diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ee48c45e..735278cd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,6 +1,6 @@ name: Bastille_Testing -on: +on: pull_request: branches: - master @@ -29,7 +29,4 @@ jobs: cd bastille make install rocinante template tests/masterTest - - - diff --git a/README.md b/README.md index dfeba78f..3e95a15f 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ sysrc bastille_enable=YES Upgrading from a previous version --------------------------------- -When upgrading from a previous version of bastille (e.g. 0.10.20230714 to +When upgrading from a previous version of bastille (e.g. 0.10.20230714 to 0.10.20231013) you will need to update your bastille.conf ```shell diff --git a/docs/chapters/centralized-assets.rst b/docs/chapters/centralized-assets.rst index 9c650b50..002fe036 100644 --- a/docs/chapters/centralized-assets.rst +++ b/docs/chapters/centralized-assets.rst @@ -36,7 +36,7 @@ access, simply use ``ro`` instead of ``rw`` as the option. .. code-block:: shell ishmael ~ # bastille mount "jail1 jail2" /my/host/directory /my/jail/directory nullfs rw 0 0 - + Cloning ------- @@ -46,9 +46,9 @@ To clone your jail, use the following command. .. code-block:: shell ishmael ~ # bastille clone myjail mynewjail 10.0.0.3 - + This will create an exact duplicate of ``myjail`` at ``mynewjail``. - + Custom Releases --------------- @@ -61,14 +61,14 @@ process will not work with any other jail types. .. code-block:: shell ishmael ~ # bastille create -T myjail 14.2-RELEASE 10.0.0.1 - + Once the jail is up and running, configure it to your liking, then run the following commmand to create a custom release based on your jail. .. code-block:: shell ishmael ~ # bastille convert myjail myrelease - + Once this process completes, you will be able to run the following command to create a jail based off your newly created release. diff --git a/docs/chapters/gcp.rst b/docs/chapters/gcp.rst index d402b13b..a5ff2482 100644 --- a/docs/chapters/gcp.rst +++ b/docs/chapters/gcp.rst @@ -22,7 +22,7 @@ Apply the below patch to set the correct MTU. You may need to ``cp --- /usr/local/bin/jib 2022-07-31 03:27:04.163245000 +0000 +++ jib.fixed 2022-07-31 03:41:16.710401000 +0000 @@ -299,14 +299,14 @@ - + # Make sure the interface has been bridged if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then - new=$( ifconfig bridge create ) || return @@ -31,12 +31,12 @@ Apply the below patch to set the correct MTU. You may need to ``cp ifconfig $new name "$iface$bridge" || return ifconfig "$iface$bridge" up || return fi - + # Create a new interface to the bridge - new=$( ifconfig epair create ) || return + new=$( ifconfig epair create mtu 1460 ) || return ifconfig "$iface$bridge" addm $new || return - + # Rename the new interface ## Configure bridge interface @@ -58,16 +58,16 @@ them through the external interface: .. code-block:: text ext_if="vtnet0" bridge_if="vtnet0bridge" - + set skip on lo scrub in # permissive NAT allows jail bridge and wireguard tunnels nat on $ext_if inet from !($ext_if) -> ($ext_if:0) - + block in pass out - + pass in proto tcp to port {22} pass in proto icmp icmp-type { echoreq } pass in on $bridge_if diff --git a/docs/chapters/gettingstarted.rst b/docs/chapters/gettingstarted.rst index 5a9b5e2f..beb5a278 100644 --- a/docs/chapters/gettingstarted.rst +++ b/docs/chapters/gettingstarted.rst @@ -23,7 +23,7 @@ To see a list of available options and switches, see the ``setup`` subcommand. .. code-block:: shell ishmael ~ # bastille setup - + Bootstrapping a Release ----------------------- @@ -33,7 +33,7 @@ Then we need to bootstrap a release for bastille to use. We will use .. code-block:: shell ishmael ~ # bastille bootstrap 14.2-RELEASE - + Creating a Jail --------------- diff --git a/docs/chapters/migration.rst b/docs/chapters/migration.rst index 5055bb9a..610d5416 100644 --- a/docs/chapters/migration.rst +++ b/docs/chapters/migration.rst @@ -88,7 +88,7 @@ for remote systems you can use rsync: rsync -avh /iocage/images/jailname_$(date +%F).* root@10.0.1.10:/usr/local/bastille/backups/ - + Import the iocage backup file (use zip file name) .. code-block:: shell diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index b2cfe51a..67416589 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -1,7 +1,7 @@ Networking ========== -Bastille is very flexible with its networking options. Below are the supported +Bastille is very flexible with its networking options. Below are the supported networking modes, how they work, and some tips on where you might want to use each one. @@ -153,7 +153,7 @@ you are free to use `_. In this environment, we can create the container, give it a -unique private ip address within our local subnet, and attach +unique private ip address within our local subnet, and attach its ip address to our primary interface. .. code-block:: shell @@ -210,7 +210,7 @@ Your server was assigned the following six section subnet: The `vultr ipv6 subnet calculator `_ -is helpful in making sense of that ipv6 address. +is helpful in making sense of that ipv6 address. We could have also written that IPV6 address as 2001:19f0:6c01:114c:0:0 diff --git a/docs/chapters/subcommands/create.rst b/docs/chapters/subcommands/create.rst index 79c6d78f..bfbd52c9 100644 --- a/docs/chapters/subcommands/create.rst +++ b/docs/chapters/subcommands/create.rst @@ -4,7 +4,7 @@ create Create a jail uning any available bootstrapped release. To create a jail, simply provide a name, bootstrapped release, and IP address. -The format is ``bastille create NAME RELEASE IP [INTERFACE]`` +The format is ``bastille create NAME RELEASE IP [INTERFACE]`` Note that the ``interface`` is optional. Bastille will use the default interface that is configured when running the setup command. See ``bastille setup -l`` or @@ -56,7 +56,7 @@ options. See the below help output. Usage: bastille create [option(s)] NAME RELEASE IP [INTERFACE]" Options: - + -B | --bridge Enable VNET, and attach to a specified, already existing external bridge. -C | --clone Create a clone jail. -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). diff --git a/docs/chapters/subcommands/etcupdate.rst b/docs/chapters/subcommands/etcupdate.rst index dbaa7c76..cd9760bd 100644 --- a/docs/chapters/subcommands/etcupdate.rst +++ b/docs/chapters/subcommands/etcupdate.rst @@ -25,7 +25,7 @@ Next we can use the ``update`` command to apply the update to the jail. The output will show you which files were added, updated, changed, deleted, or have conflicts. To automatically resolve the conflicts, run the ``resolve`` command. - + .. code-block:: shell ishmael ~ # bastille etcupdate ishmael resolve diff --git a/docs/chapters/subcommands/limits.rst b/docs/chapters/subcommands/limits.rst index 6d9c14b1..b4e0ddbe 100644 --- a/docs/chapters/subcommands/limits.rst +++ b/docs/chapters/subcommands/limits.rst @@ -44,7 +44,7 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``. ishmael ~ # bastille limits help Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE] - + Example: bastille limits TARGET add memoryuse 1G Example: bastille limits TARGET add cpu 0,1,2 @@ -52,4 +52,4 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``. -a | --auto Auto mode. Start/stop jail(s) if required. -l | --log Enable logging for the specified rule (rctl only). - -x | --debug Enable debug mode. + -x | --debug Enable debug mode. diff --git a/docs/chapters/subcommands/list.rst b/docs/chapters/subcommands/list.rst index fa1c4074..560a9fe7 100644 --- a/docs/chapters/subcommands/list.rst +++ b/docs/chapters/subcommands/list.rst @@ -16,7 +16,7 @@ Use ``-p|--pretty`` to print in columns instead of rows. Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)] [path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type] Options: - + -d | --down List stopped jails only. -j | --json List jails or sub-arg(s) in json format. -p | --pretty Print JSON in columns. Must be used with -j|--json. diff --git a/docs/chapters/subcommands/migrate.rst b/docs/chapters/subcommands/migrate.rst index 1666383d..c68d8497 100644 --- a/docs/chapters/subcommands/migrate.rst +++ b/docs/chapters/subcommands/migrate.rst @@ -13,7 +13,7 @@ port by supplying it as in ``user@host:port``. ishmael ~ # bastille migrate help Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT] - + Examples: bastille migrate attica migrate@192.168.10.100 diff --git a/docs/chapters/subcommands/mount.rst b/docs/chapters/subcommands/mount.rst index dd5bf73b..2120fd27 100644 --- a/docs/chapters/subcommands/mount.rst +++ b/docs/chapters/subcommands/mount.rst @@ -63,7 +63,7 @@ It is possible to do the same for the jail path, but again, not recommemded. ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 [azkaban]: Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 - + .. code-block:: shell ishmael ~ # bastille mount help diff --git a/docs/chapters/subcommands/rdr.rst b/docs/chapters/subcommands/rdr.rst index 3874d63f..607e2da0 100644 --- a/docs/chapters/subcommands/rdr.rst +++ b/docs/chapters/subcommands/rdr.rst @@ -11,22 +11,22 @@ interfaces as this will include the jail interface - you should specify the interface they run on in rc.conf (or other config files) .. code-block:: shell - + # bastille rdr dev1 tcp 2001 22 [jail1]: IPv4 tcp/2001:22 on em0 - + # bastille rdr dev1 list rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 - + # bastille rdr dev1 udp 2053 53 [jail1]: IPv4 udp/2053:53 on em0 - + # bastille rdr dev1 list rdr pass on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr pass on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53 - + # bastille rdr dev1 clear nat cleared @@ -44,7 +44,7 @@ The ``rdr`` command includes 4 additional options: # bastille rdr -i vtnet0 dev1 udp 8000 80 [jail1]: IPv4 tcp/8000:80 on vtnet0 - + # bastille rdr -s 192.168.0.1 dev1 tcp 8080 81 [jail1]: IPv4 tcp/8080:81 on em0 @@ -75,7 +75,7 @@ Simply use the table name instead of an IP address or subnet. # bastille rdr --help Usage: bastille rdr TARGET [option(s)] [clear|reset|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )] - + Options: -d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. diff --git a/docs/chapters/subcommands/template.rst b/docs/chapters/subcommands/template.rst index a5ed1cc5..507e8694 100644 --- a/docs/chapters/subcommands/template.rst +++ b/docs/chapters/subcommands/template.rst @@ -18,7 +18,7 @@ The TEMPLATE arg should be called with the ``project/template`` format. ishmael ~ # bastille template help Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. diff --git a/docs/chapters/subcommands/verify.rst b/docs/chapters/subcommands/verify.rst index de5cb3d4..25501147 100644 --- a/docs/chapters/subcommands/verify.rst +++ b/docs/chapters/subcommands/verify.rst @@ -23,7 +23,7 @@ release or template . Detected Bastillefile hook. [Bastillefile]: CMD mkdir -p /usr/local/etc/pkg/repos - CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' > + CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' > /usr/local/etc/pkg/repos/FreeBSD.conf CONFIG set allow.mlock=1; CONFIG set ip6=inherit; diff --git a/docs/chapters/template.rst b/docs/chapters/template.rst index ba5edde5..38a5801a 100644 --- a/docs/chapters/template.rst +++ b/docs/chapters/template.rst @@ -132,7 +132,7 @@ escape it. Escaping it will cause errors. Bootstrapping Templates ----------------------- -The official templates for Bastille are all on Gthub, and mirror the directory +The official templates for Bastille are all on Gthub, and mirror the directory structure of the ports tree. So, ``nginx`` is in the ``www`` directory in the templates, just like it is in the FreeBSD ports tree. To bootstrap the entire set of official predefined templates run the following command: @@ -155,7 +155,7 @@ Creating Templates Templates can be created and placed inside the templates directory in