Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-03-24 06:49:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

use lowercase camelcase for all local vars

Browse Source
This commit is contained in:
tschettervictor
2025-12-14 13:35:24 -07:00
parent 6cc58bae66
commit a03d8d9ab8
37 changed files with 884 additions and 862 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
usr/local/share/bastille/clone.sh
View File

@@ -49,7 +49,6 @@ EOF
# Handle options.
AUTO=0
LIVE=0
VNET_JAIL=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
@@ -99,6 +98,7 @@ fi
TARGET="${1}"
NEWNAME="${2}"
IP="${3}"
VNET_JAIL=0
CLONE_INTERFACE_COUNT=0
bastille_root_check

16
usr/local/share/bastille/cmd.sh
View File

@@ -88,24 +88,24 @@ ERRORS=0
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
# Allow executing commands on linux jails
if grep -qw "linsysfs" "${bastille_jailsdir}/${_jail}/fstab"; then
jexec -l -u root "${_jail}" "$@"
if grep -qw "linsysfs" "${bastille_jailsdir}/${jail}/fstab"; then
jexec -l -u root "${jail}" "$@"
else
jexec -l -U root "${_jail}" "$@"
jexec -l -U root "${jail}" "$@"
fi
if [ "$?" -ne 0 ]; then

195
usr/local/share/bastille/common.sh
View File

@@ -90,9 +90,11 @@ warn() {
}
check_target_exists() {
local _TARGET="${1}"
local _jaillist="$(bastille list jails)"
if ! echo "${_jaillist}" | grep -Eq "^${_TARGET}$"; then
local target="${1}"
local jail_list="$(bastille list jails)"
if ! echo "${jail_list}" | grep -Eq "^${target}$"; then
return 1
else
return 0
@@ -100,8 +102,10 @@ check_target_exists() {
}
check_target_is_running() {
_TARGET="${1}"
if ! jls name | grep -Eq "^${_TARGET}$"; then
local target="${1}"
if ! jls name | grep -Eq "^${target}$"; then
return 1
else
return 0
@@ -109,8 +113,10 @@ check_target_is_running() {
}
check_target_is_stopped() {
_TARGET="${1}"
if jls name | grep -Eq "^${_TARGET}$"; then
local target="${1}"
if jls name | grep -Eq "^${target}$"; then
return 1
else
return 0
@@ -118,8 +124,9 @@ check_target_is_stopped() {
}
get_bastille_epair_count() {
for _config in /usr/local/etc/bastille/*.conf; do
local bastille_jailsdir="$(sysrc -f "${_config}" -n bastille_jailsdir)"
for config in /usr/local/etc/bastille/*.conf; do
local bastille_jailsdir="$(sysrc -f "${config}" -n bastille_jailsdir)"
BASTILLE_EPAIR_LIST="$(printf '%s\n%s' "$( (grep -Ehos "bastille[0-9]+" ${bastille_jailsdir}/*/jail.conf; ifconfig -g epair | grep -Eos "e[0-9]+a_bastille[0-9]+$" | grep -Eos 'bastille[0-9]+') | sort -u)" "${BASTILLE_EPAIR_LIST}")"
done
BASTILLE_EPAIR_COUNT=$(printf '%s' "${BASTILLE_EPAIR_LIST}" | sort -u | wc -l | awk '{print $1}')
@@ -128,24 +135,28 @@ get_bastille_epair_count() {
}
get_jail_name() {
local _JID="${1}"
local _jailname="$(jls -j ${_JID} name 2>/dev/null)"
if [ -z "${_jailname}" ]; then
local jid="${1}"
local jail_name="$(jls -j ${jid} name 2>/dev/null)"
if [ -z "${jail_name}" ]; then
return 1
else
echo "${_jailname}"
echo "${jail_name}"
fi
}
jail_autocomplete() {
local _TARGET="${1}"
local _jaillist="$(bastille list jails)"
local _AUTOTARGET="$(echo "${_jaillist}" | grep -E "^${_TARGET}")"
if [ -n "${_AUTOTARGET}" ]; then
if [ "$(echo "${_AUTOTARGET}" | wc -l)" -eq 1 ]; then
echo "${_AUTOTARGET}"
local target="${1}"
local jail_list="$(bastille list jails)"
local auto_target="$(echo "${jail_list}" | grep -E "^${target}")"
if [ -n "${auto_target}" ]; then
if [ "$(echo "${auto_target}" | wc -l)" -eq 1 ]; then
echo "${auto_target}"
else
error_continue "Multiple jails found for ${_TARGET}:\n${_AUTOTARGET}"
error_continue "Multiple jails found for ${target}:\n${auto_target}"
return 1
fi
else
@@ -154,80 +165,84 @@ jail_autocomplete() {
}
list_jail_priority() {
local _jail_list="${1}"
local jail_list="${1}"
if [ -d "${bastille_jailsdir}" ]; then
for _jail in ${_jail_list}; do
for jail in ${jail_list}; do
# Remove boot.conf in favor of settings.conf
if [ -f ${bastille_jailsdir}/${_jail}/boot.conf ]; then
rm -f ${bastille_jailsdir}/${_jail}/boot.conf >/dev/null 2>&1
if [ -f ${bastille_jailsdir}/${jail}/boot.conf ]; then
rm -f ${bastille_jailsdir}/${jail}/boot.conf >/dev/null 2>&1
fi
local _settings_file=${bastille_jailsdir}/${_jail}/settings.conf
local settings_file=${bastille_jailsdir}/${jail}/settings.conf
# Set defaults if settings file does not exist
if [ ! -f ${_settings_file} ]; then
sysrc -f ${_settings_file} boot=on >/dev/null 2>&1
sysrc -f ${_settings_file} depend="" >/dev/null 2>&1
sysrc -f ${_settings_file} priority=99 >/dev/null 2>&1
if [ ! -f ${settings_file} ]; then
sysrc -f ${settings_file} boot=on >/dev/null 2>&1
sysrc -f ${settings_file} depend="" >/dev/null 2>&1
sysrc -f ${settings_file} priority=99 >/dev/null 2>&1
fi
# Add defaults if they dont exist
if ! grep -oq "boot=" ${_settings_file}; then
sysrc -f ${_settings_file} boot=on >/dev/null 2>&1
if ! grep -oq "boot=" ${settings_file}; then
sysrc -f ${settings_file} boot=on >/dev/null 2>&1
fi
if ! grep -oq "depend=" ${_settings_file}; then
sysrc -f ${_settings_file} depend="" >/dev/null 2>&1
if ! grep -oq "depend=" ${settings_file}; then
sysrc -f ${settings_file} depend="" >/dev/null 2>&1
fi
if ! grep -oq "priority=" ${_settings_file}; then
sysrc -f ${_settings_file} priority=99 >/dev/null 2>&1
if ! grep -oq "priority=" ${settings_file}; then
sysrc -f ${settings_file} priority=99 >/dev/null 2>&1
fi
_priority="$(sysrc -f ${_settings_file} -n priority)"
echo "${_jail} ${_priority}"
priority="$(sysrc -f ${settings_file} -n priority)"
echo "${jail} ${priority}"
done
fi
}
set_target() {
local _TARGET=${1}
local target=${1}
if [ "${2}" = "reverse" ]; then
local _order="${2}"
local order="${2}"
else
local _order="forward"
local order="forward"
fi
JAILS=""
TARGET=""
if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then
if [ "${target}" = ALL ] || [ "${target}" = all ]; then
target_all_jails
else
for _jail in ${_TARGET}; do
if [ ! -d "${bastille_jailsdir}/${_TARGET}" ] && echo "${_jail}" | grep -Eq '^[0-9]+$'; then
if get_jail_name "${_jail}" > /dev/null; then
_jail="$(get_jail_name ${_jail})"
for jail in ${target}; do
if [ ! -d "${bastille_jailsdir}/${target}" ] && echo "${jail}" | grep -Eq '^[0-9]+$'; then
if get_jail_name "${jail}" > /dev/null; then
jail="$(get_jail_name ${jail})"
else
error_continue "Error: JID \"${_jail}\" not found. Is jail running?"
error_continue "Error: JID \"${jail}\" not found. Is jail running?"
fi
elif ! check_target_exists "${_jail}"; then
if jail_autocomplete "${_jail}" > /dev/null; then
_jail="$(jail_autocomplete ${_jail})"
elif ! check_target_exists "${jail}"; then
if jail_autocomplete "${jail}" > /dev/null; then
jail="$(jail_autocomplete ${jail})"
elif [ $? -eq 2 ]; then
if grep -Ehoqw ${_jail} ${bastille_jailsdir}/*/tags 2>/dev/null; then
_jail="$(grep -Eow ${_jail} ${bastille_jailsdir}/*/tags | awk -F"/tags" '{print $1}' | sed "s#${bastille_jailsdir}/##g" | tr '\n' ' ')"
if grep -Ehoqw ${jail} ${bastille_jailsdir}/*/tags 2>/dev/null; then
jail="$(grep -Eow ${jail} ${bastille_jailsdir}/*/tags | awk -F"/tags" '{print $1}' | sed "s#${bastille_jailsdir}/##g" | tr '\n' ' ')"
else
error_continue "Jail not found \"${_jail}\""
fi
error_continue "Jail not found \"${jail}\""
fi
else
echo
exit 1
fi
fi
TARGET="${TARGET} ${_jail}"
JAILS="${JAILS} ${_jail}"
TARGET="${TARGET} ${jail}"
JAILS="${JAILS} ${jail}"
done
# Exit if no jails
if [ -z "${TARGET}" ] && [ -z "${JAILS}" ]; then
exit 1
fi
if [ "${_order}" = "forward" ]; then
if [ "${order}" = "forward" ]; then
TARGET="$(list_jail_priority "${TARGET}" | sort -k2 -n | awk '{print $1}')"
JAILS="$(list_jail_priority "${TARGET}" | sort -k2 -n | awk '{print $1}')"
elif [ "${_order}" = "reverse" ]; then
elif [ "${order}" = "reverse" ]; then
TARGET="$(list_jail_priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')"
JAILS="$(list_jail_priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')"
fi
@@ -237,33 +252,37 @@ set_target() {
}
set_target_single() {
local _TARGET="${1}"
if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then
local target="${1}"
JAILS=""
TARGET=""
if [ "${target}" = ALL ] || [ "${target}" = all ]; then
error_exit "[all|ALL] not supported with this command."
elif [ "$(echo ${_TARGET} | wc -w)" -gt 1 ]; then
elif [ "$(echo ${target} | wc -w)" -gt 1 ]; then
error_exit "Error: Command only supports a single TARGET."
elif [ ! -d "${bastille_jailsdir}/${_TARGET}" ] && echo "${_TARGET}" | grep -Eq '^[0-9]+$'; then
if get_jail_name "${_TARGET}" > /dev/null; then
_TARGET="$(get_jail_name ${_TARGET})"
elif [ ! -d "${bastille_jailsdir}/${target}" ] && echo "${target}" | grep -Eq '^[0-9]+$'; then
if get_jail_name "${target}" > /dev/null; then
target="$(get_jail_name ${target})"
else
error_exit "Error: JID \"${_TARGET}\" not found. Is jail running?"
error_exit "Error: JID \"${target}\" not found. Is jail running?"
fi
elif ! check_target_exists "${_TARGET}"; then
if jail_autocomplete "${_TARGET}" > /dev/null; then
_TARGET="$(jail_autocomplete ${_TARGET})"
elif ! check_target_exists "${target}"; then
if jail_autocomplete "${target}" > /dev/null; then
target="$(jail_autocomplete ${target})"
elif [ $? -eq 2 ]; then
error_exit "Jail not found \"${_TARGET}\""
error_exit "Jail not found \"${target}\""
else
echo
exit 1
fi
fi
TARGET="${target}"
JAILS="${target}"
# Exit if no jails
if [ -z "${_TARGET}" ] && [ -z "${_JAILS}" ]; then
if [ -z "${target}" ] && [ -z "${jails}" ]; then
exit 1
fi
TARGET="${_TARGET}"
JAILS="${_TARGET}"
export TARGET
export JAILS
}
@@ -274,7 +293,7 @@ set_bastille_mountpoints() {
if checkyesno bastille_zfs_enable; then
# We have to do this if ALTROOT is enabled/present
local _altroot="$(zpool get -Ho value altroot ${bastille_zfs_zpool})"
local altroot="$(zpool get -Ho value altroot ${bastille_zfs_zpool})"
# Set mountpoints to *bastille*dir*
# shellcheck disable=SC2034
@@ -293,34 +312,36 @@ set_bastille_mountpoints() {
bastille_logsdir_mountpoint="${bastille_logsdir}"
# Add _altroot to *dir* if set
if [ "${_altroot}" != "-" ]; then
if [ "${altroot}" != "-" ]; then
# Set *dir* to include ALTROOT
bastille_prefix="${_altroot}${bastille_prefix}"
bastille_backupsdir="${_altroot}${bastille_backupsdir}"
bastille_cachedir="${_altroot}${bastille_cachedir}"
bastille_jailsdir="${_altroot}${bastille_jailsdir}"
bastille_releasesdir="${_altroot}${bastille_releasesdir}"
bastille_templatesdir="${_altroot}${bastille_templatesdir}"
bastille_logsdir="${_altroot}${bastille_logsdir}"
bastille_prefix="${altroot}${bastille_prefix}"
bastille_backupsdir="${altroot}${bastille_backupsdir}"
bastille_cachedir="${altroot}${bastille_cachedir}"
bastille_jailsdir="${altroot}${bastille_jailsdir}"
bastille_releasesdir="${altroot}${bastille_releasesdir}"
bastille_templatesdir="${altroot}${bastille_templatesdir}"
bastille_logsdir="${altroot}${bastille_logsdir}"
fi
fi
}
target_all_jails() {
local _JAILS="$(bastille list jails)"
local jails="$(bastille list jails)"
JAILS=""
for _jail in ${_JAILS}; do
if [ -d "${bastille_jailsdir}/${_jail}" ]; then
JAILS="${JAILS} ${_jail}"
for jail in ${jails}; do
if [ -d "${bastille_jailsdir}/${jail}" ]; then
JAILS="${JAILS} ${jail}"
fi
done
# Exit if no jails
if [ -z "${JAILS}" ]; then
exit 1
fi
if [ "${_order}" = "forward" ]; then
if [ "${order}" = "forward" ]; then
JAILS="$(list_jail_priority "${JAILS}" | sort -k2 -n | awk '{print $1}')"
elif [ "${_order}" = "reverse" ]; then
elif [ "${order}" = "reverse" ]; then
JAILS="$(list_jail_priority "${JAILS}" | sort -k2 -nr | awk '{print $1}')"
fi
export JAILS
@@ -400,6 +421,7 @@ validate_ip() {
}
generate_static_mac() {
local jail_name="${1}"
local external_interface="${2}"
local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}')"
@@ -407,6 +429,7 @@ generate_static_mac() {
local macaddr_prefix="58:9c:fc"
# Use hash of interface+jailname for jail MAC suffix
local macaddr_suffix="$(echo -n "${external_interface_mac}${jail_name}" | sed 's#:##g' | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then
error_notify "Failed to generate MAC address."
fi

