Merge pull request #2 from cedwards/master

cleanup old mock-ups

CODE-OF-CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at conduct@bastillebsd.org. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+

LICENSE

@@ -1,6 +1,6 @@
 BSD 3-Clause License
 
-Copyright (c) 2018, Christer Edwards
+Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

README.md

@@ -1,4 +1,764 @@
-# Bastille
-Bastille Jail Management Tool
+Bastille
+========
+Bastille is a jail automation framework that allows you to quickly and
+easily create and manage FreeBSD jail.
 
-README pending; still a little bit in flux.
+
+Basic Usage
+-----------
+```
+ishmael ~ # bastille -h
+Usage:
+  bastille command [ALL|glob] [args]
+
+Available Commands:
+  bootstrap   Bootstrap a FreeBSD release for jail base.
+  cmd         Execute arbitrary command on targeted jail(s).
+  console     Console into a running jail.
+  cp          cp(1) files from host to targeted jail(s).
+  create      Create a new jail.
+  destroy     Destroy a stopped jail.
+  help        Help about any command
+  htop        Interactive process viewer (requires htop).
+  list        List jails (running and stopped).
+  pkg         Manipulate binary packages within targeted jail(s). See pkg(8).
+  restart     Restart a running jail.
+  start       Start a stopped jail.
+  stop        Stop a running jail.
+  sysrc       Safely edit rc files within targeted jail(s).
+  top         Display and update information about the top(1) cpu processes.
+  update      Update jail base -pX release.
+  upgrade     Upgrade jail release to X.Y-RELEASE.
+
+Use "bastille -v|--version" for version information.
+Use "bastille command -h|--help" for more information about a command.
+```
+
+
+## 0.3-beta
+This document outlines the basic usage of the Bastille jail management
+framework. This release, obviously, is beta quality. I make no guarantees of
+quality, and if it screws up your system... Sorry, bro. 
+
+With all that said, here's how to use this tool in its current beta state...
+
+
+## Network Requirements
+In order to segregate jails from the network and from the world, Bastille
+attaches jails to a loopback interface only. The host system then acts as
+the firewall, permitting and denying traffic as needed.
+
+First, create the loopback interface:
+
+```shell
+ishmael ~ # sysrc cloned_interfaces="lo1"
+ishmael ~ # service netif cloneup
+```
+
+Second, enable NAT through the firewall:
+
+```shell
+ishmael ~ # sysrc pf_enable="YES"
+```
+
+Create the firewall config, or merge as necessary.
+### /etc/pf.conf
+```
+ext_if="vtnet0"
+
+set block-policy drop
+scrub in on $ext_if all fragment reassemble
+
+set skip on lo
+nat on $ext_if from !($ext_if) -> ($ext_if:0)
+
+## rdr example
+## rdr pass inet proto tcp from any to any port {80, 443} -> 10.88.9.45
+
+block in log all
+pass out quick modulate state
+antispoof for $ext_if inet
+pass in inet proto tcp from any to any port ssh flags S/SA keep state
+```
+
+* Make sure to change the `ext_if` variable to match your host system interface.
+* Make sure to include the last line (`port ssh`) or you'll end up locked
+out.
+
+Note: if you have an existing firewall, the key lines for in/out traffic to jails are:
+
+```
+nat on $ext_if from lo1:network to any -> ($ext_if)
+
+## rdr example
+## rdr pass inet proto tcp from any to any port {80, 443} -> 10.88.9.45
+```
+
+The `nat` routes traffic from the loopback interface to the external interface
+for outbound access.
+
+The `rdr pass ...` will redirect traffic from the host firewall on port X to
+the ip of Jail Y. The example shown redirects web traffic (80 & 443) to the
+jails at `10.88.9.45`.
+
+We'll get to that later, but when you're ready to allow traffic inbound to your
+jails, that's where you'd do it.
+
+Finally, start up the firewall:
+
+```shell
+ishmael ~ # service pf restart
+```
+
+At this point you'll likely be disconnected from the host. Reconnect the ssh
+session and continue.
+
+This step only needs to be done once in order to prepare the host.
+
+
+bastille bootstrap
+------------------
+The first step is to "bootstrap" a release. Current supported release is
+11.2-RELEASE, but you can bootstrap anything in the ftp.FreeBSD.org RELEASES
+directory. 
+
+Note: your mileage may vary with unsupported releases and releases newer than
+the host system likely will NOT work at all.
+
+To `bootstrap` a release, run the bootstrap sub-command with the
+release version as the argument.
+
+```shell
+ishmael ~ # bastille bootstrap 11.2-RELEASE
+ishmael ~ # bastille bootstrap 10.4-RELEASE
+```
+
+This command will ensure the required directory structures are in place and
+download the requested release. For each requested release, `bootstrap` will
+download the base.txz and lib32.txz. These are both verified (sha256 via
+MANIFEST file) before they are extracted for use.
+
+Downloaded artifacts are stored in the `cache` directory. "bootstrapped"
+releases are stored in `releases/version`.
+
+The bootstrap subcommand is generally only used once to prepare the system. The
+only other use case for the bootstrap command is when a new FreeBSD version is
+released and you want to start building jails on that version.
+
+To update a release as patches are made available, see the `bastille update`
+command.
+
+
+bastille create
+---------------
+Bastille create uses any available bootstrapped release to create a lightweight
+jailized system. To create a jail simply provide a name, release and
+a private (rfc1918) IP address.
+
+- name
+- release (bootstrapped)
+- ip
+
+```shell
+ishmael ~ # bastille create folsom 11.2-RELEASE 10.8.62.1
+
+RELEASE: 11.2-RELEASE.
+NAME: folsom.
+IP: 10.8.62.1.
+
+```
+
+This command will create a 11.2-RELEASE jail assigning the 10.8.62.1 ip address
+to the new system.
+
+I recommend using private (rfc1918) ip address ranges for your jails.
+These ranges include:
+
+- 10.0.0.0/8
+- 172.16.0.0/12
+- 192.168.0.0/16
+
+Bastille does its best to validate the submitted ip is valid. This has not been
+thouroughly tested--I generally use the 10/8 range.
+
+
+bastille start
+--------------
+To start a jail you can use the `bastille start` command.
+
+```shell
+ishmael ~ # bastille start folsom
+Targeting specified jails.
+folsom
+
+[folsom]:
+folsom: created
+
+```
+
+
+bastille stop
+-------------
+To stop a jail you can use the `bastille stop` command.
+
+```shell
+ishmael ~ # bastille stop folsom
+Targeting specified jails.
+folsom
+
+[folsom]:
+folsom: removed
+
+```
+
+
+bastille restart
+----------------
+To restart a jail you can use the `bastille restart` command.
+
+```shell
+ishmael ~ # bastille restart folsom
+Targeting specified jails.
+folsom
+
+[folsom]:
+folsom: removed
+
+Targeting specified jails.
+folsom
+
+[folsom]:
+folsom: created
+
+```
+
+
+bastille cmd
+------------
+To execute commands within the jail you can use `bastille cmd`.
+
+```shell
+ishmael ~ # bastille cmd folsom 'ps -auxw'
+Targeting specified jails.
+folsom
+
+[folsom]:
+USER   PID %CPU %MEM   VSZ  RSS TT  STAT STARTED    TIME COMMAND
+root 71464  0.0  0.0 14536 2000  -  IsJ   4:52PM 0:00.00 /usr/sbin/syslogd -ss
+root 77447  0.0  0.0 16632 2140  -  SsJ   4:52PM 0:00.00 /usr/sbin/cron -s
+root 80591  0.0  0.0 18784 2340  1  R+J   4:53PM 0:00.00 ps -auxw
+
+```
+
+
+bastille pkg
+------------
+To manage binary packages within the jail use `bastille pkg`.
+
+```shell
+ishmael ~ # bastille pkg folsom 'install vim-console git-lite zsh'
+Targeting specified jails.
+folsom
+
+[folsom]:
+The package management tool is not yet installed on your system.
+Do you want to fetch and install it now? [y/N]: y
+Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly, please wait...
+Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
+[folsom] Installing pkg-1.10.5_5...
+[folsom] Extracting pkg-1.10.5_5: 100%
+Updating FreeBSD repository catalogue...
+pkg: Repository FreeBSD load error: access repo file(/var/db/pkg/repo-FreeBSD.sqlite) failed: No such file or directory
