diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 4c5b15c..9e070fc 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -145,7 +145,7 @@ version|-v|--version) help|-h|--help) usage ;; -bootstrap|create|destroy|export|import|list|rdr|restart|start|update|upgrade|verify) +bootstrap|create|destroy|export|import|list|rdr|restart|setup|start|update|upgrade|verify) # Nothing "extra" to do for these commands. -- cwells ;; clone|config|cmd|console|convert|cp|edit|htop|limits|mount|pkg|rename|service|stop|sysrc|tags|template|top|umount|zfs) diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 79bc3cf..5bc22d3 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index f39b84d..e4e85e0 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index 8047ded..137ea05 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 864c01f..7d70f40 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 3a08927..2ad5379 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index 64c4b57..16f5c59 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index dc72973..48fda14 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 1cfa283..cf895fe 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 437086b..9fb488e 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index 7126edb..31986f7 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/edit.sh b/usr/local/share/bastille/edit.sh index 0e6996a..08c08f1 100644 --- a/usr/local/share/bastille/edit.sh +++ b/usr/local/share/bastille/edit.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index d57854f..6d8bd44 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index b3ecdf7..d2e1c55 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index ce7a417..65350f3 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index 87dde8d..41fcd20 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # Ressource limits added by Sven R github.com/hackacad # diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index a71cbc2..0004c98 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 96bd768..673187f 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 32a18ef..0f05401 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index 9ae5559..850fcb9 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index b59ab47..394de40 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index 0942d72..22faa3a 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index f0b5836..dfd5d66 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh new file mode 100644 index 0000000..1744ad9 --- /dev/null +++ b/usr/local/share/bastille/setup.sh @@ -0,0 +1,125 @@ +#!/bin/sh +# +# Copyright (c) 2018-2022, Christer Edwards +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# * Neither the name of the copyright holder nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +. /usr/local/share/bastille/common.sh + +usage() { + error_exit "Usage: bastille setup [pf|bastille0|zfs|vnet]" +} + +# Check for too many args +if [ $# -gt 1 ]; then + usage +fi + +# Configure bastille0 network interface +configure_bastille0() { + info "Configuring bastille0 loopback interface" + sysrc cloned_interfaces+=lo1 + sysrc ifconfig_lo1_name="bastille0" + + info "Bringing up new interface: bastille0" + service netif cloneup +} + +configure_vnet() { + info "Configuring bridge interface" + sysrc cloned_interfaces+=bridge1 + sysrc ifconfig_bridge1_name=bastille1 + + info "Bringing up new interface: bastille1" + service netif cloneup +} + +# Configure pf firewall +configure_pf() { +if [ ! -f "/etc/pf.conf" ]; then + local ext_if + ext_if=$(netstat -rn | awk '/default/ {print $4}' | head -n1) + info "Determined default network interface: ($ext_if)" + info "/etc/pf.conf does not exist: creating..." + + ## creating pf.conf + cat << EOF > /etc/pf.conf +## generated by bastille setup +ext_if="$ext_if" + +set block-policy return +scrub in on \$ext_if all fragment reassemble +set skip on lo + +table persist +nat on \$ext_if from to any -> (\$ext_if:0) +rdr-anchor "rdr/*" + +block in all +pass out quick keep state +antispoof for \$ext_if inet +pass in inet proto tcp from any to any port ssh flags S/SA keep state +EOF + sysrc pf_enable=YES +else + error_exit "/etc/pf.conf already exists. Exiting." +fi +} + +# Configure ZFS +configure_zfs() { + if [ ! "$(kldstat -q -m zfs)" ]; then + info "ZFS module not loaded; skipping..." + else + bastille_zroot=$(zpool list | grep -v NAME | awk '{print $1}') + sysrc -f "${bastille_prefix}/bastille.conf" bastille_zfs_enable=YES + sysrc -f "${bastille_prefix}/bastille.conf" bastille_zfs_zpool="${bastille_zroot}" + fi +} + +# Run all functions if no args (default) +if [ $# -eq 0 ]; then + configure_bastille0 + configure_pf + configure_zfs +fi + +# Handle special-case commands first. +case "$1" in +help|-h|--help) + usage + ;; +pf|firewall) + configure_pf + ;; +bastille0|network) + configure_bastille0 + ;; +zfs) + configure_zfs + ;; +esac diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 1586b02..83aaf1a 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 728f2ff..ab60095 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index ba00497..6429d28 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index fe963ff..058431b 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 6d5535d..59ade59 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 1c210ec..315656c 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index fadf6e9..96dff72 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index d6f5074..030c779 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index c1bca9f..7e1da3e 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 5eb7943..d78c400 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2022, Christer Edwards +# Copyright (c) 2018-2023, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without