# HG changeset patch # User asuess@dns.net.schlittermann.de # Date 1279713845 -7200 # Node ID 05132262d212752e76ab67952f89096e7693782f # Parent a31edb6b728c43b52e52d439f4b862f6e92a29c9 zone-ls und mkready in perl geschrieben diff -r a31edb6b728c -r 05132262d212 mkready --- a/mkready Thu Jul 15 15:33:01 2010 +0200 +++ b/mkready Wed Jul 21 14:04:05 2010 +0200 @@ -1,46 +1,70 @@ -#!/bin/bash +#!/usr/bin/perl -set -e -source dnstools.conf +use strict; -domain="eins.lan" -master_dir="$MASTER_DIR" -conf_dir="$ZONE_CONF_DIR" -bind_dir="$BIND_DIR" +my $bind_dir = "/etc/bind"; +my $conf_dir = "/etc/bind/zones.d"; +my $master_dir = "/etc/bind/master"; +chomp (my @domains = `ls $master_dir`); +chomp (my @conf_dir_files = `ls $conf_dir`); -tmpfile=`mktemp` -trap "rm -f $tmpfile" EXIT QUIT INI +# prueft jede domain die einen verzeichniss in $master_dir hat, ob es eine +# datei <$domain>.signed gibt und ob der eintrag in $conf_dir/$domain dem +# ergebniss entspricht. +# passt die eintraeg in der config-datei falls noetig an. +foreach (@domains) { + my $domain = $_; + my $zone_file = "$master_dir/$domain/$domain"; + my $conf_file = "$conf_dir/$domain"; + my @c_content; -for zone_domain in $master_dir/* -do - domain=${zone_domain##/*/} - zone_dir="$master_dir/$domain" - conf_file="$conf_dir/$domain" - zone="$master_dir/$domain/$domain" - zone_signed="$master_dir/$domain/$domain.signed" + if (-e "$zone_file.signed") { + + open (FILE, $conf_file); + @c_content = ; + close (FILE); + + foreach (@c_content) { + if (m{(.*)($zone_file)(";)}) { + print "$2 ==> $2.signed\n"; + $_ = "$1$2.signed$3\n"; + } - # schreibt den eintrag ueber das zonefile um. ist ein signiertes zonefile vorhanden - # wird es in der configdatei der zone im abschnitt file verlinkt. ist das zone-file - # nicht signiert wird die standard-zonedatei eingetragen. - if [ -f $master_dir/$domain/$domain.signed ] - then - if ! grep -q "file.*signed\"" $conf_file - then - sed -e "s\\$zone\\$zone_signed\\g" <$conf_file >$tmpfile - mv $tmpfile $conf_file - echo $zone '-->' $zone_signed - fi - else - if grep -q "file.*signed\"" $conf_file - then - sed -e "s\\$zone_signed\\$zone\\g" <$conf_file >$tmpfile - mv $tmpfile $conf_file - echo $zone_signed '-->' $zone - fi - fi -done + open (FILE, ">test"); + print FILE @c_content; + close (FILE); + + } + + } else { + + open (FILE, $conf_file); + @c_content = ; + close (DATEI); + + foreach (@c_content) { + if (m{(.*)($zone_file)\.signed(.*)}) { + print "$2.signed ==> $2\n"; + $_ = "$1$2$3\n"; + } + } -cat $conf_dir/* > $bind_dir/named.conf.zones -named-checkconf -named-checkconf -z -rndc reload + open (FILE, ">$conf_file"); + print FILE @c_content; + close (FILE); + } +} + +# erzeugt eine named.conf-datei aus den entsprechenden vorlagen. +open( TO, ">$bind_dir/named.conf.zones"); +foreach (@conf_dir_files) { + open (FROM, "$conf_dir/$_"); + print TO ; + close (FROM); +} +close(TO); + + +print `named-checkconf`; +print `named-checkconf -z`; +print `rndc reload`; diff -r a31edb6b728c -r 05132262d212 nagios_dnssec/check_dnssec --- a/nagios_dnssec/check_dnssec Thu Jul 15 15:33:01 2010 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,35 +0,0 @@ -#!