mirror of
https://github.com/hackacad/bastille.git
synced 2025-12-21 09:41:47 +01:00
initial support for limits automation; updated copyright year
This commit is contained in:
Christer Edwards
@@ -55,7 +55,7 @@ further defined and clarified by project maintainers.
|
|||||||
## Enforcement
|
## Enforcement
|
||||||
|
|
||||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
||||||
reported by contacting the project team at conduct@bastillebsd.org. All
|
reported by contacting the project team lead at christer.edwards@gmail.com. All
|
||||||
complaints will be reviewed and investigated and will result in a response that
|
complaints will be reviewed and investigated and will result in a response that
|
||||||
is deemed necessary and appropriate to the circumstances. The project team is
|
is deemed necessary and appropriate to the circumstances. The project team is
|
||||||
obligated to maintain confidentiality with regard to the reporter of an incident.
|
obligated to maintain confidentiality with regard to the reporter of an incident.
|
||||||
|
|||||||
2
LICENSE
2
LICENSE
@@ -1,6 +1,6 @@
|
|||||||
BSD 3-Clause License
|
BSD 3-Clause License
|
||||||
|
|
||||||
Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
2
usr/local/share/bastille/limits.sh
Executable file → Normal file
2
usr/local/share/bastille/limits.sh
Executable file → Normal file
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
# Ressource limits added by Sven R github.com/hackacad
|
# Ressource limits added by Sven R github.com/hackacad
|
||||||
#
|
#
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
@@ -92,6 +92,35 @@ for _jail in ${JAILS}; do
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
## LIMITS (RCTL)
|
||||||
|
if [ -s "${bastille_template}/LIMITS" ]; then
|
||||||
|
echo -e "${COLOR_GREEN}[${_jail}]:LIMITS -- START${COLOR_RESET}"
|
||||||
|
RACCT_ENABLE=$(sysctl -n kern.racct.enable)
|
||||||
|
if [ "${RACCT_ENABLE}" != '1' ]; then
|
||||||
|
echo "Racct not enabled. Append 'kern.racct.enable=1' to /boot/loader.conf and reboot"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
while read _limits; do
|
||||||
|
## define the key and value
|
||||||
|
_limit_key=$(echo "${_limits}" | awk '{print $1}')
|
||||||
|
_limit_value=$(echo "${_limits}" | awk '{print $2}')
|
||||||
|
_rctl_rule="jail:${_jail}:${_limit_key}:deny=${_limit_value}/jail"
|
||||||
|
|
||||||
|
## if entry doesn't exist, add; else show existing entry
|
||||||
|
if [ ! "$(grep -qs "${_rctl_rule}" "${bastille_jailsdir}/${_jail}/rctl.conf")" ]; then
|
||||||
|
echo "${_rctl_rule}" >> "${bastille_jailsdir}/${_jail}/rctl.conf"
|
||||||
|
echo "${_limits}"
|
||||||
|
else
|
||||||
|
echo "${_limits}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
## apply limits to system
|
||||||
|
rctl -a "${_rctl_rule}" || exit 1
|
||||||
|
done < "${bastille_template}/LIMITS"
|
||||||
|
echo -e "${COLOR_GREEN}[${_jail}]:LIMITS -- END${COLOR_RESET}"
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
|
||||||
## INCLUDE
|
## INCLUDE
|
||||||
if [ -s "${bastille_template}/INCLUDE" ]; then
|
if [ -s "${bastille_template}/INCLUDE" ]; then
|
||||||
echo -e "${COLOR_GREEN}[${_jail}]:INCLUDE -- START${COLOR_RESET}"
|
echo -e "${COLOR_GREEN}[${_jail}]:INCLUDE -- START${COLOR_RESET}"
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
@@ -99,11 +99,13 @@ verify_template() {
|
|||||||
cat "${_path}"
|
cat "${_path}"
|
||||||
echo
|
echo
|
||||||
while read _dir; do
|
while read _dir; do
|
||||||
if [ -x /usr/local/bin/tree ]; then
|
|
||||||
echo -e "${COLOR_GREEN}[${_hook}]:[${_dir}]:${COLOR_RESET}"
|
echo -e "${COLOR_GREEN}[${_hook}]:[${_dir}]:${COLOR_RESET}"
|
||||||
tree -a ${_template_path}/${_dir}
|
if [ -x /usr/local/bin/tree ]; then
|
||||||
echo
|
/usr/local/bin/tree -a ${_template_path}/${_dir}
|
||||||
|
else
|
||||||
|
find "${_template_path}/${_dir}" -print | sed -e 's;[^/]*/;|___;g;s;___|; |;g'
|
||||||
fi
|
fi
|
||||||
|
echo
|
||||||
done < ${_path}
|
done < ${_path}
|
||||||
else
|
else
|
||||||
echo -e "${COLOR_GREEN}[${_hook}]:${COLOR_RESET}"
|
echo -e "${COLOR_GREEN}[${_hook}]:${COLOR_RESET}"
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
|
# Copyright (c) 2018-2020, Christer Edwards <christer.edwards@gmail.com>
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# Redistribution and use in source and binary forms, with or without
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
|||||||
Reference in New Issue
Block a user