Merge pull request #20 from cedwards/master

0.3.20181124 patch
2018-11-24 10:05:15 -07:00 · 2018-11-24 09:55:16 -07:00 · 2018-11-20 22:05:42 -07:00 · 2018-11-20 22:04:58 -07:00 · 2018-11-20 21:49:36 -07:00 · 2018-11-20 21:43:54 -07:00
27 changed files with 469 additions and 154 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
 docs/_build
--- a/README.md
+++ b/README.md
@@ -4,9 +4,39 @@ Bastille is a jail automation framework that allows you to quickly and
 easily create and manage FreeBSD jail.
 Installation
 ------------
 Bastille is not (yet) in the official ports tree, but I have built and verified
 binary packages.
 To install using one of the BETA binary packages, copy the URL for the latest
 release here (TXZ file): https://github.com/bastillebsd/bastille/releases
 Then, install via `pkg`. 
 Example:
 ```shell
 pkg add https://github.com/BastilleBSD/bastille/releases/download/0.3.20181120/bastille-0.3.20181120.txz
 ```
 BETA binary packages are signed. These can be verified with this pubkey:
 ```
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq28OLDhJ12JmsKKcJpnn
 pCW3fFYBNI1BtdvTvFx57ZXvQ2qecBvnR9+XWi83hKS9ALTKZI6CLC2uTv1fIsZl
 u6rDRRNZwZFfITACSfwI+7UObMXz3oBZjk94J3rIegk49EyjDswKdVWv5k1EiVXF
 SAwXSl2kA2hGfQJkj5NS4nrfoRBc0z6fm+BGdNuHKSTmeZh1dbLEHt9EArD20DJ7
 HIr8vUSPLwONeqJCBFA/MeDO+GpwtwA/ldc2ZZy1RCPctdC2NeiGW7oy1yVDu6wp
 mHCq8qDfmCx5Aex84rWUf9iH8TM92AWmegTaz2p+BgESctpjNRCUuSEwOCBIO6g5
 3wIDAQAB
 -----END PUBLIC KEY-----
 ```
 Basic Usage
 -----------
-```
+```shell
 ishmael ~ # bastille -h
 Usage:
  bastille command [ALL|glob] [args]
@@ -52,7 +82,7 @@ the firewall, permitting and denying traffic as needed.
 First, create the loopback interface:
 ```shell
-ishmael ~ # sysrc cloned_interfaces="lo1"
+ishmael ~ # sysrc cloned_interfaces+=lo1
 ishmael ~ # service netif cloneup
 ```
@@ -473,7 +503,9 @@ work as expected. This table outlines those requirements:
 | PRE/CMD | /bin/sh command  | /usr/bin/chsh -s /usr/local/bin/zsh  |
 | CONFIG  | path             | etc root usr                         |
 | PKG     | port/pkg name(s) | vim-console zsh git-lite tree htop   |
-| SYSRC   | sysrc command(s) | nginx_enable="YES" nginx_flags="..." |
+| SYSRC   | sysrc command(s) | nginx_enable=YES                     |
 Note: SYSRC requires NO quotes or that quotes (`"`) be escaped. ie; `\"`)
 In addition to supporting template hooks, Bastille supports overlaying files
 into the jail. This is done by placing the files in their full path, using the
@@ -838,8 +870,25 @@ rdr pass inet proto tcp from any to any port 8081 -> 10.7.6.5 port 8080
 rdr pass inet proto tcp from any to any port 8181 -> 10.7.6.5 port 443
 ```
-Tip: Initially I spent time worrying about what IP addresses to assign. In the
+Tip #3:
 -------
 Don't worry too much about IP assignments.
 Initially I spent time worrying about what IP addresses to assign. In the
 end I've come to the conclusion that it _really_ doesn't matter. Pick *any*
 private address and be done with it. These are all isolated networks. In the
 end, what matters is you can map host:port to jail:port reliably, and we
 can.
 Community Support
 =================
 We would love to hear your feedback on Bastille! Please join us on the
 [BastilleBSD Chat Server](https://chat.bastillebsd.org) and let us know what
 you think. Registration is currently open pending email verification. 
 Be mindful of the [Bastille Code of
 Conduct](https://github.com/BastilleBSD/bastille/blob/master/CODE-OF-CONDUCT.md)
 when participating in the chat rooms.
 If you've found a bug in Bastille, please submit it to the [Bastille Issue
 Tracker](https://github.com/bastillebsd/bastille/issues/new).
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -0,0 +1,19 @@
 # Minimal makefile for Sphinx documentation
 #
 # You can set these variables from the command line.
 SPHINXOPTS    =
 SPHINXBUILD   = sphinx-build
 SOURCEDIR     = .
