mirror of
https://github.com/hackacad/bastille.git
synced 2025-12-24 11:12:12 +01:00
network: merge functions as opposed to separate
Merge add/remove functions to avoid having unnecessarily long code blocks and functions.
This commit is contained in:
tschettervictor
GitHub
@@ -166,139 +166,129 @@ check_interface_added() {
|
||||
local _jailname="${1}"
|
||||
local _if="${2}"
|
||||
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
|
||||
if grep -o "${_if}" "${_jail_config}"; then
|
||||
if grep -qo "${_if}" "${_jail_config}"; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
add_vnet_interface_block() {
|
||||
add_interface() {
|
||||
local _jailname="${1}"
|
||||
local _if="${2}"
|
||||
local _ip="${3}"
|
||||
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
|
||||
local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"
|
||||
local _if_count="$(grep -Eo 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
|
||||
local _if_vnet_count="$(grep -Eo 'vnet[1-9]+' ${_jail_rc_config} | sort -u | wc -l | awk '{print $1}')"
|
||||
local _if_vnet="vnet$((_if_vnet_count + 1))"
|
||||
local num_range=$((_if_count + 1))
|
||||
for _num in $(seq 0 "${num_range}"); do
|
||||
if ! grep -Eq "bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
|
||||
local uniq_epair="bastille${_num}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
sed -i '' "s|}||" "${_jail_config}"
|
||||
# Generate VNET block
|
||||
if [ "${STATIC_MAC}" -eq 1 ]; then
|
||||
# Generate NETBLOCK with static MAC
|
||||
generate_static_mac "${_jailname}" "${_if}"
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## ${uniq_epair} interface
|
||||
vnet.interface += e0b_${uniq_epair};
|
||||
exec.prestart += "jib addm ${uniq_epair} ${_if}";
|
||||
exec.prestart += "ifconfig e0a_${uniq_epair} ether ${macaddr}a";
|
||||
exec.prestart += "ifconfig e0b_${uniq_epair} ether ${macaddr}b";
|
||||
exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${_jailname}\"";
|
||||
exec.poststop += "jib destroy ${uniq_epair}";
|
||||
}
|
||||
EOF
|
||||
else
|
||||
# Generate NETBLOCK without static MAC
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## ${uniq_epair} interface
|
||||
vnet.interface += e0b_${uniq_epair};
|
||||
exec.prestart += "jib addm ${uniq_epair} ${_if}";
|
||||
exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${_jailname}\"";
|
||||
exec.poststop += "jib destroy ${uniq_epair}";
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
# Add config to /etc/rc.conf
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_e0b_${uniq_epair}_name="${_if_vnet}"
|
||||
# If 0.0.0.0 set DHCP, else set static IP address
|
||||
if [ "${_ip}" = "0.0.0.0" ]; then
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
|
||||
else
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}=" inet ${_ip} "
|
||||
fi
|
||||
|
||||
info "[${_jailname}]:"
|
||||
echo "Added VNET interface: \"${_if}\""
|
||||
}
|
||||
|
||||
add_bridge_interface_block() {
|
||||
local _jailname="${1}"
|
||||
local _if="${2}"
|
||||
local _ip="${3}"
|
||||
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
|
||||
local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"
|
||||
local _if_count="$(grep -Eo 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
|
||||
local _if_vnet_count="$(grep -Eo 'vnet[1-9]+' ${_jail_rc_config} | sort -u | wc -l | awk '{print $1}')"
|
||||
local _if_vnet=vnet$((_if_vnet_count + 1))
|
||||
local num_range=$((_if_count + 1))
|
||||
for _num in $(seq 0 "${num_range}"); do
|
||||
local _epair_if_count="$(grep -Eo 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
|
||||
local _bastille_if_count="$(grep -Eo 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')"
|
||||
local _vnet_if_count="$(grep -Eo 'vnet[1-9]+' ${_jail_rc_config} | sort -u | wc -l | awk '{print $1}')"