32
usr/local/share/bastille/config.sh
View File

@@ -124,16 +124,16 @@ print_jail_conf() {
'
}
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Backwards compatibility for specifying only an IP with ip[4|6].addr
if [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip4.addr" ]; then
if ! echo "${VALUE}" | grep -q "|"; then
VALUE="$(bastille config ${_jail} get ip4.addr | awk -F"|" '{print $1}')|${VALUE}"
VALUE="$(bastille config ${jail} get ip4.addr | awk -F"|" '{print $1}')|${VALUE}"
fi
elif [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip6.addr" ]; then
if ! echo "${VALUE}" | grep -q "|"; then
VALUE="$(bastille config ${_jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}"
VALUE="$(bastille config ${jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}"
fi
fi
@@ -142,7 +142,7 @@ for _jail in ${JAILS}; do
if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then
PROPERTY="priority"
FILE="${bastille_jailsdir}/${_jail}/settings.conf"
FILE="${bastille_jailsdir}/${jail}/settings.conf"
if [ "${ACTION}" = "set" ]; then
if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then
@@ -159,7 +159,7 @@ for _jail in ${JAILS}; do
# Boot property
elif [ "${PROPERTY}" = "boot" ]; then
FILE="${bastille_jailsdir}/${_jail}/settings.conf"
FILE="${bastille_jailsdir}/${jail}/settings.conf"
if [ "${ACTION}" = "set" ]; then
if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then
@@ -177,7 +177,7 @@ for _jail in ${JAILS}; do
elif [ "${PROPERTY}" = "depend" ] || [ "${PROPERTY}" = "depends" ]; then
PROPERTY="depend"
FILE="${bastille_jailsdir}/${_jail}/settings.conf"
FILE="${bastille_jailsdir}/${jail}/settings.conf"
if [ "${ACTION}" = "set" ]; then
@@ -187,7 +187,7 @@ for _jail in ${JAILS}; do
set_target "${VALUE}"
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
sysrc -f "${FILE}" "${PROPERTY}+=${JAILS}"
@@ -199,7 +199,7 @@ for _jail in ${JAILS}; do
set_target "${VALUE}"
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
sysrc -f "${FILE}" "${PROPERTY}-=${JAILS}"
@@ -209,9 +209,9 @@ for _jail in ${JAILS}; do
fi
else
FILE="${bastille_jailsdir}/${_jail}/jail.conf"
FILE="${bastille_jailsdir}/${jail}/jail.conf"
if [ ! -f "${FILE}" ]; then
error_notify "jail.conf does not exist for jail: ${_jail}"
error_notify "jail.conf does not exist for jail: ${jail}"
continue
fi
if [ "${ACTION}" = 'get' ]; then
@@ -250,9 +250,9 @@ for _jail in ${JAILS}; do
echo "${_output}"
fi
elif [ "${ACTION}" = "remove" ]; then
if [ "$(bastille config ${_jail} get ${PROPERTY})" != "not set" ]; then
if [ "$(bastille config ${jail} get ${PROPERTY})" != "not set" ]; then
info "\n[${_jail}]:"
info "\n[${jail}]:"
sed -i '' "/.*${PROPERTY}.*/d" "${FILE}"
@@ -276,8 +276,8 @@ for _jail in ${JAILS}; do
# there is none, at the end
#
# awk doesn't have "inplace" editing so we use a temp file
_tmpfile=$(mktemp) || error_exit "unable to set because mktemp failed"
cp "${FILE}" "${_tmpfile}" && \
tmpfile=$(mktemp) || error_exit "unable to set because mktemp failed"
cp "${FILE}" "${tmpfile}" && \
awk -F= -v line="${LINE}" -v property="${PROPERTY}" '
BEGIN {
# build RE as string as we can not expand vars in RE literals
@@ -304,8 +304,8 @@ for _jail in ${JAILS}; do
# print each uninteresting line unchanged
print;
}
' "${_tmpfile}" > "${FILE}"
rm "${_tmpfile}"
' "${tmpfile}" > "${FILE}"
rm "${tmpfile}"
fi
fi

50
usr/local/share/bastille/console.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
x) enable_debug ;;
a) AUTO=1 ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -88,59 +88,59 @@ set_target "${TARGET}"
validate_user() {
local _jail="${1}"
local _user="${2}"
local jail="${1}"
local user="${2}"
if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}" | cut -d: -f7)"
if jexec -l "${jail}" id "${user}" >/dev/null 2>&1; then
USER_SHELL="$(jexec -l "${jail}" getent passwd "${user}" | cut -d: -f7)"
if [ -n "${USER_SHELL}" ]; then
if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
jexec -l "${_jail}" $LOGIN -f "${_user}"
if jexec -l "${jail}" grep -qwF "${USER_SHELL}" /etc/shells; then
jexec -l "${jail}" $LOGIN -f "${user}"
else
echo "Invalid shell for user ${_user}"
echo "Invalid shell for user ${user}"
fi
else
echo "User ${_user} has no shell"
echo "User ${user} has no shell"
fi
else
echo "Unknown user ${_user}"
echo "Unknown user ${user}"
fi
}
check_fib() {
local _jail="${1}"
local jail="${1}"
fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
fib=$(grep 'exec.fib' "${bastille_jailsdir}/${jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
if [ -n "${fib}" ]; then
_setfib="setfib -F ${fib}"
setfib="setfib -F ${fib}"
else
_setfib=""
setfib=""
fi
}
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
LOGIN="$(jexec -l "${_jail}" which login)"
LOGIN="$(jexec -l "${jail}" which login)"
if [ -n "${USER}" ]; then
validate_user "${_jail}" "${USER}"
validate_user "${jail}" "${USER}"
else
check_fib "${_jail}"
LOGIN="$(jexec -l "${_jail}" which login)"
${_setfib} jexec -l "${_jail}" ${LOGIN} -f root
check_fib "${jail}"
LOGIN="$(jexec -l "${jail}" which login)"
${setfib} jexec -l "${jail}" ${LOGIN} -f root
fi
done