 BUILDDIR      = _build
 # Put it first so that "make" without argument is like "make help".
 help:
 	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 .PHONY: help Makefile
 # Catch-all target: route all unknown targets to Sphinx using the new
 # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
 %: Makefile
 	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
--- a/docs/README.md
+++ b/docs/README.md
@@ -0,0 +1 @@
 ../README.md
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -0,0 +1,185 @@
 # -*- coding: utf-8 -*-
 #
 # Configuration file for the Sphinx documentation builder.
 #
 # This file does only contain a selection of the most common options. For a
 # full list see the documentation:
 # http://www.sphinx-doc.org/en/master/config
 # -- Path setup --------------------------------------------------------------
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
 #
 # import os
 # import sys
 # sys.path.insert(0, os.path.abspath('.'))
 import os
 on_rtd = os.environ.get('READTHEDOCS') == 'True'
 if on_rtd:
    html_theme = 'default'
 else:
    html_theme = 'sphinx_rtd_theme'
 # -- Project information -----------------------------------------------------
 project = 'Bastille'
 copyright = '2018, Christer Edwards'
 author = 'Christer Edwards'
 # The short X.Y version
 version = '0.3'
 # The full version, including alpha/beta/rc tags
 release = 'beta'
 # -- General configuration ---------------------------------------------------
 # If your documentation needs a minimal Sphinx version, state it here.
 #
 # needs_sphinx = '1.0'
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
 ]
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
 # The suffix(es) of source filenames.
 # You can specify multiple suffix as a list of string:
 #
 # source_suffix = ['.rst', '.md']
 source_suffix = '.md'
 from recommonmark.parser import CommonMarkParser
 source_parsers = {
    '.md': CommonMarkParser,
 }
 # The master toctree document.
 master_doc = 'README'
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
 language = None
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
 # This pattern also affects html_static_path and html_extra_path.
 exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
 # The name of the Pygments (syntax highlighting) style to use.
 pygments_style = None
 # -- Options for HTML output -------------------------------------------------
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #
 ##html_theme = 'alabaster'
 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the
 # documentation.
 #
 # html_theme_options = {}
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
 html_static_path = ['_static']
 # Custom sidebar templates, must be a dictionary that maps document names
 # to template names.
 #
 # The default sidebars (for documents that don't match any pattern) are
 # defined by theme itself.  Builtin themes are using these templates by
 # default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
 # 'searchbox.html']``.
 #
 # html_sidebars = {}
 # -- Options for HTMLHelp output ---------------------------------------------
 # Output file base name for HTML help builder.
 htmlhelp_basename = 'Bastilledoc'
 # -- Options for LaTeX output ------------------------------------------------
 latex_elements = {
    # The paper size ('letterpaper' or 'a4paper').
    #
    # 'papersize': 'letterpaper',
    # The font size ('10pt', '11pt' or '12pt').
    #
    # 'pointsize': '10pt',
    # Additional stuff for the LaTeX preamble.
    #
    # 'preamble': '',
    # Latex figure (float) alignment
    #
    # 'figure_align': 'htbp',
 }
 # Grouping the document tree into LaTeX files. List of tuples
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
    (master_doc, 'Bastille.tex', 'Bastille Documentation',
     'Christer Edwards', 'manual'),
 ]
 # -- Options for manual page output ------------------------------------------
 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
 man_pages = [
    (master_doc, 'bastille', 'Bastille Documentation',
     [author], 1)
 ]
 # -- Options for Texinfo output ----------------------------------------------
 # Grouping the document tree into Texinfo files. List of tuples
 # (source start file, target name, title, author,
 #  dir menu entry, description, category)
 texinfo_documents = [
    (master_doc, 'Bastille', 'Bastille Documentation',
     author, 'Bastille', 'One line description of project.',
     'Miscellaneous'),
 ]
 # -- Options for Epub output -------------------------------------------------
 # Bibliographic Dublin Core info.
 epub_title = project
 # The unique identifier of the text. This can be a ISBN number
 # or the project homepage.
 #
 # epub_identifier = ''
 # A unique identification for the text.
 #
 # epub_uid = ''
 # A list of files that should not be packed into the epub file.
 epub_exclude_files = ['search.html']
--- a/docs/index.rst.sample
+++ b/docs/index.rst.sample
@@ -0,0 +1,20 @@
 .. Bastille documentation master file, created by
   sphinx-quickstart on Tue Nov 20 20:48:22 2018.
   You can adapt this file completely to your liking, but it should at least
   contain the root `toctree` directive.
