Merge pull request #8 from cedwards/master

0.3.20181114 fix all the things

README.md

@@ -26,6 +26,7 @@ Available Commands:
   start       Start a stopped jail.
   stop        Stop a running jail.
   sysrc       Safely edit rc files within targeted jail(s).
+  template    Apply Bastille template to running jail(s).
   top         Display and update information about the top(1) cpu processes.
   update      Update jail base -pX release.
   upgrade     Upgrade jail release to X.Y-RELEASE.
@@ -130,7 +131,7 @@ release version as the argument.
 
 ```shell
 ishmael ~ # bastille bootstrap 11.2-RELEASE
-ishmael ~ # bastille bootstrap 10.4-RELEASE
+ishmael ~ # bastille bootstrap 12.0-RELEASE
 ```
 
 This command will ensure the required directory structures are in place and
@@ -440,6 +441,86 @@ Note: jail console logs not destroyed.
 
 ```
 
+bastille template
+-----------------
+Bastille supports a templating system allowing you to apply files, pkgs and
+execute commands inside the jail automatically.
+
+Currently supported template hooks are: `PRE`, `CONFIG`, `PKG`, `SYSRC`, `CMD`.
+Planned template hooks include: `FSTAB`, `PF`
+
+Templates are created in `${bastille_prefix}/templates` and can leverage any of
+the template hooks. Simply create a new directory named after the template. eg;
+
+```shell
+mkdir -p /usr/local/bastille/templates/base
+```
+
+To leverage a template hook, create an UPPERCASE file in the root of the
+template directory named after the hook you want to execute. eg;
+
+```shell
+echo "zsh vim-console git-lite htop" > /usr/local/bastille/templates/base/PKG
+echo "/usr/bin/chsh -s /usr/local/bin/zsh" > /usr/local/bastille/templates/base/CMD
+echo "etc root usr" > /usr/local/bastille/templates/base/CONFIG
+```
+
+Template hooks are executed in specific order and require specific syntax to
+work as expected. This table outlines those requirements:
+
+| HOOK    | format           | example                              |
+|---------|------------------|--------------------------------------|
+| PRE/CMD | /bin/sh command  | /usr/bin/chsh -s /usr/local/bin/zsh  |
+| CONFIG  | path             | etc root usr                         |
+| PKG     | port/pkg name(s) | vim-console zsh git-lite tree htop   |
+| SYSRC   | sysrc command(s) | nginx_enable="YES" nginx_flags="..." |
+
+In addition to supporting template hooks, Bastille supports overlaying files
+into the jail. This is done by placing the files in their full path, using the
+template directory as "/".
+
+An example here may help. Think of `/usr/local/bastille/templates/base`, our
+example template, as the root of our filesystem overlay. If you create an
+`etc/hosts` or `etc/resolv.conf` *inside* the base template directory, these
+can be overlayed into your jail.
+
+Note: due to the way FreeBSD segregates user-space, the majority of your
+overlayed template files will be in `usr/local`. The few general
+exceptions are the `etc/hosts`, `etc/resolv.conf`, and `etc/rc.conf.local`.
+
+After populating `usr/local/` with custom config files that your jail will
+use, be sure to include `usr` in the template CONFIG definition. eg;
+
+```shell
+echo "etc usr" > /usr/local/bastille/templates/base/CONFIG
+```
+
+The above example "etc usr" will include anything under "etc" and "usr" inside
+the template. You do not need to list individual files. Just include the
+top-level directory name.
+
+Applying Templates
+------------------
+
+Jails must be running to apply templates.
+
+Bastille includes a `template` sub-command. This sub-command requires a target
+and a template name. As covered in the previous section, template names
+correspond to directory names in the `bastille/templates` directory.
+
+```shell
+ishmael ~ # bastille template folsom base
+[folsom]:
+Copying files...
+Copy complete.
+Installing packages.
+...[snip]...
+Executing final command(s).
+chsh: user information updated
+Template Complete.
+
+```
+
 
 bastille top
 ------------

ROADMAP.md

@@ -0,0 +1,45 @@
+Bastille Roadmap
+================
+This is the general roadmap for the next nine months. I would like the
+near-term done by the end of 2018. The mid-term should be done by March 2019.
+The long-term by summer 2019.
+
+At that point, if the templating is mature, and the top 50 is complete, the
+platform is ready for general purpose use. 
