Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-20 09:10:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

final run through

Browse Source
This commit is contained in:
tschettervictor
2025-04-30 13:39:05 -06:00
parent bb47671cf0
commit 2b5f239050
20 changed files with 133 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
usr/local/share/bastille/limits.sh
View File

@@ -103,16 +103,17 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${_jail}]:" info "[${_jail}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail." error_continue "Use [-a|--auto] to auto-start the jail."
fi fi
info "[${_jail}]:"
case "${ACTION}" in case "${ACTION}" in
add) add)
OPTION="${1}" OPTION="${1}"
@@ -154,43 +155,42 @@ for _jail in ${JAILS}; do
while read _limits; do while read _limits; do
rctl -r "${_limits}" 2>/dev/null rctl -r "${_limits}" 2>/dev/null
done < "${bastille_jailsdir}/${_jail}/rctl.conf" done < "${bastille_jailsdir}/${_jail}/rctl.conf"
info "[${_jail}]: RCTL limits cleared." echo "RCTL limits cleared."
fi fi
;; ;;
list|show) list|show)
# Show limits # Show limits
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
if [ "${1}" = "active" ]; then if [ "${1}" = "active" ]; then
rctl jail:${_jail} 2>/dev/null rctl jail:${_jail} 2>/dev/null
else else
cat "${bastille_jailsdir}/${_jail}/rctl.conf" cat "${bastille_jailsdir}/${_jail}/rctl.conf"
fi fi
fi fi
;; ;;
stats) stats)
# Show statistics # Show statistics
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
rctl -hu jail:${_jail} 2>/dev/null rctl -hu jail:${_jail} 2>/dev/null
fi fi
;; ;;
reset) reset)
# Remove limits and delete rctl.conf # Remove limits and delete rctl.conf
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
while read _limits; do while read _limits; do
rctl -r "${_limits}" 2>/dev/null rctl -r "${_limits}" 2>/dev/null
done < "${bastille_jailsdir}/${_jail}/rctl.conf" done < "${bastille_jailsdir}/${_jail}/rctl.conf"
info "[${TARGET}]: RCTL limits cleared." echo "RCTL limits cleared."
fi fi
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
rm -f "${bastille_jailsdir}/${_jail}/rctl.conf" rm -f "${bastille_jailsdir}/${_jail}/rctl.conf"
info "[${TARGET}]: rctl.conf removed." echo "rctl.conf removed."
else else
error_continue_next_jail "[${TARGET}]: rctl.conf not found." error_continue "rctl.conf not found."
fi fi
;; ;;
esac esac
# Print blank line
echo
done done
echo

28
usr/local/share/bastille/mount.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]" error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -142,16 +143,16 @@ fi
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${_jail}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail." error_continue "Use [-a|--auto] to auto-start the jail."
fi fi
info "[${_jail}]:"
_fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )" _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )"
_fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )" _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )"
_fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}"
@@ -167,13 +168,13 @@ for _jail in ${JAILS}; do
# Create mount point if it does not exist # Create mount point if it does not exist
if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then if [ -d "${_hostpath}" ] && [ ! -d "${_fullpath}" ]; then
mkdir -p "${_fullpath}" || error_continue_next_jail "Failed to create mount point." mkdir -p "${_fullpath}" || error_continue "Failed to create mount point."
elif [ -f "${_hostpath}" ] ; then elif [ -f "${_hostpath}" ] ; then
_filename="$( basename ${_hostpath} )" _filename="$( basename ${_hostpath} )"
if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then
mkdir -p "$( dirname "${_fullpath}" )" || error_continue_next_jail "Failed to create mount point." mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point."
if [ ! -f "${_fullpath}" ]; then if [ ! -f "${_fullpath}" ]; then
touch "${_fullpath}" || error_continue_next_jail "Failed to create mount point." touch "${_fullpath}" || error_continue "Failed to create mount point."
else else
error_notify "Failed. File exists at mount point." error_notify "Failed. File exists at mount point."
warn "${_fullpath}" warn "${_fullpath}"
@@ -183,9 +184,9 @@ for _jail in ${JAILS}; do
_fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )"
_fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )"
_fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}"
mkdir -p "$( dirname "${_fullpath}" )" || error_continue_next_jail "Failed to create mount point." mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point."
if [ ! -f "${_fullpath}" ]; then if [ ! -f "${_fullpath}" ]; then
touch "${_fullpath}" || error_continue_next_jail "Failed to create mount point." touch "${_fullpath}" || error_continue "Failed to create mount point."
else else
error_notify "Failed. File exists at mount point." error_notify "Failed. File exists at mount point."
warn "${_fullpath}" warn "${_fullpath}"
@@ -195,11 +196,10 @@ for _jail in ${JAILS}; do
fi fi
# Add entry to fstab and mount # Add entry to fstab and mount
echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue_next_jail "Failed to create fstab entry: ${_fstab_entry}" echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}"
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue_next_jail "Failed to mount volume: ${_fullpath}" mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}"
echo "Added: ${_fstab_entry}" echo "Added: ${_fstab_entry}"
# Print blank line
echo
done done
echo