 Welcome to Bastille's documentation!
 ====================================
 .. toctree::
   :maxdepth: 2
   :caption: Contents:
 Indices and tables
 ==================
 * :ref:`genindex`
 * :ref:`modindex`
 * :ref:`search`
--- a/usr/local/bin/bastille
+++ b/usr/local/bin/bastille
@@ -28,14 +28,11 @@
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 SAVED_TERM=$TERM
 . /usr/local/share/bastille/colors.pre.sh
 . /usr/local/etc/bastille/bastille.conf
 ## version
-BASTILLE_VERSION="0.3.20181114"
+BASTILLE_VERSION="0.3.20181124"
 usage() {
    cat << EOF
@@ -103,7 +100,6 @@ bootstrap|update|upgrade)
 	;;
 esac
 SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
 : ${UMASK:=022}
--- a/usr/local/etc/rc.d/bastille
+++ b/usr/local/etc/rc.d/bastille
@@ -2,8 +2,6 @@
 # $FreeBSD: $
 #
 # Bastille startup script
 #
 # PROVIDE: bastille
 # REQUIRE: LOGIN
 # KEYWORD: shutdown
@@ -19,47 +17,29 @@
 . /etc/rc.subr
 name=bastille
-rcvar=bastille_enable
+rcvar=${name}_enable
-load_rc_config ${name}
+command="/usr/local/bin/${name}"
 start_cmd="${name}_start"
 stop_cmd="${name}_stop"
 : ${bastille_enable:=NO}
-: ${bastille_list:=""}
+: ${bastille_list:="ALL"}
 start_cmd=bastille_start
 stop_cmd=bastille_stop
 start_command="%%PREFIX%%/bin/bastille start"
 stop_command="%%PREFIX%%/bin/bastille stop"
 bastille_start()
 {
    if [ ! -n "${bastille_list}" ]; then
        echo "${bastille_list} is undefined"
        return 1
    fi
    local _jail
    for _jail in ${bastille_list}; do
-        echo "Starting Bastille Jail: ${_jail}"
+        ${command} start ${_jail}
        ${start_command} ${_jail}
    done
 }
 bastille_stop()
 {
    if [ ! -n "${bastille_list}" ]; then
        echo "${bastille_list} is undefined"
        return 1
    fi
    local _jail
    for _jail in ${bastille_list}; do
-        echo "Stopping Bastille Jail: ${_jail}"
+        ${command} stop ${_jail}
        ${stop_command} ${_jail}
    done
 }
-run_rc_command "$1"
+load_rc_config ${name}
 run_rc_command "$@"
--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -46,36 +46,42 @@ esac
 RELEASE=$1
 bootstrap() {
-    ### create $bastille_base/release/$release directory
+    ## ensure required directories are in place
    ### fetch $release/base.txz -o $bastille_base/cache/$release/base.txz
    ### extract $release/base.txz to $bastille_base/release/$release
    if [ ! -d ${bastille_jailsdir} ]; then
        mkdir -p ${bastille_jailsdir}
    fi
    if [ ! -d ${bastille_logsdir} ]; then
        mkdir -p ${bastille_logsdir}
    fi
-    if [ ! -d ${bastille_cachedir}/${RELEASE} ]; then
+    if [ ! -d ${bastille_templatesdir} ]; then
-        mkdir -p ${bastille_cachedir}/${RELEASE}
+        mkdir -p ${bastille_templatesdir}
    fi
    if [ ! -d "${bastille_cachedir}/${RELEASE}" ]; then
        mkdir -p "${bastille_cachedir}/${RELEASE}"
    fi
-    if [ ! -d ${bastille_releasesdir}/${RELEASE} ]; then
+    ### create $bastille_base/release/$release directory
-        mkdir -p ${bastille_releasesdir}/${RELEASE}
+    ### fetch $release/base.txz -o $bastille_base/cache/$release/base.txz
    ### fetch $release/lib32.txz -o $bastille_base/cache/$release/lib32.txz
    ### extract $release/base.txz to $bastille_base/release/$release
    ### extract $release/lib32.txz to $bastille_base/release/$release
    if [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then
        mkdir -p "${bastille_releasesdir}/${RELEASE}"
        sh ${bastille_sharedir}/freebsd_dist_fetch.sh -r ${RELEASE} base lib32
        echo
        echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} base.txz.${COLOR_RESET}"
-        /usr/bin/tar -C ${bastille_releasesdir}/${RELEASE} -xf ${bastille_cachedir}/${RELEASE}/base.txz
