--- a/mkready Thu Jul 15 15:33:01 2010 +0200
+++ b/mkready Wed Jul 21 14:04:05 2010 +0200
@@ -1,46 +1,70 @@
-#!/bin/bash
+#!/usr/bin/perl
-set -e
-source dnstools.conf
+use strict;
-domain="eins.lan"
-master_dir="$MASTER_DIR"
-conf_dir="$ZONE_CONF_DIR"
-bind_dir="$BIND_DIR"
+my $bind_dir = "/etc/bind";
+my $conf_dir = "/etc/bind/zones.d";
+my $master_dir = "/etc/bind/master";
+chomp (my @domains = `ls $master_dir`);
+chomp (my @conf_dir_files = `ls $conf_dir`);
-tmpfile=`mktemp`
-trap "rm -f $tmpfile" EXIT QUIT INI
+# prueft jede domain die einen verzeichniss in $master_dir hat, ob es eine
+# datei <$domain>.signed gibt und ob der eintrag in $conf_dir/$domain dem
+# ergebniss entspricht.
+# passt die eintraeg in der config-datei falls noetig an.
+foreach (@domains) {
+ my $domain = $_;
+ my $zone_file = "$master_dir/$domain/$domain";
+ my $conf_file = "$conf_dir/$domain";
+ my @c_content;
-for zone_domain in $master_dir/*
-do
- domain=${zone_domain##/*/}
- zone_dir="$master_dir/$domain"
- conf_file="$conf_dir/$domain"
- zone="$master_dir/$domain/$domain"
- zone_signed="$master_dir/$domain/$domain.signed"
+ if (-e "$zone_file.signed") {
+
+ open (FILE, $conf_file);
+ @c_content = <FILE>;
+ close (FILE);
+
+ foreach (@c_content) {
+ if (m{(.*)($zone_file)(";)}) {
+ print "$2 ==> $2.signed\n";
+ $_ = "$1$2.signed$3\n";
+ }
- # schreibt den eintrag ueber das zonefile um. ist ein signiertes zonefile vorhanden
- # wird es in der configdatei der zone im abschnitt file verlinkt. ist das zone-file
- # nicht signiert wird die standard-zonedatei eingetragen.
- if [ -f $master_dir/$domain/$domain.signed ]
- then
- if ! grep -q "file.*signed\"" $conf_file
- then
- sed -e "s\\$zone\\$zone_signed\\g" <$conf_file >$tmpfile
- mv $tmpfile $conf_file
- echo $zone '-->' $zone_signed
- fi
- else
- if grep -q "file.*signed\"" $conf_file
- then
- sed -e "s\\$zone_signed\\$zone\\g" <$conf_file >$tmpfile
- mv $tmpfile $conf_file
- echo $zone_signed '-->' $zone
- fi
- fi
-done
+ open (FILE, ">test");
+ print FILE @c_content;
+ close (FILE);
+
+ }
+
+ } else {
+
+ open (FILE, $conf_file);
+ @c_content = <FILE>;
+ close (DATEI);
+
+ foreach (@c_content) {
+ if (m{(.*)($zone_file)\.signed(.*)}) {
+ print "$2.signed ==> $2\n";
+ $_ = "$1$2$3\n";
+ }
+ }
-cat $conf_dir/* > $bind_dir/named.conf.zones
-named-checkconf
-named-checkconf -z
-rndc reload
+ open (FILE, ">$conf_file");
+ print FILE @c_content;
+ close (FILE);
+ }
+}
+
+# erzeugt eine named.conf-datei aus den entsprechenden vorlagen.
+open( TO, ">$bind_dir/named.conf.zones");
+foreach (@conf_dir_files) {
+ open (FROM, "$conf_dir/$_");
+ print TO <FROM>;
+ close (FROM);
+}
+close(TO);
+
+
+print `named-checkconf`;
+print `named-checkconf -z`;
+print `rndc reload`;
--- a/nagios_dnssec/check_dnssec Thu Jul 15 15:33:01 2010 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-DOMAIN="eins.lan dreizehn.lan sieben.lan xn--fnf-hoa.lan zehn.lan acht.lan"
-RETURN=0
-TESTX=6
-
-for DOM in $DOMAIN
-do
-
-
- /etc/bind/bin/nagios_dnssec/check_dnssec_expiration -H 127.0.0.1 -D $DOM -w 2d >/dev/null
- STATUS=$?