17
usr/local/share/bastille/network.sh
View File

@@ -36,6 +36,7 @@
usage() { usage() {
error_notify "Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP_ADDRESS]" error_notify "Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP_ADDRESS]"
cat << EOF cat << EOF
Options: Options:
-a | --auto Start/stop the jail(s) if required. -a | --auto Start/stop the jail(s) if required.
@@ -135,7 +136,6 @@ if [ "${ACTION}" = "add" ] && [ "${NO_IP}" -eq 0 ] && [ -n "${4}" ]; then
IP="${4}" IP="${4}"
elif [ "${NO_IP}" -eq 1 ] && [ -n "${4}" ]; then elif [ "${NO_IP}" -eq 1 ] && [ -n "${4}" ]; then
error_notify "IP should not be present when using -n|--no-ip." error_notify "IP should not be present when using -n|--no-ip."
usage
else else
IP="" IP=""
fi fi
@@ -165,7 +165,9 @@ fi
bastille_root_check bastille_root_check
set_target_single "${TARGET}" set_target_single "${TARGET}"
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${TARGET}..."
bastille stop "${TARGET}" bastille stop "${TARGET}"
else else
error_notify "Jail is running." error_notify "Jail is running."
@@ -301,7 +303,6 @@ EOF
fi fi
fi fi
info "[${_jailname}]:"
echo "Added interface: \"${_if}\"" echo "Added interface: \"${_if}\""
elif [ "${VNET}" -eq 1 ]; then elif [ "${VNET}" -eq 1 ]; then
@@ -349,7 +350,6 @@ EOF
fi fi
fi fi
info "[${_jailname}]:"
echo "Added VNET interface: \"${_if}\"" echo "Added VNET interface: \"${_if}\""
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
for _num in $(seq 0 "${_bastille_if_num_range}"); do for _num in $(seq 0 "${_bastille_if_num_range}"); do
@@ -391,8 +391,6 @@ EOF
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}" sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="inet ${_ip}"
fi fi
fi fi
info "[${_jailname}]:"
echo "Added VNET interface: \"${_if}\"" echo "Added VNET interface: \"${_if}\""
fi fi
elif [ "${PASSTHROUGH}" -eq 1 ]; then elif [ "${PASSTHROUGH}" -eq 1 ]; then
@@ -414,7 +412,6 @@ EOF
fi fi
fi fi
info "[${_jailname}]:"
echo "Added Passthrough interface: \"${_if}\"" echo "Added Passthrough interface: \"${_if}\""
elif [ "${CLASSIC}" -eq 1 ]; then elif [ "${CLASSIC}" -eq 1 ]; then
@@ -425,7 +422,6 @@ EOF
fi fi
fi fi
info "[${_jailname}]:"
echo "Added interface: \"${_if}\"" echo "Added interface: \"${_if}\""
} }
@@ -526,7 +522,6 @@ remove_interface() {
fi fi
fi fi
info "[${_jailname}]:"
echo "Removed interface: \"${_if}\"" echo "Removed interface: \"${_if}\""
} }
@@ -554,10 +549,11 @@ add_vlan() {
bastille restart "${_jailname}" bastille restart "${_jailname}"
fi fi
info "[${_jailname}]:" echo "Added VLAN ${_vlan_id} to interface: \"${_jail_vnet}\""
info "Added VLAN ${_vlan_id} to interface: \"${_jail_vnet}\""
} }
info "\n[${TARGET}]:"
case "${ACTION}" in case "${ACTION}" in
add) add)
validate_netconf validate_netconf
@@ -566,6 +562,7 @@ case "${ACTION}" in
error_exit "Interface is already added: \"${INTERFACE}\"" error_exit "Interface is already added: \"${INTERFACE}\""
elif { [ "${VNET}" -eq 1 ] || [ "${BRIDGE}" -eq 1 ] || [ "${PASSTHROUGH}" -eq 1 ]; } && [ -n "${VLAN_ID}" ]; then elif { [ "${VNET}" -eq 1 ] || [ "${BRIDGE}" -eq 1 ] || [ "${PASSTHROUGH}" -eq 1 ]; } && [ -n "${VLAN_ID}" ]; then
add_vlan "${TARGET}" "${INTERFACE}" "${IP}" "${VLAN_ID}" add_vlan "${TARGET}" "${INTERFACE}" "${IP}" "${VLAN_ID}"
echo
exit 0 exit 0
fi fi
## validate IP if not empty ## validate IP if not empty