+        /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/base.txz"
        echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} lib32.txz.${COLOR_RESET}"
-        /usr/bin/tar -C ${bastille_releasesdir}/${RELEASE} -xf ${bastille_cachedir}/${RELEASE}/lib32.txz
+        /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/lib32.txz"
-	    echo -e "${COLOR_GREEN}Bootstrap successful.${COLOR_RESET}"
+        echo -e "${COLOR_GREEN}Bootstrap successful.${COLOR_RESET}"
-	    echo -e "${COLOR_GREEN}See 'bastille --help' for available commands.${COLOR_RESET}"
+        echo -e "${COLOR_GREEN}See 'bastille --help' for available commands.${COLOR_RESET}"
-	    echo
+        echo
    else
        echo -e "${COLOR_RED}Bootstrap appears complete.${COLOR_RESET}"
-	exit 1
+        exit 1
    fi
 }
@@ -83,31 +89,34 @@ bootstrap() {
 case "${RELEASE}" in
 10.1-RELEASE)
    bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 10.2-RELEASE)
    bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.2-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 10.3-RELEASE)
    bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.3-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 10.4-RELEASE)
    bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 10.4-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 11.0-RELEASE)
    bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 11.0-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 11.1-RELEASE)
    bootstrap
-    echo -e "${COLOR_RED}This release is End of Life. No security updates.${COLOR_RESET}"
+    echo -e "${COLOR_RED}WARNING: FreeBSD 11.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
 	;;
 11.2-RELEASE)
    bootstrap
 	;;
 12.0-RELEASE)
    bootstrap
 	;;
 12.0-BETA1)
    bootstrap
    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
@@ -124,8 +133,19 @@ case "${RELEASE}" in
    bootstrap
    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
 	;;
 12.0-RC1)
    bootstrap
    echo -e "${COLOR_RED}RC releases are completely untested.${COLOR_RESET}"
 	;;
 12.0-RC2)
    bootstrap
    echo -e "${COLOR_RED}RC releases are completely untested.${COLOR_RESET}"
 	;;
 12.0-RC3)
    bootstrap
    echo -e "${COLOR_RED}RC releases are completely untested.${COLOR_RESET}"
 	;;
 *)
    echo -e "${COLOR_RED}BETA releases are completely untested.${COLOR_RESET}"
    usage
    ;;
 esac
--- a/usr/local/share/bastille/cmd.sh
+++ b/usr/local/share/bastille/cmd.sh
@@ -47,10 +47,10 @@ if [ $# -gt 2 ] || [ $# -lt 2 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
--- a/usr/local/share/bastille/console.sh
+++ b/usr/local/share/bastille/console.sh
@@ -42,15 +42,14 @@ help|-h|--help)
    ;;
 esac
 if [ $# -gt 1 ] || [ $# -lt 1 ]; then
    usage
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
--- a/usr/local/share/bastille/cp.sh
+++ b/usr/local/share/bastille/cp.sh
@@ -47,15 +47,15 @@ if [ $# -gt 3 ] || [ $# -lt 3 ]; then
    usage
 fi
 if [ "$1" != 'ALL' ]; then
    JAILS=$(jls -N name | grep "$1")
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
-    bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
+    bastille_jail_path="$(jls -j "${_jail}" path)"
    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
    cp -a "$2" "${bastille_jail_path}/$3"
    echo
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -37,7 +37,7 @@ usage() {
 }
 running_jail() {
-    jls -N name | grep ${NAME}
+    jls name | grep -E "(^|\b)${NAME}($|\b)"
 }
 validate_ip() {
@@ -94,7 +94,6 @@ create_jail() {
    ## using relative paths here
    ## MAKE SURE WE'RE IN THE RIGHT PLACE
    ## ro
    cd "${bastille_jail_path}"
    echo
    echo -e "${COLOR_GREEN}NAME: ${NAME}.${COLOR_RESET}"
@@ -125,9 +124,14 @@ create_jail() {
