SpecialistOff.NET / Вопросы / Статьи / Фрагменты кода / Резюме / Метки / Помощь / Файлы
Список вопросов ПечатьМетки: dns centos dnscrypt безопасность
| RemiZOffAlex Создано: 2018-02-24 08:09:31.544675 Обновлено: 2018-02-24 08:09:31.544675 |
|---|
CentOS 7Создать каталог mkdir /etc/dnscrypt Файл /etc/systemd/system/dnscrypt.service [Unit] Description = DNSCrypt Documentation = man:dnscrypt-proxy(8) After = network.target iptables.target [Service] Type = forking ExecStart = /etc/dnscrypt/dnscrypt.py start Restart = always ExecStopPost = /etc/dnscrypt/dnscrypt.py stop Перечитываем конфигурацию systemd systemctl daemon-reload Файл /etc/dnscrypt/dnscrypt.py
#!/usr/bin/env python3
# -*- coding: UTF-8 -*-
__author__ = 'RemiZOffAlex'
__copyright__ = '(c) RemiZOffAlex'
__license__ = 'MIT'
__email__ = 'remizoffalex@mail.ru'
__url__ = 'http://remizoffalex.ru'
# Т.к. на основном интерфейсе 127.0.0.1 висит bind,
# то нумерация начинается с 2
import os
import sys
import json
from subprocess import Popen, PIPE
CONFFILE = '/etc/dnscrypt/dnscrypt.conf'
LOGFILE = '/var/log/dnscrypt.log'
#Run shell command
def run_cmd(cmd):
p = Popen(cmd, shell=True, stdout=PIPE)
output = p.communicate()[0]
return output
def start():
with open(CONFFILE, 'r') as f:
confdata = json.load(f)
for idx,item in enumerate(confdata):
if os.path.exists(item['pid'])==True:
print('Service <{}> already running'.format(item['description']))
else:
print('Starting service…')
run_cmd('/usr/sbin/ip addr add {}/32 dev lo label lo:{}'.format(item['ip'], idx))
run_cmd('/bin/touch ' + item['pid'])
run_cmd('/bin/chmod 666 ' + item['pid'])
run_cmd('/usr/sbin/dnscrypt-proxy --daemonize --logfile=' + item['log'] + ' ' +
'--pidfile=' + item['pid'] + ' --local-address=' + item['ip'] + ':53' + ' ' +
'--provider-key=' + item['key'] + ' ' +
'--provider-name=' + item['name'] + ' --resolver-address=' + item['address'])
print('Service started')
def stop():
with open(CONFFILE, 'r') as f:
confdata = json.load(f)
for idx,item in enumerate(confdata):
if os.path.exists(item['pid'])==False:
print('Service <{}> not running'.format(item['description']))
else:
print('Stopping service…')
run_cmd('kill -s 15 $(cat "{}")'.format(item['pid']))
run_cmd('rm -f "{}"'.format(item['pid']))
print('Service stopped')
run_cmd('/usr/sbin/ip addr del {}/32 dev lo label lo:{}'.format(item['ip'], idx))
def restart():
stop()
start()
if __name__ == "__main__":
if len(sys.argv) == 2:
if 'start' == sys.argv[1]:
start()
elif 'stop' == sys.argv[1]:
stop()
elif 'restart' == sys.argv[1]:
restart()
else:
print("Unknown command")
sys.exit(2)
sys.exit(0)
else:
print("Usage: %s start|stop|restart" % sys.argv[0])
sys.exit(2)
Делаем исполнимым chmod +x /etc/dnscrypt/dnscrypt.py Файл /etc/dnscrypt/dnscrypt.conf
[
{
"log": "/var/log/dnscrypt/dnscrypt2.log",
"ip": "127.0.0.2",
"description": "DNSCrypt.eu Holland",
"pid": "/var/run/dnscrypt2.pid",
"address": "176.56.237.171:443",
"key": "67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66",
"name": "2.dnscrypt-cert.resolver1.dnscrypt.eu"
},
{
"log": "/var/log/dnscrypt/dnscrypt3.log",
"ip": "127.0.0.3",
"description": "Cypherpunks.ru",
"pid": "/var/run/dnscrypt3.pid",
"address": "77.51.181.209:5353",
"key": "1838:CCA3:D953:0A66:3433:5D50:05BD:3758:44E3:977E:E868:2B6C:5528:12BD:A78D:2E99",
"name": "2.dnscrypt-cert.cypherpunks.ru"
},
{
"log": "/var/log/dnscrypt/dnscrypt4.log",
"ip": "127.0.0.4",
"description": "Babylon Network Netherlands 0",
"pid": "/var/run/dnscrypt4.pid",
"address": "87.253.152.190:5353",
"key": "8794:070A:143D:35CA:1CA6:32E7:B189:3028:4EAE:5DAF:EBB4:01E3:DF52:E9F0:37AB:D182",
"name": "2.dnscrypt-cert.babylon.network"
},
{
"log": "/var/log/dnscrypt/dnscrypt5.log",
"ip": "127.0.0.5",
"description": "CS England DNSCrypt server",
"pid": "/var/run/dnscrypt5.pid",
"address": "5.101.137.251:443",
"key": "3133:72AD:5956:32C2:416B:872F:098F:851B:DDB9:6528:4C6C:BE9A:4F19:0964:30DB:A95A",
"name": "2.dnscrypt-cert.cryptostorm.is"
}
]
Запускаем systemctl start dnscrypt |