|
||||
local _if_vnet="vnet$((_vnet_if_count + 1))"
|
||||
local epair_num_range=$((_epair_if_count + 1))
|
||||
local bastille_num_range=$((_bastille_if_count + 1))
|
||||
if [ "${BRIDGE_VNET_JAIL}" -eq 1 ]; then
|
||||
for _num in $(seq 0 "${epair_num_range}"); do
|
||||
if ! grep -Eq "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then
|
||||
local uniq_epair="${_num}"
|
||||
local bridge_epair="epair${_num}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
sed -i '' "s|}||" "${_jail_config}"
|
||||
# Generate bridged VNET block
|
||||
if [ "${STATIC_MAC}" -eq 1 ]; then
|
||||
# Generate NETBLOCK with static MAC
|
||||
generate_static_mac "${_jailname}" "${_if}"
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## epair${uniq_epair} interface
|
||||
vnet.interface += e${uniq_epair}b_${_jailname};
|
||||
exec.prestart += "ifconfig epair${uniq_epair} create";
|
||||
exec.prestart += "ifconfig ${_if} addm epair${uniq_epair}a";
|
||||
exec.prestart += "ifconfig epair${uniq_epair}a up name e${uniq_epair}a_${_jailname}";
|
||||
exec.prestart += "ifconfig epair${uniq_epair}b up name e${uniq_epair}b_${_jailname}";
|
||||
exec.prestart += "ifconfig e${uniq_epair}a_${_jailname} ether ${macaddr}a";
|
||||
exec.prestart += "ifconfig e${uniq_epair}b_${_jailname} ether ${macaddr}b";
|
||||
exec.poststop += "ifconfig ${_if} deletem e${uniq_epair}a_${_jailname}";
|
||||
exec.poststop += "ifconfig e${uniq_epair}a_${_jailname} destroy";
|
||||
# Remove ending brace (it is added again with the netblock)
|
||||
sed -i '' '/}/d' "${_jail_config}"
|
||||
if [ "${STATIC_MAC}" -eq 1 ]; then
|
||||
# Generate NETBLOCK with static MAC
|
||||
generate_static_mac "${_jailname}" "${_if}"
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## ${bridge_epair} interface
|
||||
vnet.interface += ${bridge_epair}b;
|
||||
exec.prestart += "ifconfig ${bridge_epair} create";
|
||||
exec.prestart += "ifconfig ${_if} addm ${bridge_epair}a";
|
||||
exec.prestart += "ifconfig ${bridge_epair}a ether ${macaddr}a";
|
||||
exec.prestart += "ifconfig ${bridge_epair}b ether ${macaddr}b";
|
||||
exec.prestart += "ifconfig ${bridge_epair}a description \"vnet host interface for Bastille jail ${jail_name}\"";
|
||||
exec.poststop += "ifconfig ${_if} deletem ${bridge_epair}a";
|
||||
exec.poststop += "ifconfig ${bridge_epair}a destroy";
|
||||
}
|
||||
EOF
|
||||
else
|
||||
# Generate NETBLOCK without static MAC
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## epair${uniq_epair} interface
|
||||
vnet.interface += e${uniq_epair}b_${_jailname};
|
||||
exec.prestart += "ifconfig epair${uniq_epair} create";
|
||||
exec.prestart += "ifconfig ${_if} addm epair${uniq_epair}a";
|
||||
exec.prestart += "ifconfig epair${uniq_epair}a up name e${uniq_epair}a_${_jailname}";
|
||||
exec.prestart += "ifconfig epair${uniq_epair}b up name e${uniq_epair}b_${_jailname}";
|
||||
exec.poststop += "ifconfig ${_if} deletem e${uniq_epair}a_${_jailname}";
|
||||
exec.poststop += "ifconfig e${uniq_epair}a_${_jailname} destroy";
|
||||
else
|
||||
# Generate NETBLOCK without static MAC
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## ${bridge_epair} interface
|
||||
vnet.interface += ${bridge_epair}b;
|
||||
exec.prestart += "ifconfig ${bridge_epair} create";
|
||||
exec.prestart += "ifconfig ${_if} addm ${bridge_epair}a";
|
||||
exec.prestart += "ifconfig ${bridge_epair}a description \"vnet host interface for Bastille jail ${jail_name}\"";
|
||||
exec.poststop += "ifconfig ${_if} deletem ${bridge_epair}a";
|
||||
exec.poststop += "ifconfig ${bridge_epair}a destroy";
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
# Add config to /etc/rc.conf
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${bridge_epair}b_name="${_if_vnet}"
|
||||