    cp -a "${bastille_releasesdir}/${RELEASE}/usr/obj" "${bastille_jail_path}"
    if [ "${RELEASE}" == "11.2-RELEASE" ]; then cp -a "${bastille_releasesdir}/${RELEASE}/usr/tests" "${bastille_jail_path}"; fi
-    ## rc.conf.local & resolv.conf
+    ## rc.conf.local
    ##  + syslogd_flags="-ss"
    ##  + sendmail_none="NONE"
    ##  + cron_flags="-J 60" ## cedwards 20181118
    ## resolv.conf
    if [ ! -f "${bastille_jail_rc_conf}" ]; then
        echo -e "syslogd_flags=\"-ss\"\nsendmail_enable=\"NONE\"" > ${bastille_jail_rc_conf}
 	echo -e "cron_flags=\"-J 60\"" >> ${bastille_jail_rc_conf}
    fi
    if [ ! -f "${bastille_jail_resolv_conf}" ]; then
@@ -155,12 +159,51 @@ IP="$3"
 ## verify release
 case "${RELEASE}" in
 10.1-RELEASE)
    RELEASE="10.1-RELEASE"
 	;;
 10.2-RELEASE)
    RELEASE="10.2-RELEASE"
 	;;
 10.3-RELEASE)
    RELEASE="10.3-RELEASE"
 	;;
 10.4-RELEASE)
    RELEASE="10.4-RELEASE"
    ;;
 11.0-RELEASE)
    RELEASE="11.0-RELEASE"
    ;;
 11.1-RELEASE)
    RELEASE="11.1-RELEASE"
    ;;
 11.2-RELEASE)
    RELEASE="11.2-RELEASE"
    ;;
 12.0-RELEASE)
    RELEASE="12.0-RELEASE"
    ;;
 12.0-BETA1)
    RELEASE="12.0-BETA1"
    ;;
 12.0-BETA2)
    RELEASE="12.0-BETA2"
    ;;
 12.0-BETA3)
    RELEASE="12.0-BETA3"
    ;;
 12.0-BETA4)
    RELEASE="12.0-BETA4"
    ;;
 12.0-RC1)
    RELEASE="12.0-RC1"
    ;;
 12.0-RC2)
    RELEASE="12.0-RC2"
    ;;
 12.0-RC3)
    RELEASE="12.0-RC3"
    ;;
 *)
    echo -e "${COLOR_RED}Unknown Release.${COLOR_RESET}"
    usage
@@ -168,14 +211,15 @@ case "${RELEASE}" in
 esac
 ## check for name/root/.bastille
-if [ -d "/usr/local/bastille/jails/${NAME}/root/.bastille" ]; then
+if [ -d "${bastille_jailsdir}/${NAME}/root/.bastille" ]; then
    echo -e "${COLOR_RED}Jail: ${NAME} already created. ${NAME}/root/.bastille exists.${COLOR_RESET}"
    exit 1
 fi
 ## check if a running jail matches name
 if running_jail ${NAME}; then
-    echo -e "${COLOR_RED}Running jail matches name.${COLOR_RESET}"
+    echo -e "${COLOR_RED}A running jail matches name.${COLOR_RESET}"
    echo -e "${COLOR_RED}Jails must be stopped before they are destroyed.${COLOR_RESET}"
    exit 1
 fi
--- a/usr/local/share/bastille/destroy.sh
+++ b/usr/local/share/bastille/destroy.sh
@@ -37,10 +37,10 @@ usage() {
 }
 destroy_jail() {
-    bastille_jail_base="${bastille_jailsdir}/${NAME}"  ## dir
+    bastille_jail_base="${bastille_jailsdir}/${NAME}"            ## dir
    bastille_jail_log="${bastille_logsdir}/${NAME}_console.log"  ## file
-    if [ $(jls -N name | grep ${NAME}) ]; then
+    if [ $(jls name | grep ${NAME}) ]; then
        echo -e "${COLOR_RED}Jail running.${COLOR_RESET}"
        echo -e "${COLOR_RED}See 'bastille stop ${NAME}'.${COLOR_RESET}"
        exit 1
--- a/usr/local/share/bastille/freebsd_dist_fetch.sh
+++ b/usr/local/share/bastille/freebsd_dist_fetch.sh
@@ -1,9 +1,9 @@
 #!/bin/sh
 # https://pastebin.com/T6eThbKu
 . /usr/local/etc/bastille/bastille.conf
 DEVICE_SELF_SCAN_ALL=NO
 DIALOG_BACKTITLE="BastilleBSD"
 DIALOG_TITLE="bootstrap"
 [ "$_SCRIPT_SUBR" ] || . /usr/share/bsdconfig/script.subr
 usage(){ echo "Usage: ${0##*/} [-r releaseName] [dists ...]" >&2; exit 1; }
 while getopts hr: flag; do
@@ -20,17 +20,17 @@ mediaSetFTP
 mediaOpen
 set -e
 #debug=1
-REL_DIST=/usr/local/bastille/cache/$releaseName
+REL_DIST=${bastille_cachedir}/$releaseName
 download() # $src to $dest
 {
 	size=$( f_device_get device_media "$1" $PROBE_SIZE )
-	f_device_get device_media "$1" | dpv -kb "$DIALOG_BACKTITLE" \
+	f_device_get device_media "$1" | dpv -kb "BastilleBSD" \
-		-t "$DIALOG_TITLE" -p "Downloading $releaseName" \
+		-t "bootstrap" -p "Downloading $releaseName" \
 		-o "$3" "$size:$1"
 }
 sign() # $file
 {