36
usr/local/share/bastille/convert.sh
View File

@@ -105,12 +105,12 @@ fi
validate_release_name() {
local _name=${1}
local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')"
local name=${1}
local sanity="$(echo "${name}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then
if [ -n "$(echo "${sanity}" | awk "/^[-_].*$/" )" ]; then
error_exit "[ERROR]: Release names may not begin with (-|_) characters!"
elif [ "${_name}" != "${_sanity}" ]; then
elif [ "${name}" != "${sanity}" ]; then
error_exit "[ERROR]: Release names may not contain special characters!"
fi
@@ -118,10 +118,10 @@ validate_release_name() {
convert_jail_to_release() {
_jailname="${1}"
_release="${2}"
jail_name="${1}"
release="${2}"
info "\nAttempting to create '${_release}' from '${_jailname}'..."
info "\nAttempting to create '${release}' from '${jail_name}'..."
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
@@ -136,35 +136,35 @@ convert_jail_to_release() {
## take a temp snapshot of the jail
SNAP_NAME="bastille-$(date +%Y-%m-%d-%H%M%S)"
# shellcheck disable=SC2140
zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jailname}/root"@"${SNAP_NAME}"
zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail_name}/root"@"${SNAP_NAME}"
## replicate the release base to the new thickjail and set the default mountpoint
# shellcheck disable=SC2140
zfs send ${OPT_SEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jailname}/root"@"${SNAP_NAME}" | \
zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}"
zfs set ${ZFS_OPTIONS} mountpoint=none "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}"
zfs inherit mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}"
zfs send ${OPT_SEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail_name}/root"@"${SNAP_NAME}" | \
zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}"
zfs set ${ZFS_OPTIONS} mountpoint=none "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}"
zfs inherit mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}"
## cleanup temp snapshots initially
# shellcheck disable=SC2140
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jailname}/root"@"${SNAP_NAME}"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail_name}/root"@"${SNAP_NAME}"
# shellcheck disable=SC2140
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}"@"${SNAP_NAME}"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}"@"${SNAP_NAME}"
fi
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}"
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}"
error_exit "Failed to create release. Please retry!"
else
info "\nCreated '${_release}' from '${_jailname}'\n"
info "\nCreated '${release}' from '${jail_name}'\n"
fi
else
## copy all files for thick jails
cp -a "${bastille_jailsdir}/${_jailname}/root" "${bastille_releasesdir}/${_release}"
cp -a "${bastille_jailsdir}/${jail_name}/root" "${bastille_releasesdir}/${release}"
if [ "$?" -ne 0 ]; then
## notify and clean stale files/directories
bastille destroy -af "${NAME}"
error_exit "[ERROR]: Failed to create release. Please retry!"
else
info "\nCreated '${_release}' from '${_jailname}'\n"
info "\nCreated '${release}' from '${jail_name}'\n"
fi
fi
}

10
usr/local/share/bastille/cp.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -88,12 +88,12 @@ ERRORS=0
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
info "\n[${_jail}]:"
info "\n[${jail}]:"
host_path="${HOST_PATH}"
jail_path="$(echo ${bastille_jailsdir}/${_jail}/root/${JAIL_PATH} | sed 's#//#/#g')"
jail_path="$(echo ${bastille_jailsdir}/${jail}/root/${JAIL_PATH} | sed 's#//#/#g')"
# Workaround to properly copy host resolv.conf to jail if the host file is a symlink.
if [ "${host_path}" = "${bastille_resolv_conf}" ] && [ -L "${host_path}" ]; then

18
usr/local/share/bastille/create.sh
View File

@@ -198,9 +198,9 @@ validate_netif() {
if ! echo "${LIST_INTERFACES} VNET" | grep -qwo "${INTERFACE}"; then
error_exit "[ERROR]: Invalid interface: ${INTERFACE}"
elif [ "${VNET_JAIL_STANDARD}" -eq 1 ]; then
for _bridge in $(ifconfig -g bridge | grep -vw "${INTERFACE}bridge"); do
if ifconfig ${_bridge} | grep "member" | grep -owq "${INTERFACE}"; then
error_exit "[ERROR]: Interface '${INTERFACE}' is already a member of bridge: ${_bridge}"
for bridge in $(ifconfig -g bridge | grep -vw "${INTERFACE}bridge"); do
if ifconfig ${bridge} | grep "member" | grep -owq "${INTERFACE}"; then
error_exit "[ERROR]: Interface '${INTERFACE}' is already a member of bridge: ${bridge}"
fi
done
else
@@ -452,8 +452,8 @@ create_jail() {
if [ "${THICK_JAIL}" -eq 0 ] && [ "${CLONE_JAIL}" -eq 0 ]; then
LINK_LIST="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share usr/src"
info "\nCreating a thinjail..."
for _link in ${LINK_LIST}; do
ln -sf /.bastille/${_link} ${_link}
for link in ${LINK_LIST}; do
ln -sf /.bastille/${link} ${link}
done
# Properly link shared ports on thin jails in read-write.
@@ -809,8 +809,8 @@ while [ $# -gt 0 ]; do
OPT_NAMESERVER="${2}"
# Validate nameserver
if [ -n "${OPT_NAMESERVER}" ]; then
for _nameserver in $(echo ${OPT_NAMESERVER} | sed 's/,/ /g'); do
if ! validate_ip "${_nameserver}" >/dev/null 2>/dev/null; then
for nameserver in $(echo ${OPT_NAMESERVER} | sed 's/,/ /g'); do
if ! validate_ip "${nameserver}" >/dev/null 2>/dev/null; then
error_exit "[ERROR]: Invalid nameserver(s): ${OPT_NAMESERVER}"
fi
done
@@ -864,8 +864,8 @@ while [ $# -gt 0 ]; do
shift 2
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
B) VNET_JAIL=1 VNET_JAIL_BRIDGE=1 ;;
C) CLONE_JAIL=1 ;;
D) DUAL_STACK=1 ;;

54
usr/local/share/bastille/destroy.sh
View File

@@ -51,30 +51,30 @@ EOF
destroy_jail() {
local _jail="${1}"
local jail="${1}"
local OPTIONS=""
bastille_jail_base="${bastille_jailsdir}/${_jail}"
bastille_jail_log="${bastille_logsdir}/${_jail}_console.log"
bastille_jail_base="${bastille_jailsdir}/${jail}"
bastille_jail_log="${bastille_logsdir}/${jail}_console.log"
# Validate jail state before continuing
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${_jail}"
check_target_is_stopped "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is running."
error_continue "Use [-a|--auto] to auto-stop the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
# Ask if user is sure they want to destroy the jail
# but only if AUTO_YES=0
if [ "${AUTO_YES}" -ne 1 ]; then
warn "\nAttempting to destroy jail: ${_jail}\n"
warn "\nAttempting to destroy jail: ${jail}\n"
# shellcheck disable=SC3045
read -p "Are you sure you want to continue? [y|n]:" _answer
case "${_answer}" in
read -p "Are you sure you want to continue? [y|n]:" answer
case "${answer}" in
[Yy]|[Yy][Ee][Ss])
;;
[Nn]|[Nn][Oo])
@@ -92,7 +92,7 @@ destroy_jail() {
mount_points="$(mount | cut -d ' ' -f 3 | grep ${bastille_jail_base}/root/)"
if [ -n "${mount_points}" ]; then
error_notify "[ERROR]: Failed to destroy jail: ${_jail}"
error_notify "[ERROR]: Failed to destroy jail: ${jail}"
error_continue "Jail has mounted filesystems:\n$mount_points"
fi
@@ -100,7 +100,7 @@ destroy_jail() {
if checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
if [ -n "${_jail}" ]; then
if [ -n "${jail}" ]; then
OPTIONS="-r"
if [ "${FORCE}" = "1" ]; then
OPTIONS="-rf"
@@ -108,7 +108,7 @@ destroy_jail() {
# Remove jail zfs dataset recursively, or abort if error thus precerving jail content.
# This will deal with the common "cannot unmount 'XYZ': pool or dataset is busy"
# unless the force option is defined by the user, otherwise will have a partially deleted jail.
if ! zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"; then
if ! zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"; then
error_continue "[ERROR]: Jail dataset(s) appears to be busy, exiting."
fi
fi
@@ -131,9 +131,9 @@ destroy_jail() {
fi
# Clear any active rdr rules
if [ ! -z "$(pfctl -a "rdr/${_jail}" -Psn 2>/dev/null)" ]; then
if [ ! -z "$(pfctl -a "rdr/${jail}" -Psn 2>/dev/null)" ]; then
echo "Clearing RDR rules..."
pfctl -a "rdr/${_jail}" -Fn
pfctl -a "rdr/${jail}" -Fn
fi
fi
}
@@ -159,22 +159,22 @@ destroy_release() {
JAIL_LIST=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g")
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
if grep -qwo "${TARGET}" "${bastille_jailsdir}/${_jail}/fstab" 2>/dev/null; then
error_notify "[ERROR]: (${_jail}) depends on ${TARGET} base."
if grep -qwo "${TARGET}" "${bastille_jailsdir}/${jail}/fstab" 2>/dev/null; then
error_notify "[ERROR]: (${jail}) depends on ${TARGET} base."
BASE_HASCHILD="1"
elif checkyesno bastille_zfs_enable; then
if [ -n "${bastille_zfs_zpool}" ]; then
## check if this release have child clones
if zfs list -H -t snapshot -r "${bastille_rel_base}" > /dev/null 2>&1; then
SNAP_CLONE=$(zfs list -H -t snapshot -r "${bastille_rel_base}" 2> /dev/null | awk '{print $1}')
for _snap_clone in ${SNAP_CLONE}; do
if zfs list -H -o clones "${_snap_clone}" > /dev/null 2>&1; then
CLONE_JAIL=$(zfs list -H -o clones "${_snap_clone}" | tr ',' '\n')
CLONE_CHECK="${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}/root"
for snap_clone in ${SNAP_CLONE}; do
if zfs list -H -o clones "${snap_clone}" > /dev/null 2>&1; then
CLONE_JAIL=$(zfs list -H -o clones "${snap_clone}" | tr ',' '\n')
CLONE_CHECK="${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}/root"
if echo "${CLONE_JAIL}" | grep -qw "${CLONE_CHECK}"; then
error_notify "[ERROR]: (${_jail}) depends on ${TARGET} base."
error_notify "[ERROR]: (${jail}) depends on ${TARGET} base."
BASE_HASCHILD="1"
fi
fi
@@ -258,8 +258,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
c) NO_CACHE=1 ;;
f) FORCE=1 ;;
@@ -338,8 +338,8 @@ case "${TARGET}" in
else
# Destroy targeted jail(s)
set_target "${TARGET}" "reverse"
for _jail in ${JAILS}; do
destroy_jail "${_jail}"
for jail in ${JAILS}; do
destroy_jail "${jail}"
done
fi
;;

4
usr/local/share/bastille/etcupdate.sh
View File

@@ -187,8 +187,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
d) DRY_RUN=1 ;;
f) FORCE=1 ;;
x) enable_debug ;;

4
usr/local/share/bastille/export.sh
View File

@@ -212,8 +212,8 @@ else
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
l) LIVE=1 ;;
x) enable_debug ;;

4
usr/local/share/bastille/htop.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\""