+
+
+near-term
+---------
+1. zfs support (configurable)
+2. bastille-dev template (see below):
+```shell
+## jail -c name=foo host.hostname=foo allow.raw_sockets children.max=99 
+## ip4.addr=10.20.12.68 persist
+## jexec foo /bin/csh
+## foo# jail -c name=bar host.hostname=bar allow.raw_sockets 
+## ip4.addr=10.20.12.68 persist
+## foo# jexec bar /bin/csh
+## bar# ping gritton.org
+```
+3. branding
+
+
+mid-term
+--------
+1. templating
+2. ssh-to-jail demo (ie; ldap + .authorized_keys + command)
+```shell
+## TODO: .ssh/authorized_keys auto-launch into user jail
+## jail_create_login_hook() {
+##     echo "permit nopass ${user} cmd /usr/sbin/jexec args ${name} /usr/bin/login -f ${user}" >> /usr/local/etc/doas.conf
+##     echo "command='/usr/local/bin/doas /usr/sbin/jexec ${name} /usr/bin/login -f ${user}' ${pubkey}" >> $HOME/.ssh/authorized_keys
+## }
+```
+3. additional modules: ps, sockstat, pf, fstab.
+
+
+long-term
+---------
+1. top 50
+2. monitoring
+3. rctl

TODO

@@ -1,29 +0,0 @@
-# TODO
-
-##This is just a place to throw down the ideas of things I need to fix and or
-##improve. In no particular order.
-##
-##+ ZFS or UFS support
-##+ Support for multi-jail templating (create, snapshot, deploy)
-##+ jail.conf validation support in `create`
-##+ Dynamic config support for templating
-##+ 
-
-##Bastille in Bastille
-##--------------------
-## found on mailing list archive. need to research
-
-## jail -c name=foo host.hostname=foo allow.raw_sockets children.max=99 
-## ip4.addr=10.20.12.68 persist
-## jexec foo /bin/csh
-## foo# jail -c name=bar host.hostname=bar allow.raw_sockets 
-## ip4.addr=10.20.12.68 persist
-## foo# jexec bar /bin/csh
-## bar# ping gritton.org
-
-## TODO: .ssh/authorized_keys auto-launch into user jail
-## jail_create_login_hook() {
-##     echo "permit nopass ${user} cmd /usr/sbin/jexec args ${name} /usr/bin/login -f ${user}" >> /usr/local/etc/doas.conf
-##     echo "command='/usr/local/bin/doas /usr/sbin/jexec ${name} /usr/bin/login -f ${user}' ${pubkey}" >> $HOME/.ssh/authorized_keys
-## }
-

usr/local/bin/bastille

@@ -28,11 +28,13 @@
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+SAVED_TERM=$TERM
+
 . /usr/local/share/bastille/colors.pre.sh
 . /usr/local/etc/bastille/bastille.conf
 
 ## version
-BASTILLE_VERSION="0.3.20181107"
+BASTILLE_VERSION="0.3.20181114"
 
 
 usage() {
@@ -58,6 +60,7 @@ Available Commands:
   start       Start a stopped container.
   stop        Stop a running container.
   sysrc       Safely edit rc files within targeted container(s).
+  template    Apply file templates to targeted jail(s).
   top         Display and update information about the top(1) cpu processes.
   update      Update container base -pX release.
   upgrade     Upgrade container release to X.Y-RELEASE.
@@ -73,7 +76,6 @@ EOF
 
 CMD=$1
 shift
-CMD_ENV=
 