+[folsom] Fetching meta.txz: 100%    944 B   0.9kB/s    00:01
+[folsom] Fetching packagesite.txz: 100%    6 MiB   3.4MB/s    00:02
+Processing entries: 100%
+FreeBSD repository update completed. 32550 packages processed.
+All repositories are up to date.
+Updating database digests format: 100%
+The following 10 package(s) will be affected (of 0 checked):
+
+New packages to be INSTALLED:
+	vim-console: 8.1.0342
+	git-lite: 2.19.1
+	zsh: 5.6.2
+	expat: 2.2.6_1
+	curl: 7.61.1
+	libnghttp2: 1.33.0
+	ca_root_nss: 3.40
+	pcre: 8.42
+	gettext-runtime: 0.19.8.1_1
+	indexinfo: 0.3.1
+
+Number of packages to be installed: 10
+
+The process will require 77 MiB more space.
+17 MiB to be downloaded.
+
+Proceed with this action? [y/N]: y
+[folsom] [1/10] Fetching vim-console-8.1.0342.txz: 100%    5 MiB   5.8MB/s    00:01
+[folsom] [2/10] Fetching git-lite-2.19.1.txz: 100%    4 MiB   2.1MB/s    00:02
+[folsom] [3/10] Fetching zsh-5.6.2.txz: 100%    4 MiB   4.4MB/s    00:01
+[folsom] [4/10] Fetching expat-2.2.6_1.txz: 100%  109 KiB 111.8kB/s    00:01
+[folsom] [5/10] Fetching curl-7.61.1.txz: 100%    1 MiB   1.2MB/s    00:01
+[folsom] [6/10] Fetching libnghttp2-1.33.0.txz: 100%  107 KiB 109.8kB/s    00:01
+[folsom] [7/10] Fetching ca_root_nss-3.40.txz: 100%  287 KiB 294.3kB/s    00:01
+[folsom] [8/10] Fetching pcre-8.42.txz: 100%    1 MiB   1.2MB/s    00:01
+[folsom] [9/10] Fetching gettext-runtime-0.19.8.1_1.txz: 100%  148 KiB 151.3kB/s    00:01
+[folsom] [10/10] Fetching indexinfo-0.3.1.txz: 100%    6 KiB   5.7kB/s    00:01
+Checking integrity... done (0 conflicting)
+[folsom] [1/10] Installing libnghttp2-1.33.0...
+[folsom] [1/10] Extracting libnghttp2-1.33.0: 100%
+[folsom] [2/10] Installing ca_root_nss-3.40...
+[folsom] [2/10] Extracting ca_root_nss-3.40: 100%
+[folsom] [3/10] Installing indexinfo-0.3.1...
+[folsom] [3/10] Extracting indexinfo-0.3.1: 100%
+[folsom] [4/10] Installing expat-2.2.6_1...
+[folsom] [4/10] Extracting expat-2.2.6_1: 100%
+[folsom] [5/10] Installing curl-7.61.1...
+[folsom] [5/10] Extracting curl-7.61.1: 100%
+[folsom] [6/10] Installing pcre-8.42...
+[folsom] [6/10] Extracting pcre-8.42: 100%
+[folsom] [7/10] Installing gettext-runtime-0.19.8.1_1...
+[folsom] [7/10] Extracting gettext-runtime-0.19.8.1_1: 100%
+[folsom] [8/10] Installing vim-console-8.1.0342...
+[folsom] [8/10] Extracting vim-console-8.1.0342: 100%
+[folsom] [9/10] Installing git-lite-2.19.1...
+===> Creating groups.
+Creating group 'git_daemon' with gid '964'.
+===> Creating users
+Creating user 'git_daemon' with uid '964'.
+[folsom] [9/10] Extracting git-lite-2.19.1: 100%
+[folsom] [10/10] Installing zsh-5.6.2...
+[folsom] [10/10] Extracting zsh-5.6.2: 100%
+
+```
+
+The PKG sub-command can, of course, do more than just `install`. The
+expectation is that you can fully leverage the pkg manager. This means,
+`install`, `update`, `upgrade`, `audit`, `clean`, `autoremove`, etc., etc.
+
+```shell
+ishmael ~ # bastille pkg ALL upgrade
+Targeting all jails.
+
+[bastion]:
+Updating iniquity.io repository catalogue...
+[bastion] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
+[bastion] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
+Processing entries: 100%
+iniquity.io repository update completed. 493 packages processed.
+All repositories are up to date.
+Checking for upgrades (1 candidates): 100%
+Processing candidates (1 candidates): 100%
+Checking integrity... done (0 conflicting)
+Your packages are up to date.
+
+[unbound0]:
+Updating iniquity.io repository catalogue...
+[unbound0] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
+[unbound0] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
+Processing entries: 100%
+iniquity.io repository update completed. 493 packages processed.
+All repositories are up to date.
+Checking for upgrades (0 candidates): 100%
+Processing candidates (0 candidates): 100%
+Checking integrity... done (0 conflicting)
+Your packages are up to date.
+
+[unbound1]:
+Updating iniquity.io repository catalogue...
+[unbound1] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
+[unbound1] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
+Processing entries: 100%
+iniquity.io repository update completed. 493 packages processed.
+All repositories are up to date.
+Checking for upgrades (0 candidates): 100%
+Processing candidates (0 candidates): 100%
+Checking integrity... done (0 conflicting)
+Your packages are up to date.
+
+[squid]:
+Updating iniquity.io repository catalogue...
+[squid] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
+[squid] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
+Processing entries: 100%
+iniquity.io repository update completed. 493 packages processed.
+All repositories are up to date.
+Checking for upgrades (0 candidates): 100%
+Processing candidates (0 candidates): 100%
+Checking integrity... done (0 conflicting)
+Your packages are up to date.
+
+[nginx]:
+Updating iniquity.io repository catalogue...
+[nginx] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
+[nginx] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
+Processing entries: 100%
+iniquity.io repository update completed. 493 packages processed.
+All repositories are up to date.
+Checking for upgrades (1 candidates): 100%
+Processing candidates (1 candidates): 100%
+The following 1 package(s) will be affected (of 0 checked):
+
+Installed packages to be UPGRADED:
+	nginx-lite: 1.14.0_14,2 -> 1.14.1,2
+
+Number of packages to be upgraded: 1
+
+315 KiB to be downloaded.
+
+Proceed with this action? [y/N]: y
+[nginx] [1/1] Fetching nginx-lite-1.14.1,2.txz: 100%  315 KiB 322.8kB/s    00:01
+Checking integrity... done (0 conflicting)
+[nginx] [1/1] Upgrading nginx-lite from 1.14.0_14,2 to 1.14.1,2...
+===> Creating groups.
+Using existing group 'www'.
+===> Creating users
+Using existing user 'www'.
+[nginx] [1/1] Extracting nginx-lite-1.14.1,2: 100%
+You may need to manually remove /usr/local/etc/nginx/nginx.conf if it is no longer needed.
+```
+
+
+bastille destroy
+----------------
+Jails can be destroyed and thrown away just as easily as they were created.
+Note: jails must be stopped before destroyed.
+
+```shell
+ishmael ~ # bastille stop folsom
+Targeting specified jails.
+folsom
+
+[folsom]:
+folsom: removed
+
+ishmael ~ # bastille destroy folsom
+Deleting Jail: folsom.
+Note: jail console logs not destroyed.
+/usr/local/bastille/logs/folsom_console.log
+
+```
+
+
+bastille top
+------------
+This one simply runs `top` in that jail. This command is interactive, as `top`
+is interactive.
+
+
+bastille htop
+-------------
+This one simply runs `htop` inside the jail. This one is a quick and dirty
+addition. note: won't work if you don't have htop installed in the jail.
+
+
+bastille sysrc
+--------------
+The `sysrc` sub-command allows for safely editing system configuration files.
+In jail terms, this allows us to toggle on/off services and options at
+startup.
+
+```shell
+ishmael ~ # bastille sysrc nginx nginx_enable="YES"
+Targeting specified jails.
+nginx
+
+[nginx]:
+nginx_enable: NO -> YES
+```
+
+See `man sysrc(8)` for more info.
+
+
+bastille console
+----------------
+This sub-command launches a login shell into the jail. Default is
+password-less root login.
+
+```shell
+ishmael ~ # bastille console folsom
+Targeting specified jails.
+folsom
+
+[folsom]:
+FreeBSD 11.2-RELEASE-p4 (GENERIC) #0: Thu Sep 27 08:16:24 UTC 2018
+
+Welcome to FreeBSD!
+
+Release Notes, Errata: https://www.FreeBSD.org/releases/
+Security Advisories:   https://www.FreeBSD.org/security/
+FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
+FreeBSD FAQ:           https://www.FreeBSD.org/faq/
+Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
+FreeBSD Forums:        https://forums.FreeBSD.org/
+
+Documents installed with the system are in the /usr/local/share/doc/freebsd/
+directory, or can be installed later with:  pkg install en-freebsd-doc
+For other languages, replace "en" with a language code like de or fr.
+
