BastilleBSD/bastille
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Workaround to combine options first, code cleanup/maintenance

Browse Source
This commit is contained in:
Jose
2020-02-18 17:04:06 -04:00
parent c6357127ea
commit 3b8c339dfa
1 changed files with 66 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files
usr/local/share/bastille/create.sh
+66 -45
View File
@@ -56,17 +56,17 @@ validate_ip() {
IP6_MODE="new" IP6_MODE="new"
else else
local IFS local IFS
if echo "${IP}" | grep -E '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$' >/dev/null; then if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
TEST_IP=$(echo ${IP} | cut -d / -f1) TEST_IP=$(echo ${IP} | cut -d / -f1)
IFS=. IFS=.
set ${TEST_IP} set ${TEST_IP}
for quad in 1 2 3 4; do for quad in 1 2 3 4; do
if eval [ \$$quad -gt 255 ]; then if eval [ \$$quad -gt 255 ]; then
echo "fail (${TEST_IP})" echo "Invalid: (${TEST_IP})"
exit 1 exit 1
fi fi
done done
if ifconfig | grep -w "$TEST_IP" >/dev/null; then if ifconfig | grep -qw "$TEST_IP"; then
echo -e "${COLOR_YELLOW}Warning: ip address already in use (${TEST_IP}).${COLOR_RESET}" echo -e "${COLOR_YELLOW}Warning: ip address already in use (${TEST_IP}).${COLOR_RESET}"
else else
echo -e "${COLOR_GREEN}Valid: (${IP}).${COLOR_RESET}" echo -e "${COLOR_GREEN}Valid: (${IP}).${COLOR_RESET}"
@@ -146,11 +146,14 @@ generate_vnet_jail_conf() {
## define uniq_epair ## define uniq_epair
local list_jails_num=$(bastille list jails | wc -l | awk '{print $1}') local list_jails_num=$(bastille list jails | wc -l | awk '{print $1}')
local num_range=$(expr "${list_jails_num}" + 1) local num_range=$(expr "${list_jails_num}" + 1)
jail_list=$(bastille list jail)
for _num in $(seq 0 "${num_range}"); do for _num in $(seq 0 "${num_range}"); do
if ! grep "e0b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf >/dev/null; then for _jail in ${jail_list}; do
uniq_epair="bastille${_num}" if ! grep -q "e0b_bastille${_num}" "${bastille_jailsdir}"/${_jail}/jail.conf; then
break uniq_epair="bastille${_num}"
fi break
fi
done
done done
## generate config ## generate config
@@ -330,26 +333,26 @@ create_jail() {
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" sendmail_enable=NONE /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" sendmail_enable=NONE
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" cron_flags='-J 60' /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" cron_flags='-J 60'
## VNET specific ## VNET specific
if [ -n "${VNET_JAIL}" ]; then if [ -n "${VNET_JAIL}" ]; then
## rename interface to generic vnet0 ## rename interface to generic vnet0
uniq_epair=$(grep vnet.interface ${bastille_jailsdir}/${NAME}/jail.conf | awk '{print $3}' | sed 's/;//') uniq_epair=$(grep vnet.interface ${bastille_jailsdir}/${NAME}/jail.conf | awk '{print $3}' | sed 's/;//')
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" "ifconfig_${uniq_epair}_name"=vnet0 /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" "ifconfig_${uniq_epair}_name"=vnet0
## if 0.0.0.0 set DHCP ## if 0.0.0.0 set DHCP
## else set static address ## else set static address
if [ "${IP}" == "0.0.0.0" ]; then if [ "${IP}" == "0.0.0.0" ]; then
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="DHCP" /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="DHCP"
else else
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}" /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}"
fi fi
## VNET requires jib script ## VNET requires jib script
if [ ! $(command -v jib) ]; then if [ ! $(command -v jib) ]; then
if [ -f /usr/share/examples/jails/jib ] && [ ! -f /usr/local/bin/jib ]; then if [ -f /usr/share/examples/jails/jib ] && [ ! -f /usr/local/bin/jib ]; then
install -m 0544 /usr/share/examples/jails/jib /usr/local/bin/jib install -m 0544 /usr/share/examples/jails/jib /usr/local/bin/jib
fi fi
fi fi
fi fi
fi fi
@@ -374,43 +377,61 @@ if [ $(echo $3 | grep '@' ) ]; then
BASTILLE_JAIL_INTERFACES=$( echo $3 | awk -F@ '{print $1}') BASTILLE_JAIL_INTERFACES=$( echo $3 | awk -F@ '{print $1}')
fi fi
TYPE="$1" ## reset this options
NAME="$2" THICK_JAIL=""
RELEASE="$3" VNET_JAIL=""
IP="$4"
INTERFACE="$5"
## handle additional options ## handle combined options
case "${TYPE}" in if [ "${1}" = "-T" -o "${1}" = "--thick" -o "${1}" = "thick" ] && \
-T|--thick|thick) [ "${2}" = "-V" -o "${2}" = "--vnet" -o "${2}" = "vnet" ]; then
if [ $# -gt 5 ] || [ $# -lt 4 ]; then
NAME="$3"
RELEASE="$4"
IP="$5"
INTERFACE="$6"
if [ $# -gt 6 ] || [ $# -lt 5 ]; then
usage usage
fi fi
THICK_JAIL="1" THICK_JAIL="1"
break
;;
-V|--vnet|vnet)
if [ $# -gt 5 ] || [ $# -lt 4 ]; then
usage
fi
VNET_JAIL="1" VNET_JAIL="1"
break break
;; else
-*) ## handle single options
echo -e "${COLOR_RED}Unknown Option.${COLOR_RESET}" NAME="$2"
usage RELEASE="$3"
;; IP="$4"
*) INTERFACE="$5"
if [ $# -gt 4 ] || [ $# -lt 3 ]; then
case "${1}" in
-T|--thick|thick)
if [ $# -gt 5 ] || [ $# -lt 4 ]; then
usage
fi
THICK_JAIL="1"
break
;;
-V|--vnet|vnet)
if [ $# -gt 5 ] || [ $# -lt 4 ]; then
usage
fi
VNET_JAIL="1"
break
;;
-*)
echo -e "${COLOR_RED}Unknown Option.${COLOR_RESET}"
usage usage
fi ;;
THICK_JAIL="" *)
NAME="$1" if [ $# -gt 4 ] || [ $# -lt 3 ]; then
RELEASE="$2" usage
IP="$3" fi
INTERFACE="$4" NAME="$1"
;; RELEASE="$2"
esac IP="$3"
INTERFACE="$4"
;;
esac
fi
## don't allow for dots(.) in container names ## don't allow for dots(.) in container names
if [ $(echo "${NAME}" | grep "[.]") ]; then if [ $(echo "${NAME}" | grep "[.]") ]; then