From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] RPZ: code updates and bug fixes #2 Date: Sun, 29 Sep 2024 12:31:45 +0100 Message-ID: <8A3EF7ED-7AA5-4040-86A1-D3F02E46ECBC@ipfire.org> In-Reply-To: <6711B8EA-DA2A-4894-B644-1349240929B3@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2070605023572726116==" List-Id: --===============2070605023572726116== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable What are you reminding us about? > On 28 Sep 2024, at 20:34, jon wrote: >=20 > Gentle reminder=E2=80=A6 >=20 >=20 >> On Aug 23, 2024, at 4:39=E2=80=AFPM, Jon Murphy = wrote: >>=20 >> - feature: added "list" action >> - update: changed "cat << heredocs" to "echo > file" >> - update: remove path to executables >> - update: reformatted code and comments (tabs to spaces) >> - update: reworded some msg_log messages >> - update: change exit codes from "1" to unique exit code numbers >> - bug: added check for empty allow/block config file >> - bug: removed auth_zone_reload (had double reload for allow/block) >> - bug: change rpz config file to `chown nobody:nobody` >> - bug: change rpz config file to `chmod 644` >>=20 >> Signed-off-by: Jon Murphy >> --- >> config/rootfiles/packages/rpz | 1 + >> config/rpz/00-rpz.conf | 22 +-- >> config/rpz/block.rpz.conf | 7 + >> config/rpz/rpz-config | 292 ++++++++++++++++++---------------- >> config/rpz/rpz-metrics | 163 ++++++++++--------- >> config/rpz/rpz-sleep | 26 +-- >> lfs/rpz | 20 ++- >> src/paks/rpz/uninstall.sh | 4 + >> src/paks/rpz/update.sh | 22 ++- >> 9 files changed, 297 insertions(+), 260 deletions(-) >> create mode 100644 config/rpz/block.rpz.conf >>=20 >> diff --git a/config/rootfiles/packages/rpz b/config/rootfiles/packages/rpz >> index 183825362..73c3efa06 100644 >> --- a/config/rootfiles/packages/rpz >> +++ b/config/rootfiles/packages/rpz >> @@ -1,4 +1,5 @@ >> etc/unbound/local.d/00-rpz.conf >> +etc/unbound/local.d/block.rpz.conf >> etc/unbound/zonefiles >> etc/unbound/zonefiles/allow.rpz >> etc/unbound/zonefiles/block.rpz >> diff --git a/config/rpz/00-rpz.conf b/config/rpz/00-rpz.conf >> index 72c1d12e5..f005a4f2e 100644 >> --- a/config/rpz/00-rpz.conf >> +++ b/config/rpz/00-rpz.conf >> @@ -1,18 +1,10 @@ >> server: >> - module-config: "respip validator iterator" >> + module-config: "respip validator iterator" >>=20 >> rpz: >> - name: allow.rpz >> - zonefile: /etc/unbound/zonefiles/allow.rpz >> - rpz-action-override: passthru >> - rpz-log: yes >> - rpz-log-name: allow >> - rpz-signal-nxdomain-ra: yes >> - >> -rpz: >> - name: block.rpz >> - zonefile: /etc/unbound/zonefiles/block.rpz >> - rpz-action-override: nxdomain >> - rpz-log: yes >> - rpz-log-name: block >> - rpz-signal-nxdomain-ra: yes >> + name: allow.rpz >> + zonefile: /etc/unbound/zonefiles/allow.rpz >> + rpz-action-override: passthru >> + rpz-log: yes >> + rpz-log-name: allow >> + rpz-signal-nxdomain-ra: yes >> diff --git a/config/rpz/block.rpz.conf b/config/rpz/block.rpz.conf >> new file mode 100644 >> index 000000000..605684257 >> --- /dev/null >> +++ b/config/rpz/block.rpz.conf >> @@ -0,0 +1,7 @@ >> +rpz: >> + name: block.rpz >> + zonefile: /etc/unbound/zonefiles/block.rpz >> + rpz-action-override: nxdomain >> + rpz-log: yes >> + rpz-log-name: block >> + rpz-signal-nxdomain-ra: yes >> diff --git a/config/rpz/rpz-config b/config/rpz/rpz-config >> index a24a5c132..9278aa004 100644 >> --- a/config/rpz/rpz-config >> +++ b/config/rpz/rpz-config >> @@ -19,176 +19,186 @@ >> # = # >> ##########################################################################= ##### >>=20 >> -# v23 - 2024-07-30 >> +version=3D"2024-08-18" # v28 >>=20 >> ############### Functions ############### >>=20 >> msg_log () { >> - /usr/bin/logger --tag "${tagName}" "$*" >> - if tty --silent ; then >> - echo "${tagName}:" "$*" >> - fi >> + logger --tag "${tagName}" "$*" >> + if tty --silent ; then >> + echo "${tagName}:" "$*" >> + fi >> } >>=20 >> check_name () { >> - local testName=3D"${1}" >> - # check for a valid name >> - regex=3D'^[a-zA-Z0-9_]+$' >> - if [[ ! "${testName}" =3D~ $regex ]] ; then >> - msg_log "error: rpz: the NAME is not valid: \"${testName}\". exit." >> - exit 1 >> - fi >> + local testName=3D"${1}" >> + # check for a valid name >> + regex=3D'^[a-zA-Z0-9_]+$' >> + if [[ ! "${testName}" =3D~ $regex ]] || [[ "${testName}" =3D=3D "allo= w" ]] || [[ "${testName}" =3D=3D "block" ]]; then >> + msg_log "error: rpz: the NAME is not valid: \"${testName}\". exit= ." >> + exit 101 >> + fi >> } >>=20 >> check_unbound_conf () { >> - # check the above config files >> - msg_log "info: rpz: check for errors with \"unbound-checkconf\"" >> - /usr/sbin/unbound-checkconf >> - exit_code=3D$? >> - if [[ "${exit_code}" -ne 0 ]] ; then >> - msg_log "error: rpz: unbound-checkconf. exit." >> - exit "${exit_code}" >> - fi >> + # check the above config files >> + msg_log "info: rpz: check for errors with \"unbound-checkconf\"" >> + unbound-checkconf >> + exit_code=3D$? >> + if [[ "${exit_code}" -ne 0 ]] ; then >> + msg_log "error: rpz: unbound-checkconf found invalid configuratio= n." >> + msg_log "error: rpz: In the Terminal run the command \ >> + \"unbound-checkconf\" for more information. exit." >> + exit 102 >> + fi >> } >>=20 >> make_rpz_file () { >> - local theType=3D"${1}" # allow or block >> - >> - theList=3D"/var/ipfire/dns/rpz/${theType}list" # input custom list of do= mains >> - theZoneFile=3D"/etc/unbound/zonefiles/${theType}.rpz" # output file for = RPZ >> - >> - theAction=3D'.' >> - if [[ "${theType}" =3D~ "allow" ]] ; then >> - theAction=3D'rpz-passthru.' >> - fi >> - >> - # does a list exist? >> - if [[ -s "${theList}" ]] ; then >> - # drop any extra "blanks" and add "CNAME ." to each line >> - actionList=3D$( /usr/bin/awk '{$1=3D$1};1' "${theList}" | >> - /bin/sed "/^[^;].*[[:alnum:]]/ s|$| CNAME ${theAction}|" ) >> - >> - msg_log "info: rpz: create zonefile for ${theList}" >> - >> - /bin/cat <<-EOF > "${theZoneFile}" >> - ; Name: ${theType} list >> - ; Last modified: $(date "+%Y-%m-%d at %H.%M.