12
usr/local/share/bastille/pkg.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille pkg [option(s)] TARGET COMMAND args" error_notify "Usage: bastille pkg [option(s)] TARGET COMMAND args"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -96,16 +97,16 @@ errors=0
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${_jail}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail." error_continue_next_jail "Use [-a|--auto] to auto-start the jail."
fi fi
info "[${_jail}]:"
bastille_jail_path="${bastille_jailsdir}/${_jail}/root" bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
if [ -f "/usr/sbin/mport" ]; then if [ -f "/usr/sbin/mport" ]; then
if ! jexec -l -U root "${_jail}" /usr/sbin/mport "$@"; then if ! jexec -l -U root "${_jail}" /usr/sbin/mport "$@"; then
@@ -125,11 +126,10 @@ for _jail in ${JAILS}; do
fi fi
fi fi
# Print blank line
echo
done done
if [ $errors -ne 0 ]; then if [ $errors -ne 0 ]; then
error_exit "Failed to apply on some jails, please check logs" error_exit "Failed to apply on some jails, please check logs"
fi fi
echo

3
usr/local/share/bastille/rcp.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille rcp [option(s)] TARGET JAIL_PATH HOST_PATH" error_notify "Usage: bastille rcp [option(s)] TARGET JAIL_PATH HOST_PATH"
cat << EOF cat << EOF
Options: Options:
-q | --quiet Suppress output. -q | --quiet Suppress output.
@@ -86,7 +87,7 @@ HOST_PATH="${3}"
bastille_root_check bastille_root_check
set_target_single "${TARGET}" set_target_single "${TARGET}"
info "[${TARGET}]:" info "\n[${TARGET}]:"
host_path="${HOST_PATH}" host_path="${HOST_PATH}"
jail_path="$(echo ${bastille_jailsdir}/${TARGET}/root/${JAIL_PATH} | sed 's#//#/#g')" jail_path="$(echo ${bastille_jailsdir}/${TARGET}/root/${JAIL_PATH} | sed 's#//#/#g')"

15
usr/local/share/bastille/rdr.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]" error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]"
cat << EOF cat << EOF
Options: Options:
-d | --destination [destination ip] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. -d | --destination [destination ip] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
@@ -159,7 +160,6 @@ load_rdr_rule() {
| pfctl -a "rdr/${TARGET}" -f-; then | pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${TARGET}]:"
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}" echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi fi
fi fi
@@ -171,7 +171,6 @@ load_rdr_rule() {
| pfctl -a "rdr/${TARGET}" -f-; then | pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${TARGET}]:"
echo "IPv6 ${proto}/${host_port}:${jail_port} on ${if_name}" echo "IPv6 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi fi
fi fi
@@ -196,7 +195,6 @@ load_rdr_log_rule() {
| pfctl -a "rdr/${TARGET}" -f-; then | pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create logged IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create logged IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${TARGET}]:"
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}" echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi fi
fi fi
@@ -208,7 +206,6 @@ load_rdr_log_rule() {
| pfctl -a "rdr/${TARGET}" -f-; then | pfctl -a "rdr/${TARGET}" -f-; then
error_exit "Failed to create logged IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "Failed to create logged IPv6 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
info "[${TARGET}]:"
echo "IPv6 ${proto}/${host_port}:${jail_port} on ${if_name}" echo "IPv6 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi fi
fi fi
@@ -286,6 +283,8 @@ shift
bastille_root_check bastille_root_check
set_target_single "${TARGET}" set_target_single "${TARGET}"
info "\n[${TARGET}]:"
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
case "${1}" in case "${1}" in
list) list)
@@ -320,9 +319,9 @@ while [ "$#" -gt 0 ]; do
check_jail_validity check_jail_validity
echo "${TARGET} redirects:" echo "${TARGET} redirects:"
pfctl -a "rdr/${TARGET}" -Fn pfctl -a "rdr/${TARGET}" -Fn
if rm -f "${bastille_jailsdir}/${TARGET}/rdr.conf"; then if rm -f "${bastille_jailsdir}/${TARGET}/rdr.conf"; then
info "[${TARGET}]: rdr.conf removed" echo "rdr.conf removed"
fi fi
fi fi
shift shift
;; ;;
@@ -403,3 +402,5 @@ while [ "$#" -gt 0 ]; do
;; ;;
esac esac
done done
echo