the ``project/template`` format. Alternatively you can run the ``bastille template`` command from a relative path, making sure it is still in the above format. - + Template Examples ----------------- diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 20012645..0536f4dc 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -164,7 +164,7 @@ while [ "$#" -gt 0 ]; do error_exit "Not a valid config file: ${BASTILLE_CONFIG}" fi # Load common.sh after setting BASTILLE_CONFIG - . /usr/local/share/bastille/common.sh + . /usr/local/share/bastille/common.sh shift 2 ;; -*) @@ -243,5 +243,5 @@ if [ -f "${SCRIPTPATH}" ]; then exec "${SH}" "${SCRIPTPATH}" "$@" else - error_exit "${SCRIPTPATH} not found." + error_exit "${SCRIPTPATH} not found." fi diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 4e1c625e..b6ec2c84 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -35,9 +35,9 @@ usage() { error_notify "Usage: bastille bootstrap [option(s)] RELEASE|TEMPLATE [update|arch]" cat << EOF - + Options: - + -x | --debug Enable debug mode. EOF @@ -297,7 +297,7 @@ bootstrap_release() { info "\nBootstrap successful." echo "See 'bastille --help' for available commands." - + } debootstrap_release() { @@ -443,12 +443,12 @@ bootstrap_template() { cp -fR "${_project_dir}" "${bastille_templatesdir}" bastille verify "${_complete_template}" done - + # Remove the cloned repo if [ -n "${_user}" ]; then rm -r "${bastille_templatesdir:?}/${_user:?}" fi - + else # Verify a single template bastille verify "${_user}/${_repo}" @@ -465,7 +465,7 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index de2b21de..59d7ae3c 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille clone [option(s)] TARGET NEW_NAME IP" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. Cannot be used with [-l|--live]. @@ -70,7 +70,7 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; @@ -251,7 +251,7 @@ update_jailconf_vnet() { local _epair_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")" local _old_host_epair="${_if}" local _old_jail_epair="${_old_if_prefix%a}b_${_old_if_suffix}" - + if [ "$(echo -n "e${_epair_num}a_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then # Generate new epair name local _new_host_epair="e${_epair_num}a_${NEWNAME}" @@ -268,7 +268,7 @@ update_jailconf_vnet() { if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then # For -V jails - # Replace host epair name in jail.conf + # Replace host epair name in jail.conf sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}" @@ -293,7 +293,7 @@ update_jailconf_vnet() { sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}" else # For -B jails - # Replace host epair name in jail.conf + # Replace host epair name in jail.conf sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" @@ -384,7 +384,7 @@ update_jailconf_vnet() { local _new_if_prefix="$(echo ${_if} | awk -F'_' '{print $1}')" local _new_if_suffix="$(echo ${_if} | awk -F'_' '{print $2}')" - # Replace netgraph interface name + # Replace netgraph interface name sed -i '' "s|jng bridge ${_old_if_suffix}|jng bridge ${_new_if_suffix}|g" "${_jail_conf}" sed -i '' "s|${_old_ngif} ether|${_new_ngif} ether|g" "${_jail_conf}" sed -i '' "s|jng shutdown ${_old_if_suffix}|jng shutdown ${_new_if_suffix}|g" "${_jail_conf}" @@ -515,7 +515,7 @@ clone_jail() { fi else - + check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then bastille stop "${TARGET}" else diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index 313db834..de003c68 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille cmd [option(s)] TARGET COMMAND" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -111,7 +111,7 @@ for _jail in ${JAILS}; do if [ "$?" -ne 0 ]; then ERRORS=$((ERRORS + 1)) fi - + done if [ "${ERRORS}" -ne 0 ]; then diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 8b0e50b1..b73771ff 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -34,7 +34,7 @@ # because all commands load this file # shellcheck disable=SC1090 . ${BASTILLE_CONFIG} - + COLOR_RED= COLOR_GREEN= COLOR_YELLOW= @@ -56,7 +56,7 @@ enable_debug() { # Enable debug mode. warn "***DEBUG MODE***" set -x -} +} # If "NO_COLOR" environment variable is present, or we aren't speaking to a # tty, disable output colors. @@ -287,7 +287,7 @@ set_bastille_mountpoints() { bastille_logsdir_mountpoint="${bastille_logsdir}" # Add _altroot to *dir* if set - if [ "${_altroot}" != "-" ]; then + if [ "${_altroot}" != "-" ]; then # Set *dir* to include ALTROOT bastille_prefix="${_altroot}${bastille_prefix}" bastille_backupsdir="${_altroot}${bastille_backupsdir}" @@ -295,7 +295,7 @@ set_bastille_mountpoints() { bastille_jailsdir="${_altroot}${bastille_jailsdir}" bastille_releasesdir="${_altroot}${bastille_releasesdir}" bastille_templatesdir="${_altroot}${bastille_templatesdir}" - bastille_logsdir="${_altroot}${bastille_logsdir}" + bastille_logsdir="${_altroot}${bastille_logsdir}" fi fi } diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index e64bc603..a4d9f879 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -36,7 +36,7 @@ usage() { error_notify "Usage: bastille config [option(s)] TARGET [get|(set|add)|remove] PROPERTY [VALUE]" cat << EOF - + Options: -x | --debug Enable debug mode. @@ -52,7 +52,7 @@ print_jail_conf() { # line jail -f "$1" -e ' ' -} +} # Handle options. while [ "$#" -gt 0 ]; do @@ -93,7 +93,7 @@ case "${ACTION}" in error_exit "[ERROR]: Too many parameters for [get|remove] operation." fi ;; - add|set) + add|set) ;; *) error_exit "[ERROR]: Only (add|set), get and remove are supported." @@ -121,10 +121,10 @@ print_jail_conf() { # line jail -f "${1}" -e ' ' -} +} for _jail in ${JAILS}; do - + # Backwards compatibility for specifying only an IP with ip[4|6].addr if [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip4.addr" ]; then if ! echo "${VALUE}" | grep -q "|"; then @@ -135,7 +135,7 @@ for _jail in ${JAILS}; do VALUE="$(bastille config ${_jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}" fi fi - + # Handle Bastille specific properties # Currently only 'depend' 'priority' and 'boot' if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then @@ -307,7 +307,7 @@ for _jail in ${JAILS}; do rm "${_tmpfile}" fi fi - + done # Only display this message once at the end (not for every jail). -- cwells diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index a553fa63..43bbbf8a 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille console [option(s)] TARGET [USER]" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do case ${_opt} in x) enable_debug ;; a) AUTO=1 ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -90,7 +90,7 @@ validate_user() { local _jail="${1}" local _user="${2}" - + if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}" | cut -d: -f7)" if [ -n "${USER_SHELL}" ]; then @@ -110,7 +110,7 @@ validate_user() { check_fib() { local _jail="${1}" - + fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g') if [ -n "${fib}" ]; then @@ -132,7 +132,7 @@ for _jail in ${JAILS}; do fi info "\n[${_jail}]:" - + LOGIN="$(jexec -l "${_jail}" which login)" if [ -n "${USER}" ]; then @@ -142,5 +142,5 @@ for _jail in ${JAILS}; do LOGIN="$(jexec -l "${_jail}" which login)" ${_setfib} jexec -l "${_jail}" ${LOGIN} -f root fi - + done diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index 3106dab8..d96fd88a 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille convert [option(s)] TARGET [RELEASE]" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -66,13 +66,13 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; y) AUTO_YES=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -106,7 +106,7 @@ validate_release_name() { local _name=${1} local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')" - + if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then error_exit "[ERROR]: Release names may not begin with (-|_) characters!" elif [ "${_name}" != "${_sanity}" ]; then @@ -119,7 +119,7 @@ convert_jail_to_release() { _jailname="${1}" _release="${2}" - + info "\nAttempting to create '${_release}' from '${_jailname}'..." if checkyesno bastille_zfs_enable; then @@ -272,7 +272,7 @@ if [ "$#" -eq 1 ]; then elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then error_exit "[ERROR]: ${TARGET} is not a thin container." fi - + # Ask if user is sure they want to convert the jail # but only if AUTO_YES=0 if [ "${AUTO_YES}" -ne 1 ]; then diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 2b8d0971..eec94947 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -39,7 +39,7 @@ usage() { cat << EOF Options: - + -B | --bridge Enable VNET, and attach to a specified, already existing external bridge. -C | --clone Create a clone jail. -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). @@ -65,7 +65,7 @@ validate_name() { local NAME_VERIFY=${NAME} local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')" - + # Make sure NAME has only allowed characters if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then error_exit "[ERROR]: Jail names may not begin with (-|_) characters!" @@ -607,7 +607,7 @@ create_jail() { if [ -f /usr/share/examples/jails/jng ] && [ ! -f /usr/local/bin/jng ]; then install -m 0544 /usr/share/examples/jails/jng /usr/local/bin/jng fi - fi + fi fi fi elif [ -n "${LINUX_JAIL}" ]; then @@ -646,7 +646,7 @@ create_jail() { if [ -n "${VNET_JAIL}" ]; then if [ -n "${bastille_template_vnet}" ]; then - + ## rename interface to generic vnet0 uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g') _gateway='' @@ -668,12 +668,12 @@ create_jail() { _gateway="$(netstat -4rn | awk '/default/ {print $2}')" fi fi - + # Add IPv4 address (this is empty if DHCP is used) if [ -n "${IP4_ADDR}" ]; then _ifconfig_inet="${_ifconfig_inet} inet ${IP4_ADDR}" fi - + # Enable IPv6 if used if [ -n "${IP6_ADDR}" ]; then _ifconfig_inet6='inet6 -ifdisabled' @@ -689,12 +689,12 @@ create_jail() { fi fi fi - + # Add IPv6 address (this is empty if SLAAC is used) if [ -n "${IP6_ADDR}" ]; then _ifconfig_inet6="${_ifconfig_inet6} ${IP6_ADDR}" fi - + # We need to pass IP4 and IP6 separately _ifconfig="${_ifconfig_inet}" _ifconfig6="${_ifconfig_inet6}" @@ -832,7 +832,7 @@ while [ $# -gt 0 ]; do if echo "${2}" | grep -Eoq "^[0-9]+$"; then PRIORITY="${2}" shift 2 - else + else error_exit "Not a valid priority value: \"${2}\"" fi ;; @@ -868,7 +868,7 @@ while [ $# -gt 0 ]; do bastille_zfs_options="${2}" shift 2 ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in B) VNET_JAIL=1 VNET_JAIL_BRIDGE=1 ;; @@ -880,7 +880,7 @@ while [ $# -gt 0 ]; do T) THICK_JAIL=1 ;; V) VNET_JAIL=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index adbf36fa..ef8ed63b 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille destroy [option(s)] JAIL|RELEASE" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -256,7 +256,7 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; diff --git a/usr/local/share/bastille/edit.sh b/usr/local/share/bastille/edit.sh index 0f657e1f..83dfcc11 100644 --- a/usr/local/share/bastille/edit.sh +++ b/usr/local/share/bastille/edit.