16
usr/local/share/bastille/import.sh
View File

@@ -78,8 +78,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
f) OPT_FORCE=1 ;;
M) OPT_STATIC_MAC=1 ;;
v) OPT_ZRECV="-u -v" ;;
@@ -501,15 +501,15 @@ update_symlinks() {
# Update old symlinks
info "\nUpdating symlinks..."
for _link in ${SYMLINKS}; do
if [ -L "${_link}" ]; then
ln -sf /.bastille/${_link} ${_link}
elif [ "${ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED:-0}" = "1" ] && [ -d "${_link}" ]; then
for link in ${SYMLINKS}; do
if [ -L "${link}" ]; then
ln -sf /.bastille/${link} ${link}
elif [ "${ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED:-0}" = "1" ] && [ -d "${link}" ]; then
# -F will enforce that the directory is empty and replaced by the symlink
ln -sfF /.bastille/${_link} ${_link} || EXIT_CODE=$?
ln -sfF /.bastille/${link} ${link} || EXIT_CODE=$?
if [ "${EXIT_CODE:-0}" != "0" ]; then
# Assume that the failure was due to the directory not being empty and explain the problem in friendlier terms
warn "[WARNING]: directory ${_link} on imported jail was not empty and will not be updated by Bastille"
warn "[WARNING]: directory ${link} on imported jail was not empty and will not be updated by Bastille"
fi
fi
done

12
usr/local/share/bastille/jcp.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -90,16 +90,16 @@ bastille_root_check
set_target_single "${SOURCE_TARGET}" && SOURCE_TARGET="${TARGET}"
set_target "${DEST_TARGET}" && DEST_TARGET="${JAILS}"
for _jail in ${DEST_TARGET}; do
for jail in ${DEST_TARGET}; do
if [ "${_jail}" = "${SOURCE_TARGET}" ]; then
if [ "${jail}" = "${SOURCE_TARGET}" ]; then
continue
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
source_path="$(echo ${bastille_jailsdir}/${SOURCE_TARGET}/root/${SOURCE_PATH} | sed 's#//#/#g')"
dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')"
dest_path="$(echo ${bastille_jailsdir}/${jail}/root/${DEST_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then
ERRORS=$((ERRORS + 1))

118
usr/local/share/bastille/limits.sh
View File

@@ -74,8 +74,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
l) OPT_LOG=1 ;;
x) enable_debug ;;
@@ -114,11 +114,11 @@ set_target "${TARGET}"
validate_cpus() {
local _cpus="${1}"
local cpus="${1}"
for _cpu in $(echo ${_cpus} | sed 's/,/ /g'); do
if ! cpuset -l ${_cpu} 2>/dev/null; then
error_notify "[ERROR]: CPU is not available: ${_cpu}"
for cpu in $(echo ${cpus} | sed 's/,/ /g'); do
if ! cpuset -l ${cpu} 2>/dev/null; then
error_notify "[ERROR]: CPU is not available: ${cpu}"
return 1
fi
done
@@ -127,30 +127,30 @@ validate_cpus() {
add_cpuset() {
local _jail="${1}"
local _cpus="${2}"
local _cpuset_rule="$(echo ${_cpus} | sed 's/ /,/g')"
local jail="${1}"
local cpus="${2}"
local cpuset_rule="$(echo ${cpus} | sed 's/ /,/g')"
# Persist cpuset value
echo "${_cpuset_rule}" >> "${bastille_jailsdir}/${_jail}/cpuset.conf"
echo "${cpuset_rule}" >> "${bastille_jailsdir}/${jail}/cpuset.conf"
echo -e "[CPU LIMITS]: ${OPTION} ${VALUE}"
# Restart jail to apply cpuset
bastille restart ${_jail}
bastille restart ${jail}
}
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
case "${ACTION}" in
@@ -162,32 +162,32 @@ for _jail in ${JAILS}; do
# Limit cpus for jail
if [ "${OPTION}" = "cpu" ] || [ "${OPTION}" = "cpus" ] || [ "${OPTION}" = "cpuset" ]; then
validate_cpus "${VALUE}" || continue
add_cpuset "${_jail}" "${VALUE}"
add_cpuset "${jail}" "${VALUE}"
else
# Add rctl rule to rctl.conf
_rctl_rule="jail:${_jail}:${OPTION}:deny=${VALUE}/jail"
_rctl_rule_log="jail:${_jail}:${OPTION}:log=${VALUE}/jail"
rctl_rule="jail:${jail}:${OPTION}:deny=${VALUE}/jail"
rctl_rule_log="jail:${jail}:${OPTION}:log=${VALUE}/jail"
# Check whether the entry already exists and, if so, update it. -- cwells
if grep -qs "jail:${_jail}:${OPTION}:deny" "${bastille_jailsdir}/${_jail}/rctl.conf"; then
_escaped_option=$(echo "${OPTION}" | sed 's/\//\\\//g')
_escaped_rctl_rule=$(echo "${_rctl_rule}" | sed 's/\//\\\//g')
_escaped_rctl_rule_log=$(echo "${_rctl_rule_log}" | sed 's/\//\\\//g')
sed -i '' -E "s/jail:${_jail}:${_escaped_option}:deny.+/${_escaped_rctl_rule}/" "${bastille_jailsdir}/${_jail}/rctl.conf"
if grep -qs "jail:${jail}:${OPTION}:deny" "${bastille_jailsdir}/${jail}/rctl.conf"; then
escaped_option=$(echo "${OPTION}" | sed 's/\//\\\//g')
escaped_rctl_rule=$(echo "${rctl_rule}" | sed 's/\//\\\//g')
escaped_rctl_rule_log=$(echo "${rctl_rule_log}" | sed 's/\//\\\//g')
sed -i '' -E "s/jail: ${jail}:${escaped_option}:deny.+/${escaped_rctl_rule}/" "${bastille_jailsdir}/${jail}/rctl.conf"
if [ "${OPT_LOG}" -eq 1 ]; then
sed -i '' -E "s/jail:${_jail}:${_escaped_option}:log.+/${_escaped_rctl_rule_log}/" "${bastille_jailsdir}/${_jail}/rctl.conf"
sed -i '' -E "s/jail:${jail}:${escaped_option}:log.+/${escaped_rctl_rule_log}/" "${bastille_jailsdir}/${jail}/rctl.conf"
fi
else # Just append the entry. -- cwells
echo "${_rctl_rule}" >> "${bastille_jailsdir}/${_jail}/rctl.conf"
echo "${rctl_rule}" >> "${bastille_jailsdir}/${jail}/rctl.conf"
if [ "${OPT_LOG}" -eq 1 ]; then
echo "${_rctl_rule_log}" >> "${bastille_jailsdir}/${_jail}/rctl.conf"
echo "${rctl_rule_log}" >> "${bastille_jailsdir}/${jail}/rctl.conf"
fi
fi
if [ "${OPT_LOG}" -eq 1 ]; then
echo -e "[LOGGING]: ${OPTION} ${VALUE}"
rctl -a "${_rctl_rule}" "${_rctl_rule_log}"
rctl -a "${rctl_rule}" "${rctl_rule_log}"
else
echo -e "${OPTION} ${VALUE}"
rctl -a "${_rctl_rule}"
rctl -a "${rctl_rule}"
fi
fi
;;
@@ -199,25 +199,25 @@ for _jail in ${JAILS}; do
if [ "${OPTION}" = "cpu" ] || [ "${OPTION}" = "cpus" ] || [ "${OPTION}" = "cpuset" ]; then
# Remove cpuset.conf
if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then
rm -f "${bastille_jailsdir}/${_jail}/cpuset.conf"
if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then
rm -f "${bastille_jailsdir}/${jail}/cpuset.conf"
echo "cpuset.conf removed."
else
error_continue "[ERROR]: cpuset.conf not found."
fi
# Restart jail to clear cpuset
bastille restart ${_jail}
bastille restart ${jail}
else
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
# Remove rule from rctl.conf
if grep -qs "jail:${_jail}:${OPTION}:deny" "${bastille_jailsdir}/${_jail}/rctl.conf"; then
_rctl_rule="$(grep "jail:${_jail}:${OPTION}:deny" "${bastille_jailsdir}/${_jail}/rctl.conf")"
_rctl_rule_log="$(grep "jail:${_jail}:${OPTION}:log" "${bastille_jailsdir}/${_jail}/rctl.conf")"
rctl -r "${_rctl_rule}" "${_rctl_rule_log}" 2>/dev/null
sed -i '' "/.*${_jail}:${OPTION}.*/d" "${bastille_jailsdir}/${_jail}/rctl.conf"
if grep -qs "jail:${jail}:${OPTION}:deny" "${bastille_jailsdir}/${jail}/rctl.conf"; then
rctl_rule="$(grep "jail:${jail}:${OPTION}:deny" "${bastille_jailsdir}/${jail}/rctl.conf")"
rctl_rule_log="$(grep "jail:${jail}:${OPTION}:log" "${bastille_jailsdir}/${jail}/rctl.conf")"
rctl -r "${rctl_rule}" "${rctl_rule_log}" 2>/dev/null
sed -i '' "/.*${jail}:${OPTION}.*/d" "${bastille_jailsdir}/${jail}/rctl.conf"
fi
fi
fi
@@ -226,10 +226,10 @@ for _jail in ${JAILS}; do
clear)
# Remove rctl limits (rctl only)
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
while read _limits; do
rctl -r "${_limits}" 2>/dev/null
done < "${bastille_jailsdir}/${_jail}/rctl.conf"
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
while read limits; do
rctl -r "${limits}" 2>/dev/null
done < "${bastille_jailsdir}/${jail}/rctl.conf"
echo "RCTL limits cleared."
fi
;;
@@ -237,28 +237,28 @@ for _jail in ${JAILS}; do
list|show)
# Show rctl limits
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
echo "-------------"
echo "[RCTL Limits]"
if [ "${1}" = "active" ]; then
rctl jail:${_jail} 2>/dev/null
rctl jail:${jail} 2>/dev/null
else
cat "${bastille_jailsdir}/${_jail}/rctl.conf"
cat "${bastille_jailsdir}/${jail}/rctl.conf"
fi
fi
# Show cpuset limits
if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then
if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then
echo "-------------"
echo "[CPU Limits]"
if [ "${1}" = "active" ]; then
cpuset -g -j ${_jail} | head -1 2>/dev/null
cpuset -g -j ${jail} | head -1 2>/dev/null
else
cat "${bastille_jailsdir}/${_jail}/cpuset.conf"
cat "${bastille_jailsdir}/${jail}/cpuset.conf"
fi
fi
;;
@@ -266,39 +266,39 @@ for _jail in ${JAILS}; do
stats)
# Show statistics (rctl only)
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
rctl -hu jail:${_jail} 2>/dev/null
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
rctl -hu jail:${jail} 2>/dev/null
fi
;;
reset)
# Remove active limits
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
while read _limits; do
rctl -r "${_limits}" 2>/dev/null
done < "${bastille_jailsdir}/${_jail}/rctl.conf"
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
while read limits; do
rctl -r "${limits}" 2>/dev/null
done < "${bastille_jailsdir}/${jail}/rctl.conf"
echo "RCTL limits cleared."
fi
# Remove rctl.conf
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
rm -f "${bastille_jailsdir}/${_jail}/rctl.conf"
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
rm -f "${bastille_jailsdir}/${jail}/rctl.conf"
echo "rctl.conf removed."
else
error_continue "[ERROR]: rctl.conf not found."
fi
# Remove cpuset.conf
if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then
rm -f "${bastille_jailsdir}/${_jail}/cpuset.conf"
if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then
rm -f "${bastille_jailsdir}/${jail}/cpuset.conf"
echo "cpuset.conf removed."
else
error_continue "[ERROR]: cpuset.conf not found."
fi
# Restart jail to clear cpuset
bastille restart ${_jail}
bastille restart ${jail}
;;
esac

