From 919d5377f002ca1e0f875433ca9567c6cb0a3094 Mon Sep 17 00:00:00 2001 From: Jean28518 Date: Thu, 1 Aug 2024 21:02:09 +0200 Subject: [PATCH] New Patch: dns forwarder resolve only #134 --- .../patches/2024-08-01_dns_forwarder_only.sh | 23 +++++++++++++++++++ .../unix_scripts/general/setup_samba_dc.sh | 5 ++++ src/lac/unix/unix_scripts/service.py | 2 +- 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 src/lac/unix/unix_scripts/general/patches/2024-08-01_dns_forwarder_only.sh diff --git a/src/lac/unix/unix_scripts/general/patches/2024-08-01_dns_forwarder_only.sh b/src/lac/unix/unix_scripts/general/patches/2024-08-01_dns_forwarder_only.sh new file mode 100644 index 0000000..2cf8602 --- /dev/null +++ b/src/lac/unix/unix_scripts/general/patches/2024-08-01_dns_forwarder_only.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Get the current file name +FILE_NAME=$(basename $0) +# Get the date of the filename which is like this: 2024-06-25 +DATE=${FILE_NAME:0:10} +# Check if the file is older than 365 days +if [ $(( ($(date +%s) - $(date -d $DATE +%s)) / 86400 )) -gt 365 ]; then + echo "Patch is older than 365 days. Exiting patch." + exit 0 +fi + +# Check if we need to apply the patch +# Check if "dns forwarder resolve only" is set in /etc/samba/smb.conf. If yes, then we need to exit the patch +if grep -q "dns forwarder resolve only" /etc/samba/smb.conf; then + echo "dns forwarder resolve only is already set. Exiting patch." + exit 0 +fi + +# Set "dns forwarder resolve only" in /etc/samba/smb.conf +echo "" >> /etc/samba/smb.conf +echo "# Only resolve DNS requests via the forwarder" >> /etc/samba/smb.conf +echo "dns forwarder resolve only = yes" >> /etc/samba/smb.conf \ No newline at end of file diff --git a/src/lac/unix/unix_scripts/general/setup_samba_dc.sh b/src/lac/unix/unix_scripts/general/setup_samba_dc.sh index 236181e..03302ff 100644 --- a/src/lac/unix/unix_scripts/general/setup_samba_dc.sh +++ b/src/lac/unix/unix_scripts/general/setup_samba_dc.sh @@ -99,6 +99,11 @@ echo "tls keyfile = /etc/samba/tls/myKey.pem" >> /etc/samba/smb.conf echo "tls certfile = /etc/samba/tls/myCert.pem" >> /etc/samba/smb.conf echo "tls cafile =" >> /etc/samba/smb.conf +# Because of +echo "" >> /etc/samba/smb.conf +echo "# Only resolve DNS requests via the forwarder" >> /etc/samba/smb.conf +echo "dns forwarder resolve only = yes" >> /etc/samba/smb.conf + # Restart samba systemctl restart samba-ad-dc diff --git a/src/lac/unix/unix_scripts/service.py b/src/lac/unix/unix_scripts/service.py index 762aadc..805ddec 100644 --- a/src/lac/unix/unix_scripts/service.py +++ b/src/lac/unix/unix_scripts/service.py @@ -131,7 +131,7 @@ def ensure_fingerprint_is_trusted(): possible_modules = os.listdir("/usr/share/linux-arbeitsplatz/unix/unix_scripts/") # Filter all folders which don't have a path like /root/[folder] # (Because we only want to run patches for installed modules or addons) - possible_modules = [folder for folder in possible_modules if os.path.isdir(f"/root/{folder}") or folder == "nextcloud"] + possible_modules = [folder for folder in possible_modules if os.path.isdir(f"/root/{folder}") or folder == "nextcloud" or folder == "general"] # Make the paths absolute for i in range(len(possible_modules)): possible_modules[i] = f"/usr/share/linux-arbeitsplatz/unix/unix_scripts/{possible_modules[i]}"