# If 0.0.0.0 set DHCP, else set static IP address
|
||||
if [ "${_ip}" = "0.0.0.0" ]; then
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
|
||||
else
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}=" inet ${_ip} "
|
||||
fi
|
||||
|
||||
# Add config to /etc/rc.conf
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_e${uniq_epair}b_${_jailname}_name="${_if_vnet}"
|
||||
# If 0.0.0.0 set DHCP, else set static IP address
|
||||
if [ "${_ip}" = "0.0.0.0" ]; then
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
|
||||
else
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}=" inet ${_ip} "
|
||||
fi
|
||||
info "[${_jailname}]:"
|
||||
echo "Added interface: \"${_if}\""
|
||||
|
||||
info "[${_jailname}]:"
|
||||
echo "Added interface: \"${_if}\""
|
||||
elif [ "${VNET_JAIL}" -eq 1 ]; then
|
||||
for _num in $(seq 0 "${bastille_num_range}"); do
|
||||
if ! grep -Eq "bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
|
||||
local bastille_epair="bastille${_num}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
# Remove ending brace (it is added again with the netblock)
|
||||
sed -i '' '/}/d' "${_jail_config}"
|
||||
if [ "${STATIC_MAC}" -eq 1 ]; then
|
||||
# Generate NETBLOCK with static MAC
|
||||
generate_static_mac "${_jailname}" "${_if}"
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## ${bastille_epair} interface
|
||||
vnet.interface += e0b_${bastille_epair};
|
||||
exec.prestart += "jib addm ${bastille_epair} ${_if}";
|
||||
exec.prestart += "ifconfig e0a_${bastille_epair} ether ${macaddr}a";
|
||||
exec.prestart += "ifconfig e0b_${bastille_epair} ether ${macaddr}b";
|
||||
exec.prestart += "ifconfig e0a_${bastille_epair} description \"vnet host interface for Bastille jail ${_jailname}\"";
|
||||
exec.poststop += "jib destroy ${bastille_epair}";
|
||||
}
|
||||
EOF
|
||||
else
|
||||
# Generate NETBLOCK without static MAC
|
||||
cat << EOF >> "${_jail_config}"
|
||||
## ${bastille_epair} interface
|
||||
vnet.interface += e0b_${bastille_epair};
|
||||
exec.prestart += "jib addm ${bastille_epair} ${_if}";
|
||||
exec.prestart += "ifconfig e0a_${bastille_epair} description \"vnet host interface for Bastille jail ${_jailname}\"";
|
||||
exec.poststop += "jib destroy ${bastille_epair}";
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
# Add config to /etc/rc.conf
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_e0b_${bastille_epair}_name="${_if_vnet}"
|
||||
# If 0.0.0.0 set DHCP, else set static IP address
|
||||
if [ "${_ip}" = "0.0.0.0" ]; then
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP"
|
||||
else
|
||||
sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}=" inet ${_ip} "
|
||||
fi
|
||||
|
||||
info "[${_jailname}]:"
|
||||
echo "Added VNET interface: \"${_if}\""
|
||||
fi
|
||||
}
|
||||
|
||||
remove_vnet_interface_block() {
|
||||
remove_interface() {
|
||||
local _jailname="${1}"
|
||||
local _if="${2}"
|
||||
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
|
||||
local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"
|
||||
local _if_jail="$(grep "${_if}" ${_jail_config} | grep -Eo 'bastille[0-9]+')"
|
||||
local _if_jail="$(grep ${_if} ${_jail_config} | grep -Eo -m 1 'epair[0-9]+|bastille[0-9]+')"
|
||||
if grep -o "${_if_jail}" ${_jail_rc_config}; then
|
||||
local _if_vnet="$(grep "${_if_jail}" ${_jail_rc_config} | grep -Eo 'vnet[0-9]+')"
|
||||
local _if_vnet="$(grep ${_if_jail} ${_jail_rc_config} | grep -Eo 'vnet[0-9]+')"
|
||||
else
|
||||
error_exit "Interface not found: ${_if_jail}"
|
||||
fi
|
||||
@@ -310,67 +300,19 @@ remove_vnet_interface_block() {
|
||||
|
||||
# Avoid removing entire file contents if variables aren't set for some reason
|
||||
if [ -z "${_if_jail}" ]; then
|
||||
error_exit "Error: Could not find specifed interfaces. Exiting..."