+Show the version of FreeBSD installed:  freebsd-version ; uname -a
+Please include that output and any error messages when posting questions.
+Introduction to manual pages:  man man
+FreeBSD directory layout:      man hier
+
+Edit /etc/motd to change this login announcement.
+root@folsom:~ #
+```
+
+At this point you are logged in to the jail and have full shell access.
+The system is yours to use and/or abuse as you like. Any changes made inside
+the jail are limited to the jail. 
+
+bastille cp
+-----------
+Note: this sub-command may need a little work. 
+
+This sub-command allows efficiently copying files from host to jail(s).
+
+```shell
+ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf etc/resolv.conf
+Targeting all jails.
+
+[bastion]:
+
+[unbound0]:
+
+[unbound1]:
+
+[squid]:
+
+[nginx]:
+
+[folsom]:
+
+```
+
+Unless you see errors reported in the output the `cp` was successful.
+
+
+bastille list
+-------------
+This sub-command will show you the running jails on your system.
+
+```shell
+ishmael ~ # bastille list
+ JID             IP Address      Hostname                      Path
+ bastion         10.88.9.65      bastion                       /usr/local/bastille/jails/bastion/root
+ unbound0        10.88.9.60      unbound0                      /usr/local/bastille/jails/unbound0/root
+ unbound1        10.88.9.61      unbound1                      /usr/local/bastille/jails/unbound1/root
+ squid           10.88.9.30      squid                         /usr/local/bastille/jails/squid/root
+ nginx           10.88.9.45      nginx                         /usr/local/bastille/jails/nginx/root
+ folsom          10.8.62.1       folsom                        /usr/local/bastille/jails/folsom/root
+```
+
+
+bastille update
+---------------
+The `update` command targets a release instead of a jail. Because every
+jail is based on a release, when the release is updated all the jails are
+automatically updated as well.
+
+To update all jails based on the 11.2-RELEASE `release`:
+
+Up to date 11.2-RELEASE:
+```shell
+ishmael ~ # bastille update 11.2-RELEASE
+Targeting specified release.
+11.2-RELEASE
+
+Looking up update.FreeBSD.org mirrors... 2 mirrors found.
+Fetching metadata signature for 11.2-RELEASE from update4.freebsd.org... done.
+Fetching metadata index... done.
+Inspecting system... done.
+Preparing to download files... done.
+
+No updates needed to update system to 11.2-RELEASE-p4.
+No updates are available to install.
+```
+
+Updating 10.4-RELEASE:
+```shell
+ishmael ~ # bastille update 10.4-RELEASE
+Targeting specified release.
+10.4-RELEASE
+
+Looking up update.FreeBSD.org mirrors... 2 mirrors found.
+Fetching metadata signature for 10.4-RELEASE from update1.freebsd.org... done.
+Fetching metadata index... done.
+Fetching 2 metadata patches.. done.
+Applying metadata patches... done.
+Fetching 2 metadata files... done.
+Inspecting system... done.
+Preparing to download files... done.
+
+The following files will be added as part of updating to 10.4-RELEASE-p13:
+...[snip]...
+```
+
+To be safe, you may want to restart any jails that have been updated
+live.
+
+
+bastille upgrade
+----------------
+This sub-command lets you upgrade a release to a new release. Depending on the
+workflow this can be similar to a `bootstrap`.
+
+```shell
+ishmael ~ # bastille upgrade 11.2-RELEASE 12.0-RELEASE
+...
+```
+
+
+bastille verify
+---------------
+This sub-command scans a bootstrapped release and validates that everything
+looks in order. This is not a 100% comprehensive check, but it compares the
+release against a "known good" index.
+
+If you see errors or issues here, consider deleting and re-bootstrapping the
+release.
+
+
+Example (create, start, console)
+================================
+This example creates, starts and consoles into the jail.
+
+```shell
+ishmael ~ # bastille create alcatraz 11.2-RELEASE 10.9.8.7
+
+RELEASE: 11.2-RELEASE.
+NAME: alcatraz.
+IP: 10.9.8.7.
+```
+
+```shell
+ishmael ~ # bastille start alcatraz
+Targeting specified jails.
+alcatraz
+
+[alcatraz]:
+alcatraz: created
+```
+
+```shell
+ishmael ~ # bastille console alcatraz
+Targeting specified jails.
+alcatraz
+
+[alcatraz]:
+FreeBSD 11.2-RELEASE-p4 (GENERIC) #0: Thu Sep 27 08:16:24 UTC 2018
+
+Welcome to FreeBSD!
+
+Release Notes, Errata: https://www.FreeBSD.org/releases/
+Security Advisories:   https://www.FreeBSD.org/security/
+FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
+FreeBSD FAQ:           https://www.FreeBSD.org/faq/
+Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
+FreeBSD Forums:        https://forums.FreeBSD.org/
+
+Documents installed with the system are in the /usr/local/share/doc/freebsd/
+directory, or can be installed later with:  pkg install en-freebsd-doc
+For other languages, replace "en" with a language code like de or fr.
+
+Show the version of FreeBSD installed:  freebsd-version ; uname -a
+Please include that output and any error messages when posting questions.
+Introduction to manual pages:  man man
+FreeBSD directory layout:      man hier
+
+Edit /etc/motd to change this login announcement.
+root@alcatraz:~ #
+```
+
+```shell
+root@alcatraz:~ # ps -auxw
+USER   PID %CPU %MEM  VSZ  RSS TT  STAT STARTED    TIME COMMAND
+root 83222  0.0  0.0 6412 2492  -  IsJ  02:21   0:00.00 /usr/sbin/syslogd -ss
+root 88531  0.0  0.0 6464 2508  -  SsJ  02:21   0:00.01 /usr/sbin/cron -s
+root  6587  0.0  0.0 6912 2788  3  R+J  02:42   0:00.00 ps -auxw
+root 92441  0.0  0.0 6952 3024  3  IJ   02:21   0:00.00 login [pam] (login)
+root 92565  0.0  0.0 7412 3756  3  SJ   02:21   0:00.01 -csh (csh)
+root@alcatraz:~ #
+```
+
+
+Project Goals
+=============
+These tools are created initially with the mindset of function over form. I
+want to simply prove the concept is sound for real work. The real work is a
+sort of meta-jail-port system. Instead of installing the MySQL port directly on
+a system, you would use Bastille to install the MySQL port within a jail
+template built for MySQL. The same goes for DNS servers, and everything else in
+the ports tree.
+
+Eventually I would like to have Bastille templates created for popular
+FreeBSD-based services. From Plex Media Servers to ad-blocking DNS resolvers.
+From tiny SSH jails to dynamic web servers.
+
+I don't want to tell you what you can and can't run within this framework.
+There are no arbitrary limitations based on what I think may or may not be the
+best way to design systems. This is not my goal.
+
+My goal is to provide a secure framework where processes and services can run
+isolated. I want to limit the scope and reach of bad actors. I want to severely
+limit the target areas available to anyone that has (or has gained!) access.
+
+Possible Jail names
+-------------------
+
+prisons:
+- arkham
+- ashecliffe
+- azkaban
+- coldmountain
+- dolguldur
+- foxriver
+- litchfield
+- oswald
+- shawshank
+- stockton
+- stormcage
+- ziggurat
+- astralqueen
+
+- alcatraz
+- rikers
+- leavenworth
+- folsom
+- attica
+- singsing
+- sanquentin
+- corcoran
+- pelicanbay
+
+
+Networking Tips
+===============
+
+Tip #1: 
+-------
+Ports and destinations can be defined as lists. eg;
+```
+rdr pass inet proto tcp from any to any port {80, 443} -> {10.88.9.45, 10.88.9.46, 10.88.9.47, 10.88.9.48}
+```
+
+This rule would redirect any traffic to the host on ports 80 or 443 and
+round-robin between jails with ips 45, 46, 47, and 48 (on ports 80 or 443).
+
+
+Tip #2: 
+-------
+Ports can redirect to other ports. eg;
+```
+rdr pass inet proto tcp from any to any port 8080 -> 10.7.6.5 port 80
+rdr pass inet proto tcp from any to any port 8081 -> 10.7.6.5 port 8080
+rdr pass inet proto tcp from any to any port 8181 -> 10.7.6.5 port 443
+```
+
+Tip: Initially I spent time worrying about what IP addresses to assign. In the
+end I've come to the conclusion that it _really_ doesn't matter. Pick *any*
+private address and be done with it. These are all isolated networks. In the
+end, what matters is you can map host:port to jail:port reliably, and we
+can.

