BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

POC RC1

Browse Source 
POC for Bastille Linux Compat
This commit is contained in:
Bike Dude
2021-02-10 10:09:15 +01:00
parent e7959a3f67
commit 373eafa4d6
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
usr/local/share/bastille/console.sh
View File

@@ -53,7 +53,7 @@ validate_user() {
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)" USER_SHELL="$(jexec -l "${_jail}" getent passwd "${USER}" | cut -d: -f7)"
if [ -n "${USER_SHELL}" ]; then if [ -n "${USER_SHELL}" ]; then
if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
jexec -l "${_jail}" /usr/bin/login -f "${USER}" jexec -l "${_jail}" $LOGIN -f "${USER}"
else else
echo "Invalid shell for user ${USER}" echo "Invalid shell for user ${USER}"
fi fi
@@ -76,11 +76,12 @@ check_fib() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "[${_jail}]:" info "[${_jail}]:"
LOGIN="$(jexec -l "${_jail}" which login)" #needs to be added for validate_user as well @hackacad
if [ -n "${USER}" ]; then if [ -n "${USER}" ]; then
validate_user validate_user
else else
check_fib LOGIN="$(jexec -l "${_jail}" which login)" #needs to be added for validate_user as well @hackacad
${_setfib} jexec -l "${_jail}" /usr/bin/login -f root ${_setfib} jexec -l "${_jail}" $LOGIN -f root
fi fi
echo echo
done done

21
usr/local/share/bastille/create.sh
View File

@@ -229,9 +229,8 @@ create_jail() {
mkdir -p "${bastille_jailsdir}/${NAME}/root" mkdir -p "${bastille_jailsdir}/${NAME}/root"
fi fi
fi fi
## PoC for Linux jails @hackacad
if [ -n "${LINUX_JAIL}" ]; then if [ -n "${LINUX_JAIL}" ]; then
echo "Hit LinJail" #SRDEBUG
if [ ! -d "${bastille_jail_base}" ]; then if [ ! -d "${bastille_jail_base}" ]; then
mkdir -p "${bastille_jail_base}" mkdir -p "${bastille_jail_base}"
fi fi
@@ -242,11 +241,8 @@ create_jail() {
mkdir -p "${bastille_jail_path}/tmp" mkdir -p "${bastille_jail_path}/tmp"
touch "${bastille_jail_path}/dev/shm" touch "${bastille_jail_path}/dev/shm"
touch "${bastille_jail_path}/dev/fd" touch "${bastille_jail_path}/dev/fd"
echo "${bastille_releasesdir}/${RELEASE}/" #SRDEBUG
echo "${bastille_jail_path}/" #SRDEBUG
cp -RPf ${bastille_releasesdir}/${RELEASE}/* ${bastille_jail_path}/ cp -RPf ${bastille_releasesdir}/${RELEASE}/* ${bastille_jail_path}/
ln -s ${bastille_jail_path}/bin/login ${bastille_jail_path}/usr/bin/login echo ${NAME} ${bastille_jail_path}/etc/hostname
echo "CP Done" #SRDEBUG
if [ ! -d "${bastille_jail_template}" ]; then if [ ! -d "${bastille_jail_template}" ]; then
mkdir -p "${bastille_jail_template}" mkdir -p "${bastille_jail_template}"
@@ -428,7 +424,8 @@ create_jail() {
chmod 0700 "${bastille_jailsdir}/${NAME}" chmod 0700 "${bastille_jailsdir}/${NAME}"
# Jail must be started before applying the default template. -- cwells # Jail must be started before applying the default template. -- cwells
if [ -z "${EMPTY_JAIL}" ] && [ -z "${LINUX_JAIL}" ]; then # if [ -z "${EMPTY_JAIL}" ] && [ -z "${LINUX_JAIL}" ]; then #SRDEBUB
if [ -z "${EMPTY_JAIL}" ]; then
bastille start "${NAME}" bastille start "${NAME}"
elif [ -n "${EMPTY_JAIL}" ]; then elif [ -n "${EMPTY_JAIL}" ]; then
# Don't start empty jails unless a template defined. # Don't start empty jails unless a template defined.
@@ -436,7 +433,6 @@ create_jail() {
bastille start "${NAME}" bastille start "${NAME}"
fi fi
fi fi
if [ -n "${VNET_JAIL}" ]; then if [ -n "${VNET_JAIL}" ]; then
if [ -n "${bastille_template_vnet}" ]; then if [ -n "${bastille_template_vnet}" ]; then
## rename interface to generic vnet0 ## rename interface to generic vnet0
@@ -462,8 +458,13 @@ create_jail() {
if [ -n "${bastille_template_empty}" ]; then if [ -n "${bastille_template_empty}" ]; then
bastille template "${NAME}" ${bastille_template_empty} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" bastille template "${NAME}" ${bastille_template_empty} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
fi fi
## Using templating function to fetch neccesary packges @hackacad
elif [ -n "${LINUX_JAIL}" ]; then elif [ -n "${LINUX_JAIL}" ]; then
warn "Templates not available for Linux jails yet." info "Fetchting packages..."
#jexec -l "${NAME}" /bin/bash -c "export DEBIAN_FRONTEND=noninteractive" #SRDEBUG
jexec -l "${NAME}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive rm /var/cache/apt/archives/rsyslog*.deb"
jexec -l "${NAME}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive dpkg --force-depends --force-confdef --force-confold -i /var/cache/apt/archives/*.deb"
jexec -l "${NAME}" /bin/bash -c "DEBIAN_FRONTEND=noninteractive dpkg --force-depends --force-confdef --force-confold -i /var/cache/apt/archives/*.deb"
else # Thin jail. else # Thin jail.
if [ -n "${bastille_template_thin}" ]; then if [ -n "${bastille_template_thin}" ]; then
bastille template "${NAME}" ${bastille_template_thin} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}" bastille template "${NAME}" ${bastille_template_thin} --arg BASE_TEMPLATE="${bastille_template_base}" --arg HOST_RESOLV_CONF="${bastille_resolv_conf}"
@@ -473,12 +474,10 @@ create_jail() {
# Apply values changed by the template. -- cwells # Apply values changed by the template. -- cwells
if [ -z "${EMPTY_JAIL}" ] && [ -z "${LINUX_JAIL}" ]; then if [ -z "${EMPTY_JAIL}" ] && [ -z "${LINUX_JAIL}" ]; then
bastille restart "${NAME}" bastille restart "${NAME}"
echo "2.1" #SRDEBUG
elif [ -n "${EMPTY_JAIL}" ]; then elif [ -n "${EMPTY_JAIL}" ]; then
# Don't restart empty jails unless a template defined. # Don't restart empty jails unless a template defined.
if [ -n "${bastille_template_empty}" ]; then if [ -n "${bastille_template_empty}" ]; then
bastille restart "${NAME}" bastille restart "${NAME}"
echo "2.2" #SRDEBUG
fi fi
fi fi
} }