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille edit [option(s)] TARGET [FILE]" cat << EOF - + Options: -x | --debug Enable debug mode. @@ -71,7 +71,7 @@ fi TARGET="${1}" if [ "$#" -eq 2 ]; then TARGET_FILENAME="${2}" -else +else TARGET_FILENAME="jail.conf" fi diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index 7a2f0f9d..ac86d985 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -32,7 +32,7 @@ usage() { error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]" cat << EOF - + Options: -d | --dry-run Show output, but do not apply. @@ -92,7 +92,7 @@ diff_review() { fi echo "Running: etcupdate --diff mode" - etcupdate diff -D "${bastille_jailsdir}/${_jail}/root" + etcupdate diff -D "${bastille_jailsdir}/${_jail}/root" } resolve_conflicts() { @@ -104,7 +104,7 @@ resolve_conflicts() { fi echo "Running: etcupdate resolve" - etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" + etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" } update_jail_etc() { @@ -144,13 +144,13 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in d) DRY_RUN=1 ;; f) FORCE=1 ;; x) enable_debug ;; - *) error_exit "Unknown Option: \"${1}\"" ;; + *) error_exit "Unknown Option: \"${1}\"" ;; esac done shift diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index 44bcd0b9..5d61dcfe 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -39,7 +39,7 @@ usage() { # If no compression option specified, user must redirect standard output error_notify "Usage: bastille export [option(s)] TARGET PATH" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -275,7 +275,7 @@ clean_zfs_snap() { zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" } -export_check() { +export_check() { # Inform the user about the exporting method if [ -z "${USER_EXPORT}" ]; then if [ -n "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index ce6d795f..8b97d870 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -37,7 +37,7 @@ usage() { # If no file/extension specified, will import from standard input error_notify "Usage: bastille import [option(s)] FILE [RELEASE]" cat << EOF - + Options: -f | --force Force an archive import regardless if the checksum file does not match or missing. @@ -77,14 +77,14 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in f) OPT_FORCE=1 ;; M) OPT_STATIC_MAC=1 ;; v) OPT_ZRECV="-u -v" ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -137,7 +137,7 @@ validate_archive() { } update_zfsmount() { - + # Update the mountpoint property on the received ZFS data stream OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}') NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root" @@ -232,7 +232,7 @@ generate_config() { IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//") if [ -z "${RELEASE}" ]; then CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') - else + else CONFIG_RELEASE="${RELEASE}" fi fi diff --git a/usr/local/share/bastille/jcp.sh b/usr/local/share/bastille/jcp.sh index ec522679..fb7a2370 100644 --- a/usr/local/share/bastille/jcp.sh +++ b/usr/local/share/bastille/jcp.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH" cat << EOF - + Options: -q | --quiet Suppress output. @@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do case ${_opt} in q) OPTION="-a" ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -100,14 +100,14 @@ for _jail in ${DEST_TARGET}; do source_path="$(echo ${bastille_jailsdir}/${SOURCE_TARGET}/root/${SOURCE_PATH} | sed 's#//#/#g')" dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')" - + if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then ERRORS=$((ERRORS + 1)) error_continue "[ERROR]: JCP failed: ${source_path} -> ${dest_path}" fi - + fi - + done if [ "${ERRORS}" -ne 0 ]; then diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index 64058311..9d2e7121 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -36,10 +36,10 @@ usage() { error_notify "Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]" cat << EOF - + Example: bastille limits TARGET add memoryuse 1G Example: bastille limits TARGET add cpu 0,1,2 - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -70,13 +70,13 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; l) OPT_LOG=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -93,7 +93,7 @@ fi TARGET="${1}" ACTION="${2}" -# Retain support for no action (will default to add) +# Retain support for no action (will default to add) if [ "${ACTION}" != "add" ] && [ "${ACTION}" != "remove" ] && [ "${ACTION}" != "clear" ] && [ "${ACTION}" != "list" ] && [ "${ACTION}" != "show" ] && [ "${ACTION}" != "reset" ] && [ "${ACTION}" != "stats" ]; then ACTION="add" shift 1 @@ -148,7 +148,7 @@ for _jail in ${JAILS}; do fi info "\n[${_jail}]:" - + case "${ACTION}" in add) @@ -299,5 +299,5 @@ for _jail in ${JAILS}; do ;; esac - + done \ No newline at end of file diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index fc378d76..bd710e54 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -235,7 +235,7 @@ get_jail_info() { # Get info if jail is DOWN if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then JAIL_IP4=$(grep -E "^ifconfig_vnet.*inet .*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -o "inet .*" | awk '{print $2}' | sed -E 's#/[0-9]+.*##g' | sed 's/"//g') - JAIL_IP6=$(grep -E "^ifconfig_vnet.*inet6.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -Eow "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?" | sed -E 's#/[0-9]+.*##g' | sed 's/"//g') + JAIL_IP6=$(grep -E "^ifconfig_vnet.*inet6.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -Eow "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?" | sed -E 's#/[0-9]+.*##g' | sed 's/"//g') else JAIL_IP4=$(sed -n "s/^[ ].*ip4.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g') JAIL_IP6=$(sed -n "s/^[ ].*ip6.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g') @@ -275,7 +275,7 @@ get_jail_info() { if [ "${OPT_STATE}" != "all" ] && [ "${JAIL_STATE}" != "${OPT_STATE}" ]; then # shellcheck disable=SC2104 continue - fi + fi # Add ... if JAIL_PORTS is too long JAIL_PORTS_FULL="${JAIL_PORTS}" @@ -300,7 +300,7 @@ get_jail_info() { list_bastille(){ _tmp_list= - + get_max_lengths get_jail_list @@ -317,13 +317,13 @@ list_bastille(){ fi ( - + get_jail_info "${_jail}" # Get JAIL_IP count JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l) - # Print JAIL_IP in columns if -gt 1 + # Print JAIL_IP in columns if -gt 1 if [ ${JAIL_IP_COUNT} -gt 1 ]; then # vnet0 has more than one IPs assigned. # Put each IP in its own line below the jails first address. For instance: diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index eacaa753..56c93477 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -95,7 +95,7 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; @@ -104,7 +104,7 @@ while [ "$#" -gt 0 ]; do l) LIVE=1 ;; p) OPT_PASSWORD=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -144,7 +144,7 @@ validate_host_status() { local _user="${1}" local _host="${2}" local _port="${3}" - + info "\nChecking remote host status..." # Host uptime @@ -364,7 +364,7 @@ for _jail in ${JAILS}; do fi info "\nAttempting to migrate '${_jail}' to '${HOST}'..." - + migrate_jail "${_jail}" "${USER}" "${HOST}" "${PORT}" info "\nSuccessfully migrated '${_jail}' to '${HOST}'.