126
usr/local/share/bastille/list.sh
View File

@@ -51,9 +51,9 @@ EOF
print_info() {
# Print jails in given order
for _file in $(echo ${_tmp_list} | sort); do
cat ${_file}
rm -f ${_file}
for file in $(echo ${tmp_list} | sort); do
cat ${file}
rm -f ${file}
done
}
@@ -301,7 +301,7 @@ get_jail_info() {
list_bastille(){
_tmp_list=
tmp_list=
get_max_lengths
get_jail_list
@@ -309,18 +309,18 @@ list_bastille(){
# Print header
printf " JID%*sName%*sBoot%*sPrio%*sState%*sType%*sIP Address%*sPublished Ports%*sRelease%*sTags\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_TYPE} + ${SPACER} - 4))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" ""
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
# Validate jail.conf existence
if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then
_tmp_jail=$(mktemp /tmp/bastille-list-${_jail})
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
tmp_jail=$(mktemp /tmp/bastille-list-${jail})
else
continue
fi
(
get_jail_info "${_jail}"
get_jail_info "${jail}"
# Get JAIL_IP count
JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l)
@@ -342,9 +342,9 @@ list_bastille(){
printf " ${JID}%*s${JAIL_NAME}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${JAIL_TYPE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_RELEASE}%*s${JAIL_TAGS}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_TYPE} - ${#JAIL_TYPE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
fi
) > "${_tmp_jail}" &
) > "${tmp_jail}" &
_tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")"
tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")"
done
wait
@@ -354,7 +354,7 @@ list_bastille(){
list_all(){
_tmp_list=
tmp_list=
get_max_lengths
get_jail_list
@@ -362,18 +362,18 @@ list_all(){
# Print header
printf " JID%*sBoot%*sPrio%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" ""
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
# Validate jail.conf existence
if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then
_tmp_jail=$(mktemp /tmp/bastille-list-${_jail})
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
tmp_jail=$(mktemp /tmp/bastille-list-${jail})
else
continue
fi
(
get_jail_info "${_jail}"
get_jail_info "${jail}"
# Get jail IP count
JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l)
@@ -395,9 +395,9 @@ list_all(){
printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" ""
fi
) > "${_tmp_jail}" &
) > "${tmp_jail}" &
_tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")"
tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")"
done
wait
@@ -407,7 +407,7 @@ list_all(){
list_ips() {
_tmp_list=
tmp_list=
get_max_lengths
get_jail_list
@@ -415,24 +415,24 @@ list_ips() {
# Print header
printf " JID%*sName%*sIP Address\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" ""
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
# Validate jail.conf existence
if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then
_tmp_jail=$(mktemp /tmp/bastille-list-${_jail})
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
tmp_jail=$(mktemp /tmp/bastille-list-${jail})
else
continue
fi
(
get_jail_info "${_jail}"
get_jail_info "${jail}"
printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_IP_FULL}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" ""
) > "${_tmp_jail}" &
) > "${tmp_jail}" &
_tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")"
tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")"
done
wait
@@ -442,7 +442,7 @@ list_ips() {
list_paths() {
_tmp_list=
tmp_list=
get_max_lengths
get_jail_list
@@ -450,24 +450,24 @@ list_paths() {
# Print header
printf " JID%*sName%*sPath\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" ""
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
# Validate jail.conf existence
if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then
_tmp_jail=$(mktemp /tmp/bastille-list-${_jail})
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
tmp_jail=$(mktemp /tmp/bastille-list-${jail})
else
continue
fi
(
get_jail_info "${_jail}"
get_jail_info "${jail}"
printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" ""
) > "${_tmp_jail}" &
) > "${tmp_jail}" &
_tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")"
tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")"
done
wait
@@ -477,7 +477,7 @@ list_paths() {
list_ports() {
_tmp_list=
tmp_list=
get_max_lengths
get_jail_list
@@ -485,24 +485,24 @@ list_ports() {
# Print header
printf " JID%*sName%*sPublished Ports\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" ""
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
# Validate jail.conf existence
if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then
_tmp_jail=$(mktemp /tmp/bastille-list-${_jail})
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
tmp_jail=$(mktemp /tmp/bastille-list-${jail})
else
continue
fi
(
get_jail_info "${_jail}"
get_jail_info "${jail}"
printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_PORTS_FULL}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" ""
) > "${_tmp_jail}" &
) > "${tmp_jail}" &
_tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")"
tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")"
done
wait
@@ -512,7 +512,7 @@ list_ports() {
list_state() {
_tmp_list=
tmp_list=
get_max_lengths
get_jail_list
@@ -520,24 +520,24 @@ list_state() {
# Print header
printf " JID%*sName%*sState\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" ""
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
# Validate jail.conf existence
if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then
_tmp_jail=$(mktemp /tmp/bastille-list-${_jail})
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
tmp_jail=$(mktemp /tmp/bastille-list-${jail})
else
continue
fi
(
get_jail_info "${_jail}"
get_jail_info "${jail}"
printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_STATE}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" ""
) > "${_tmp_jail}" &
) > "${tmp_jail}" &
_tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")"
tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")"
done
wait
@@ -547,7 +547,7 @@ list_state() {
list_type() {
_tmp_list=
tmp_list=
get_max_lengths
get_jail_list
@@ -555,24 +555,24 @@ list_type() {
# Print header
printf " JID%*sName%*sType\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" ""
for _jail in ${JAIL_LIST}; do
for jail in ${JAIL_LIST}; do
# Validate jail.conf existence
if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then
_tmp_jail=$(mktemp /tmp/bastille-list-${_jail})
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
tmp_jail=$(mktemp /tmp/bastille-list-${jail})
else
continue
fi
(
get_jail_info "${_jail}"
get_jail_info "${jail}"
printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_TYPE}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" ""
) > "${_tmp_jail}" &
) > "${tmp_jail}" &
_tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")"
tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")"
done
wait
@@ -606,11 +606,11 @@ list_snapshot(){
# TODO: Ability to list snapshot data for a single target.
# List snapshots with its usage data for valid bastille jails only.
if [ -d "${bastille_jailsdir}" ]; then
JAIL_LIST=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g")
for _JAIL in ${JAIL_LIST}; do
if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then
info "\n[${_JAIL}]:"
zfs list -r -t snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_JAIL}"
jail_list=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g")
for jail in ${jail_list}; do
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
info "\n[${jail}]:"
zfs list -r -t snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"
fi
done
fi
@@ -622,10 +622,10 @@ list_template(){
list_jail(){
if [ -d "${bastille_jailsdir}" ]; then
JAIL_LIST=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g")
for _JAIL in ${JAIL_LIST}; do
if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then
echo "${_JAIL}"
jail_list=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g")
for jail in ${jail_list}; do
if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then
echo "${jail}"
fi
done
fi
@@ -678,8 +678,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) error_exit "[ERROR]: \"-a\" is deprecated. Use \"all\" instead." ;;
d) OPT_STATE="Down" ;;
j) OPT_JSON=1 ;;