TODO

@@ -0,0 +1,29 @@
+# TODO
+
+##This is just a place to throw down the ideas of things I need to fix and or
+##improve. In no particular order.
+##
+##+ ZFS or UFS support
+##+ Support for multi-jail templating (create, snapshot, deploy)
+##+ jail.conf validation support in `create`
+##+ Dynamic config support for templating
+##+ 
+
+##Bastille in Bastille
+##--------------------
+## found on mailing list archive. need to research
+
+## jail -c name=foo host.hostname=foo allow.raw_sockets children.max=99 
+## ip4.addr=10.20.12.68 persist
+## jexec foo /bin/csh
+## foo# jail -c name=bar host.hostname=bar allow.raw_sockets 
+## ip4.addr=10.20.12.68 persist
+## foo# jexec bar /bin/csh
+## bar# ping gritton.org
+
+## TODO: .ssh/authorized_keys auto-launch into user jail
+## jail_create_login_hook() {
+##     echo "permit nopass ${user} cmd /usr/sbin/jexec args ${name} /usr/bin/login -f ${user}" >> /usr/local/etc/doas.conf
+##     echo "command='/usr/local/bin/doas /usr/sbin/jexec ${name} /usr/bin/login -f ${user}' ${pubkey}" >> $HOME/.ssh/authorized_keys
+## }
+

bastille/usr/local/bin/bastille

@@ -0,0 +1,130 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+## version
+BASTILLE_VERSION="0.3.20181107"
+
+
+usage() {
+    cat << EOF
+Bastille is a jail automation framework that allows you to quickly and easily
+create and manage FreeBSD jails.
+
+Usage:
+  bastille command [ALL|glob] [args]
+
+Available Commands:
+  bootstrap   Bootstrap a FreeBSD release for container base.
+  cmd         Execute arbitrary command on targeted container(s).
+  console     Console into a running container.
+  cp          cp(1) files from host to targeted container(s).
+  create      Create a new container.
+  destroy     Destroy a stopped container.
+  help        Help about any command
+  htop        Interactive process viewer (requires htop).
+  list        List containers (running and stopped).
+  pkg         Manipulate binary packages within targeted container(s). See pkg(8).
+  restart     Restart a running container.
+  start       Start a stopped container.
+  stop        Stop a running container.
+  sysrc       Safely edit rc files within targeted container(s).
+  top         Display and update information about the top(1) cpu processes.
+  update      Update container base -pX release.
+  upgrade     Upgrade container release to X.Y-RELEASE.
+
+Use "bastille -v|--version" for version information.
+Use "bastille command -h|--help" for more information about a command.
+
+EOF
+    exit 1
+}
+
+[ $# -lt 1 ] && usage
+
+CMD=$1
+shift
+CMD_ENV=
+
+# Handle special-case commands first.
+case "${CMD}" in
+version|-v|--version)
+	echo -e "${COLOR_GREEN}${BASTILLE_VERSION}${COLOR_RESET}"
+	exit 0
+	;;
+help|-h|--help)
+	usage
+	;;
+esac
+
+# Filter out all non-commands
+case "${CMD}" in
+cmd|console|cp|create|destroy|list|pkg|restart|start|stop|sysrc|verify)
+	;;
+update|upgrade)
+	CMD_ENV="${CMD_ENV} PAGER=cat"
+	;;
+console|bootstrap|htop|top)
+	while read envvar envvalue; do
+		case "${envvar}" in
+			TERM)
+				CMD_ENV="${CMD_ENV} ${envvar}=${envvalue}"
+				;;
+		esac
+	done <<-EOF
+	$(env | sed -Ee 's,^([^=]*)=(.*),\1 \2,')
+	EOF
+	;;
+bootstrap|update|upgrade)
+	while read envvar envvalue; do
+		case "${envvar}" in
+			FETCH_BIND_ADDRESS|FTP_*|ftp_*|HTTP_*|http_*|SSL_|NO_PROXY|no_proxy|MAKEOBJDIRPREFIX)
+				CMD_ENV="${CMD_ENV} ${envvar}=${envvalue}"
+				;;
+		esac
+	done <<-EOF
+	$(env | sed -Ee 's,^([^=]*)=(.*),\1 \2,')
+	EOF
+	;;
+*)
+	usage
+	;;
+esac
+
+SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
+
+: ${UMASK:=022}
+umask ${UMASK}
+
+: ${SH:=sh}
+
+exec env -i ${CMD_ENV} ${SH} "${SCRIPTPATH}" "$@"

bastille/usr/local/etc/bastille/bastille.conf

@@ -0,0 +1,10 @@
+## [ BastilleBSD ] ##
+#####################
+
+## default paths
+bastille_prefix=/usr/local/bastille
+bastille_cachedir=${bastille_prefix}/cache
+bastille_jailsdir=${bastille_prefix}/jails
+bastille_logsdir=${bastille_prefix}/logs
+bastille_releasesdir=${bastille_prefix}/releases
+bastille_sharedir=/usr/local/share/bastille

bastille/usr/local/share/bastille/bootstrap.sh

@@ -0,0 +1,127 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille bootstrap release.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+RELEASE=$1
+
+bootstrap() {
+    ### create $bastille_base/release/$release directory
+    ### fetch $release/base.txz -o $bastille_base/cache/$release/base.txz
+    ### extract $release/base.txz to $bastille_base/release/$release
+    if [ ! -d ${bastille_jailsdir} ]; then
+        mkdir -p ${bastille_jailsdir}
+    fi
+    if [ ! -d ${bastille_logsdir} ]; then
+        mkdir -p ${bastille_logsdir}
+    fi
+    if [ ! -d ${bastille_cachedir}/${RELEASE} ]; then
+        mkdir -p ${bastille_cachedir}/${RELEASE}
+    fi
+
+    if [ ! -d ${bastille_releasesdir}/${RELEASE} ]; then
+        mkdir -p ${bastille_releasesdir}/${RELEASE}
+        sh ${bastille_sharedir}/freebsd_dist_fetch.sh -r ${RELEASE} base lib32
+
+        echo
+        echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} base.txz.${COLOR_RESET}"
+        /usr/bin/tar -C ${bastille_releasesdir}/${RELEASE} -xf ${bastille_cachedir}/${RELEASE}/base.txz
+
+        echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} lib32.txz.${COLOR_RESET}"
+        /usr/bin/tar -C ${bastille_releasesdir}/${RELEASE} -xf ${bastille_cachedir}/${RELEASE}/lib32.txz
+
+	    echo -e "${COLOR_GREEN}Bootstrap successful.${COLOR_RESET}"
+	    echo -e "${COLOR_GREEN}See 'bastille --help' for available commands.${COLOR_RESET}"
+	    echo
+    else
+        echo -e "${COLOR_RED}Bootstrap appears complete.${COLOR_RESET}"
+	exit 1
+    fi
+}
+
+# Filter sane release names
+case "${RELEASE}" in
+10.1-RELEASE)
+    bootstrap
+    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+	;;
+10.2-RELEASE)
+    bootstrap
+    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+	;;
+10.3-RELEASE)
+    bootstrap
+    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+	;;
+10.4-RELEASE)
+    bootstrap
+    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+	;;
+11.0-RELEASE)
+    bootstrap
+    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+	;;
+11.1-RELEASE)
+    bootstrap
+    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+	;;
+11.2-RELEASE)
+    bootstrap
+	;;
+12.0-BETA1)
+    bootstrap
+    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+	;;
+12.0-BETA2)
+    bootstrap
+    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+	;;
+12.0-BETA3)
+    bootstrap
+    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+	;;
+*)
+    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+    usage
+    ;;
+esac

bastille/usr/local/share/bastille/cmd.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille cmd [ALL|glob] 'quoted command'.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 2 ] || [ $# -lt 2 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jexec -l ${_jail} $2
+    echo -e "${NC}"
+done

