On monday my ISPconfig installation was visciously chowned. The intruders installed a root kit using a php vulnerability. B*******. Luck I keep backups of all data and configs hey? (i will post my backup script here as soon as I have got this machine back up!) Well, after rebuilding the server (thankfully this is a Xen based virtual machine) I now have an almost working ISPconfig virtual machine. Method: install FC5, follow howtoforge setup for ISPConfig, restore ispconfig system db using phpscript, restore user data from backups, restore user databases from backups. Final missing step? Well, I need to recover the pri.* DNS zone files. And I don't appear to be able to do so! The generate configuration script did not generate the DNS zone files. And when I copy them accross from the backup bind still doesn't find them. Does anyone have any pointers for me?
my server FC5 with ISPconfig 2.2.6. Followed howtoforge perfect setup so running bind in chroot environment.
testing..... Some output of commands...... [root@ns5 /]# ls -la /var/named/chroot/var drwxrwxr-x 5 root named 4096 Oct 11 09:34 . drwxrwxr-x 6 root named 4096 Oct 11 09:34 .. drwxrwxr-x 4 root named 4096 Oct 11 09:34 named drwxrwxr-x 4 root named 4096 Oct 11 09:34 run drwxrwx--- 2 named named 4096 Mar 13 2003 tmp [root@ns5 /]# ls -la /var/named/chroot/var/named total 72 drwxrwxr-x 4 root named 4096 Oct 11 09:34 . drwxrwxr-x 5 root named 4096 Oct 11 09:34 .. lrwxrwxrwx 1 root root 6 Oct 11 09:34 chroot -> ../../ drwxrwx--- 2 named named 4096 Aug 25 2004 data -rw-r----- 1 root named 198 Mar 9 2006 localdomain.zone -rw-r----- 1 root named 195 Mar 9 2006 localhost.zone -rw-r----- 1 root named 427 Mar 9 2006 named.broadcast -rw-r----- 1 root named 2518 Mar 9 2006 named.ca -rw-r----- 1 root named 424 Mar 9 2006 named.ip6.local -rw-r----- 1 root named 426 Mar 9 2006 named.local -rw-r----- 1 root named 427 Mar 9 2006 named.zero drwxrwx--- 2 named named 4096 Jul 27 2004 slaves
watching my log files right...I grabbed th ezone files from the old machine.....and when i restart named.... lame server
Resolved. I noticed that in my setup I'd got my IPs mixed up: hostname1 had the ip of hostname2 and vice versa. So I changed the URLs in the ispconfig config php file. I copied my backup zone files in to /var/named/chroot/var/named I re-did the steps in the howtoforge perect setup to set the right ownership and permissions. Then I restarted named, checked my logs, checked I could resolve against the machine and - \o/ ! it worked! Lesson 1 - check for phat finger mistakes. Lesson 2 - double check you've followed the howtoforge