168
usr/local/share/bastille/migrate.sh
View File

@@ -97,8 +97,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
b) OPT_BACKUP=1 ;;
d) OPT_DESTROY=1 ;;
@@ -142,27 +142,27 @@ set_target "${TARGET}"
validate_host_status() {
local _user="${1}"
local _host="${2}"
local _port="${3}"
local user="${1}"
local host="${2}"
local port="${3}"
info "\nChecking remote host status..."
# Host uptime
if ! nc -w 1 -z ${_host} ${_port} >/dev/null 2>/dev/null; then
if ! nc -w 1 -z ${host} ${port} >/dev/null 2>/dev/null; then
error_exit "[ERROR]: Host appears to be down"
fi
# Host SSH check
if [ "${OPT_PASSWORD}" -eq 1 ]; then
if ! ${_sshpass_cmd} ssh -p ${_port} ${_user}@${_host} exit >/dev/null 2>/dev/null; then
if ! ${sshpass_cmd} ssh -p ${port} ${user}@${host} exit >/dev/null 2>/dev/null; then
error_notify "[ERROR]: Could not establish ssh connection to host."
error_notify "Please make sure the remote host supports password based authentication"
error_exit "and you are using the correct password for user: '${_user}'"
error_exit "and you are using the correct password for user: '${user}'"
fi
elif ! ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} exit >/dev/null 2>/dev/null; then
elif ! ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} exit >/dev/null 2>/dev/null; then
error_notify "[ERROR]: Could not establish ssh connection to host."
error_notify "Please make sure user '${_user}' has password-less access"
error_notify "Please make sure user '${user}' has password-less access"
error_exit "or use '-p|--password' for password based authentication."
fi
@@ -171,143 +171,143 @@ validate_host_status() {
migrate_cleanup() {
local _jail="${1}"
local _user="${2}"
local _host="${3}"
local _port="${4}"
local jail="${1}"
local user="${2}"
local host="${3}"
local port="${4}"
# Backup archives on remote system
if [ "${OPT_BACKUP}" -eq 1 ]; then
_remote_bastille_backupsdir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_backupsdir)"
remote_bastille_backupsdir="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_backupsdir)"
${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} cp "${_remote_bastille_migratedir}/*" "${_remote_bastille_backupsdir}"
${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} cp "${remote_bastille_migratedir}/*" "${remote_bastille_backupsdir}"
fi
# Remove archive files from local and remote system
${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} rm -fr "${_remote_bastille_migratedir}" 2>/dev/null
rm -fr ${_local_bastille_migratedir} 2>/dev/null
${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} rm -fr "${remote_bastille_migratedir}" 2>/dev/null
rm -fr ${local_bastille_migratedir} 2>/dev/null
}
migrate_create_export() {
local _jail="${1}"
local _user="${2}"
local _host="${3}"
local _port="${4}"
local jail="${1}"
local user="${2}"
local host="${3}"
local port="${4}"
info "\nPreparing jail for migration..."
# Ensure /tmp/bastille-migrate has 777 perms
chmod 777 ${_local_bastille_migratedir}
${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} chmod 777 ${_remote_bastille_migratedir}
chmod 777 ${local_bastille_migratedir}
${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} chmod 777 ${remote_bastille_migratedir}
# --xz for ZFS, otherwise --txz
if checkyesno bastille_zfs_enable; then
bastille export --xz ${_jail} ${_local_bastille_migratedir}
bastille export --xz ${jail} ${local_bastille_migratedir}
else
bastille export --txz ${_jail} ${_local_bastille_migratedir}
bastille export --txz ${jail} ${local_bastille_migratedir}
fi
}
migrate_jail() {
local _jail="${1}"
local _user="${2}"
local _host="${3}"
local _port="${4}"
local jail="${1}"
local user="${2}"
local host="${3}"
local port="${4}"
_local_bastille_migratedir="$(mktemp -d /tmp/bastille-migrate-${_jail})"
_remote_bastille_zfs_enable="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_zfs_enable)"
_remote_bastille_jailsdir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_jailsdir)"
_remote_bastille_migratedir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} mktemp -d /tmp/bastille-migrate-${_jail})"
_remote_jail_list="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille list jails)"
local_bastille_migratedir="$(mktemp -d /tmp/bastille-migrate-${jail})"
remote_bastille_zfs_enable="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_zfs_enable)"
remote_bastille_jailsdir="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_jailsdir)"
remote_bastille_migratedir="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} mktemp -d /tmp/bastille-migrate-${jail})"
remote_jail_list="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille list jails)"
if [ -z "${_local_bastille_migratedir}" ] || [ -z "${_remote_bastille_migratedir}" ]; then
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
if [ -z "${local_bastille_migratedir}" ] || [ -z "${remote_bastille_migratedir}" ]; then
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
error_notify "[ERROR]: Could not create /tmp/bastille-migrate."
error_continue "Ensure it doesn't exist locally or remotely."
fi
# Verify jail does not exist remotely
if echo "${_remote_jail_list}" | grep -Eoqw "${_jail}"; then
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
error_exit "[ERROR]: Jail already exists on remote system: ${_jail}"
if echo "${remote_jail_list}" | grep -Eoqw "${jail}"; then
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
error_exit "[ERROR]: Jail already exists on remote system: ${jail}"
fi
# Verify ZFS on both systems
if checkyesno bastille_zfs_enable; then
if ! checkyesno _remote_bastille_zfs_enable; then
if ! checkyesno remote_bastille_zfs_enable; then
error_notify "[ERROR]: ZFS is enabled locally, but not remotely."
error_exit "Enable ZFS remotely to continue."
else
migrate_create_export "${_jail}" "${_user}" "${_host}" "${_port}"
migrate_create_export "${jail}" "${user}" "${host}" "${port}"
info "\nAttempting to migrate jail to remote system..."
_file="$(find "${_local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.xz$" | head -n1)"
_file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')"
file="$(find "${local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${jail}_.*\.xz$" | head -n1)"
file_sha256="$(echo ${file} | sed 's/\..*/.sha256/')"
# Send sha256
if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file_sha256} ${user}@${host}:${remote_bastille_migratedir}; then
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
error_exit "[ERROR]: Failed to send jail to remote system."
fi
# Send jail export
if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file} ${user}@${host}:${remote_bastille_migratedir}; then
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
error_exit "[ERROR]: Failed to send jail to remote system."
fi
fi
else
if checkyesno _remote_bastille_zfs_enable; then
if checkyesno remote_bastille_zfs_enable; then
error_notify "[ERROR]: ZFS is enabled remotely, but not locally."
error_exit "Enable ZFS locally to continue."
else
info "\nAttempting to migrate jail to remote system..."
migrate_create_export "${_jail}" "${_user}" "${_host}" "${_port}"
migrate_create_export "${jail}" "${user}" "${host}" "${port}"
_file="$(find "${_local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.txz$" | head -n1)"
_file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')"
file="$(find "${local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${jail}_.*\.txz$" | head -n1)"
file_sha256="$(echo ${file} | sed 's/\..*/.sha256/')"
# Send sha256
if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file_sha256} ${user}@${host}:${remote_bastille_migratedir}; then
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
error_exit "[ERROR]: Failed to migrate jail to remote system."
fi
# Send jail export
if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file} ${user}@${host}:${remote_bastille_migratedir}; then
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
error_exit "[ERROR]: Failed to migrate jail to remote system."
fi
fi
fi
# Import the jail remotely
if ! ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille import ${_remote_bastille_migratedir}/${_file}; then
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
if ! ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille import ${remote_bastille_migratedir}/${file}; then
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
error_exit "[ERROR]: Failed to import jail on remote system."
fi
# Destroy old jail if OPT_DESTROY=1
if [ "${OPT_DESTROY}" -eq 1 ]; then
bastille destroy -afy "${_jail}"
bastille destroy -afy "${jail}"
fi
# Remove archives
migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}"
migrate_cleanup "${jail}" "${user}" "${host}" "${port}"
# Reconcile LIVE and AUTO, ensure only one side is running
if [ "${AUTO}" -eq 1 ] && [ "${LIVE}" -eq 0 ]; then
${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille start "${_jail}"
${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille start "${jail}"
elif [ "${AUTO}" -eq 1 ] && [ "${LIVE}" -eq 1 ]; then
bastille stop "${_jail}"
${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille start "${_jail}"
bastille stop "${jail}"
${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille start "${jail}"
fi
}
@@ -320,42 +320,42 @@ if [ "${OPT_PASSWORD}" -eq 1 ]; then
printf "Please enter your password: "
# We disable terminal output for the password
stty -echo
read _password
read password
stty echo
printf "\n"
_sshpass_cmd="sshpass -p ${_password}"
sshpass_cmd="sshpass -p ${password}"
fi
else
_sshpass_cmd=
sshpass_cmd=
fi
# Get user we want to migrate as
# We need this to pass the ssh keys properly
if [ "${OPT_PASSWORD}" -eq 1 ]; then
_opt_ssh_key=
opt_ssh_key=
else
_migrate_user_home="$(getent passwd ${USER} | cut -d: -f6)"
migrate_user_home="$(getent passwd ${USER} | cut -d: -f6)"
# Validate custom keyfile
if [ -n "${OPT_KEYFILE}" ]; then
if ! [ -f "${_migrate_user_home}/.ssh/${OPT_KEYFILE}" ]; then
error_exit "[ERROR]: Keyfile not found: ${_migrate_user_home}/.ssh/${OPT_KEYFILE}"
if ! [ -f "${migrate_user_home}/.ssh/${OPT_KEYFILE}" ]; then
error_exit "[ERROR]: Keyfile not found: ${migrate_user_home}/.ssh/${OPT_KEYFILE}"
else
_migrate_user_ssh_key="${_migrate_user_home}/.ssh/${OPT_KEYFILE}"
migrate_user_ssh_key="${migrate_user_home}/.ssh/${OPT_KEYFILE}"
fi
else
_migrate_user_ssh_key="find ${_migrate_user_home}/.ssh -maxdepth 1 -type f ! -name '*.pub' | grep -Eos 'id_.*'"
migrate_user_ssh_key="find ${migrate_user_home}/.ssh -maxdepth 1 -type f ! -name '*.pub' | grep -Eos 'id_.*'"
fi
_opt_ssh_key="-i ${_migrate_user_ssh_key}"
opt_ssh_key="-i ${migrate_user_ssh_key}"
# Exit if no keys found
if [ -z "${_migrate_user_home}" ] || [ -z "${_migrate_user_ssh_key}" ]; then
if [ -z "${migrate_user_home}" ] || [ -z "${migrate_user_ssh_key}" ]; then
error_exit "[ERROR]: Could not find keys for user: ${USER}"
# Exit if multiple keys
elif [ "$(echo "${_migrate_user_ssh_key}" | wc -l)" -ne 1 ]; then
error_notify "[ERROR]: Multiple ssh keys found:\n${_migrate_user_ssh_key}"
elif [ "$(echo "${migrate_user_ssh_key}" | wc -l)" -ne 1 ]; then
error_notify "[ERROR]: Multiple ssh keys found:\n${migrate_user_ssh_key}"
error_exit "Please use -k|--keyfile to specify one."
fi
fi
@@ -363,27 +363,27 @@ fi
# Validate host uptime
validate_host_status "${USER}" "${HOST}" "${PORT}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate jail state
if [ "${LIVE}" -eq 1 ]; then
if ! check_target_is_running "${_jail}"; then
if ! check_target_is_running "${jail}"; then
error_exit "[ERROR]: [-l|--live] can only be used with a running jail."
fi
elif ! check_target_is_stopped "${_jail}"; then
elif ! check_target_is_stopped "${jail}"; then
if [ "${AUTO}" -eq 1 ]; then
bastille stop "${_jail}"
bastille stop "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "[ERROR]: Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail, or [-l|--live] (ZFS only) to migrate a running jail."
fi
fi
info "\nAttempting to migrate '${_jail}' to '${HOST}'..."
info "\nAttempting to migrate '${jail}' to '${HOST}'..."
migrate_jail "${_jail}" "${USER}" "${HOST}" "${PORT}"
migrate_jail "${jail}" "${USER}" "${HOST}" "${PORT}"
info "\nSuccessfully migrated '${_jail}' to '${HOST}'.\n"
info "\nSuccessfully migrated '${jail}' to '${HOST}'.\n"
done

36
usr/local/share/bastille/monitor.sh
View File

@@ -116,25 +116,25 @@ SERVICE_FAILED=0
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
bastille_jail_monitor="${bastille_jailsdir}/${_jail}/monitor"
bastille_jail_monitor="${bastille_jailsdir}/${jail}/monitor"
# Skip if jail is not running or no monitor file
if ! check_target_is_running "${_jail}" || [ ! -f "${bastille_jail_monitor}" ]; then
if ! check_target_is_running "${jail}" || [ ! -f "${bastille_jail_monitor}" ]; then
continue
fi
## iterate service(s) and check service status; restart on failure
if [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then
for _service in $(xargs < "${bastille_jail_monitor}"); do
for service in $(xargs < "${bastille_jail_monitor}"); do
## check service status
if ! jexec -l -U root "${_jail}" service "${_service}" status >/dev/null 2>/dev/null; then
echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "${bastille_monitor_logfile}"
if ! jexec -l -U root "${jail}" service "${service}" status >/dev/null 2>/dev/null; then
echo "$(date '+%Y-%m-%d %H:%M:%S'): ${service} service not running in ${jail}. Restarting..." | tee -a "${bastille_monitor_logfile}"
## attempt to restart the service if needed; update logs if unable
if ! jexec -l -U root "${_jail}" service "${_service}" restart; then
echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${_service} service in ${_jail}." | tee -a "${bastille_monitor_logfile}"
if ! jexec -l -U root "${jail}" service "${service}" restart; then
echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${service} service in ${jail}." | tee -a "${bastille_monitor_logfile}"
SERVICE_FAILED=1
fi
fi
@@ -143,20 +143,20 @@ for _jail in ${JAILS}; do
case ${ACTION} in
add)
[ -z "${SERVICE}" ] && usage
for _service in $(echo "${SERVICE}" | tr , ' '); do
if ! grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then
echo "${_service}" >> "${bastille_jail_monitor}"
echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}"
for service in $(echo "${SERVICE}" | tr , ' '); do
if ! grep -Eqs "^${service}\$" "${bastille_jail_monitor}"; then
echo "${service}" >> "${bastille_jail_monitor}"
echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${service} on ${jail}" >> "${bastille_monitor_logfile}"
fi
done
;;
del*)
[ -z "${SERVICE}" ] && usage
for _service in $(echo "${SERVICE}" | tr , ' '); do
for service in $(echo "${SERVICE}" | tr , ' '); do
[ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file
if grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then
sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}"
echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}"
if grep -Eqs "^${service}\$" "${bastille_jail_monitor}"; then
sed -i '' "/^${service}\$/d" "${bastille_jail_monitor}"
echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${service} on ${jail}" >> "${bastille_monitor_logfile}"
fi
# delete monitor file if empty
[ ! -s "${bastille_jail_monitor}" ] && rm "${bastille_jail_monitor}"
@@ -169,12 +169,12 @@ for _jail in ${JAILS}; do
fi
[ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file
if grep -Eqs "^${SERVICE}\$" "${bastille_jail_monitor}"; then
echo "${_jail}"
echo "${jail}"
continue
fi
else
if [ -f "${bastille_jail_monitor}" ]; then
info "\n[${_jail}]:"
info "\n[${jail}]:"
xargs < "${bastille_jail_monitor}"
fi
fi