 # Handle special-case commands first.
 case "${CMD}" in
@@ -88,38 +90,20 @@ esac
 
 # Filter out all non-commands
 case "${CMD}" in
-cmd|console|cp|create|destroy|list|pkg|restart|start|stop|sysrc|verify)
+cmd|cp|create|destroy|list|pkg|restart|start|stop|sysrc|template|verify)
 	;;
 update|upgrade)
-	CMD_ENV="${CMD_ENV} PAGER=cat"
 	;;
 console|bootstrap|htop|top)
-	while read envvar envvalue; do
-		case "${envvar}" in
-			TERM)
-				CMD_ENV="${CMD_ENV} ${envvar}=${envvalue}"
-				;;
-		esac
-	done <<-EOF
-	$(env | sed -Ee 's,^([^=]*)=(.*),\1 \2,')
-	EOF
-	;;
+    ;;
 bootstrap|update|upgrade)
-	while read envvar envvalue; do
-		case "${envvar}" in
-			FETCH_BIND_ADDRESS|FTP_*|ftp_*|HTTP_*|http_*|SSL_|NO_PROXY|no_proxy|MAKEOBJDIRPREFIX)
-				CMD_ENV="${CMD_ENV} ${envvar}=${envvalue}"
-				;;
-		esac
-	done <<-EOF
-	$(env | sed -Ee 's,^([^=]*)=(.*),\1 \2,')
-	EOF
 	;;
 *)
 	usage
 	;;
 esac
 
+
 SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
 
 : ${UMASK:=022}
@@ -127,4 +111,4 @@ umask ${UMASK}
 
 : ${SH:=sh}
 
-exec env -i ${CMD_ENV} ${SH} "${SCRIPTPATH}" "$@"
+exec ${SH} "${SCRIPTPATH}" "$@"

usr/local/etc/bastille/bastille.conf

@@ -7,4 +7,5 @@ bastille_cachedir=${bastille_prefix}/cache
 bastille_jailsdir=${bastille_prefix}/jails
 bastille_logsdir=${bastille_prefix}/logs
 bastille_releasesdir=${bastille_prefix}/releases
+bastille_templatesdir=${bastille_prefix}/templates
 bastille_sharedir=/usr/local/share/bastille

usr/local/etc/rc.d/bastille

@@ -29,8 +29,8 @@ load_rc_config ${name}
 start_cmd=bastille_start
 stop_cmd=bastille_stop
 
-start_command="%%$PREFIX%%/bin/bastille start"
-stop_command="%%$PREFIX%%/bin/bastille stop"
+start_command="%%PREFIX%%/bin/bastille start"
+stop_command="%%PREFIX%%/bin/bastille stop"
 
 bastille_start()
 {

usr/local/share/bastille/bootstrap.sh

@@ -110,18 +110,22 @@ case "${RELEASE}" in
 	;;
 12.0-BETA1)
     bootstrap
-    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
 	;;
 12.0-BETA2)
     bootstrap
-    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
 	;;
 12.0-BETA3)
     bootstrap
-    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
+	;;
+12.0-BETA4)
+    bootstrap
+    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
 	;;
 *)
-    echo -e "${COLOR_RED}BETA releases are complete untested.${COLOR_RESET}"
+    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
     usage
     ;;
 esac

usr/local/share/bastille/cmd.sh

@@ -56,5 +56,5 @@ fi
 for _jail in ${JAILS}; do
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     jexec -l ${_jail} $2
-    echo -e "${NC}"
+    echo
 done

usr/local/share/bastille/console.sh

@@ -56,5 +56,5 @@ fi
 for _jail in ${JAILS}; do
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     jexec -l ${_jail} /usr/bin/login -f root
-    echo -e "${NC}"
+    echo
 done

usr/local/share/bastille/cp.sh

@@ -58,5 +58,5 @@ for _jail in ${JAILS}; do
     bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     cp -a "$2" "${bastille_jail_path}/$3"
-    echo -e "${COLOR_RESET}"
+    echo
 done

usr/local/share/bastille/create.sh

@@ -70,8 +70,8 @@ create_jail() {
 
     if [ ! -d "${bastille_jail_base}" ]; then
         mkdir -p "${bastille_jail_base}"
-        mkdir -p "${bastille_jail_path}/usr"
         mkdir -p "${bastille_jail_path}/usr/home"
+        mkdir -p "${bastille_jail_path}/usr/local"
     fi
 
     if [ ! -d "${bastille_jail_template}" ]; then
@@ -97,9 +97,9 @@ create_jail() {
     ## ro
     cd "${bastille_jail_path}"
     echo
-    echo -e "${COLOR_GREEN}RELEASE: ${RELEASE}.${COLOR_RESET}"
     echo -e "${COLOR_GREEN}NAME: ${NAME}.${COLOR_RESET}"
     echo -e "${COLOR_GREEN}IP: ${IP}.${COLOR_RESET}"
+    echo -e "${COLOR_GREEN}RELEASE: ${RELEASE}.${COLOR_RESET}"
     echo
 
     for _link in bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share usr/src; do
@@ -107,7 +107,7 @@ create_jail() {
     done
 
     ## link home properly
-    ln -sf usr/home home
+    ln -s usr/home home
 
     ## rw
     cp -a "${bastille_releasesdir}/${RELEASE}/.cshrc" "${bastille_jail_path}"
@@ -135,8 +135,7 @@ create_jail() {
     fi
 
     ## TZ: UTC
-    ln -s "/usr/share/zoneinfo/Etc/UTC ${bastille_jail_root}/etc/localtime"
-    ln -s "/.template/usr/local ${bastille_jail_root}/usr/local"
+    ln -s /usr/share/zoneinfo/Etc/UTC etc/localtime
 }
 