4
usr/local/share/bastille/rename.sh
View File

@@ -78,7 +78,9 @@ NEWNAME="${2}"
bastille_root_check bastille_root_check
set_target_single "${TARGET}" set_target_single "${TARGET}"
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${TARGET}..."
bastille stop "${TARGET}" bastille stop "${TARGET}"
else else
error_notify "Jail is running." error_notify "Jail is running."
@@ -226,3 +228,5 @@ if [ -d "${bastille_jailsdir}/${NEWNAME}" ]; then
fi fi
change_name change_name
echo

1
usr/local/share/bastille/restart.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille restart [option(s)] TARGET" error_notify "Usage: bastille restart [option(s)] TARGET"
cat << EOF cat << EOF
Options: Options:
-b | --boot Respect jail boot setting. -b | --boot Respect jail boot setting.

12
usr/local/share/bastille/service.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille service [options(s)] TARGET SERVICE_NAME ACTION" error_notify "Usage: bastille service [options(s)] TARGET SERVICE_NAME ACTION"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -87,19 +88,18 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${_jail}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail." error_continue_next_jail "Use [-a|--auto] to auto-start the jail."
fi fi
info "[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/service "$@" jexec -l "${_jail}" /usr/sbin/service "$@"
# Print blank line
echo
done done
echo

19
usr/local/share/bastille/start.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille start [option(s)] TARGET" error_notify "Usage: bastille start [option(s)] TARGET"
cat << EOF cat << EOF
Options: Options:
-b | --boot Respect jail boot setting. -b | --boot Respect jail boot setting.
@@ -111,12 +112,11 @@ for _jail in ${JAILS}; do
fi fi
fi fi
if check_target_is_running "${_jail}"; then info "\n[${_jail}]:"
info "[${_jail}]:"
error_continue_next_jail "Jail is already running."
fi
info "[${_jail}]:" if check_target_is_running "${_jail}"; then
error_continue "Jail is already running."
fi
# Validate interfaces and add IPs to firewall table # Validate interfaces and add IPs to firewall table
if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then
@@ -141,7 +141,7 @@ for _jail in ${JAILS}; do
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}" pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
fi fi
else else
error_continue_next_jail "Error: ${_if} interface does not exist." error_continue "Error: ${_if} interface does not exist."
fi fi
done done
fi fi
@@ -164,7 +164,7 @@ for _jail in ${JAILS}; do
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}" pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
fi fi
else else
error_continue_next_jail "Error: ${_if} interface does not exist." error_continue "Error: ${_if} interface does not exist."
fi fi
done done
fi fi
@@ -190,7 +190,6 @@ for _jail in ${JAILS}; do
# Delay between jail action # Delay between jail action
sleep "${DELAY_TIME}" sleep "${DELAY_TIME}"
# Print blank line
echo
done done
echo

15
usr/local/share/bastille/stop.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille stop [option(s)] TARGET" error_notify "Usage: bastille stop [option(s)] TARGET"
cat << EOF cat << EOF
Options: Options:
-v | --verbose Print every action on jail stop. -v | --verbose Print every action on jail stop.
@@ -86,12 +87,11 @@ set_target "${TARGET}" "reverse"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
if check_target_is_stopped "${_jail}"; then info "\n[${_jail}]:"
info "[${_jail}]:"
error_continue_next_jail "Jail is already stopped."
fi
info "[${_jail}]:" if check_target_is_stopped "${_jail}"; then
error_continue "Jail is already stopped."
fi
# Remove RDR rules # Remove RDR rules
if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then
@@ -136,7 +136,6 @@ for _jail in ${JAILS}; do
done done
fi fi
# Print blank line
echo
done done
echo