bastille/usr/local/share/bastille/colors.pre.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+# 
+# Copyright (c) 2014-2015 Bryan Drewery <bdrewery@FreeBSD.org>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+COLOR_RESET="\033[0;0m"
+COLOR_BOLD="\033[1m"
+COLOR_UNDER="\033[4m"
+COLOR_BLINK="\033[5m"
+COLOR_INVERSE="\033[7m"
+
+COLOR_BLACK="\033[0;30m"
+COLOR_RED="\033[0;31m"
+COLOR_GREEN="\033[0;32m"
+COLOR_BROWN="\033[0;33m"
+COLOR_BLUE="\033[0;34m"
+COLOR_MAGENTA="\033[0;35m"
+COLOR_CYAN="\033[0;36m"
+COLOR_LIGHT_GRAY="\033[0;37m"
+
+COLOR_DARK_GRAY="\033[1;30m"
+COLOR_LIGHT_RED="\033[1;31m"
+COLOR_LIGHT_GREEN="\033[1;32m"
+COLOR_YELLOW="\033[1;33m"
+COLOR_LIGHT_BLUE="\033[1;34m"
+COLOR_LIGHT_MAGENTA="\033[1;35m"
+COLOR_LIGHT_CYAN="\033[1;36m"
+COLOR_WHITE="\033[1;37m"
+
+COLOR_BG_BLACK="\033[40m"
+COLOR_BG_RED="\033[41m"
+COLOR_BG_GREEN="\033[42m"
+COLOR_BG_BROWN="\033[43m"
+COLOR_BG_BLUE="\033[44m"
+COLOR_BG_MAGENTA="\033[45m"
+COLOR_BG_CYAN="\033[46m"
+COLOR_BG_LIGHT_GRAY="\033[47m"

bastille/usr/local/share/bastille/console.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille console [ALL|glob]'.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jexec -l ${_jail} /usr/bin/login -f root
+    echo -e "${NC}"
+done

bastille/usr/local/share/bastille/cp.sh

@@ -0,0 +1,62 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille cp [ALL|glob] '/path/to/source' 'path/to/dest'.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 3 ] || [ $# -lt 3 ]; then
+    usage
+fi
+
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+
+for _jail in ${JAILS}; do
+    bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    cp -a "$2" "${bastille_jail_path}/$3"
+    echo -e "${COLOR_RESET}"
+done

bastille/usr/local/share/bastille/create.sh

@@ -0,0 +1,194 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille create name release ip.${COLOR_RESET}"
+    exit 1
+}
+
+running_jail() {
+    jls -N name | grep ${NAME}
+}
+
+validate_ip() {
+    ip=${IP}
+    
+    if expr "$ip" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; then
+      IFS=.
+      set $ip
+      for quad in 1 2 3 4; do
+        if eval [ \$$quad -gt 255 ]; then
+          echo "fail ($ip)"
+          exit 1
+        fi
+      done
+      echo -e "${COLOR_GREEN}Valid: ($ip).${COLOR_RESET}"
+    else
+      exit 1
+    fi
+}
+
+create_jail() {
+    bastille_jail_base="${bastille_jailsdir}/${NAME}/root/.bastille"  ## dir
+    bastille_jail_template="${bastille_jailsdir}/${NAME}/root/.template"  ## dir
+    bastille_jail_path="${bastille_jailsdir}/${NAME}/root"  ## dir
+    bastille_jail_fstab="${bastille_jailsdir}/${NAME}/fstab"  ## file
+    bastille_jail_conf="${bastille_jailsdir}/${NAME}/jail.conf"  ## file
+    bastille_jail_log="${bastille_logsdir}/${NAME}_console.log"  ## file
+    bastille_jail_rc_conf="${bastille_jailsdir}/${NAME}/root/etc/rc.conf.local" ## file
+    bastille_jail_resolv_conf="${bastille_jailsdir}/${NAME}/root/etc/resolv.conf" ## file
+
+    if [ ! -d "${bastille_jail_base}" ]; then
+        mkdir -p "${bastille_jail_base}"
+        mkdir -p "${bastille_jail_path}/usr"
+        mkdir -p "${bastille_jail_path}/usr/home"
+    fi
+
+    if [ ! -d "${bastille_jail_template}" ]; then
+        mkdir -p "${bastille_jail_template}"
+    fi
+
+    if [ ! -f "${bastille_jail_fstab}" ]; then
+        echo -e "${bastille_releasesdir}/${RELEASE} ${bastille_jail_base} nullfs ro 0 0" > ${bastille_jail_fstab}
+    fi
+
+    if [ ! -f "${bastille_jail_conf}" ]; then
+	echo -e "interface = lo1;\nhost.hostname = ${NAME};\nexec.consolelog =\
+	${bastille_jail_log};\npath = ${bastille_jail_path};\nip6 =\
+	disable;\nsecurelevel = 2;\ndevfs_ruleset = 4;\nenforce_statfs =\
+	2;\nexec.start = '/bin/sh /etc/rc';\nexec.stop = '/bin/sh\
+	/etc/rc.shutdown';\nexec.clean;\nmount.devfs;\nmount.fstab =\
+	${bastille_jail_fstab};\n\n${NAME} {\n\tip4.addr = ${IP};\n}" >\
+	${bastille_jail_conf}
+    fi
+
+    ## using relative paths here
+    ## MAKE SURE WE'RE IN THE RIGHT PLACE
+    ## ro
+    cd "${bastille_jail_path}"
+    echo
+    echo -e "${COLOR_GREEN}RELEASE: ${RELEASE}.${COLOR_RESET}"
+    echo -e "${COLOR_GREEN}NAME: ${NAME}.${COLOR_RESET}"
+    echo -e "${COLOR_GREEN}IP: ${IP}.${COLOR_RESET}"
+    echo
+
+    for _link in bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share usr/src; do
+        ln -sf /.bastille/${_link} ${_link}
+    done
+
+    ## link home properly
+    ln -sf usr/home home
+
+    ## rw
+    cp -a "${bastille_releasesdir}/${RELEASE}/.cshrc" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/.profile" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/COPYRIGHT" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/dev" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/etc" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/media" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/mnt" "${bastille_jail_path}"
+    if [ "${RELEASE}" == "11.2-RELEASE" ]; then cp -a "${bastille_releasesdir}/${RELEASE}/net" "${bastille_jail_path}"; fi
+    cp -a "${bastille_releasesdir}/${RELEASE}/proc" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/root" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/tmp" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/var" "${bastille_jail_path}"
+    cp -a "${bastille_releasesdir}/${RELEASE}/usr/obj" "${bastille_jail_path}"
+    if [ "${RELEASE}" == "11.2-RELEASE" ]; then cp -a "${bastille_releasesdir}/${RELEASE}/usr/tests" "${bastille_jail_path}"; fi
+
+    ## rc.conf.local & resolv.conf
+    if [ ! -f "${bastille_jail_rc_conf}" ]; then
+        echo -e "syslogd_flags=\"-ss\"\nsendmail_enable=\"NONE\"" > ${bastille_jail_rc_conf}
+    fi
+
+    if [ ! -f "${bastille_jail_resolv_conf}" ]; then
+        echo -e "nameserver 1.1.1.1\nnameserver 1.0.0.1\noptions edns0 rotate" > ${bastille_jail_resolv_conf}
+    fi
+
+    ## TZ: UTC
+    ln -s "/usr/share/zoneinfo/Etc/UTC ${bastille_jail_root}/etc/localtime"
+    ln -s "/.template/usr/local ${bastille_jail_root}/usr/local"
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 3 ] || [ $# -lt 3 ]; then
+    usage
+fi
+
+NAME="$1"
+RELEASE="$2"
+IP="$3"
+
+## verify release
+case "${RELEASE}" in
+10.4-RELEASE)
+    RELEASE="10.4-RELEASE"
+    ;;
+11.2-RELEASE)
+    RELEASE="11.2-RELEASE"
+    ;;
+*)
+    echo -e "${COLOR_RED}Unknown Release.${COLOR_RESET}"
+    usage
+    ;;
+esac
+
+## check for name/root/.bastille
+if [ -d "/usr/local/bastille/jails/${NAME}/root/.bastille" ]; then
+    echo -e "${COLOR_RED}Jail: ${NAME} already created. ${NAME}/root/.bastille exists.${COLOR_RESET}"
+    exit 1
+fi
+
+## check for name/root/.template
+if [ -d "/usr/local/bastille/jails/${NAME}/root/.template" ]; then
+    echo -e "${COLOR_RED}Jail: ${NAME} already created. ${NAME}/root/.template exists.${COLOR_RESET}"
+    exit 1
+fi
+
+## check if a running jail matches name
+if running_jail ${NAME}; then
+    echo -e "${COLOR_RED}Running jail matches name.${COLOR_RESET}"
+    exit 1
+fi
+
+## check if ip address is valid
+if ! validate_ip ${IP}; then
+    echo -e "${COLOR_RED}Invalid: ($ip).${COLOR_RESET}"
+fi
+
+create_jail ${NAME} ${RELEASE} ${IP}