/bin/bash - -DOMAIN="eins.lan dreizehn.lan sieben.lan xn--fnf-hoa.lan zehn.lan acht.lan" -RETURN=0 -TESTX=6 - -for DOM in $DOMAIN -do - - - /etc/bind/bin/nagios_dnssec/check_dnssec_expiration -H 127.0.0.1 -D $DOM -w 2d >/dev/null - STATUS=$? - - case $STATUS in - 1) WARNING="$WARNING $DOM ";; - 2) CRITICAL="$CRITICAL $DOM " - esac - -done - -if [ "$CRITICAL" ] -then - echo "CRITICAL: $CRITICAL" - exit 2 -else - if [ "$WARNING" ] - then - echo "WARNING: $WARNING" - exit 1 - else - echo "OK:" - exit 0 - fi -fi - diff -r a31edb6b728c -r 05132262d212 nagios_dnssec/check_dnssec_expiration Binary file nagios_dnssec/check_dnssec_expiration has changed diff -r a31edb6b728c -r 05132262d212 zone-ls --- a/zone-ls Thu Jul 15 15:33:01 2010 +0200 +++ b/zone-ls Wed Jul 21 14:04:05 2010 +0200 @@ -1,33 +1,58 @@ -#!/bin/bash -source ./dnstools.conf -master_dir=$MASTER_DIR -zsklive=$ZSKLIVE -ksklive=$KSKLIVE - -printf "%-25s %1s/%1s %3s %7s\n" "Domain" "ZSK" "KSK" "Use" "Sig-End" -for zone in $master_dir/* -do - - domain=${zone##/*/} +#!/usr/bin/perl - test -f $zone/.index.zsk && anzahl_zsk=`wc -l < $zone/.index.zsk` || anzahl_zsk="0" - test -f $zone/.index.ksk && anzahl_ksk=`wc -l < $zone/.index.ksk` || anzahl_ksk="0" - - test -f $zone/keycounter && key_counter=`< $zone/keycounter` || key_counter="0" +use strict; - if [ -f $zone/$domain.signed ] - then - endtime1=`cat $zone/$domain.signed | egrep 'DNSKEY' | egrep '[0-9]{14}' | head -n1 | cut -d" " -f5` - endtime2="${endtime1:6:2}.${endtime1:4:2}.${endtime1:0:4}" - - else - endtime2="0" - fi - - printf "%-25s %1d/%1d %5d %12s\n" \ - "$domain" "$anzahl_zsk" "$anzahl_ksk" "$key_counter" "$endtime2" +my $master_dir = "/etc/bind/master"; +chomp (my @domains = `ls $master_dir`); -done +printf "%-25s %1s/%1s %3s %7s\n", "Domain", "ZSK", "KSK", "Used", "Sig-end"; + +foreach (@domains) { + my $domain = $_; + my $info_zsk; + my $info_ksk; + my $info_kc; + my $info_end; + my @temp; + + #prueft wie viele zsks genutzt werden + open(FILE, "$master_dir/$domain/.index.zsk"); + @temp = ; + close(FILE); + $info_zsk = @temp; + + #prueft wie viele ksks genutzt werden + open(FILE, "$master_dir/$domain/.index.ksk"); + @temp = ; + close(FILE); + $info_ksk = @temp; + #prueft wie oft die schluessel zum signieren genutzt wurden + if (-e "$master_dir/$domain/keycounter") { + open(FILE, "$master_dir/$domain/keycounter"); + chomp ($info_kc = ); + close(FILE); + } else { + $info_kc = "-"; + } + #prueft das ablaufdatum + if (-e "$master_dir/$domain/$domain.signed") { + open(FILE, "$master_dir/$domain/$domain.signed"); + @temp = ; + close (FILE); + + foreach (@temp) { + if (m/RSIG.*SOA.*\s(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)\d+\s\(/i) { + $info_end = "$3.$2.$1 $4:$5"; + } + } + + } else { + $info_end = "-"; + } + + printf "%-25s %1s/%1s %5s %19s\n", $domain, $info_zsk, $info_ksk, $info_kc, $info_end; +} +