12
usr/local/share/bastille/sysrc.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille sysrc [option(s)] TARGET args" error_notify "Usage: bastille sysrc [option(s)] TARGET args"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -87,19 +88,16 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${_jail}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail." error_continue "Use [-a|--auto] to auto-start the jail."
fi fi
info "[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/sysrc "$@" jexec -l "${_jail}" /usr/sbin/sysrc "$@"
# Print blank line
echo
done done

4
usr/local/share/bastille/tags.sh
View File

@@ -36,6 +36,7 @@
usage() { usage() {
error_notify "Usage: bastille tags TARGET [add|delete|list] [tag1,tag2]" error_notify "Usage: bastille tags TARGET [add|delete|list] [tag1,tag2]"
cat << EOF cat << EOF
Options: Options:
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
@@ -117,8 +118,5 @@ for _jail in ${JAILS}; do
;; ;;
esac esac
# Print blank line
echo
done done

13
usr/local/share/bastille/template.sh
View File

@@ -270,16 +270,16 @@ fi
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${_jail}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail." error_continue "Use [-a|--auto] to auto-start the jail."
fi fi
info "[${_jail}]:"
info "Applying template: ${TEMPLATE}..." info "Applying template: ${TEMPLATE}..."
## get jail ip4 and ip6 values ## get jail ip4 and ip6 values
@@ -470,9 +470,8 @@ for _jail in ${JAILS}; do
fi fi
done done
# Print blank line
echo
info "Template applied: ${TEMPLATE}" info "Template applied: ${TEMPLATE}"
done done
echo

6
usr/local/share/bastille/top.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille top [options(s)] TARGET" error_notify "Usage: bastille top [options(s)] TARGET"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -84,9 +85,10 @@ TARGET="${1}"
bastille_root_check bastille_root_check
set_target_single "${TARGET}" set_target_single "${TARGET}"
info "[${TARGET}]:" info "\n[${TARGET}]:"
check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${TARGET}..."
bastille start "${TARGET}" bastille start "${TARGET}"
else else
error_notify "Jail is not running." error_notify "Jail is not running."
@@ -94,3 +96,5 @@ else
fi fi
jexec -l "${TARGET}" /usr/bin/top jexec -l "${TARGET}" /usr/bin/top
echo

20
usr/local/share/bastille/umount.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille umount [option(s)] TARGET JAIL_PATH" error_notify "Usage: bastille umount [option(s)] TARGET JAIL_PATH"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -87,12 +88,14 @@ set_target "${TARGET}"
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "\n[${_jail}]:"
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${_jail}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue_next_jail "Use [-a|--auto] to auto-start the jail." error_continue "Use [-a|--auto] to auto-start the jail."
fi fi
info "[${_jail}]:" info "[${_jail}]:"
@@ -104,29 +107,28 @@ for _jail in ${JAILS}; do
# Exit if mount point non-existent # Exit if mount point non-existent
if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then
error_continue_next_jail "The specified mount point does not exist." error_continue "The specified mount point does not exist."
fi fi
# Unmount # Unmount
if [ -n "${_mount}" ]; then if [ -n "${_mount}" ]; then
umount "${_jailpath}" || error_continue_next_jail "Failed to unmount volume: ${MOUNT_PATH}" umount "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}"
fi fi
# Remove entry from fstab # Remove entry from fstab
if [ -n "${_fstab_entry}" ]; then if [ -n "${_fstab_entry}" ]; then
if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then
error_continue_next_jail "Failed to delete fstab entry: ${MOUNT_PATH}" error_continue "Failed to delete fstab entry: ${MOUNT_PATH}"
fi fi
fi fi
# Delete if mount point was a file # Delete if mount point was a file
if [ -f "${_jailpath}" ]; then if [ -f "${_jailpath}" ]; then
rm -f "${_jailpath}" || error_continue_next_jail "Failed to unmount volume: ${MOUNT_PATH}" rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}"
fi fi
echo "Unmounted: ${_jailpath}" echo "Unmounted: ${_jailpath}"
# Print blank line
echo
done done
echo