-
- case $STATUS in
- 1) WARNING="$WARNING $DOM ";;
- 2) CRITICAL="$CRITICAL $DOM "
- esac
-
-done
-
-if [ "$CRITICAL" ]
-then
- echo "CRITICAL: $CRITICAL"
- exit 2
-else
- if [ "$WARNING" ]
- then
- echo "WARNING: $WARNING"
- exit 1
- else
- echo "OK:"
- exit 0
- fi
-fi
-
Binary file nagios_dnssec/check_dnssec_expiration has changed
--- a/zone-ls Thu Jul 15 15:33:01 2010 +0200
+++ b/zone-ls Wed Jul 21 14:04:05 2010 +0200
@@ -1,33 +1,58 @@
-#!/bin/bash
-source ./dnstools.conf
-master_dir=$MASTER_DIR
-zsklive=$ZSKLIVE
-ksklive=$KSKLIVE
-
-printf "%-25s %1s/%1s %3s %7s\n" "Domain" "ZSK" "KSK" "Use" "Sig-End"
-for zone in $master_dir/*
-do
-
- domain=${zone##/*/}
+#!/usr/bin/perl
- test -f $zone/.index.zsk && anzahl_zsk=`wc -l < $zone/.index.zsk` || anzahl_zsk="0"
- test -f $zone/.index.ksk && anzahl_ksk=`wc -l < $zone/.index.ksk` || anzahl_ksk="0"
-
- test -f $zone/keycounter && key_counter=`< $zone/keycounter` || key_counter="0"
+use strict;
- if [ -f $zone/$domain.signed ]
- then
- endtime1=`cat $zone/$domain.signed | egrep 'DNSKEY' | egrep '[0-9]{14}' | head -n1 | cut -d" " -f5`
- endtime2="${endtime1:6:2}.${endtime1:4:2}.${endtime1:0:4}"
-
- else
- endtime2="0"
- fi
-
- printf "%-25s %1d/%1d %5d %12s\n" \
- "$domain" "$anzahl_zsk" "$anzahl_ksk" "$key_counter" "$endtime2"
+my $master_dir = "/etc/bind/master";
+chomp (my @domains = `ls $master_dir`);
-done
+printf "%-25s %1s/%1s %3s %7s\n", "Domain", "ZSK", "KSK", "Used", "Sig-end";
+
+foreach (@domains) {
+ my $domain = $_;
+ my $info_zsk;
+ my $info_ksk;
+ my $info_kc;
+ my $info_end;
+ my @temp;
+
+ #prueft wie viele zsks genutzt werden
+ open(FILE, "$master_dir/$domain/.index.zsk");
+ @temp = <FILE>;
+ close(FILE);
+ $info_zsk = @temp;
+
+ #prueft wie viele ksks genutzt werden
+ open(FILE, "$master_dir/$domain/.index.ksk");
+ @temp = <FILE>;
+ close(FILE);
+ $info_ksk = @temp;
+ #prueft wie oft die schluessel zum signieren genutzt wurden
+ if (-e "$master_dir/$domain/keycounter") {
+ open(FILE, "$master_dir/$domain/keycounter");
+ chomp ($info_kc = <FILE>);
+ close(FILE);
+ } else {
+ $info_kc = "-";
+ }
+ #prueft das ablaufdatum
+ if (-e "$master_dir/$domain/$domain.signed") {
+ open(FILE, "$master_dir/$domain/$domain.signed");
+ @temp = <FILE>;
+ close (FILE);
+
+ foreach (@temp) {
+ if (m/RSIG.*SOA.*\s(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)\d+\s\(/i) {
+ $info_end = "$3.$2.$1 $4:$5";
+ }
+ }
+
+ } else {
+ $info_end = "-";
+ }
+
+ printf "%-25s %1s/%1s %5s %19s\n", $domain, $info_zsk, $info_ksk, $info_kc, $info_end;
+}
+