\n" diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 386859f5..9870d08d 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -194,11 +194,11 @@ for _jail in ${JAILS}; do continue fi fi - fi - + fi + # Add entry to fstab and mount echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}" mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" echo "Added: ${_fstab_entry}" - + done diff --git a/usr/local/share/bastille/network.sh b/usr/local/share/bastille/network.sh index 757a012a..55013b1d 100644 --- a/usr/local/share/bastille/network.sh +++ b/usr/local/share/bastille/network.sh @@ -36,7 +36,7 @@ usage() { error_notify "Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP]" cat << EOF - + Options: -a | --auto Start/stop jail(s) if required. @@ -47,7 +47,7 @@ usage() { -V | --vnet Add a VNET interface. -v | --vlan VLANID Assign VLAN ID to interface (VNET only). -x | --debug Enable debug mode. - + EOF exit 1 } @@ -101,7 +101,7 @@ while [ "$#" -gt 0 ]; do -x|--debug) enable_debug shift - ;; + ;; -*) for _o in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do case ${_o} in @@ -112,7 +112,7 @@ while [ "$#" -gt 0 ]; do P) PASSTHROUGH=1 ;; V) VNET=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -135,7 +135,7 @@ else fi # Default is standard interface -if [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then +if [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then STANDARD=1 fi @@ -224,11 +224,11 @@ check_interface_added() { local _jailname="${1}" local _if="${2}" - local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf" + local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf" if grep -qo "${_if}" "${_jail_config}"; then return 0 - else + else return 1 fi } @@ -294,7 +294,7 @@ EOF } EOF fi - + # Add config to /etc/rc.conf sysrc -f "${_jail_rc_config}" ifconfig_${jail_epair}_name="${_jail_vnet}" if [ -n "${IP6_ADDR}" ]; then @@ -377,7 +377,7 @@ EOF break fi done - + echo "Added VNET interface: \"${_if}\"" elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then @@ -428,8 +428,8 @@ EOF fi break fi - done - echo "Added VNET interface: \"${_if}\"" + done + echo "Added VNET interface: \"${_if}\"" fi elif [ "${PASSTHROUGH}" -eq 1 ]; then @@ -458,7 +458,7 @@ EOF fi fi echo "Added Passthrough interface: \"${_if}\"" - + elif [ "${STANDARD}" -eq 1 ]; then if [ -n "${IP6_ADDR}" ]; then sed -i '' "s/interface = .*/&\n ip6.addr += ${_if}|${_ip};/" ${_jail_config} @@ -507,7 +507,7 @@ remove_interface() { else error_exit "[ERROR]: Could not find interface inside jail: \"${_if_jail}\"" fi - + # Get vnetX value from rc.conf if [ "${_if_type}" = "if_bridge" ]; then if grep -oq "${_if_jail}" ${_jail_config}; then @@ -528,7 +528,7 @@ remove_interface() { error_exit "[ERROR]: Interface not found: ${_if_jail}" fi fi - + # Do not allow removing default vnet0 interface if [ "${_if_vnet}" = "vnet0" ]; then error_exit "[ERROR]: Default interface cannot be removed." @@ -538,7 +538,7 @@ remove_interface() { if [ -z "${_if_jail}" ]; then error_exit "[ERROR]: Could not find specifed interface." fi - + # Remove interface from /etc/rc.conf if [ "${_if_type}" = "if_bridge" ]; then if [ -n "${_if_vnet}" ] && echo ${_if_vnet} | grep -Eoq 'vnet[0-9]+'; then @@ -563,11 +563,11 @@ remove_interface() { # Remove VNET interface from jail.conf (VNET) if [ -n "${_if_jail}" ]; then if [ "${_if_type}" = "if_bridge" ]; then - sed -i '' "/.*${_epaira}.*/d" "${_jail_config}" + sed -i '' "/.*${_epaira}.*/d" "${_jail_config}" sed -i '' "/.*${_epairb}.*/d" "${_jail_config}" sed -i '' "/.*${_if}.*/d" "${_jail_config}" elif [ "${_if_type}" = "netgraph" ]; then - sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}" + sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}" sed -i '' "/.*${_if}.*/d" "${_jail_config}" elif [ "${_if_type}" = "passthrough" ]; then sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}" @@ -690,7 +690,7 @@ case "${ACTION}" in fi ;; remove|delete) - check_interface_added "${TARGET}" "${INTERFACE}" || error_exit "Interface not found in jail.conf: \"${INTERFACE}\"" + check_interface_added "${TARGET}" "${INTERFACE}" || error_exit "Interface not found in jail.conf: \"${INTERFACE}\"" validate_netif "${INTERFACE}" if ! grep -q "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf; then error_exit "[ERROR]: Interface not found in jail.conf: \"${INTERFACE}\"" diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index c0a03b09..4f1675a2 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -72,14 +72,14 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; H) USE_HOST_PKG=1 ;; y) AUTO_YES=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -97,7 +97,7 @@ fi TARGET="${1}" shift ERRORS=0 - + bastille_root_check set_target "${TARGET}" @@ -137,7 +137,7 @@ for _jail in ${JAILS}; do if [ "$?" -ne 0 ]; then ERRORS=$((ERRORS + 1)) fi - + done if [ "${ERRORS}" -ne 0 ]; then diff --git a/usr/local/share/bastille/rcp.sh b/usr/local/share/bastille/rcp.sh index aab2c28b..e6cf297c 100644 --- a/usr/local/share/bastille/rcp.sh +++ b/usr/local/share/bastille/rcp.sh @@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do case ${_opt} in q) OPTION="-a" ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index a11e66be..6cfe7df6 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]" cat << EOF - + Options: -d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. @@ -76,7 +76,7 @@ check_jail_validity() { else error_exit "[ERROR]: VNET jails do not support rdr." fi - + # Check if