Reverse _parsing_file  ] ;then        touch  $Reverse _parsing_fileelse         rm -rf  $Reverse _parsing_file         touch  $Reverse _parsing_filefi cat >>  $Reverse _parsing_file <<  +end+ \ $TTL  86400@   IN SOA   $rip in-addr.arpa. root. $domain _name .  (                     0   ; serial                     1D  ; refresh                     1H   ; retry                     1W  ; expire                     3H )    ; minimum@      in     ns     dns. $domain _name. $ip _last    in    ptr     www. $domain _name. $ip _last    in    ptr     mail. $domain _name. +end+ #修改权限chgrp  named  $named         chgrp named  $Reverse _parsing_ filechgrp named  $Forward _parsing_fileecho  "nameserver  $ip"  >> /etc/ Resolv.conf/etc/init.d/named restart} #copyfunction  copy ( ) {&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;SCP  -r /root/shell/dns_server_masters.sh [email protected]:/root     if [ $? -ne  ' 0 '  ];then             echo -e   "\033[31m  copy failed  \033[0m"       else              echo -e  "\033[32m  Copy success  \033[0m"        fi        ssh -l root  172.24.10.106  '/bin/bash /root/dns_server_masters.sh '} #chenge_DNS_slavefunction  chenge_dns_ slave  ( ) {#修改sed  -i  '/^include/d '   $namedsed  -i s '/127.0.0.1/any/' g $ Namedsed -i s '/localhost/any/' g  $namedsed  -i  '/recursion/i version  ' i  Do not tell you ";"   $named      #隐藏版本号sed  -i s '/recursion yes/recursion no/' g $named                # Turn off rescursion function to prevent spoofigsed -i  '/recursion/i fetch-glue no; '   $named                     #关闭glue  fetching Features # #Edit  named configuration filecat >>  $named  << +END+zone  "$domain _name"  IN{    type slave;     file  "$Forward _parsing_file";    masters {172.24.10.105;};};  zone  "$rip. In-addr.arpa"  IN{    type slave;     file  "$Reverse _parsing_file";    masters {172.24.10.105;};};  include  "/etc/named.rfc1912.zones";include  "/etc/named.root.key";  +end+chmod g+w   /var/named/echo  "nameserver  $ip"  >> /etc/resolv.conFservice named restart} #echo  menufunction menu  ( ) {         echo -e  "\033[32m 1. Check if Yum is configured correctly  \033[0m"       echo -e  "\033[32m 2. Install DNS service  \033[0m"          echo -e  "\033[32m 3. Modify the configuration file for the Dns-master service  \033[0m" echo -e  "\033[32m 4. Copy the file to the target host and go to the target host \033[0m "echo -e " \033[32m 5. Modify the target machine's master file \033[0m "         echo -e  "\033[32m exit. Enter exit or CTRL + C to exit  \033[0m"          echo -e  "\033[32m help. Please enter 1|2|3|help|exit \033[0m" read -p   "Please select your menu:"  menu        case  $menu  in1)  check_ yum   ;; 2)  Install_DNS_Server   ;; 3)    if [  ' rpm -qa |grep bind-9.8| Wc -l '  -ne 1 ];then   echo -e  \033[31m  make sure the DNS service is installed  \ 033[0m "  fi  Edit_Conf  ;; 4) copy  ;; &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;5)  chenge _dns_slave ;; Help)    echo -e  "\033[32m help. Please enter 1|2|3|4 \033[0m"    menu    ;; Exit)  exit 0;; *)    echo -e  "\033[31m  input error, please re-enter  \033[0m"   menu     ;;         esac}while [[ 1 < 2 ]]dohostname= ' Hostname ' if [  "$hostname"  =   "dns_server_1"   ];then                 echo  "Current device is dns_server_1: Please select your menu:"  menu        else                echo  "Current device is $hostname: Please select your menu:"          menu         Fidone

Execution Result:

Youku Video

Public Number:

Enhancing the security of Linux operating system DNS services