0x1949 Team - FAZEMRX - MANAGER
Edit File: cpanel-pdns.postinst
#!/bin/bash # powerdns set -e SERVICE=pdns.service export POWERDNS_CONF=/etc/pdns/pdns.conf ## <asset scriplets/post> set -e # CentOS: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax # Debian: https://wiki.debian.org/MaintainerScripts ## Variables to define # export POWERDNS_CONF=%{_sysconfdir}/%{upstream_name}/pdns.conf # Shared/hardcoded variables DNSSEC_DIR=/var/cpanel/pdns DNSSEC_DB=${DNSSEC_DIR}/dnssec.db OLD_DNSSEC_DB=/etc/pdns/dnssec.db DNSSEC_SCHEMA_FILE="${DNSSEC_DIR}/bind-dnssec.4.2.0_to_4.3.0_schema.sqlite3.sql" USER=named GROUP=${USER} checkUser() { local NOSHELL="/usr/local/cpanel/bin/noshell" echo "Check user & group $USER" # add group /usr/bin/getent group $GROUP >/dev/null || \ /usr/sbin/groupadd -r $GROUP if [ -x "/sbin/nologin" ]; then NOSHELL="/sbin/nologin" fi # add user if needed /usr/bin/getent passwd $USER >/dev/null || \ /usr/sbin/useradd -r -g $GROUP -M -d /var/named -s $NOSHELL $USER } checkPerms() { echo "Check permissions" # ensure directories, perms & ownership # required for Ubuntu, not necessary for CentOS mkdir -p -m 0700 ${DNSSEC_DIR} chmod 700 ${DNSSEC_DIR} chown ${USER}:${GROUP} ${DNSSEC_DIR} # Make sure pdns.conf is owned by named. It is left as root owned in some cases. if [ -e $POWERDNS_CONF ]; then chown ${USER}:${GROUP} $POWERDNS_CONF fi } # main entry point runPost() { # Just be sure the file is there in some form or pdns will get angry. /bin/touch /etc/named.conf checkUser; checkPerms; # need to happen twice # Generate an api-key and webserver-password on fresh installs. # was previously only run on install: no harm to always run it sed -i \ "s,@@REPLACE@@,`openssl rand -hex 16`,g; s,@@REPLACE_PASS@@,`openssl rand -hex 16`,g" \ $POWERDNS_CONF if [ ! -e "${DNSSEC_DB}" ]; then # Check for the old db and move it if it exists. if [ -e "${OLD_DNSSEC_DB}" ]; then mv ${OLD_DNSSEC_DB} ${DNSSEC_DB} else /usr/bin/pdnsutil create-bind-db ${DNSSEC_DB} fi fi # enforce perms & ownership chmod 600 ${DNSSEC_DB} chown ${USER}:${GROUP} ${DNSSEC_DB} # A lot of the configuration directives changed in 4.1, so # this simple check tries to rename/remove the outdated directives # was previously only run on upgrades: no harm always running it if [ -x /usr/local/cpanel/scripts/migrate-pdns-conf ]; then /usr/local/cpanel/scripts/migrate-pdns-conf fi # Make sure nothing is stealing our port if [ -e /etc/portreserve ]; then #Be nice, don't whack portreserve if we don't have to portrelease named #Prevent portreserve from stealing port on boot grep -rl "^rndc\/tcp$" /etc/portreserve | xargs rm ||: fi checkPerms; # make sure conf & other files are ok #Restart the service, something else could be stealing the port (it runs kill_apps_on_ports) if [ -x /usr/local/cpanel/scripts/restartsrv_pdns ]; then /usr/local/cpanel/scripts/restartsrv_pdns --stop # Update DNSSEC table schema if [ -x /usr/local/cpanel/3rdparty/bin/sqlite3 ] && [ -f "${DNSSEC_SCHEMA_FILE}" ]; then PUBLISHED_COLUMN=$(/usr/local/cpanel/3rdparty/bin/sqlite3 ${DNSSEC_DB} "SELECT COUNT(*) FROM pragma_table_info('cryptokeys') WHERE name='published';") if [ "${PUBLISHED_COLUMN:-0}" == "0" ]; then /usr/local/cpanel/3rdparty/bin/sqlite3 ${DNSSEC_DB} < ${DNSSEC_SCHEMA_FILE} fi fi /usr/local/cpanel/scripts/restartsrv_pdns --start fi } ## </asset> prep() { # Add 'DNSStubListener=no' to /etc/systemd/resolved.conf /bin/egrep -q '^DNSStubListener=no' /etc/systemd/resolved.conf || /bin/echo 'DNSStubListener=no' >> /etc/systemd/resolved.conf /usr/bin/systemctl restart systemd-resolved /usr/bin/systemctl unmask ${SERVICE} ||: } case "$1" in configure) prep; runPost; ;; esac exit 0