|
||||
error_exit "Error: Could not find specifed interface."
|
||||
fi
|
||||
|
||||
# Remove interface from jail.conf
|
||||
if [ -n "${_if_jail}" ]; then
|
||||
sed -i '' "s|.*${_if_jail}.*||" "${_jail_config}"
|
||||
sed -i '' '/^$/d' "${_jail_config}"
|
||||
sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}"
|
||||
else
|
||||
error_exit "Failed to remove interface from jail.conf"
|
||||
fi
|
||||
|
||||
# Remove interface from /etc/rc.conf
|
||||
if [ -n "${_if_vnet}" ] && echo ${_if_vnet} 2>/dev/null | grep -Eo 'vnet[0-9]+'; then
|
||||
sed -i '' "s|.*${_if_vnet}.*||" "${_jail_rc_config}"
|
||||
sed -i '' '/^$/d' "${_jail_rc_config}"
|
||||
else
|
||||
error_exit "Failed to remove interface from /etc/rc.conf"
|
||||
fi
|
||||
|
||||
info "[${_jailname}]:"
|
||||
echo "Removed interface: \"${_if}\""
|
||||
}
|
||||
|
||||
remove_bridge_interface_block() {
|
||||
local _jailname="${1}"
|
||||
local _if="${2}"
|
||||
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
|
||||
local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf"
|
||||
local _if_epair="$(grep "${_if}" ${_jail_config} | grep -Eo 'epair[0-9]+')"
|
||||
local _if_epaira_name="$(grep "${_if_epair}" ${_jail_config} | grep -Eo "e[0-9]+a_${_jailname}")"
|
||||
local _if_epairb_name="$(grep "${_if_epair}" ${_jail_config} | grep -Eo "e[0-9]+b_${_jailname}")"
|
||||
if grep -o "${_if_epairb_name}" ${_jail_rc_config}; then
|
||||
local _if_vnet="$(grep "${_if_epairb_name}" ${_jail_rc_config} | grep -Eo 'vnet[0-9]+')"
|
||||
else
|
||||
error_exit "Interface not found: ${_if_epair_name}"
|
||||
fi
|
||||
|
||||
# Do not allow removing default vnet0 interface
|
||||
if [ "${_if_vnet}" = "vnet0" ]; then
|
||||
error_exit "Default interface cannot be removed."
|
||||
fi
|
||||
|
||||
# Avoid removing entire file contents if variables aren't set for some reason
|
||||
if [ -z "${_if_epair}" ] || [ -z "${_if_epaira_name}" ] || [ -z "${_if_epairb_name}" ] || [ -z "${_if_vnet}" ]; then
|
||||
error_exit "Error: Could not find specifed interfaces. Exiting..."