bastille/usr/local/share/bastille/destroy.sh

@@ -0,0 +1,77 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille destroy name.${COLOR_RESET}"
+    exit 1
+}
+
+destroy_jail() {
+    bastille_jail_base="${bastille_jailsdir}/${NAME}"  ## dir
+    bastille_jail_log="${bastille_logsdir}/${NAME}_console.log"  ## file
+
+    if [ $(jls -N name | grep ${NAME}) ]; then
+        echo -e "${COLOR_RED}Jail running.${COLOR_RESET}"
+        echo -e "${COLOR_RED}See 'bastille stop ${NAME}'.${COLOR_RESET}"
+        exit 1
+    fi
+
+    if [ ! -d "${bastille_jail_base}" ]; then
+        echo -e "${COLOR_RED}Jail not found.${COLOR_RESET}"
+        exit 1
+    fi
+
+    if [ -d "${bastille_jail_base}" ]; then
+        echo -e "${COLOR_GREEN}Deleting Jail: ${NAME}.${COLOR_RESET}"
+        chflags -R noschg ${bastille_jail_base}
+        rm -rf ${bastille_jail_base}
+        echo -e "${COLOR_GREEN}Note: jail console logs not destroyed.${COLOR_RESET}"
+	echo -e "${COLOR_GREEN}${bastille_jail_log}${COLOR_RESET}"
+        echo
+    fi
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+
+NAME="$1"
+
+destroy_jail

bastille/usr/local/share/bastille/freebsd_dist_fetch.sh

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+DEVICE_SELF_SCAN_ALL=NO
+[ "$_SCRIPT_SUBR" ] || . /usr/share/bsdconfig/script.subr
+usage(){ echo "Usage: ${0##*/} [-r releaseName] [dists ...]" >&2; exit 1; }
+while getopts hr: flag; do
+	case "$flag" in
+	r) releaseName="$OPTARG" ;;
+	*) usage
+	esac
+done
+shift $(( $OPTIND - 1 ))
+nonInteractive=1
+MEDIA_TIMEOUT=3 # because ftp.f.o has no SRV records
+_ftpPath=ftp://ftp.freebsd.org
+mediaSetFTP
+mediaOpen
+set -e
+#debug=1
+REL_DIST=/usr/local/bastille/cache/$releaseName
+download() # $src to $dest
+{
+	size=$( f_device_get device_media "$1" $PROBE_SIZE )
+	f_device_get device_media "$1" | dpv -kb "BastilleBSD" \
+		-t "bootstrap" -p "Downloading $releaseName" \
+		-o "$3" "$size:$1"
+}
+sign() # $file
+{
+	dpv -kb "BastilleBSD" -t "bootstrap" \
+		-p "Signing $releaseName" -mx "sha256 >&2" \
+		"$size:${1##*/}" "$1" 2>&1 >&$TERMINAL_STDOUT_PASSTHRU
+}
+mkdir -p $REL_DIST
+MANIFEST=$REL_DIST/MANIFEST
+download MANIFEST to $MANIFEST
+dists="$*"
+for dist in ${dists:-$( awk '$0=$4' $MANIFEST )}; do
+	eval "$( awk -v dist=$dist '$4 == dist {
+		print "distfile=" $1
+		print "sig=" $2
+		exit found = 1
+	} END { exit ! found }' $MANIFEST )"
+	destfile=$REL_DIST/$distfile
+	download $distfile to $destfile
+	[ "$( sign $destfile )" = $sig ] ||
+		f_die "$distfile signature mismatch!"
+done
+f_dialog_info "All dists successfully downloaded/verified."

bastille/usr/local/share/bastille/htop.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille htop [ALL|glob]'.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    if [ ! -x "${bastille_jailsdir}/${_jail}/root/usr/local/bin/htop" ]; then
+        echo -e "${COLOR_RED}htop not found on ${_jail}.${COLOR_RESET}"
+    fi
+    if [ -x "${bastille_jailsdir}/${_jail}/root/usr/local/bin/htop" ]; then
+        echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+        jexec -l ${_jail} /usr/local/bin/htop
+    fi
+    echo -e "${COLOR_RESET}"
+done

bastille/usr/local/share/bastille/list.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille list.${COLOR_RESET}"
+    exit 1
+}
+
+if [ $# -eq 0 ]; then
+    jls -N
+fi
+
+if [ $# -gt 0 ]; then
+    # Handle special-case commands first.
+    case "$1" in
+    help|-h|--help)
+        usage
+        ;;
+    *)
+        usage
+        ;;
+    esac
+fi

bastille/usr/local/share/bastille/pkg.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille pkg [ALL|glob] 'pkg command'${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 2 ] || [ $# -lt 2 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jexec -l ${_jail} /usr/sbin/pkg $2
+    echo -e "${COLOR_RESET}"
+done

bastille/usr/local/share/bastille/restart.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+bastille stop "$@"
+bastille start "$@"

bastille/usr/local/share/bastille/service.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille service [ALL|glob] 'service command'.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 2 ] || [ $# -lt 2 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jexec -l ${_jail} /usr/sbin/service $2
+    echo -e "${COLOR_RESET}"
+done

bastille/usr/local/share/bastille/start.sh

@@ -0,0 +1,69 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille start [ALL|glob].${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(find ${bastille_jailsdir} -d 1 | awk -F / '{ print $6 }')
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(find ${bastille_jailsdir} -d 1 | awk -F / '{ print $6 }' | grep $1)
+fi
+
+if [ $(jls -N name | ${NAME}) ]; then
+    echo -e "${COLOR_RED}${NAME} already running.${COLOR_RESET}"
+    exit 1
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -c ${_jail}
+    echo -e "${COLOR_RESET}"
+done
+
+## HUP the firewall
+pfctl -f /etc/pf.conf

bastille/usr/local/share/bastille/stop.sh

@@ -0,0 +1,64 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille stop [ALL|glob].${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r ${_jail}
+    echo -e "${COLOR_RESET}"
+done
+
+## HUP the firewall
+pfctl -f /etc/pf.conf

bastille/usr/local/share/bastille/sysrc.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille sysrc [ALL|glob] 'sysrc command'${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 2 ] || [ $# -lt 2 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jexec -l ${_jail} /usr/sbin/sysrc $2
+    echo -e "${COLOR_RESET}"
+done

bastille/usr/local/share/bastille/top.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille top [ALL|glob]'.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    jexec -l ${_jail} /usr/bin/top
+    echo -e "${COLOR_RESET}"
+done

bastille/usr/local/share/bastille/update.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille update release.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+
+RELEASE=$1
+
+echo -e "${COLOR_RED}Targeting specified release.${COLOR_RESET}"
+echo -e "${RELEASE}"
+echo
+if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
+    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" fetch install --currently-running ${RELEASE}
+else
+    echo -e "${COLOR_RED}${RELEASE} not found. See bootstrap.${COLOR_RESET}"
+    exit 1
+fi

bastille/usr/local/share/bastille/upgrade.sh

@@ -0,0 +1,61 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille upgrade release newrelease.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 2 ] || [ $# -lt 2 ]; then
+    usage
+fi
+
+RELEASE=$1
+NEWRELEASE=$2
+
+echo -e "${COLOR_RED}Targeting specified release.${COLOR_RESET}"
+echo -e "${RELEASE} => ${NEWRELEASE}"
+echo
+if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
+    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" -r ${NEWRELEASE} upgrade
+else
+    echo -e "${COLOR_RED}${RELEASE} not found. See bootstrap.${COLOR_RESET}"
+    exit 1
+fi

bastille/usr/local/share/bastille/verify.sh

@@ -0,0 +1,60 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille verify release.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 1 ] || [ $# -lt 1 ]; then
+    usage
+fi
+
+RELEASE=$1
+
+echo -e "${COLOR_RED}Targeting specified release.${COLOR_RESET}"
+echo -e "${RELEASE}"
+echo
+if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
+    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" IDS
+else
+    echo -e "${COLOR_RED}${RELEASE} not found. See bootstrap.${COLOR_RESET}"
+    exit 1
+fi

rc.d/bastille

@@ -29,8 +29,8 @@ load_rc_config ${name}
 start_cmd=bastille_start
 stop_cmd=bastille_stop
 