%S %Z") >> - ; >> - ; domains with actions list >> - ; >> - ${actionList} >> - EOF >> - >> - # reload the zone that was just updated >> - zoneBase=3D$( basename "${theZoneFile}" ) >> - /usr/sbin/unbound-control auth_zone_reload -q "${zoneBase}" >> - fi >> + local theType=3D"${1}" # allow or block >> + >> + theList=3D"/var/ipfire/dns/rpz/${theType}list" # input custo= m list of domains >> + theZoneFile=3D"/etc/unbound/zonefiles/${theType}.rpz" # output file= for RPZ >> + >> + # does a list exist? >> + if ! [[ -s "${theList}" ]] ; then >> + msg_log "error: rpz: the ${theList} is empty. exit." >> + exit 103 >> + fi >> + >> + theAction=3D'.' >> + if [[ "${theType}" =3D~ "allow" ]] ; then >> + theAction=3D'rpz-passthru.' >> + fi >> + >> + # drop any extra "blanks" and add "CNAME ." to each line >> + actionList=3D$( awk '{$1=3D$1};1' "${theList}" | >> + sed "/^[^;].*[[:alnum:]]/ s|$| CNAME ${theAction}|" ) >> + >> + msg_log "info: rpz: create zonefile for ${theList}" >> + >> +echo " >> +; Name: ${theType} list >> +; Last modified: $(date "+%Y-%m-%d at %H.%M.%S %Z") >> +; >> +; domains with actions list >> +; >> +${actionList} >> +" > "${theZoneFile}" >> + >> } >>=20 >> ############### Main ############### >>=20 >> tagName=3D"unbound" >>=20 >> -theAction=3D"${1}" # input action >> -theName=3D"${2}" # input RPZ name >> -theURL=3D"${3}" # input RPZ URL >> - >> -check_name "${theName}" # is this a valid name? >> +theAction=3D"${1}" # input action >> +theName=3D"${2}" # input RPZ name >> +theURL=3D"${3}" # input RPZ URL >>=20 >> -rpzConfig=3D"/etc/unbound/local.d/${theName}.rpz.conf" # output zone conf= file >> -rpzFile=3D"/etc/unbound/zonefiles/${theName}.rpz" # output for RPZ file >> +rpzConfig=3D"/etc/unbound/local.d/${theName}.rpz.conf" # output zone = conf file >> +rpzFile=3D"/etc/unbound/zonefiles/${theName}.rpz" # output for R= PZ file >>=20 >> case "${theAction}" in >>=20 >> - # add new rpz list >> - add ) >> - # does this config already exist? If yes, then exit >> - if [[ -f "${rpzConfig}" ]] ; then >> - msg_log "info: rpz: ${rpzConfig} already exists. exit" >> - exit 1 >> - fi >> - >> - # is this a valid URL? >> - regex=3D'^https://[-[:alnum:]\+&@#/%?=3D~_|!:,.;]*[-[:alnum:]\+&@#/%=3D~= _|]' >> - if ! [[ "${theURL}" =3D~ $regex ]] ; then >> - msg_log "error: rpz: the URL is not valid: \"${theURL}\". exit." >> - exit 1 >> - fi >> - >> - # create the zone config file >> - msg_log "info: rpz: add config file \"${theName}.rpz.conf\"" >> - cat <<-EOF > "${rpzConfig}" >> - rpz: >> - name: ${theName}.rpz >> - zonefile: /etc/unbound/zonefiles/${theName}.rpz >> - url: ${theURL} >> - rpz-action-override: nxdomain >> - rpz-log: yes >> - rpz-log-name: ${theName} >> - rpz-signal-nxdomain-ra: yes >> - EOF >> - >> - # set-up zone file >> - /usr/bin/touch "${rpzFile}" >> - # unbound requires these settings for rpz files >> - /bin/chown nobody:nobody "${rpzFile}" >> - /bin/chmod 644 "${rpzFile}" >> - ;; >> - >> - # trash config file & rpz file >> - remove ) >> - if ! [[ -f "${rpzConfig}" ]] ; then >> - msg_log "info: rpz: ${rpzConfig} does not exist. exit" >> - exit 1 >> - fi >> - >> - msg_log "info: rpz: remove config file & rpz file \"${theName}\"" >> - /bin/rm "${rpzConfig}" >> - /bin/rm "${rpzFile}" >> - >> - check_unbound_conf >> - ;; >> - >> - # make a new allow or block rpz file >> - make ) >> - case "${theName}" in >> - allow ) >> - make_rpz_file allow >> - ;; >> - >> - block ) >> - make_rpz_file block >> - ;; >> - >> - allowblock ) >> - make_rpz_file allow >> - make_rpz_file block >> - ;; >> - >> - * ) >> - msg_log "error: rpz: the NAME is not valid: \"${theName}\". exit." >> - exit 1 >> - ;; >> - esac >> - >> - check_unbound_conf >> - ;; >> - >> - *) >> - msg_log "error: rpz: missing or incorrect parameter" >> - /usr/bin/printf "Usage: rpzConfig.sh \n" >> - exit 1 >> - ;; >> + # add new rpz list >> + add ) >> + check_name "${theName}" # is this a valid name? >> + # does this config already exist? If yes, then exit >> + if [[ -f "${rpzConfig}" ]] ; then >> + msg_log "error: rpz: duplicate - ${rpzConfig} already exists.= exit" >> + exit 104 >> + fi >> + >> + # is this a valid URL? >> + regex=3D'^https://[-[:alnum:]\+&@#/%?=3D~_|!:,.;]*[-[:alnum:]\+&@= #/%=3D~_|]' >> + if ! [[ "${theURL}" =3D~ $regex ]] ; then >> + msg_log "error: rpz: the URL is not valid: \"${theURL}\". exi= t." >> + exit 105 >> + fi >> + >> + # create the zone config file >> + msg_log "info: rpz: add config file \"${theName}.rpz.conf\"" >> +echo "rpz: >> + name: ${theName}.rpz >> + zonefile: ${rpzFile} >> + url: ${theURL} >> + rpz-action-override: nxdomain >> + rpz-log: yes >> + rpz-log-name: ${theName} >> + rpz-signal-nxdomain-ra: yes >> +" > "${rpzConfig}" >> + =20 >> + # set-up zonefile >> + # create an empty rpz file >> + touch "${rpzFile}" >> + # unbound requires these settings for rpz files >> + chown nobody:nobody "${rpzFile}" "${rpzConfig}" >> + chmod 644 "${rpzFile}" "${rpzConfig}" >> + ;; >> + >> + # trash config file & rpz file >> + remove ) >> + check_name "${theName}" # is this a valid name? >> + if ! [[ -f "${rpzConfig}" ]] ; then >> + msg_log "error: rpz: cannot remove ${rpzConfig}, does not exi= st. exit" >> + exit 106 >> + fi >> + >> + msg_log "info: rpz: remove config file & rpz file \"${theName}\"" >> + rm "${rpzConfig}" >> + rm "${rpzFile}" >> + >> + check_unbound_conf >> + ;; >> + >> + # make a new allow or block rpz file >> + make ) >> + case "${theName}" in >> + allow ) >> + make_rpz_file allow >> + ;; >> + >> + block ) >> + make_rpz_file block >> + ;; >> + >> + allowblock ) >> + make_rpz_file allow >> + make_rpz_file block >> + ;; >> + >> + * ) >> + msg_log \ >> + "error: rpz: the NAME \"${theName}\" is not valid - \"allow= \" or \"block\" only. exit." >> + exit 107 >> + ;; >> + esac >> + >> + check_unbound_conf >> + ;; >> + =20 >> + list) >> + awk -F' ' '/^name:|\sname:/{ gsub(/.rpz/, "" ) ; printf $2} /\sur= l:|^url:/{print "=3D"$2}' \ >> + /etc/unbound/local.d/*.rpz.conf >> + exit >> + ;; =20 >> + =20 >> + *) >> + msg_log "error: rpz: missing or incorrect parameter" >> + printf "Usage: rpzConfig \n" >> + printf "Version: ${version}\n" >> + exit 108 >> + ;; >>=20 >> esac >>=20 >> -# reload due to the changes >> +# reload due to the changes >> msg_log "rpz: running \"unbound-control reload\"" >> -/usr/sbin/unbound-control reload >> +unbound-control reload >> exit_code=3D$? >> if [[ "${exit_code}" -ne 0 ]] ; then >> - msg_log "error: rpz: unbound-control \"${theName}\". exit." >> - exit "${exit_code}" >> + msg_log "error: rpz: unbound-control \"${theName}\". exit." >> + exit 109 >> fi >>=20 >> exit >> diff --git a/config/rpz/rpz-metrics b/config/rpz/rpz-metrics >> index 4d932726e..d154f70b9 100644 >> --- a/config/rpz/rpz-metrics >> +++ b/config/rpz/rpz-metrics >> @@ -19,62 +19,61 @@ >> # = # >> ##########################################################################= ##### >>=20 >> -# v19 on 2024-07-30 >> +version=3D"2024-08-16" # v20 >>=20 >> ############### Main ############### >>=20 >> -weeks=3D"${1:-2}" # default to two message logs >> -sortBy=3D"${2:-name}" # by name or by hits >> +weeks=3D"${1:-2}" # default to two message logs >> +sortBy=3D"${2:-name}" # by name or by hits >>=20 >> -# get the list of message logs for N weeks >> -messageLogs=3D$( find /var/log/messages* -type f | >> - /usr/bin/sort --version-sort | >> - head -"${weeks}" ) >> +# get the list of message logs for N weeks >> +messageLogs=3D$( find /var/log/messages* -type f | sort --version-sort | >> + head -"${weeks}" ) >>=20 >> -# get the list of RPZ names & counts from the message log(s) >> +# get the list of RPZ names & counts from the message log(s) >> rpzNameCount=3D$( for logf in ${messageLogs} ; do >> - /usr/bin/zgrep --text --extended-regexp 'info: rpz: applied.* A IN$' "${= logf}" | >> - /usr/bin/awk '$10 ~ /\[\w*]/ { print $10 }' ; >> - done | /usr/bin/sort | /usr/bin/uniq --count ) >> + zgrep --text --extended-regexp 'info: rpz: applied.* A IN$' "${logf}"= | >> + awk '$10 ~ /\[\w*]/ { print $10 }' ; >> + done | sort | uniq --count ) >>=20 >> -# flip results and remove brackets `[` and `]` >> -rpzNameCount=3D$( /bin/echo "${rpzNameCount}" | >> - /usr/bin/awk '{ print $2, $1 }' | >> - /bin/sed --regexp-extended 's|^\[(.*)\]|\1|' ) >> +# flip results and remove brackets `[` and `]` >> +rpzNameCount=3D$( echo "${rpzNameCount}" | >> + awk '{ print $2, $1 }' | >> + sed --regexp-extended 's|^\[(.*)\]|\1|' ) >>=20 >> -# grab only names >> -rpzNames=3D$( /bin/echo "${rpzNameCount}" | /usr/bin/awk '{ print $1 }' ) >> +# grab only names >> +rpzNames=3D$( echo "${rpzNameCount}" | awk '{ print $1 }' ) >>=20 >> -# get list of RPZ files >> -rpzFileList=3D$( /bin/find /etc/unbound/zonefiles -type f -iname "*.rpz" ) >> +# get list of RPZ files >> +rpzFileList=3D$( find /etc/unbound/zonefiles -type f -iname "*.rpz" ) >>=20 >> -# get basename of those files >> -rpzBaseNames=3D$( /bin/echo "${rpzFileList}" | >> - /bin/sed 's|/etc/unbound/zonefiles/||g ; s|\.rpz||g ;' ) >> +# get basename of those files >> +rpzBaseNames=3D$( echo "${rpzFileList}" | >> + sed 's|/etc/unbound/zonefiles/||g ; s|\.rpz||g ;' ) >>=20 >> -# add to rpzNames >> +# add to rpzNames >> rpzNames=3D"${rpzNames}"$'\n'"${rpzBaseNames}" >>=20 >> -# drop duplicate names >> -rpzNames=3D$( echo "${rpzNames}" | /usr/bin/sort --unique ) >> +# drop duplicate names >> +rpzNames=3D$( echo "${rpzNames}" | sort --unique ) >>=20 >> -# get line count for each RPZ >> -lineCount=3D$( /bin/echo "${rpzFileList}" | /usr/bin/xargs wc -l ) >> +# get line count for each RPZ >> +lineCount=3D$( echo "${rpzFileList}" | xargs wc -l ) >>=20 >> -# get comment line count and blank line count for each RPZ >> -commentCount=3D$( /bin/echo "${rpzFileList}" | >> - /usr/bin/xargs /bin/grep --count -e "^$" -e "^;" ) >> +# get comment line count and blank line count for each RPZ >> +commentCount=3D$( echo "${rpzFileList}" | >> + xargs grep --count -e "^$" -e "^;" ) >>=20 >> -# get modified date each RPZ >> -modDateList=3D$( /bin/echo "${rpzFileList}" | xargs stat -c '%.10y %n' ) >> +# get modified date each RPZ >> +modDateList=3D$( echo "${rpzFileList}" | xargs stat -c '%.10y %n' ) >>=20 >> -ucListAuthZones=3D$( /usr/sbin/unbound-control list_auth_zones ) >> +ucListAuthZones=3D$( unbound-control list_auth_zones ) >>=20 >> -# get width of RPZ names >> -pWidth=3D$( /bin/echo "${rpzNames}" | /usr/bin/awk '{ print $1" " }' | = wc -L ) >> +# get width of RPZ names >> +pWidth=3D$( echo "${rpzNames}" | awk '{ print $1" " }' | wc -L ) >> pFormat=3D"%-${pWidth}s %-8s %-8s %-8s %10s %12s\n" >>=20 >> -# print title line >> +# print title line >> printf "${pFormat}" "name" "hits" "active" "lines" "hits/line%" "last upda= te" >> printf -- "--------------" >>=20 >> @@ -83,60 +82,60 @@ totalLines=3D0 >> totalHits=3D0 >> while read -r theName >> do >> - printf -- "-" # pretend progress bar >> - # get hit count >> - theHits=3D"0" >> - if output=3D$( /bin/grep "^${theName}\s" <<< "${rpzNameCount}" ) ; then >> - theHits=3D$( /bin/echo "${output}" | >> - /usr/bin/awk '{ print $2 }' ) >> - totalHits=3D$(( totalHits + theHits )) >> - fi >> - >> - # is this RPZ list active? >> - theActive=3D"disabled" >> - if /bin/grep --quiet "^${theName}\.rpz" <<< "${ucListAuthZones}" >> - then >> - theActive=3D"enabled" >> - fi >> - >> - # get line count then subtract comment count and blank line count >> - # from total line count >> - theLines=3D"n/a" >> - hitsPerLine=3D"0" >> - if output=3D$( /bin/grep --fixed-strings "/${theName}.rpz" <<< "${lineCo= unt}" ) ; then >> - theLines=3D$( /bin/echo "${output}" | /usr/bin/awk '{ print $1 }' ) >> - totalLines=3D$(( totalLines + theLines )) >> - >> - if [[ "${theLines}" -gt 2 ]] ; then >> - hitsPerLine=3D$(( 100 * theHits / theLines )) >> - fi >> - fi >> - >> - # get modification date >> - theModDate=3D"n/a" >> - if output=3D$( /bin/grep --fixed-strings "/${theName}.rpz" <<< "${modDat= eList}" ) ; then >> - theModDate=3D$( /bin/echo "${output}" | /usr/bin/awk '{ print $1 }' ) >> - fi >> - >> - # add to results list >> - theResults+=3D"${theName} ${theHits} ${theActive} ${theLines} ${hitsPerL= ine} ${theModDate}"$'\n' >> + printf -- "-" # pretend progress bar >> + # get hit count >> + theHits=3D"0" >> + if output=3D$( grep "^${theName}\s" <<< "${rpzNameCount}" ) ; then >> + theHits=3D$( echo "${output}" | >> + awk '{ print $2 }' ) >> + totalHits=3D$(( totalHits + theHits )) >> + fi >> + >> + # is this RPZ list active? >> + theActive=3D"disabled" >> + if grep --quiet "^${theName}\.rpz" <<< "${ucListAuthZones}" >> + then >> + theActive=3D"enabled" >> + fi >> + >> + # get line count >> + theLines=3D"n/a" >> + hitsPerLine=3D"0" >> + if output=3D$( grep --fixed-strings "/${theName}.rpz" <<< "${lineCoun= t}" ) ; then >> + theLines=3D$( echo "${output}" | awk '{ print $1 }' ) >> + totalLines=3D$(( totalLines + theLines )) >> + >> + if [[ "${theLines}" -gt 2 ]] ; then >> + hitsPerLine=3D$(( 100 * theHits / theLines )) >> + fi >> + fi >> + >> + # get modification date >> + theModDate=3D"n/a" >> + if output=3D$( grep --fixed-strings "/${theName}.rpz" <<< "${modDateL= ist}" ) ; then >> + theModDate=3D$( echo "${output}" | awk '{ print $1 }' ) >> + fi >> + >> + # add to results list >> + theResults+=3D"${theName} ${theHits} ${theActive} ${theLines} ${hitsP= erLine} ${theModDate}"$'\n' >> + =20 >> done <<< "${rpzNames}" >>=20 >> case "${sortBy}" in >> - names|name) sortArg=3D(-k3,3r -k1,1) ;; # sort by "active" then by "name" >> + names|name) sortArg=3D(-k3,3r -k1,1) ;; # sort by "active= " then by "name" >>=20 >> - hits|hit) sortArg=3D(-k3,3r -k2,2nr -k1,1) ;; # sort by "active" then by= "hits" then by "name" >> + hits|hit) sortArg=3D(-k3,3r -k2,2nr -k1,1) ;; # sort by "active= " then by "hits" then by "name" >>=20 >> - lines|line) sortArg=3D(-k3,3r -k4,4nr -k1,1) ;; # sort by "active" then = by "lines" then by "name" >> + lines|line) sortArg=3D(-k3,3r -k4,4nr -k1,1) ;; # sort by "active= " then by "lines" then by "name" >> esac >>=20 >> printf -- "--------------\n" >> -# remove blank lines, sort, print as columns >> -/bin/echo "${theResults}" | >> - /usr/bin/awk '!/^[[:space:]]*$/' | >> - /usr/bin/sort "${sortArg[@]}" | >> - /usr/bin/awk --assign=3Dwidth=3D"${pWidth}" \ >> - '{ printf "%-*s %-8s %-8s %-8s %10s %12s\n", width, $1, $2, $3, $4, $5, = $6 }' >> +# remove blank lines, sort, print as columns >> +echo "${theResults}" | >> + awk '!/^[[:space:]]*$/' | >> + sort "${sortArg[@]}" | >> + awk --assign=3Dwidth=3D"${pWidth}" \ >> + '{ printf "%-*s %-8s %-8s %-8s %10s %12s\n", width, $1, $2, $3, $= 4, $5, $6 }' >>=20 >> printf "${pFormat}" "" "=3D=3D=3D=3D=3D=3D=3D" "" "=3D=3D=3D=3D=3D=3D=3D= =3D" "" "" >> printf "${pFormat}" "Totals -->" "${totalHits}" "" "${totalLines}" "" "" >> diff --git a/config/rpz/rpz-sleep b/config/rpz/rpz-sleep >> index eeef1174a..dd3603599 100644 >> --- a/config/rpz/rpz-sleep >> +++ b/config/rpz/rpz-sleep >> @@ -19,38 +19,38 @@ >> # = # >> ##########################################################################= ##### >>=20 >> -# v04 on 2024-07-05 >> +version=3D"2024-08-16" # v05 >>=20 >> ############### Functions ############### >>=20 >> -# send message to message log >> +# send message to message log >> msg_log () { >> - /usr/bin/logger --tag "${tagName}" "$*" >> - if /usr/bin/tty --silent ; then >> - echo "${tagName}:" "$*" >> - fi >> + logger --tag "${tagName}" "$*" >> + if tty --silent ; then >> + echo "${tagName}:" "$*" >> + fi >> } >>=20 >> ############### Main ############### >>=20 >> tagName=3D"unbound" >>=20 >> -sleepTime=3D"${1:-5m}" # default to sleep for 5m (5 minutes) >> +sleepTime=3D"${1:-5m}" # default to sleep for 5m (5 minutes) >>=20 >> -zoneList=3D$( /usr/sbin/unbound-control list_auth_zones | /usr/bin/awk '{= print $1}' ) >> +zoneList=3D$( unbound-control list_auth_zones | awk '{print $1}' ) >>=20 >> for zone in ${zoneList} ; do >> - /usr/bin/printf "disable ${zone}\t" >> - /usr/sbin/unbound-control rpz_disable "${zone}" >> + printf "disable ${zone}\t" >> + unbound-control rpz_disable "${zone}" >> done >>=20 >> msg_log "info: rpz: disabled all zones for ${sleepTime}" >>=20 >> -/bin/sleep "${sleepTime}" >> +sleep "${sleepTime}" >>=20 >> for zone in ${zoneList} ; do >> - /usr/bin/printf "enable ${zone}\t" >> - /usr/sbin/unbound-control rpz_enable "${zone}" >> + printf "enable ${zone}\t" >> + unbound-control rpz_enable "${zone}" >> done >>=20 >> msg_log "info: rpz: enabled all zones" >> diff --git a/lfs/rpz b/lfs/rpz >> index 73f6f2b1b..16d1d0803 100644 >> --- a/lfs/rpz >> +++ b/lfs/rpz >> @@ -62,25 +62,31 @@ $(TARGET) : >> @$(PREBUILD) >> @rm -rf $(DIR_APP) >>=20 >> - # install RPZ scripts >> + # install RPZ scripts >> install -v -m 755 \ >> $(DIR_CONF)/rpz/{rpz-config,rpz-metrics,rpz-sleep} -t /usr/sbin >>=20 >> + # Add conf file to /etc directory >> + cp -vf $(DIR_CONF)/rpz/00-rpz.conf /etc/unbound/local.d >> + cp -vf $(DIR_CONF)/rpz/block.rpz.conf /etc/unbound/local.d >> + >> # Install settings folder and two empty files >> mkdir -pv /var/ipfire/dns/rpz >> touch /var/ipfire/dns/rpz/allowlist >> touch /var/ipfire/dns/rpz/blocklist >>=20 >> - # Add conf file to /etc directory >> - cp -vf $(DIR_CONF)/rpz/00-rpz.conf /etc/unbound/local.d >> - >> - # create zonefiles directory for the RPZ files and add two empty RPZ >> - # files to avoid a unbound config error >> + # create zonefiles directory for the RPZ files and add two empty RPZ >> + # files to avoid a unbound config error >> mkdir -pv /etc/unbound/zonefiles >> - chown -v nobody:nobody /etc/unbound/zonefiles >> touch /etc/unbound/zonefiles/allow.rpz >> touch /etc/unbound/zonefiles/block.rpz >>=20 >> + # set owner for unbound related files >> + chown -vR nobody:nobody \ >> + /var/ipfire/dns/rpz \ >> + /etc/unbound/zonefiles \ >> + /etc/unbound/local.d >> + >> # Install backup definition >> cp -vf $(DIR_CONF)/backup/includes/rpz /var/ipfire/backup/addons/includes/= rpz >>=20 >> diff --git a/src/paks/rpz/uninstall.sh b/src/paks/rpz/uninstall.sh >> index 4fb20e127..51edaa176 100644 >> --- a/src/paks/rpz/uninstall.sh >> +++ b/src/paks/rpz/uninstall.sh >> @@ -27,5 +27,9 @@ >> make_backup ${NAME} >> remove_files >>=20 >> +# delete rpz config files. Otherwise unbound will throw error: >> +# "[1723428668] unbound-control[17117:0] error: connect: Connection re= fused for 127.0.0.1 port 8953" >> +/bin/rm -fv /etc/unbound/local.d/*.rpz.conf >> + >> # start unbound to load unbound config file >> /etc/init.d/unbound start >> diff --git a/src/paks/rpz/update.sh b/src/paks/rpz/update.sh >> index 938a93a40..fd46a185a 100644 >> --- a/src/paks/rpz/update.sh >> +++ b/src/paks/rpz/update.sh >> @@ -20,6 +20,24 @@ >> ##########################################################################= ##### >> # >> . /opt/pakfire/lib/functions.sh >> + >> +# from update.sh >> extract_backup_includes >> -./uninstall.sh >> -./install.sh >> + >> +# stop unbound to delete RPZ conf file >> +/etc/init.d/unbound stop >> + >> +# from uninstall.sh >> +make_backup ${NAME} >> +remove_files >> + >> +# delete rpz config files. Otherwise unbound will throw error: >> +# "unbound-control[nn:0] error: connect: Connection refused for 127.0.= 0.1 port 8953" >> +/bin/rm --verbose --force /etc/unbound/local.d/*.rpz.conf >> + >> +# from install.sh >> +extract_files >> +restore_backup ${NAME} >> + >> +# restart unbound to load config files >> +/etc/init.d/unbound start >> --=20 >> 2.30.2 >>=20 >=20 > Jon >=20 >=20 > --=20 > Jon Murphy > jon.murphy(a)ipfire.org >=20 >=20 >=20 >=20 --===============2070605023572726116==--