From 8b9760b0a58f92aa9c3cd062a3c1d60742f19a93 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Sun, 26 Jan 2020 09:51:02 -0700 Subject: [PATCH] initial support for limits automation; updated copyright year --- CODE-OF-CONDUCT.md | 2 +- LICENSE | 2 +- usr/local/share/bastille/bootstrap.sh | 2 +- usr/local/share/bastille/cmd.sh | 2 +- usr/local/share/bastille/console.sh | 2 +- usr/local/share/bastille/cp.sh | 2 +- usr/local/share/bastille/create.sh | 2 +- usr/local/share/bastille/destroy.sh | 2 +- usr/local/share/bastille/htop.sh | 2 +- usr/local/share/bastille/limits.sh | 2 +- usr/local/share/bastille/list.sh | 2 +- usr/local/share/bastille/pkg.sh | 2 +- usr/local/share/bastille/restart.sh | 2 +- usr/local/share/bastille/service.sh | 2 +- usr/local/share/bastille/start.sh | 2 +- usr/local/share/bastille/stop.sh | 2 +- usr/local/share/bastille/sysrc.sh | 2 +- usr/local/share/bastille/template.sh | 31 ++++++++++++++++++++++++++- usr/local/share/bastille/top.sh | 2 +- usr/local/share/bastille/update.sh | 2 +- usr/local/share/bastille/upgrade.sh | 2 +- usr/local/share/bastille/verify.sh | 10 +++++---- usr/local/share/bastille/zfs.sh | 2 +- 23 files changed, 57 insertions(+), 26 deletions(-) mode change 100755 => 100644 usr/local/share/bastille/limits.sh diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md index b27bd4cd..2d4e758b 100644 --- a/CODE-OF-CONDUCT.md +++ b/CODE-OF-CONDUCT.md @@ -55,7 +55,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at conduct@bastillebsd.org. All +reported by contacting the project team lead at christer.edwards@gmail.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. diff --git a/LICENSE b/LICENSE index 507ba892..994cf0b1 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ BSD 3-Clause License -Copyright (c) 2018-2019, Christer Edwards +Copyright (c) 2018-2020, Christer Edwards All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index b09eb8f6..f897ff92 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index a071fc70..2eb2bc42 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index f0b11b37..e80f9f9c 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index b368f61c..088d5a7f 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 6b30d6a3..c8fddf71 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index dbcb69fa..87f4dc61 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index f93bcbd0..a675f38b 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh old mode 100755 new mode 100644 index ead18788..d1bbd692 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # Ressource limits added by Sven R github.com/hackacad # diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 97ec4616..cb2cc471 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index 73b41d63..081ee3ff 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index 65478dc0..114f19ce 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index dfe35a1f..17c6578d 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index ac0134a4..931be184 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 2cc9038d..93a62ba2 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index 6d40fe50..317d9580 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index cb34f728..bcd66f59 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -92,6 +92,35 @@ for _jail in ${JAILS}; do fi fi + ## LIMITS (RCTL) + if [ -s "${bastille_template}/LIMITS" ]; then + echo -e "${COLOR_GREEN}[${_jail}]:LIMITS -- START${COLOR_RESET}" + RACCT_ENABLE=$(sysctl -n kern.racct.enable) + if [ "${RACCT_ENABLE}" != '1' ]; then + echo "Racct not enabled. Append 'kern.racct.enable=1' to /boot/loader.conf and reboot" + continue + fi + while read _limits; do + ## define the key and value + _limit_key=$(echo "${_limits}" | awk '{print $1}') + _limit_value=$(echo "${_limits}" | awk '{print $2}') + _rctl_rule="jail:${_jail}:${_limit_key}:deny=${_limit_value}/jail" + + ## if entry doesn't exist, add; else show existing entry + if [ ! "$(grep -qs "${_rctl_rule}" "${bastille_jailsdir}/${_jail}/rctl.conf")" ]; then + echo "${_rctl_rule}" >> "${bastille_jailsdir}/${_jail}/rctl.conf" + echo "${_limits}" + else + echo "${_limits}" + fi + + ## apply limits to system + rctl -a "${_rctl_rule}" || exit 1 + done < "${bastille_template}/LIMITS" + echo -e "${COLOR_GREEN}[${_jail}]:LIMITS -- END${COLOR_RESET}" + echo + fi + ## INCLUDE if [ -s "${bastille_template}/INCLUDE" ]; then echo -e "${COLOR_GREEN}[${_jail}]:INCLUDE -- START${COLOR_RESET}" diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 39c9219c..9f0cd692 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index 5a46657f..f9bd827b 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index ef44c4d6..1d43f3be 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index 6aecb708..c6e19cc3 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -99,11 +99,13 @@ verify_template() { cat "${_path}" echo while read _dir; do - if [ -x /usr/local/bin/tree ]; then echo -e "${COLOR_GREEN}[${_hook}]:[${_dir}]:${COLOR_RESET}" - tree -a ${_template_path}/${_dir} + if [ -x /usr/local/bin/tree ]; then + /usr/local/bin/tree -a ${_template_path}/${_dir} + else + find "${_template_path}/${_dir}" -print | sed -e 's;[^/]*/;|___;g;s;___|; |;g' + fi echo - fi done < ${_path} else echo -e "${COLOR_GREEN}[${_hook}]:${COLOR_RESET}" diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 85eecc2e..32d46363 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2018-2019, Christer Edwards +# Copyright (c) 2018-2020, Christer Edwards # All rights reserved. # # Redistribution and use in source and binary forms, with or without