-start_command="/usr/local/bin/bbsd-start"
-stop_command="/usr/local/bin/bbsd-stop"
+start_command="%%$PREFIX%%/bin/bastille start"
+stop_command="%%$PREFIX%%/bin/bastille stop"
 
 bastille_start()
 {

usr/local/bin/bbsd-bootstrap

@@ -1,69 +0,0 @@
-#!/bin/sh
-
-if [ "$#" -lt 3 ]; then
-    echo "Required: '[activate|update|snapshot]', 'bastille', 'release'"
-    echo "Supported releases: '11.1-RELEASE', '10.4-RELEASE', '10.3-RELEASE'"
-    exit 1
-fi
-
-echo
-echo "###########################"
-echo "## args: $1      ##"
-echo "## args: $2      ##"
-echo "## args: $3  ##"
-echo "###########################"
-echo
-
-RELEASE="$3"
-PREFIX=/usr/local
-PLATFORM="${PREFIX}/$2"
-VALIDRELEASE=''
-
-if [ "${RELEASE}" == "11.1-RELEASE" -o "${RELEASE}" == "10.4-RELEASE" -o "${RELEASE}" == "10.3-RELEASE" ]; then
-    VALIDRELEASE="${RELEASE}"
-fi
-
-BASETXZPATH="${PLATFORM}/downloads/${RELEASE}/base.txz"
-UPSTREAMURL="https://download.freebsd.org/ftp/releases/amd64/${RELEASE}/base.txz"
-
-if [ "$1" == "activate" ]; then
-    if [ -d "/usr/local/bastille" ]; then
-        echo "Looks like you're already bootstrapped."
-        exit 1
-    else
-        /sbin/zfs create -o compression=lz4 -o atime=off -o mountpoint="${PLATFORM}" "zroot${PLATFORM}"
-        /sbin/zfs create -o compression=lz4 -o atime=off -o mountpoint="${PLATFORM}/downloads" "zroot${PLATFORM}/downloads"
-        /sbin/zfs create -o compression=lz4 -o atime=off -o mountpoint="${PLATFORM}/jails" "zroot${PLATFORM}/jails"
-        /sbin/zfs create -o compression=lz4 -o atime=off -o mountpoint="${PLATFORM}/logs" "zroot${PLATFORM}/logs"
-        /sbin/zfs create -o compression=lz4 -o atime=off -o mountpoint="${PLATFORM}/fstab" "zroot${PLATFORM}/fstab"
-        /sbin/zfs create -o compression=lz4 -o atime=off -o mountpoint="${PLATFORM}/releases" "zroot${PLATFORM}/releases"
-
-        ## create the downloads && releases ZFS volumes
-        if [ ! -z "${VALIDRELEASE}" ]; then
-            if [ ! -d "${PLATFORM}"/downloads/"${RELEASE}" ]; then
-                /sbin/zfs create zroot"${PLATFORM}"/downloads/"${RELEASE}"
-            fi
-            if [ ! -d "${PLATFORM}"/releases/"${RELEASE}" ]; then
-                /sbin/zfs create zroot"${PLATFORM}"/releases/"${RELEASE}"
-            fi
-        
-            ## fetch && untar base.txz
-            if [ ! -f "${BASETXZPATH}" ]; then
-                /usr/bin/fetch "${UPSTREAMURL}" -o "${PLATFORM}/downloads/${RELEASE}"
-                /usr/bin/tar -C "${PLATFORM}/releases/${RELEASE}" -xf "${PLATFORM}/downloads/${RELEASE}/base.txz"
-            fi
-
-            ## freebsd-update && snapshot
-            env PAGER=/bin/cat /usr/sbin/freebsd-update -b "${PLATFORM}/releases/${RELEASE}" fetch install
-            /sbin/zfs snapshot "zroot${PLATFORM}/releases/${RELEASE}@$(date +%F)"
-        fi
-    fi
-fi
-
-if [ "$1" == "update" ]; then
-    env PAGER=/bin/cat /usr/sbin/freebsd-update -b "${PLATFORM}/releases/${RELEASE}" fetch install
-fi
-
-if [ "$1" == "snapshot" ]; then
-    /sbin/zfs snapshot "zroot${PLATFORM}/releases/${RELEASE}@$(date +%F)"
-fi

usr/local/bin/bbsd-cmd

@@ -1,31 +0,0 @@
-#!/bin/sh
-#
-# basic cmd targeting and execution
-
-if [ $# -gt 2 ] || [ $# -lt 2 ]; then
-    echo "Usage: bbsd-cmd [glob|ALL] 'quoted command'"
-    exit 1
-fi
-
-if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N | awk '!/JID/{print $1}')
-    echo "Targeting all containers."
-    echo
-    for jail in ${JAILS}; do
-        echo "${jail}:"
-        jexec ${jail} $2
-        echo
-    done
-fi
-
-if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N | awk '!/JID/{print $1}' | grep "$1")
-    echo "Targeting specified containers."
-    echo "${JAILS}"
-    echo
-    for jail in ${JAILS}; do
-        echo "${jail}:"
-        jexec ${jail} $2
-        echo
-    done
-fi

usr/local/bin/bbsd-create

@@ -1,74 +0,0 @@
-#!/bin/sh -x
-#
-# create a new jail
-
-if [ $# -lt 3 ] || [ $# -gt 3 ]; then
-    echo "Required: name repo release."
-    exit 1
-fi
-
-NAME="$1"
-TEMPLATE="$2"
-RELEASE="$3"
-
-PREFIX=/usr/local
-BASTILLE=${PREFIX}/bastille
-JAIL_BASE=${BASTILLE}/jails/${NAME}
-
-JAIL_ROOT=${JAIL_BASE}/root
-JAIL_CONF=${JAIL_BASE}/jail.conf
-PKGS_CONF=${JAIL_BASE}/pkgs.conf
-JAIL_JID=${JAIL_BASE}/${jail}.jid
-JAIL_FSTAB="${BASTILLE}/fstab/${NAME}.fstab"
-BASEJAIL="${BASTILLE}/releases/${RELEASE}"
-
-## create zfs volume
-if [ ! -d ${JAIL_ROOT} ]; then
-    echo "Creating Jail Base..."
-    zfs create -o mountpoint=${JAIL_BASE}\
-               -o compression=lz4\
-               -o atime=off zroot"${JAIL_BASE}"\
-    && echo "Created ZFS volume for jail...[OK]." || echo "Failure: ZFS volume creation."
-fi
-
-## clone template into volume
-if [ $(find "${JAIL_BASE}" -empty) ]; then
-    echo "Cloning template..."
-    git clone "${TEMPLATE}" "${JAIL_BASE}" || echo "Template cloning failed; exiting"
-    echo "Cloning release contents..."
-    /bin/cp -an "${BASEJAIL}/etc" "${JAIL_ROOT}"
-    /bin/cp -an "${BASEJAIL}/root" "${JAIL_ROOT}"
-fi
-
-## create fstab; IMPORTANT that this goes before pkgs (below)
-if [ ! -f ${JAIL_FSTAB} ]; then
-    /bin/cat << EOF > ${JAIL_FSTAB}
-${BASEJAIL}/bin ${JAIL_ROOT}/bin nullfs ro 0 0
-${BASEJAIL}/boot ${JAIL_ROOT}/boot nullfs ro 0 0
-${BASEJAIL}/lib ${JAIL_ROOT}/lib nullfs ro 0 0
-${BASEJAIL}/libexec ${JAIL_ROOT}/libexec nullfs ro 0 0
-${BASEJAIL}/rescue ${JAIL_ROOT}/rescue nullfs ro 0 0
-${BASEJAIL}/sbin ${JAIL_ROOT}/sbin nullfs ro 0 0
-${BASEJAIL}/usr/bin ${JAIL_ROOT}/usr/bin nullfs ro 0 0
-${BASEJAIL}/usr/include ${JAIL_ROOT}/usr/include nullfs ro 0 0
-${BASEJAIL}/usr/lib ${JAIL_ROOT}/usr/lib nullfs ro 0 0
-${BASEJAIL}/usr/libexec ${JAIL_ROOT}/usr/libexec nullfs ro 0 0
-${BASEJAIL}/usr/sbin ${JAIL_ROOT}/usr/sbin nullfs ro 0 0
-${BASEJAIL}/usr/share ${JAIL_ROOT}/usr/share nullfs ro 0 0
-${BASEJAIL}/usr/libdata ${JAIL_ROOT}/usr/libdata nullfs ro 0 0
-EOF
-echo "Writing jail fstab (basejail)...[OK]"
-fi
-
-## install pkgs
-if [ -s ${PKGS_CONF} ]; then
-    echo "Starting jail; installing pkgs..."
-    jail -c -f "${JAIL_CONF}" -J "${JAIL_JID}" ${NAME}
-    pfctl -f /etc/pf.conf
-    pkg -j ${NAME} install -y $(cat ${PKGS_CONF})
-    jail -r -f "${JAIL_CONF}" ${NAME}
-    echo "Stopping jail; installation complete."
-elif [ ! -s ${PKGS_CONF} ]; then
-    echo "pkgs.conf appears empty; not installing anything."
-    echo "complete"
-fi