6
usr/local/share/bastille/update.sh
View File

@@ -110,14 +110,13 @@ jail_check() {
# Check if the jail is thick and is running # Check if the jail is thick and is running
set_target_single "${TARGET}" set_target_single "${TARGET}"
check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${TARGET}..."
bastille start "${TARGET}" bastille start "${TARGET}"
else else
info "[${TARGET}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_exit "Use [-a|--auto] to auto-start the jail." error_exit "Use [-a|--auto] to auto-start the jail."
fi fi
if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
info "[${TARGET}]:"
error_notify "${TARGET} is not a thick container." error_notify "${TARGET} is not a thick container."
error_exit "See 'bastille update RELEASE' to update thin jails." error_exit "See 'bastille update RELEASE' to update thin jails."
fi fi
@@ -217,6 +216,9 @@ elif echo "${TARGET}" | grep -q "[0-9]\{2\}.[0-9]-RELEASE"; then
arch_check arch_check
release_update release_update
else else
info "\n[${TARGET}]:"
jail_check jail_check
jail_update "${TARGET}" jail_update "${TARGET}"
fi fi
echo

9
usr/local/share/bastille/upgrade.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille upgrade [option(s)] TARGET [NEWRELEASE|install]" error_notify "Usage: bastille upgrade [option(s)] TARGET [NEWRELEASE|install]"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -106,9 +107,9 @@ thick_jail_check() {
local _jail="${1}" local _jail="${1}"
# Check if the jail is thick and is running # Check if the jail is thick and is running
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-starting ${_jail}..."
bastille start "${_jail}" bastille start "${_jail}"
else else
info "[${TARGET}]:"
error_notify "Jail is not running." error_notify "Jail is not running."
error_exit "Use [-a|--auto] to auto-start the jail." error_exit "Use [-a|--auto] to auto-start the jail."
fi fi
@@ -118,9 +119,9 @@ thin_jail_check() {
local _jail="${1}" local _jail="${1}"
# Check if the jail is thick and is running # Check if the jail is thick and is running
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
echo "Auto-stopping ${_jail}..."
bastille stop "${_jail}" bastille stop "${_jail}"
else else
info "[${TARGET}]:"
error_notify "Jail is running." error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail." error_exit "Use [-a|--auto] to auto-stop the jail."
fi fi
@@ -206,6 +207,8 @@ if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir
THIN_JAIL=1 THIN_JAIL=1
fi fi
info "\n[${TARGET}]:"
# Check what we should upgrade # Check what we should upgrade
if [ "${NEWRELEASE}" = "install" ]; then if [ "${NEWRELEASE}" = "install" ]; then
if [ "${THIN_JAIL}" -eq 1 ]; then if [ "${THIN_JAIL}" -eq 1 ]; then
@@ -223,3 +226,5 @@ else
fi fi
jail_upgrade "${TARGET}" "${NEWRELEASE}" jail_upgrade "${TARGET}" "${NEWRELEASE}"
fi fi
echo

3
usr/local/share/bastille/verify.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille verify [RELEASE|TEMPLATE]" error_notify "Usage: bastille verify [RELEASE|TEMPLATE]"
cat << EOF cat << EOF
Options: Options:
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
@@ -198,3 +199,5 @@ case "${1}" in
usage usage
;; ;;
esac esac
echo

28
usr/local/share/bastille/zfs.sh
View File

@@ -35,6 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille zfs TARGET [set|get|snap|destroy_snap|df|usage] [key=value|date]" error_notify "Usage: bastille zfs TARGET [set|get|snap|destroy_snap|df|usage] [key=value|date]"
cat << EOF cat << EOF
Options: Options:
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
@@ -46,66 +47,51 @@ EOF
zfs_snapshot() { zfs_snapshot() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "[${_jail}]:" info "\n[${_jail}]:"
# shellcheck disable=SC2140 # shellcheck disable=SC2140
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}" zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
# Print blank line
echo
done done
} }
zfs_destroy_snapshot() { zfs_destroy_snapshot() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "[${_jail}]:" info "\n[${_jail}]:"
# shellcheck disable=SC2140 # shellcheck disable=SC2140
zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}" zfs destroy -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"@"${TAG}"
# Print blank line
echo
done done
} }
zfs_set_value() { zfs_set_value() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "[${_jail}]:" info "\n[${_jail}]:"
zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" zfs "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
# Print blank line
echo
done done
} }
zfs_get_value() { zfs_get_value() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "[${_jail}]:" info "\n[${_jail}]:"
zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
# Print blank line
echo
done done
} }
zfs_disk_usage() { zfs_disk_usage() {
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
info "[${_jail}]:" info "\n[${_jail}]:"
zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}" zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"
# Print blank line
echo
done done
} }
@@ -174,3 +160,5 @@ case "${ACTION}" in
usage usage
;; ;;
esac esac
echo