118
usr/local/share/bastille/mount.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
@@ -84,121 +84,121 @@ TARGET="${1}"
shift
if [ "$#" -eq 2 ]; then
_fstab="$(echo "$* nullfs ro 0 0" | sed 's#\\ #\\040#g')"
fstab="$(echo "$* nullfs ro 0 0" | sed 's#\\ #\\040#g')"
else
_fstab="$(echo "$*" | sed 's#\\ #\\040#g')"
fstab="$(echo "$*" | sed 's#\\ #\\040#g')"
fi
bastille_root_check
set_target "${TARGET}"
# Assign variables
_hostpath_fstab=$(echo "${_fstab}" | awk '{print $1}')
_hostpath="$(echo "${_hostpath_fstab}" 2>/dev/null | sed 's#\\040# #g')"
_jailpath_fstab=$(echo "${_fstab}" | awk '{print $2}')
_jailpath="$(echo "${_jailpath_fstab}" 2>/dev/null | sed 's#\\040# #g')"
_type=$(echo "${_fstab}" | awk '{print $3}')
_perms=$(echo "${_fstab}" | awk '{print $4}')
_checks=$(echo "${_fstab}" | awk '{print $5" "$6}')
hostpath_fstab=$(echo "${fstab}" | awk '{print $1}')
hostpath="$(echo "${hostpath_fstab}" 2>/dev/null | sed 's#\\040# #g')"
jailpath_fstab=$(echo "${fstab}" | awk '{print $2}')
jailpath="$(echo "${jailpath_fstab}" 2>/dev/null | sed 's#\\040# #g')"
type=$(echo "${fstab}" | awk '{print $3}')
perms=$(echo "${fstab}" | awk '{print $4}')
checks=$(echo "${fstab}" | awk '{print $5" "$6}')
# Exit if any variables are empty
if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then
if [ -z "${hostpath}" ] || [ -z "${jailpath}" ] || [ -z "${type}" ] || [ -z "${perms}" ] || [ -z "${checks}" ]; then
error_notify "FSTAB format not recognized."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
warn "Read: ${fstab}"
fi
# Warn on advanced mount option "tmpfs,linprocfs,linsysfs,fdescfs,procfs,zfs"
# Create host path if non-existent
if { [ "${_hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \
{ [ "${_hostpath}" = "linprocfs" ] && [ "${_type}" = "linprocfs" ]; } || \
{ [ "${_hostpath}" = "linsysfs" ] && [ "${_type}" = "linsysfs" ]; } || \
{ [ "${_hostpath}" = "proc" ] && [ "${_type}" = "procfs" ]; } || \
{ [ "${_hostpath}" = "fdesc" ] && [ "${_type}" = "fdescfs" ]; } || \
{ [ "${_type}" = "zfs" ] && zfs list ${_hostpath} >/dev/null 2>/dev/null; } then
warn "\n[WARNING]: Detected advanced mount type: \"${_type}\""
elif [ ! -e "${_hostpath}" ] && [ "${_type}" = "nullfs" ]; then
mkdir -p "${_hostpath}"
elif [ ! -e "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then
if { [ "${hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \
{ [ "${hostpath}" = "linprocfs" ] && [ "${type}" = "linprocfs" ]; } || \
{ [ "${hostpath}" = "linsysfs" ] && [ "${type}" = "linsysfs" ]; } || \
{ [ "${hostpath}" = "proc" ] && [ "${type}" = "procfs" ]; } || \
{ [ "${hostpath}" = "fdesc" ] && [ "${type}" = "fdescfs" ]; } || \
{ [ "${type}" = "zfs" ] && zfs list ${hostpath} >/dev/null 2>/dev/null; } then
warn "\n[WARNING]: Detected advanced mount type: \"${type}\""
elif [ ! -e "${hostpath}" ] && [ "${type}" = "nullfs" ]; then
mkdir -p "${hostpath}"
elif [ ! -e "${hostpath}" ] || [ "${type}" != "nullfs" ]; then
error_notify "[ERROR]: Invalid host path or incorrect mount type in FSTAB."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
warn "Read: ${fstab}"
exit 1
fi
# Mount permissions,options must include one of "ro, rw, rq, sw, xx"
if ! echo "${_perms}" | grep -Eq '(ro|rw|rq|sw|xx)(,.*)?$'; then
if ! echo "${perms}" | grep -Eq '(ro|rw|rq|sw|xx)(,.*)?$'; then
error_notify "Detected invalid mount permissions in FSTAB."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
warn "Read: ${fstab}"
exit 1
fi
# Dump and pass need to be "0 0 - 1 1"
if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then
if [ "${checks}" != "0 0" ] && [ "${checks}" != "1 0" ] && [ "${checks}" != "0 1" ] && [ "${checks}" != "1 1" ]; then
error_notify "Detected invalid fstab options in FSTAB."
warn "Format: /host/path /jail/path nullfs ro 0 0"
warn "Read: ${_fstab}"
warn "Read: ${fstab}"
exit 1
fi
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
_fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )"
_fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )"
_fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}"
fullpath_fstab="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )"
fullpath="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath}" 2>/dev/null | sed 's#//#/#' )"
fstab_entry="${hostpath_fstab} ${fullpath_fstab} ${type} ${perms} ${checks}"
# Check if mount point has already been added
_existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')"
if grep -Eq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then
warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab"
grep -E "[[:blank:]]${_existing_mount}" "${bastille_jailsdir}/${_jail}/fstab"
existing_mount="$(echo ${fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')"
if grep -Eq "[[:blank:]]${existing_mount}[[:blank:]]" "${bastille_jailsdir}/${jail}/fstab"; then
warn "Mountpoint already present in ${bastille_jailsdir}/${jail}/fstab"
grep -E "[[:blank:]]${existing_mount}" "${bastille_jailsdir}/${jail}/fstab"
continue
fi
# Create mount point if it does not exist
if { [ -d "${_hostpath}" ] || [ "${_type}" = "zfs" ]; } && [ ! -d "${_fullpath}" ]; then
mkdir -p "${_fullpath}" || error_continue "Failed to create mount point."
elif [ -f "${_hostpath}" ] ; then
_filename="$( basename ${_hostpath} )"
if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then
mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point."
if [ ! -f "${_fullpath}" ]; then
touch "${_fullpath}" || error_continue "Failed to create mount point."
if { [ -d "${hostpath}" ] || [ "${type}" = "zfs" ]; } && [ ! -d "${fullpath}" ]; then
mkdir -p "${fullpath}" || error_continue "Failed to create mount point."
elif [ -f "${hostpath}" ] ; then
filename="$( basename ${hostpath} )"
if echo "${fullpath}" 2>/dev/null | grep -qow "${filename}"; then
mkdir -p "$( dirname "${fullpath}" )" || error_continue "Failed to create mount point."
if [ ! -f "${fullpath}" ]; then
touch "${fullpath}" || error_continue "Failed to create mount point."
else
error_notify "Failed. File exists at mount point."
warn "${_fullpath}"
warn "${fullpath}"
continue
fi
else
_fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )"
_fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )"
_fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}"
mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point."
if [ ! -f "${_fullpath}" ]; then
touch "${_fullpath}" || error_continue "Failed to create mount point."
fullpath_fstab="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath_fstab}/${filename}" 2>/dev/null | sed 's#//#/#' )"
fullpath="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath}/${filename}" 2>/dev/null | sed 's#//#/#' )"
fstab_entry="${hostpath_fstab} ${fullpath_fstab} ${type} ${perms} ${checks}"
mkdir -p "$( dirname "${fullpath}" )" || error_continue "Failed to create mount point."
if [ ! -f "${fullpath}" ]; then
touch "${fullpath}" || error_continue "Failed to create mount point."
else
error_notify "Failed. File exists at mount point."
warn "${_fullpath}"
warn "${fullpath}"
continue
fi
fi
fi
# Add entry to fstab and mount
echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}"
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}"
echo "Added: ${_fstab_entry}"
echo "${fstab_entry}" >> "${bastille_jailsdir}/${jail}/fstab" || error_continue "Failed to create fstab entry: ${fstab_entry}"
mount -F "${bastille_jailsdir}/${jail}/fstab" -a || error_continue "Failed to mount volume: ${fullpath}"
echo "Added: ${fstab_entry}"
done

6
usr/local/share/bastille/network.sh
View File

@@ -104,8 +104,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _o in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do
case ${_o} in
for opt in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
B) BRIDGE=1 ;;
M) STATIC_MAC=1 ;;
@@ -615,7 +615,7 @@ add_vlan() {
local jail_epair="$(grep 'e[0-9]+b_[^;" ]+' ${jail_config})"
local jail_vnet="$(grep "${jail_epair}_name" ${jail_rc_config} | grep -Eo "vnet[0-9]+")"
elif [ "${PASSTHROUGH}" -eq 1 ]; then
local _jail_vnet="${interface}"
local jail_vnet="${interface}"
fi
if grep -Eq "ifconfig_${jail_vnet}_${vlan_id}" "${bastille_jailsdir}/${jailname}/root/etc/rc.conf"; then
error_exit "[ERROR]: VLAN has already been added: VLAN ${vlan_id}"