-	dpv -kb "$DIALOG_BACKTITLE" -t "$DIALOG_TITLE" \
+	dpv -kb "BastilleBSD" -t "bootstrap" \
 		-p "Signing $releaseName" -mx "sha256 >&2" \
 		"$size:${1##*/}" "$1" 2>&1 >&$TERMINAL_STDOUT_PASSTHRU
 }
--- a/usr/local/share/bastille/htop.sh
+++ b/usr/local/share/bastille/htop.sh
@@ -48,21 +48,19 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
-    if [ ! -x "${bastille_jailsdir}/${_jail}/root/usr/local/bin/htop" ]; then
+    bastille_jail_path=$(jls -j "${_jail}" path)
    if [ ! -x "${bastille_jail_path}/usr/local/bin/htop" ]; then
        echo -e "${COLOR_RED}htop not found on ${_jail}.${COLOR_RESET}"
-    fi
+    elif [ -x "${bastille_jail_path}/usr/local/bin/htop" ]; then
    if [ -x "${bastille_jailsdir}/${_jail}/root/usr/local/bin/htop" ]; then
        echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
        jexec -l ${_jail} /usr/local/bin/htop
    fi
    echo -e "${COLOR_RESET}"
 done
 TERM=${SAVED_TERM}
--- a/usr/local/share/bastille/list.sh
+++ b/usr/local/share/bastille/list.sh
@@ -47,16 +47,16 @@ if [ $# -gt 0 ]; then
        usage
        ;;
    release|releases)
-        ls "${bastille_releasesdir}"
+        ls "${bastille_releasesdir}" | sed "s/\n//g"
        ;;
    template|templates)
-        ls "${bastille_templatesdir}"
+	ls "${bastille_templatesdir}" | sed "s/\n//g"
        ;;
    jail|jails)
-        ls "${bastille_jailsdir}"
+	ls "${bastille_jailsdir}" | sed "s/\n//g"
        ;;
    log|logs)
-        ls "${bastille_logsdir}"
+        ls "${bastille_logsdir}" | sed "s/\n//g"
        ;;
    *)
        usage
--- a/usr/local/share/bastille/pkg.sh
+++ b/usr/local/share/bastille/pkg.sh
@@ -47,10 +47,10 @@ if [ $# -gt 2 ] || [ $# -lt 2 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
--- a/usr/local/share/bastille/service.sh
+++ b/usr/local/share/bastille/service.sh
@@ -47,11 +47,11 @@ if [ $# -gt 2 ] || [ $# -lt 2 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
--- a/usr/local/share/bastille/start.sh
+++ b/usr/local/share/bastille/start.sh
@@ -48,22 +48,19 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(find ${bastille_jailsdir} -d 1 | awk -F / '{ print $6 }')
+    JAILS=$(/usr/local/bin/bastille list jails)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(find ${bastille_jailsdir} -d 1 | awk -F / '{ print $6 }' | grep $1)
+    JAILS=$(/usr/local/bin/bastille list jails | grep "$1")
 fi
 if [ $(jls -N name | ${NAME}) ]; then
    echo -e "${COLOR_RED}${NAME} already running.${COLOR_RESET}"
    exit 1
 fi
 for _jail in ${JAILS}; do
-    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
+    if [ $(jls name | grep ${_jail}) ]; then
-    jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -c ${_jail}
+        echo -e "${COLOR_RED}[${_jail}]: Already started.${COLOR_RESET}"
    elif [ ! $(jls name | grep ${_jail}) ]; then
        echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
        jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -c ${_jail}
        pfctl -f /etc/pf.conf
    fi
    echo
 done
 ## HUP the firewall
 pfctl -f /etc/pf.conf
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -48,17 +48,15 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
    jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r ${_jail}
    pfctl -f /etc/pf.conf
    echo
 done
 ## HUP the firewall
 pfctl -f /etc/pf.conf
--- a/usr/local/share/bastille/sysrc.sh
+++ b/usr/local/share/bastille/sysrc.sh
@@ -47,11 +47,11 @@ if [ $# -gt 2 ] || [ $# -lt 2 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
--- a/usr/local/share/bastille/template.sh
+++ b/usr/local/share/bastille/template.sh
@@ -48,69 +48,88 @@ if [ $# -gt 2 ] || [ $# -lt 2 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 ## global variables
