#!/bin/sh set -x SCRIPT=makejail-chroot.sh # Chemins des fichiers necessaires au chroot CHRDIR=/root/chroot # Commandes indispensables MKDIR=/bin/mkdir MAKEJAIL=/usr/sbin/makejail WGET=/usr/bin/wget DEBMIR=http://http.us.debian.org/debian SSMTPURL=$DEBMIR/pool/main/s/ssmtp/ssmtp_`apt-cache show ssmtp | grep ^Version | awk '{print $2}'`_i386.deb DPKG=/usr/bin/dpkg GREP=/bin/grep PS=/bin/ps CP=/bin/cp # Chemins pour Apache CHRWWWDIR=/home/services/apache CHRWWWCONF=/etc/makejail/apache.py CHRWWWLOG=$CHRDIR/apache_chroot.log # Chemins pour Bind CHRBINDDIR=/home/services/bind CHRBINDCONF=/etc/makejail/bind.py CHRBINDLOG=$CHRDIR/bind_chroot.log # Chemins pour MySQL CHRMYSQLDIR=/home/services/mysqld CHRMYSQLCONF=/etc/makejail/mysqld.py CHRMYSQLLOG=$CHRDIR/mysql_chroot.log ## Il nous faut le paquet 'makejail' if [ ! -x $MAKEJAIL ]; then echo "Makejail est nécessaire : apt-get install makejail..." exit 0 fi # Le repertoire $CHRDIR existe ? mkchrdir () { if [ ! -d $CHRDIR ]; then $MKDIR -p $CHRDIR fi } # Pour le chroot Bind bind_chroot () { if [ ! -f $CHRBINDCONF ]; then echo "Fichier de configuration $BINDCONF introuvable !" exit 0 fi if [ ! -d $CHRBINDDIR ]; then echo "Creation du répertoire $BINDDIR..." $MKDIR -p $CHRBINDDIR fi $MAKEJAIL $CHRBINDCONF } # Pour le Chroot Apache apache_chroot () { ## Si pas de fichier de configuration makejail pour Apache ! if [ ! -f $CHRWWWCONF ]; then echo "Fichier de configuration $CHRWWWCONF introuvable !" exit 0 fi ## Vérification de la présence du répertoire cible pour WWW if [ ! -d $CHRWWWDIR ]; then echo "Creation du repertoire $CHRWWWDIR..." $MKDIR -p $CHRWWWDIR fi ## Création de la prison chroot pour Apache $MAKEJAIL $CHRWWWCONF if [ ! -x $WGET ]; then echo "Wget est nécessaire : apt-get install wget..." exit 0 fi $WGET $SSMTPURL -O $CHRDIR/ssmtp.deb || exit 0 $DPKG -x $CHRDIR/ssmtp.deb $CHRDIR/ssmtp $CP -Rp $CHRDIR/ssmtp/* $CHRWWWDIR/ } # Pour le Chroot MySQL mysql_chroot () { ## Si pas de fichier de configuration makejail pour Apache ! if [ ! -f $CHRMYSQLCONF ]; then echo "Fichier de configuration $CHRMYSQLCONF introuvable !" exit 0 fi ## Vérification de la présence du répertoire cible pour WWW if [ ! -d $CHRMYSQLDIR ]; then echo "Creation de $CHRMYSQLDIR..." $MKDIR -p $CHRMYSQLDIR fi if [ ! -d $CHRMYSQLLOG ]; then echo "Creating Chroot directory..." fi ## Création de la prison chroot pour MySQL $MAKEJAIL $CHRMYSQLCONF } stop_mysql () { echo "Arret de MySQL" /etc/init.d/mysql stop CHRMYSQLTEST=`$PS ax | $GREP -m 1 mysqld | awk '{print $1}'` ## Arret brutal if [ ! -z $CHRMYSQLTEST ]; then killall -9 mysqld fi echo "Termine" } start_mysql () { echo "Demarrage de MySQL" /etc/init.d/mysql start CHRMYSQLTEST=`$PS ax | $GREP -m 1 mysqld | awk '{print $1}'` if [ -z $CHRMYSQLTEST ]; then echo "Echec !" exit 0 fi echo "Termine" } start_bind () { echo "Demarrage de Bind" /etc/init.d/bind9 start BINDTEST=`$PS ax | $GREP -m 1 sbin/named | awk '{print $1}'` if [ -z $BINDTEST ]; then echo "Echec !" exit 0 fi echo "Termine" } stop_bind () { echo "Arret de Bind" /etc/init.d/bind9 stop BINDTEST=`$PS ax | $GREP -m 1 sbin/named | awk '{print $1}'` ## Arret brutal if [ ! -z $BINDTEST ]; then killall -9 named fi echo "Termine !" } stop_apache () { echo "Arret de Apache" /etc/init.d/apache stop CHRWWWTEST=`$PS ax | $GREP -m 1 bin/apache | awk '{print $1}'` ## Arret brutal if [ ! -z $CHRWWWTEST ]; then killall -9 apache fi echo "Termine !" } start_apache () { echo "Demarrage de Apache" /etc/init.d/apache start CHRWWWTEST=`$PS ax | $GREP -m 1 bin/apache | awk '{print $1}'` if [ -z $CHRWWWTEST ]; then echo "Echec !" exit 0 fi echo "Termine" } case "$1" in all) mkchrdir stop_mysql stop_apache stop_bind echo "Chroot pour Apache... ($CHRWWWLOG)" apache_chroot >& $CHRWWWLOG echo "Chroot pour Bind... ($CHRBINDLOG)" bind_chroot >& $CHRBINDLOG echo "Chroot pour MySQL... ($CHRMYSQLLOG)" mysql_chroot >& $CHRMYSQLLOG start_bind start_mysql start_apache ;; mysql) stop_mysql echo "Chroot pour MySQL... ($CHRMYSQLLOG)" mkchrdir mysql_chroot >& $CHRMYSQLLOG start_mysql ;; apache) stop_apache echo "Chroot pour Apache... ($CHRWWWLOG)" mkchrdir apache_chroot >& $CHRWWWLOG start_apache ;; bind) stop_bind echo "Chroot pour Bind... ($CHRBINDLOG)" mkchrdir bind_chroot >& $CHRBINDLOG start_bind ;; *) echo "Usage: $SCRIPT {apache|mysql|all}" exit 1 ;; esac if [ $? -eq 0 ]; then echo . exit 0 else echo " Echec de creation du chroot !" exit 1 fi