 # Handle special-case commands first.
@@ -174,12 +173,6 @@ if [ -d "/usr/local/bastille/jails/${NAME}/root/.bastille" ]; then
     exit 1
 fi
 
-## check for name/root/.template
-if [ -d "/usr/local/bastille/jails/${NAME}/root/.template" ]; then
-    echo -e "${COLOR_RED}Jail: ${NAME} already created. ${NAME}/root/.template exists.${COLOR_RESET}"
-    exit 1
-fi
-
 ## check if a running jail matches name
 if running_jail ${NAME}; then
     echo -e "${COLOR_RED}Running jail matches name.${COLOR_RESET}"

usr/local/share/bastille/freebsd_dist_fetch.sh

@@ -1,6 +1,9 @@
 #!/bin/sh
+# https://pastebin.com/T6eThbKu
 
 DEVICE_SELF_SCAN_ALL=NO
+DIALOG_BACKTITLE="BastilleBSD"
+DIALOG_TITLE="bootstrap"
 [ "$_SCRIPT_SUBR" ] || . /usr/share/bsdconfig/script.subr
 usage(){ echo "Usage: ${0##*/} [-r releaseName] [dists ...]" >&2; exit 1; }
 while getopts hr: flag; do
@@ -21,13 +24,13 @@ REL_DIST=/usr/local/bastille/cache/$releaseName
 download() # $src to $dest
 {
 	size=$( f_device_get device_media "$1" $PROBE_SIZE )
-	f_device_get device_media "$1" | dpv -kb "BastilleBSD" \
-		-t "bootstrap" -p "Downloading $releaseName" \
+	f_device_get device_media "$1" | dpv -kb "$DIALOG_BACKTITLE" \
+		-t "$DIALOG_TITLE" -p "Downloading $releaseName" \
 		-o "$3" "$size:$1"
 }
 sign() # $file
 {
-	dpv -kb "BastilleBSD" -t "bootstrap" \
+	dpv -kb "$DIALOG_BACKTITLE" -t "$DIALOG_TITLE" \
 		-p "Signing $releaseName" -mx "sha256 >&2" \
 		"$size:${1##*/}" "$1" 2>&1 >&$TERMINAL_STDOUT_PASSTHRU
 }

usr/local/share/bastille/htop.sh

@@ -64,3 +64,5 @@ for _jail in ${JAILS}; do
     fi
     echo -e "${COLOR_RESET}"
 done
+
+TERM=${SAVED_TERM}

usr/local/share/bastille/list.sh

@@ -29,9 +29,10 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 . /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
 
 usage() {
-    echo -e "${COLOR_RED}Usage: bastille list.${COLOR_RESET}"
+    echo -e "${COLOR_RED}Usage: bastille list [release|template|jail|log].${COLOR_RESET}"
     exit 1
 }
 
@@ -45,6 +46,18 @@ if [ $# -gt 0 ]; then
     help|-h|--help)
         usage
         ;;
+    release|releases)
+        ls "${bastille_releasesdir}"
+        ;;
+    template|templates)
+        ls "${bastille_templatesdir}"
+        ;;
+    jail|jails)
+        ls "${bastille_jailsdir}"
+        ;;
+    log|logs)
+        ls "${bastille_logsdir}"
+        ;;
     *)
         usage
         ;;

usr/local/share/bastille/pkg.sh

@@ -56,5 +56,5 @@ fi
 for _jail in ${JAILS}; do
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     jexec -l ${_jail} /usr/sbin/pkg $2
-    echo -e "${COLOR_RESET}"
+    echo
 done

usr/local/share/bastille/service.sh

@@ -57,5 +57,5 @@ fi
 for _jail in ${JAILS}; do
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     jexec -l ${_jail} /usr/sbin/service $2
-    echo -e "${COLOR_RESET}"
+    echo
 done

usr/local/share/bastille/start.sh

@@ -62,7 +62,7 @@ fi
 for _jail in ${JAILS}; do
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -c ${_jail}
-    echo -e "${COLOR_RESET}"
+    echo
 done
 
 ## HUP the firewall

usr/local/share/bastille/stop.sh

@@ -57,7 +57,7 @@ fi
 for _jail in ${JAILS}; do
     echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
     jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r ${_jail}
-    echo -e "${COLOR_RESET}"
+    echo
 done
 
 ## HUP the firewall

usr/local/share/bastille/template.sh

@@ -0,0 +1,116 @@
+#!/bin/sh
+# 
+# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# All rights reserved.