|
||||
fi
|
||||
|
||||
# Remove interface from jail.conf
|
||||
if [ -n "${_if_epair}" ] && [ -n "${_if_epaira_name}" ] && [ -n "${_if_epairb_name}" ] && [ -n "${_if_vnet}" ]; then
|
||||
sed -i '' "s|.*${_if_epair}.*||" "${_jail_config}"
|
||||
sed -i '' "s|.*${_if_epaira_name}.*||" "${_jail_config}"
|
||||
sed -i '' "s|.*${_if_epairb_name}.*||" "${_jail_config}"
|
||||
sed -i '' '/^$/d' "${_jail_config}"
|
||||
else
|
||||
error_exit "Failed to remove interface from jail.conf"
|
||||
fi
|
||||
|
||||
# Remove interface from /etc/rc.conf
|
||||
if [ -n "${_if_vnet}" ] && echo ${_if_vnet} 2>/dev/null | grep -Eo 'vnet[0-9]+'; then
|
||||
sed -i '' "s|ifconfig.*${_if_vnet}.*||" "${_jail_rc_config}"
|
||||
sed -i '' '/^$/d' "${_jail_rc_config}"
|
||||
sed -i '' "/.*${_if_vnet}.*/d" "${_jail_rc_config}"
|
||||
else
|
||||
error_exit "Failed to remove interface from /etc/rc.conf"
|
||||
fi
|
||||
@@ -392,19 +334,19 @@ case "${ACTION}" in
|
||||
validate_ip "${IP}"
|
||||
fi
|
||||
if [ "${VNET_JAIL}" -eq 1 ]; then
|
||||
if ifconfig | grep "${INTERFACE}" | grep -q bridge; then
|
||||
if ifconfig | grep "${INTERFACE}" 2>/dev/null | grep -q bridge; then
|
||||
error_exit "\"${INTERFACE}\" is a bridge interface."
|
||||
else
|
||||
add_vnet_interface_block "${TARGET}" "${INTERFACE}" "${IP}"
|
||||
add_interface "${TARGET}" "${INTERFACE}" "${IP}"
|
||||
if [ "${START}" -eq 1 ]; then
|
||||
bastille start "${TARGET}"
|
||||
fi
|
||||
fi
|
||||
elif [ "${BRIDGE_VNET_JAIL}" -eq 1 ]; then
|
||||
if ! ifconfig | grep "${INTERFACE}" | grep -q bridge; then
|
||||
if ! ifconfig | grep "${INTERFACE}" 2>/dev/null | grep -q bridge; then
|
||||
error_exit "\"${INTERFACE}\" is not a bridge interface."
|
||||
else
|
||||
add_bridge_interface_block "${TARGET}" "${INTERFACE}" "${IP}"
|
||||
add_interface "${TARGET}" "${INTERFACE}" "${IP}"
|
||||
if [ "${START}" -eq 1 ]; then
|
||||
bastille start "${TARGET}"
|
||||
fi
|
||||
@@ -417,16 +359,9 @@ case "${ACTION}" in
|
||||
if ! grep -q "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf; then
|
||||
error_exit "Interface not found in jail.conf: \"${INTERFACE}\""
|
||||
else
|
||||
if grep "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf 2>/dev/null | grep -qE '[[:blank:]]bastille[0-9]+'; then
|
||||
remove_vnet_interface_block "${TARGET}" "${INTERFACE}"
|
||||
if [ "${START}" -eq 1 ]; then
|
||||
bastille start "${TARGET}"
|
||||
fi
|
||||
elif grep "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf 2>/dev/null | grep -qE '[[:blank:]]epair[0-9]+'; then
|
||||
remove_bridge_interface_block "${TARGET}" "${INTERFACE}"
|
||||
if [ "${START}" -eq 1 ]; then
|
||||
bastille start "${TARGET}"
|
||||
fi
|
||||
remove_interface "${TARGET}" "${INTERFACE}"
|
||||
if [ "${START}" -eq 1 ]; then
|
||||
bastille start "${TARGET}"
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
@@ -434,4 +369,3 @@ case "${ACTION}" in
|
||||
error_exit "Only [add|remove] are supported."
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
Reference in New Issue
Block a user