usr/local/bin/bbsd-destroy

@@ -1,40 +0,0 @@
-#!/bin/sh
-#
-# destroy an existing jail
-
-JAIL_NAME=$1
-JAIL_PATH=$2
-PREFIX=/usr/local
-JLS_NAME="/usr/sbin/jls name"
-JLS_PATH="/usr/sbin/jls path"
-PLATFORM=${PREFIX}/bastille
-FSTAB_PATH=${PLATFORM}/fstab/$1.fstab
-JAIL_PATH=${PLATFORM}/jails/$1
-
-if [ $# -lt 2 ]; then
-    echo "Required: name path."
-    return 1
-fi
-
-if [ ! -d ${JAIL_PATH} ]; then
-    echo "Path (${JAIL_PATH}) not found."
-    return 1
-fi
-
-if [ $(${JLS_NAME} | grep ${JAIL_NAME}) ]; then
-    echo "Jail is running."
-    echo "Stop jail first with bbsd-stop ${JAIL_NAME}."
-    return 1
-fi
-
-if [ $(${JLS_PATH} | grep ${JAIL_PATH}) ]; then
-    echo "Jail is running."
-    echo "Stop jail first with bbsd-stop ${JAIL_NAME}."
-    return 1
-fi
-
-if [ -d ${JAIL_PATH} ]; then
-    zfs destroy -r zroot${JAIL_PATH} || echo "Unable to destroy zroot${JAIL_PATH}."
-    rm -rf ${JAIL_PATH} || echo "Unable to delete ${JAIL_PATH}."
-    echo "Jail destroyed. RIP."
-fi

usr/local/bin/bbsd-init-repo

@@ -1,42 +0,0 @@
-#!/bin/sh
-# (christer.edwards@gmail.com)
-# initialize a Bastille repo
-
-if [ $# -lt 1 ] || [ $# -gt 1 ]; then
-    echo "Usage: bbsd-init-repo /path/to/repo"
-    return 1
-fi
-
-REPOPATH=$1
-
-RODIRS="root/bin root/boot root/dev root/lib\
-        root/libexec root/rescue root/sbin\
-        root/usr/bin root/usr/include root/usr/lib\
-        root/usr/libdata root/usr/libexec\
-        root/usr/sbin root/usr/share root/tmp"
-
-RWDIRS="root/etc root/root root/usr/local root/var"
-
-bbsd_init_repo()
-{
-    local _dir
-
-    for _dir in ${RWDIRS}; do
-        mkdir -p "${REPOPATH}"/"${_dir}"
-    done
-
-    for _dir in ${RODIRS}; do
-        mkdir -p "${REPOPATH}"/"${_dir}"
-        cat << EOF > "${_dir}"/.gitignore
-# Ignore everything in this directory
-# All directory contents will be lost
-*
-# Except this file
-!.gitignore
-EOF
-done
-
-chmod 1777 root/tmp
-}
-
-bbsd_init_repo

usr/local/bin/bbsd-login

@@ -1,11 +0,0 @@
-#!/bin/sh
-#
-# jexec $1 /usr/bin/login -f root
-
-if [ $# -eq 1 ]; then
-    jexec $1 /usr/bin/login -f root
-fi
-
-if [ $# -eq 2 ]; then
-    jexec $1 /usr/bin/login -f $2
-fi

usr/local/bin/bbsd-pkg

@@ -1,31 +0,0 @@
-#!/bin/sh
-#
-# execute $2 inside targeted jail(s)
-
-if [ $# -gt 2 ] || [ $# -lt 2 ]; then
-    echo "Usage: bbsd-pkg [glob|ALL] 'package command'."
-    exit 1
-fi
-
-if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N | awk '!/JID/{print $1}')
-    echo "Targeting all containers."
-    echo
-    for i in ${JAILS}; do
-        echo "${i}:"
-        pkg -j "${i}" "$2"
-        echo
-    done
-fi
-
-if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N | awk '!/JID/{print $1}' | grep "$1")
-    echo "Targeting specified containers."
-    echo "${JAILS}"
-    echo
-    for i in ${JAILS}; do
-        echo "${i}:"
-        pkg -j "${i}" "$2"
-        echo
-    done
-fi

usr/local/bin/bbsd-restart

@@ -1,35 +0,0 @@
-#!/bin/sh
-# (christer.edwards@gmail.com)
-# restart jail
-
-if [ $# -lt 1 ]; then
-    printf "Required: jail name(s)."
-    exit 1
-fi
-
-ARGS=$*
-
-for jail in ${ARGS}; do
-    PREFIX=/usr/local
-    PLATFORM=${PREFIX}/bastille
-    JAIL_BASE=${PLATFORM}/jails/${jail}
-
-    JAIL_ROOT=${JAIL_BASE}/root
-    JAIL_CONF=${JAIL_BASE}/jail.conf
-    PKGS_CONF=${JAIL_BASE}/pkgs.conf
-    JAIL_JID=${JAIL_BASE}/${jail}.jid
-
-    err_msg() {
-        printf "ERROR:\t$@\n"
-    }
-
-    if [ ! -d ${JAIL_ROOT} ]; then
-	err_msg "Jail (${jail}) does not exist(?)."
-
-        [ ! -f ${JAIL_CONF} ] && err_msg "jail.conf not found."
-        [ ! -f ${PKGS_CONF} ] && err_msg "pkgs.conf not found."
-    fi
-    if [ -d ${JAIL_ROOT} ]; then
-        jail -rc -f "${JAIL_CONF}" ${jail}
-    fi
-done

usr/local/bin/bbsd-start

@@ -1,35 +0,0 @@
-#!/bin/sh
-# (christer.edwards@gmail.com)
-# start jail
-
-if [ $# -lt 1 ]; then
-    printf "Required: jail name(s)."
-    exit 1
-fi
-
-ARGS=$*
-
-for jail in ${ARGS}; do
-    PREFIX=/usr/local
-    PLATFORM=${PREFIX}/bastille
-    JAIL_BASE=${PLATFORM}/jails/${jail}
-
-    JAIL_ROOT=${JAIL_BASE}/root
-    JAIL_CONF=${JAIL_BASE}/jail.conf
-    PKGS_CONF=${JAIL_BASE}/pkgs.conf
-    JAIL_JID=${JAIL_BASE}/${jail}.jid
-
-    err_msg() {
-        printf "ERROR:\t$@\n"
-    }
-
-    if [ ! -d ${JAIL_ROOT} ]; then
-	err_msg "Jail (${jail}) does not exist(?)."
-    elif [ -d ${JAIL_ROOT} ]; then
-        jail -c -f "${JAIL_CONF}" -J "${JAIL_JID}" ${jail}
-        pfctl -f /etc/pf.conf
-        #if [ -s ${PKGS_CONF} ]; then
-        #    pkg -j ${jail} install -y $(cat ${PKGS_CONF})
-        #fi
-    fi
-done

usr/local/bin/bbsd-stop

@@ -1,32 +0,0 @@
-#!/bin/sh
-# (christer.edwards@gmail.com)
-# stop jail
-
-if [ $# -lt 1 ]; then
-    printf "Required: jail name(s)."
-    exit 1
-fi
-
-ARGS=$*
-
-for jail in ${ARGS}; do
-    PREFIX=/usr/local
-    PLATFORM=${PREFIX}/bastille
-    JAIL_BASE=${PLATFORM}/jails/${jail}
-
-    JAIL_ROOT=${JAIL_BASE}/root
-    JAIL_CONF=${JAIL_BASE}/jail.conf
-    PKGS_CONF=${JAIL_BASE}/pkgs.conf
-    JAIL_JID=${JAIL_BASE}/${jail}.jid
-
-    err_msg() {
-        printf "ERROR:\t$@\n"
-    }
-
-    if [ ! -d ${JAIL_ROOT} ]; then
-        err_msg "Jail (${jail}) does not exist(?)."
-    fi
-    if [ -d ${JAIL_ROOT} ]; then
-        jail -r -f ${JAIL_CONF} ${jail}
-    fi
-done

usr/local/bin/bbsd-top

@@ -1,5 +0,0 @@
-#!/bin/sh
-#
-# run top inside a jail
-
-/usr/bin/top -J $1