rdr-anchor is defined in pf.conf if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then error_exit "[ERROR]: rdr-anchor not found in pf.conf" @@ -185,7 +185,7 @@ load_rdr_rule() { | pfctl -a "rdr/${TARGET}" -f-; then error_exit "[ERROR]: Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" else - echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}" + echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}" fi fi # Create IPv6 rdr rule (if ip6.addr is enabled) @@ -228,7 +228,7 @@ load_rdr_log_rule() { # Create IPv6 rdr rule with log (if ip6.addr is enabled) # shellcheck disable=SC2193 - if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then + if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then if ! ( pfctl -a "rdr/${TARGET}" -Psn; printf '%s\nrdr pass %s on $%s inet6 proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \ | pfctl -a "rdr/${TARGET}" -f-; then @@ -355,7 +355,7 @@ while [ "$#" -gt 0 ]; do fi fi shift - ;; + ;; tcp|udp) if [ "$#" -lt 3 ]; then usage @@ -388,7 +388,7 @@ while [ "$#" -gt 0 ]; do check_jail_validity validate_rdr_rule "$RDR_IF" $RDR_SRC $RDR_DST $1 $2 $3 persist_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@" - load_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@" + load_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@" shift $# else usage @@ -412,7 +412,7 @@ while [ "$#" -gt 0 ]; do *) if [ "${1}" = "dual" ] || [ "${1}" = "ipv4" ] || [ "${1}" = "ipv6" ]; then RDR_INET="${1}" - else + else usage fi if [ "$#" -eq 7 ] && { [ "${5}" = "tcp" ] || [ "${5}" = "udp" ]; } then diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index 194b7d9f..744ccbe8 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -53,7 +53,7 @@ while [ "$#" -gt 0 ]; do AUTO=1 shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; @@ -161,7 +161,7 @@ update_jailconf_vnet() { if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then # For -V jails - # Replace host epair name in jail.conf + # Replace host epair name in jail.conf sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}" @@ -178,7 +178,7 @@ update_jailconf_vnet() { sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}" else # For -B jails - # Replace host epair name in jail.conf + # Replace host epair name in jail.conf sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" @@ -198,7 +198,7 @@ update_jailconf_vnet() { fi # For netgraph network type elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then - + local _ngif_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")" local _old_ngif="${_if}" diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index 4703531f..3db70675 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille restart [option(s)] TARGET" cat << EOF - + Options: -b | --boot Respect jail boot setting. @@ -74,7 +74,7 @@ while [ "$#" -gt 0 ]; do _stop_options="${_stop_options} -x" shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in b) @@ -84,13 +84,13 @@ while [ "$#" -gt 0 ]; do _start_options="${_start_options} -v" _stop_options="${_stop_options} -v" ;; - x) + x) _start_options="${_start_options} -x" _stop_options="${_stop_options} -x" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" - ;; + ;; esac done shift diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index b909ee33..a63dd780 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -99,7 +99,7 @@ for _jail in ${JAILS}; do fi info "\n[${_jail}]:" - + jexec -l "${_jail}" /usr/sbin/service "$@" if [ "$?" -ne 0 ]; then diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index ae5d32f6..9a9be7f3 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -40,7 +40,7 @@ usage() { error_notify " [vnet]" error_notify " [storage]" cat << EOF - + Options: -y | --yes Assume always yes on prompts. @@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in y) AUTO_YES=1 ;; diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index f36e5f00..bb9dcc98 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -38,7 +38,7 @@ usage() { Options: - -b | --boot Respect jail boot setting. + -b | --boot Respect jail boot setting. -d | --delay VALUE Time (seconds) to wait after starting each jail. -v | --verbose Print every action on jail start. -x | --debug Enable debug mode. @@ -76,13 +76,13 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in b) BOOT=1 ;; v) OPTION="-v" ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -121,14 +121,14 @@ for _jail in ${JAILS}; do bastille start ${_depend_jail} fi done - + if check_target_is_running "${_jail}"; then info "\n[${_jail}]:" error_continue "Jail is already running." fi info "\n[${_jail}]:" - + # Validate interfaces and add IPs to firewall table if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then _ip4_interfaces="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" @@ -217,5 +217,5 @@ for _jail in ${JAILS}; do # Delay between jail action sleep "${DELAY_TIME}" - + done \ No newline at end of file diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 15a2c736..59ecbe36 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in v) OPTION="-v" ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -103,7 +103,7 @@ for _jail in ${JAILS}; do info "\n[${_jail}]:" error_continue "Jail is already stopped." fi - + info "\n[${_jail}]:" # Remove RDR rules @@ -153,7 +153,7 @@ for _jail in ${JAILS}; do else _ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')" fi - pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" + pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" done fi diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index d8f2cc75..1cd25325 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille sysrc [option(s)] TARGET ARGS" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -99,13 +99,13 @@ for _jail in ${JAILS}; do fi info "\n[${_jail}]:" - + jexec -l "${_jail}" /usr/sbin/sysrc "$@" if [ "$?" -ne 0 ]; then ERRORS=$((ERRORS + 1)) fi - + done if [ "${ERRORS}" -ne 0 ]; then diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index bf05ebe8..e974b4ad 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -144,12 +144,12 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -281,7 +281,7 @@ for _jail in ${JAILS}; do fi info "\n[${_jail}]:" - + echo "Applying template: ${TEMPLATE}..." ## get jail ip4 and ip6 values @@ -311,7 +311,7 @@ for _jail in ${JAILS}; do { [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disable" ]; } then error_notify "Jail IP not found: ${_jail}" fi - + ## TARGET if [ -s "${bastille_template}/TARGET" ]; then if grep -qw "${_jail}" "${bastille_template}/TARGET"; then @@ -471,7 +471,7 @@ for _jail in ${JAILS}; do echo fi done - + info "\nTemplate applied: ${TEMPLATE}" - + done diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 4aa1e421..7a20812b 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille umount [option(s)] TARGET JAIL_PATH" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -96,7 +96,7 @@ for _jail in ${JAILS}; do error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - + info "\n[${_jail}]:" _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" @@ -125,9 +125,9 @@ for _jail in ${JAILS}; do if [ -f "${_jailpath}" ]; then rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - + echo "Unmounted: ${_jailpath}" - + done echo \ No newline at end of file diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 902acd7f..161502a4 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -69,13 +69,13 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; f) OPTION="-F" ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -134,7 +134,7 @@ jail_update() { local _workdir="${_jailpath}/var/db/freebsd-update" # Update a thick container - if [ -d "${bastille_jailsdir}/${TARGET}" ]; then + if [ -d "${bastille_jailsdir}/${TARGET}" ]; then CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null) if [ -z "${CURRENT_VERSION}" ]; then error_exit "[ERROR]: Can't determine '${TARGET}' version." @@ -186,10 +186,10 @@ template_update() { if [ -d $_template_path ]; then info "\n[${BASTILLE_TEMPLATE}]:" if ! git -C $_template_path pull; then - error_exit "[ERROR]: ${BASTILLE_TEMPLATE} update unsuccessful." + error_exit "[ERROR]: ${BASTILLE_TEMPLATE} update unsuccessful." fi bastille verify "${BASTILLE_TEMPLATE}" - else + else error_exit "[ERROR]: ${BASTILLE_TEMPLATE} not found. See 'bastille bootstrap'." fi } @@ -212,7 +212,7 @@ templates_update() { if [ "$_updated_templates" -ne "0" ]; then info "\n$_updated_templates templates updated." - else + else error_exit "[ERROR]: No templates found. See 'bastille bootstrap'." fi } diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index fbb9fe56..314a23b9 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install" cat << EOF - + Options: -a | --auto Auto mode. Start/stop jail(s) if required. @@ -66,13 +66,13 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; f) OPTION="-F" ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift @@ -93,7 +93,7 @@ NEWRELEASE="${2}" bastille_root_check set_target_single "${TARGET}" -# Check for unsupported actions +# Check for unsupported actions if [ -f "/bin/midnightbsd-version" ]; then error_exit "[ERROR]: Not yet supported on MidnightBSD." fi @@ -186,7 +186,7 @@ jail_upgrade() { -d "${_workdir}" \ -f "${_freebsd_update_conf}" \ -r "${_newrelease}" upgrade - + # Update "osrelease" inside jail.conf using 'bastille config' bastille config ${_jailname} set osrelease ${_newrelease} warn "Please run 'bastille upgrade ${_jailname} install', restart the jail, then run 'bastille upgrade ${_jailname} install' again to finish installing updates." @@ -201,7 +201,7 @@ jail_updates_install() { local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf" # Finish installing upgrade on a thick container - if [ -d "${bastille_jailsdir}/${_jailname}" ]; then + if [ -d "${bastille_jailsdir}/${_jailname}" ]; then env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \ -j "${_jailname}" \ -d "${_workdir}" \ diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index 4f7993de..a27f0a52 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -35,7 +35,7 @@ usage() { error_notify "Usage: bastille verify [option(s)] RELEASE|TEMPLATE" cat << EOF - + Options: -x | --debug Enable debug mode. @@ -49,7 +49,7 @@ verify_release() { if [ -f "/bin/midnightbsd-version" ]; then error_exit "[ERROR]: Not yet supported on MidnightBSD." fi - + if freebsd-version | grep -qi HBSD; then error_exit "[ERROR]: Not yet supported on HardenedBSD." fi @@ -160,7 +160,7 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index ac6967ba..0e2b42a6 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -33,7 +33,7 @@ . /usr/local/share/bastille/common.sh usage() { - + error_notify "Usage: bastille zfs [option(s)] TARGET destroy|rollback|snapshot [TAG]" error_notify " df|usage" error_notify " get|set key=value" @@ -52,7 +52,7 @@ EOF } zfs_jail_dataset() { - + # Exit if MOUNT or DATASET is empty if [ -z "${MOUNT}" ] || [ -z "${DATASET}" ]; then usage @@ -68,7 +68,7 @@ zfs_jail_dataset() { # Validate jail state check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille stop "${_jail}" - else + else error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." fi @@ -100,7 +100,7 @@ zfs_unjail_dataset() { # Validate jail state check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then bastille stop "${_jail}" - else + else error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." fi @@ -226,7 +226,7 @@ snapshot_destroy() { else OPT_DESTROY="-r" fi - + zfs_destroy_snapshot # Check for exit status and just notify. @@ -260,12 +260,12 @@ while [ "$#" -gt 0 ]; do enable_debug shift ;; - -*) + -*) for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do case ${_opt} in a) AUTO=1 ;; x) enable_debug ;; - *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; + *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done shift