 TEMPLATE=$2
 bastille_template=${bastille_templatesdir}/${TEMPLATE}
 bastille_template_INCLUDE=${bastille_template}/INCLUDE
 bastille_template_PRE=${bastille_template}/PRE
 bastille_template_CONFIG=${bastille_template}/CONFIG
 bastille_template_FSTAB=${bastille_template}/FSTAB
 bastille_template_PF=${bastille_template}/PF
 bastille_template_PKG=${bastille_template}/PKG
 bastille_template_SYSRC=${bastille_template}/SYSRC
 bastille_template_CMD=${bastille_template}/CMD
 for _jail in ${JAILS}; do
    ## jail-specific variables. 
    bastille_jail_path=$(jls -j "${_jail}" path)
    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
    ## INCLUDE
    if [ -s "${bastille_template_INCLUDE}" ]; then
        echo -e "${COLOR_GREEN}Detected INCLUDE.${COLOR_RESET}"
        while read _include; do
            echo -e "${COLOR_GREEN}${_include}${COLOR_RESET}"
        done < "${bastille_template_INCLUDE}"
    fi
    ## pre
-    if [ -s "${bastille_template}/PRE" ]; then
+    if [ -s "${bastille_template_PRE}" ]; then
        echo -e "${COLOR_GREEN}Executing PRE-command(s).${COLOR_RESET}"
-        bastille_templatepre=$(cat "${bastille_template}/PRE")
+        jexec -l ${_jail} /bin/sh < "${bastille_template_PRE}"
        jexec -l "${_jail}" /bin/sh "${bastille_templatepre}"
    fi
    ## config
-    if [ -s "${bastille_template}/CONFIG" ]; then
+    if [ -s "${bastille_template_CONFIG}" ]; then
        echo -e "${COLOR_GREEN}Copying files...${COLOR_RESET}"
-        for _dir in $(cat "${bastille_template}/CONFIG"); do
+        while read _dir; do
-            cp -a "${bastille_template}/${_dir}" "${bastille_jailsdir}/${_jail}/root"
+            cp -a "${bastille_template}/${_dir}" "${bastille_jail_path}"
-        done
+        done < ${bastille_template_CONFIG}
        echo -e "${COLOR_GREEN}Copy complete.${COLOR_RESET}"
    fi
    ## fstab
-    if [ -s "${bastille_template}/FSTAB" ]; then
+    if [ -s "${bastille_template_FSTAB}" ]; then
-        bastille_templatefstab=$(cat "${bastille_template}/FSTAB")
+        bastille_templatefstab=$(cat "${bastille_template_FSTAB}")
        echo -e "${COLOR_GREEN}Updating fstab.${COLOR_RESET}"
        echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}"
    fi
    ## pf
-    if [ -s "${bastille_template}/PF" ]; then
+    if [ -s "${bastille_template_PF}" ]; then
-        bastille_templatepf=$(cat "${bastille_template}/PF")
+        bastille_templatepf=$(cat "${bastille_template_PF}")
        echo -e "${COLOR_GREEN}Generating PF profile.${COLOR_RESET}"
        echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}"
    fi
    ## pkg (bootstrap + pkg)
-    if [ -s "${bastille_template}/PKG" ]; then
+    if [ -s "${bastille_template_PKG}" ]; then
        bastille_templatepkg=$(cat "${bastille_template}/PKG")
        echo -e "${COLOR_GREEN}Installing packages.${COLOR_RESET}"
-        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg bootstrap
+        jexec -l "${_jail}" env ASSUME_ALWAYS_YES=YES /usr/sbin/pkg bootstrap
-        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg audit -F
+        jexec -l "${_jail}" /usr/sbin/pkg audit -F
-        jexec -l ${_jail} env ASSUME_ALWAYS_YES="YES" /usr/sbin/pkg install -y ${bastille_templatepkg}
+        jexec -l "${_jail}" /usr/sbin/pkg install $(cat ${bastille_template_PKG})
    fi
    ## sysrc
-    if [ -s "${bastille_template}/SYSRC" ]; then
+    if [ -s "${bastille_template_SYSRC}" ]; then
        bastille_templatesys=$(cat "${bastille_template}/SYSRC")
        echo -e "${COLOR_GREEN}Updating services.${COLOR_RESET}"
-        jexec -l ${_jail} /usr/sbin/sysrc ${bastille_templatesys}