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 
+# * Redistributions of source code must retain the above copyright notice, this
+#   list of conditions and the following disclaimer.
+# 
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+# 
+# * Neither the name of the copyright holder nor the names of its
+#   contributors may be used to endorse or promote products derived from
+#   this software without specific prior written permission.
+# 
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+. /usr/local/share/bastille/colors.pre.sh
+. /usr/local/etc/bastille/bastille.conf
+
+usage() {
+    echo -e "${COLOR_RED}Usage: bastille template [ALL|glob] template.${COLOR_RESET}"
+    exit 1
+}
+
+# Handle special-case commands first.
+case "$1" in
+help|-h|--help)
+    usage
+    ;;
+esac
+
+if [ $# -gt 2 ] || [ $# -lt 2 ]; then
+    usage
+fi
+
+if [ "$1" = 'ALL' ]; then
+    JAILS=$(jls -N name)
+fi
+if [ "$1" != 'ALL' ]; then
+    JAILS=$(jls -N name | grep "$1")
+fi
+
+TEMPLATE=$2
+bastille_template=${bastille_templatesdir}/${TEMPLATE}
+
+for _jail in ${JAILS}; do
+    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+
+    ## pre
+    if [ -s "${bastille_template}/PRE" ]; then
+        echo -e "${COLOR_GREEN}Executing PRE-command(s).${COLOR_RESET}"
+        bastille_templatepre=$(cat "${bastille_template}/PRE")
+        jexec -l "${_jail}" /bin/sh "${bastille_templatepre}"
+    fi
+
+    ## config
+    if [ -s "${bastille_template}/CONFIG" ]; then
+        echo -e "${COLOR_GREEN}Copying files...${COLOR_RESET}"
+        for _dir in $(cat "${bastille_template}/CONFIG"); do
+            cp -a "${bastille_template}/${_dir}" "${bastille_jailsdir}/${_jail}/root"
+        done
+        echo -e "${COLOR_GREEN}Copy complete.${COLOR_RESET}"
+    fi
+
+    ## fstab
+    if [ -s "${bastille_template}/FSTAB" ]; then
+        bastille_templatefstab=$(cat "${bastille_template}/FSTAB")
+        echo -e "${COLOR_GREEN}Updating fstab.${COLOR_RESET}"
+    fi
+
+    ## pf
+    if [ -s "${bastille_template}/PF" ]; then
+        bastille_templatepf=$(cat "${bastille_template}/PF")
+        echo -e "${COLOR_GREEN}Generating PF profile.${COLOR_RESET}"
+    fi
+
+    ## pkg (bootstrap + pkg)
+    if [ -s "${bastille_template}/PKG" ]; then
+        bastille_templatepkg=$(cat "${bastille_template}/PKG")
+        echo -e "${COLOR_GREEN}Installing packages.${COLOR_RESET}"
+        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg bootstrap
+        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg audit -F
+        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg install -y ${bastille_templatepkg}
+    fi
+
+    ## sysrc
+    if [ -s "${bastille_template}/SYSRC" ]; then
+        bastille_templatesys=$(cat "${bastille_template}/SYSRC")
+        echo -e "${COLOR_GREEN}Updating services.${COLOR_RESET}"
+        jexec -l ${_jail} /usr/sbin/sysrc ${bastille_templatesys}
+    fi
+
+    ## cmd
+    if [ -s "${bastille_template}/CMD" ]; then
+        bastille_templatecmd=$(cat "${bastille_template}/CMD")
+        echo -e "${COLOR_GREEN}Executing final command(s).${COLOR_RESET}"
+        jexec -l ${_jail} ${bastille_templatecmd}
+    fi
+    echo -e "${COLOR_GREEN}Template Complete.${COLOR_RESET}"
+    echo
+    echo
+done

usr/local/share/bastille/top.sh

@@ -59,3 +59,5 @@ for _jail in ${JAILS}; do
     jexec -l ${_jail} /usr/bin/top
     echo -e "${COLOR_RESET}"
 done
+
+TERM=${SAVED_TERM}