+        while read _sysrc; do
            jexec -l ${_jail} /usr/sbin/sysrc "${_sysrc}"
        done < "${bastille_template_SYSRC}"
    fi
    ## cmd
-    if [ -s "${bastille_template}/CMD" ]; then
+    if [ -s "${bastille_template_CMD}" ]; then
        bastille_templatecmd=$(cat "${bastille_template}/CMD")
        echo -e "${COLOR_GREEN}Executing final command(s).${COLOR_RESET}"
-        jexec -l ${_jail} ${bastille_templatecmd}
+        jexec -l ${_jail} /bin/sh < "${bastille_template_CMD}"
    fi
    echo -e "${COLOR_GREEN}Template Complete.${COLOR_RESET}"
    echo
    echo
 done
--- a/usr/local/share/bastille/top.sh
+++ b/usr/local/share/bastille/top.sh
@@ -47,11 +47,11 @@ if [ $# -gt 1 ] || [ $# -lt 1 ]; then
 fi
 if [ "$1" = 'ALL' ]; then
-    JAILS=$(jls -N name)
+    JAILS=$(jls name)
 fi
 if [ "$1" != 'ALL' ]; then
-    JAILS=$(jls -N name | grep "$1")
+    JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)")
 fi
 for _jail in ${JAILS}; do
@@ -59,5 +59,3 @@ for _jail in ${JAILS}; do
    jexec -l ${_jail} /usr/bin/top
    echo -e "${COLOR_RESET}"
 done
 TERM=${SAVED_TERM}
--- a/usr/local/share/bastille/update.sh
+++ b/usr/local/share/bastille/update.sh
@@ -49,9 +49,6 @@ fi
 RELEASE=$1
 echo -e "${COLOR_RED}Targeting specified release.${COLOR_RESET}"
 echo -e "${RELEASE}"
 echo
 if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" fetch install --currently-running ${RELEASE}
 else
--- a/usr/local/share/bastille/upgrade.sh
+++ b/usr/local/share/bastille/upgrade.sh
@@ -50,9 +50,6 @@ fi
 RELEASE=$1
 NEWRELEASE=$2
 echo -e "${COLOR_RED}Targeting specified release.${COLOR_RESET}"
 echo -e "${RELEASE} => ${NEWRELEASE}"
 echo
 if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" -r ${NEWRELEASE} upgrade
 else
--- a/usr/local/share/bastille/verify.sh
+++ b/usr/local/share/bastille/verify.sh
@@ -49,9 +49,6 @@ fi
 RELEASE=$1
 echo -e "${COLOR_RED}Targeting specified release.${COLOR_RESET}"
 echo -e "${RELEASE}"
 echo
 if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" IDS
 else
Author	SHA1	Message	Date
Christer Edwards	118d403183	Merge pull request #20 from cedwards/master 0.3.20181124 patch	2018-11-24 10:05:15 -07:00
Christer Edwards	c98229066d	0.3.20181124 patch	2018-11-24 09:55:16 -07:00
Christer Edwards	1c0f261a7b	Merge pull request #18 from cedwards/master 0.3.2018112003 bugfix release pkg docs	2018-11-20 22:05:42 -07:00
Christer Edwards	e0e71e1040	0.3.2018112003 bugfix release pkg docs	2018-11-20 22:04:58 -07:00
Christer Edwards	18eec0d5b8	Merge pull request #17 from cedwards/master 0.3.2018112002 bugfix release	2018-11-20 21:49:36 -07:00
Christer Edwards	f38eff56fc	0.3.2018112002 bugfix release	2018-11-20 21:43:54 -07:00
Christer Edwards	55268d84ac	Merge pull request #16 from cedwards/master 0.3.2018112001 RTD theme	2018-11-20 21:13:12 -07:00
Christer Edwards	1e6e0f3376	0.3.2018112001 RTD theme	2018-11-20 21:12:26 -07:00
Christer Edwards	9738472245	Merge pull request #15 from cedwards/master 0.3.20181120 initial RTD build	2018-11-20 21:04:32 -07:00
Christer Edwards	a77dc8ef9d	0.3.20181120 initial RTD build	2018-11-20 21:03:08 -07:00
Christer Edwards	d15a1d166f	Merge pull request #13 from cedwards/master 0.3.2018111801 added chat.bastillebsd.org to README	2018-11-18 23:12:10 -07:00
Christer Edwards	b70d002c4b	0.3.2018111801 added chat.bastillebsd.org to README	2018-11-18 23:11:02 -07:00
Christer Edwards	c6c3b8c52e	Merge pull request #9 from cedwards/master 0.3.20181118 how to pkg BETA	2018-11-18 20:39:05 -07:00
Christer Edwards	58da217e77	0.3.20181118 how to pkg BETA	2018-11-18 20:37:03 -07:00