28
usr/local/share/bastille/pkg.sh
View File

@@ -73,8 +73,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
H) USE_HOST_PKG=1 ;;
y) AUTO_YES=1 ;;
@@ -101,36 +101,36 @@ ERRORS=0
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
bastille_jail_path="${bastille_jailsdir}/${_jail}/root"
bastille_jail_path="${bastille_jailsdir}/${jail}/root"
if [ -f "/usr/sbin/mport" ]; then
jexec -l -U root "${_jail}" /usr/sbin/mport "$@"
jexec -l -U root "${jail}" /usr/sbin/mport "$@"
elif [ -f "${bastille_jail_path}/usr/bin/apt" ]; then
jexec -l "${_jail}" /usr/bin/apt "$@"
jexec -l "${jail}" /usr/bin/apt "$@"
elif [ "${USE_HOST_PKG}" -eq 1 ]; then
if [ "${AUTO_YES}" -eq 1 ]; then
env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg -j ${_jail} "$@"
env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg -j ${jail} "$@"
else
/usr/sbin/pkg -j ${_jail} "$@"
/usr/sbin/pkg -j ${jail} "$@"
fi
else
if [ "${AUTO_YES}" -eq 1 ]; then
jexec -l -U root ${_jail} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg "$@"
jexec -l -U root ${jail} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg "$@"
else
jexec -l -U root ${_jail} /usr/sbin/pkg "$@"
jexec -l -U root ${jail} /usr/sbin/pkg "$@"
fi
fi

4
usr/local/share/bastille/rcp.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;

20
usr/local/share/bastille/rdr.sh
View File

@@ -54,24 +54,24 @@ check_jail_validity() {
# Validate jail network type and set IP4/6
if [ "$( bastille config ${TARGET} get vnet )" != 'enabled' ]; then
_ip4_interfaces="$(bastille config ${TARGET} get ip4.addr | sed 's/,/ /g')"
_ip6_interfaces="$(bastille config ${TARGET} get ip6.addr | sed 's/,/ /g')"
ip4_interfaces="$(bastille config ${TARGET} get ip4.addr | sed 's/,/ /g')"
ip6_interfaces="$(bastille config ${TARGET} get ip6.addr | sed 's/,/ /g')"
# Check if jail ip4.addr is valid (non-VNET only)
if [ "${_ip4_interfaces}" != "not set" ] && [ "${_ip4_interfaces}" != "disable" ]; then
if echo "${_ip4_interfaces}" | grep -q "|"; then
JAIL_IP="$(echo ${_ip4_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
if [ "${ip4_interfaces}" != "not set" ] && [ "${ip4_interfaces}" != "disable" ]; then
if echo "${ip4_interfaces}" | grep -q "|"; then
JAIL_IP="$(echo ${ip4_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
else
JAIL_IP="$(echo ${_ip4_interfaces} | sed -E 's#/[0-9]+$##g')"
JAIL_IP="$(echo ${ip4_interfaces} | sed -E 's#/[0-9]+$##g')"
fi
fi
# Check if jail ip6.addr is valid (non-VNET only)
if [ "${_ip6_interfaces}" != "not set" ] && [ "${_ip6_interfaces}" != "disable" ]; then
if echo "${_ip6_interfaces}" | grep -q "|"; then
JAIL_IP6="$(echo ${_ip6_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
if [ "${ip6_interfaces}" != "not set" ] && [ "${ip6_interfaces}" != "disable" ]; then
if echo "${ip6_interfaces}" | grep -q "|"; then
JAIL_IP6="$(echo ${ip6_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
else
JAIL_IP6="$(echo ${_ip6_interfaces} | sed -E 's#/[0-9]+$##g')"
JAIL_IP6="$(echo ${ip6_interfaces} | sed -E 's#/[0-9]+$##g')"
fi
fi
else

70
usr/local/share/bastille/rename.sh
View File

@@ -54,8 +54,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\""
@@ -105,18 +105,18 @@ validate_name() {
update_jailconf() {
# Update jail.conf
local jail_conf="${bastille_jailsdir}/${NEWNAME}/jail.conf"
local jail_config="${bastille_jailsdir}/${NEWNAME}/jail.conf"
local jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf"
if [ -f "${jail_conf}" ]; then
if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${jail_conf}"; then
sed -i '' "s|host.hostname.*=.*${TARGET};|host.hostname = ${NEWNAME};|" "${jail_conf}"
sed -i '' "s|exec.consolelog.*=.*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${jail_conf}"
sed -i '' "s|path.*=.*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${jail_conf}"
sed -i '' "s|mount.fstab.*=.*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${jail_conf}"
sed -i '' "s|^${TARGET}.*{$|${NEWNAME} {|" "${jail_conf}"
if [ -f "${jail_config}" ]; then
if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${jail_config}"; then
sed -i '' "s|host.hostname.*=.*${TARGET};|host.hostname = ${NEWNAME};|" "${jail_config}"
sed -i '' "s|exec.consolelog.*=.*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${jail_config}"
sed -i '' "s|path.*=.*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${jail_config}"
sed -i '' "s|mount.fstab.*=.*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${jail_config}"
sed -i '' "s|^${TARGET}.*{$|${NEWNAME} {|" "${jail_config}"
fi
if grep -qo "vnet;" "${jail_conf}"; then
if grep -qo "vnet;" "${jail_config}"; then
update_jailconf_vnet
fi
fi
@@ -124,13 +124,13 @@ update_jailconf() {
update_jailconf_vnet() {
local jail_conf="${bastille_jailsdir}/${NEWNAME}/jail.conf"
local jail_config="${bastille_jailsdir}/${NEWNAME}/jail.conf"
local jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf"
if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
local if_list="$(grep -Eo 'e[0-9]+a_[^;" ]+' ${jail_conf} | sort -u)"
local if_list="$(grep -Eo 'e[0-9]+a_[^;" ]+' ${jail_config} | sort -u)"
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
local if_list="$(grep -Eo 'ng[0-9]+_[^;" ]+' ${jail_conf} | sort -u)"
local if_list="$(grep -Eo 'ng[0-9]+_[^;" ]+' ${jail_config} | sort -u)"
fi
for if in ${if_list}; do
@@ -167,39 +167,39 @@ update_jailconf_vnet() {
local new_if_prefix="$(echo ${new_host_epair} | awk -F'_' '{print $1}')"
local new_if_suffix="$(echo ${new_host_epair} | awk -F'_' '{print $2}')"
if grep "${old_if_suffix}" "${jail_conf}" | grep -oq "jib addm"; then
if grep "${old_if_suffix}" "${jail_config}" | grep -oq "jib addm"; then
# For -V jails
# Replace host epair name in jail.conf
sed -i '' "s|jib addm ${old_if_suffix}\>|jib addm ${new_if_suffix}|g" "${jail_conf}"
sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_conf}"
sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_conf}"
sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_conf}"
sed -i '' "s|jib addm ${old_if_suffix}\>|jib addm ${new_if_suffix}|g" "${jail_config}"
sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_config}"
sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_config}"
sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_config}"
# Replace jail epair name in jail.conf
sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_conf}"
sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_conf}"
sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_config}"
sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_config}"
# Replace epair description
sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_conf}"
sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_config}"
# Replace epair name in /etc/rc.conf
sed -i '' "s|ifconfig_${old_jail_epair}_name|ifconfig_${new_jail_epair}_name|g" "${jail_rc_conf}"
else
# For -B jails
# Replace host epair name in jail.conf
sed -i '' "s|up name ${old_host_epair}\>|up name ${new_host_epair}|g" "${jail_conf}"
sed -i '' "s|addm ${old_host_epair}\>|addm ${new_host_epair}|g" "${jail_conf}"
sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_conf}"
sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_conf}"
sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_conf}"
sed -i '' "s|up name ${old_host_epair}\>|up name ${new_host_epair}|g" "${jail_config}"
sed -i '' "s|addm ${old_host_epair}\>|addm ${new_host_epair}|g" "${jail_config}"
sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_config}"
sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_config}"
sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_config}"
# Replace jail epair name in jail.conf
sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_conf}"
sed -i '' "s|up name ${old_jail_epair}\>|up name ${new_jail_epair}|g" "${jail_conf}"
sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_conf}"
sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_config}"
sed -i '' "s|up name ${old_jail_epair}\>|up name ${new_jail_epair}|g" "${jail_config}"
sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_config}"
# Replace epair description
sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_conf}"
sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_config}"
# Replace epair name in /etc/rc.conf
sed -i '' "s|ifconfig_${old_jail_epair}_name|ifconfig_${new_jail_epair}_name|g" "${jail_rc_conf}"
@@ -216,12 +216,12 @@ update_jailconf_vnet() {
local new_if_suffix="$(echo ${new_ngif} | awk -F'_' '{print $2}')"
# Replace netgraph interface name
sed -i '' "s|jng bridge ${old_if_suffix}\>|jng bridge ${new_if_suffix}|g" "${jail_conf}"
sed -i '' "s|\<${old_ngif} ether|${new_ngif} ether|g" "${jail_conf}"
sed -i '' "s|jng shutdown ${old_if_suffix}\>|jng shutdown ${new_if_suffix}|g" "${jail_conf}"
sed -i '' "s|jng bridge ${old_if_suffix}\>|jng bridge ${new_if_suffix}|g" "${jail_config}"
sed -i '' "s|\<${old_ngif} ether|${new_ngif} ether|g" "${jail_config}"
sed -i '' "s|jng shutdown ${old_if_suffix}\>|jng shutdown ${new_if_suffix}|g" "${jail_config}"
# Replace jail epair name in jail.conf
sed -i '' "s|= ${old_ngif};|= ${new_ngif};|g" "${jail_conf}"
sed -i '' "s|= ${old_ngif};|= ${new_ngif};|g" "${jail_config}"
# Replace epair name in /etc/rc.conf
sed -i '' "s|ifconfig_${old_ngif}_name|ifconfig_${new_ngif}_name|g" "${jail_rc_conf}"

36
usr/local/share/bastille/restart.sh
View File

@@ -50,8 +50,8 @@ EOF
# Handle options.
# We pass these to start and stop.
_start_options=""
_stop_options=""
start_options=""
stop_options=""
IGNORE=0
while [ "$#" -gt 0 ]; do
case "${1}" in
@@ -59,11 +59,11 @@ while [ "$#" -gt 0 ]; do
usage
;;
-b|--boot)
_start_options="${_start_options} -b"
start_options="${start_options} -b"
shift
;;
-d|--delay)
_start_options="${_start_options} -d ${2}"
start_options="${start_options} -d ${2}"
shift 2
;;
-i|--ignore)
@@ -71,22 +71,22 @@ while [ "$#" -gt 0 ]; do
shift
;;
-v|--verbose)
_start_options="${_start_options} -v"
_stop_options="${_stop_options} -v"
start_options="${start_options} -v"
stop_options="${stop_options} -v"
shift
;;
-x|--debug)
_start_options="${_start_options} -x"
_stop_options="${_stop_options} -x"
start_options="${start_options} -x"
stop_options="${stop_options} -x"
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
b) _start_options="${_start_options} -b" ;;
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
b) start_options="${start_options} -b" ;;
i) IGNORE=1 ;;
v) _start_options="${_start_options} -v" _stop_options="${_stop_options} -v" ;;
x) _start_options="${_start_options} -x" _stop_options="${_stop_options} -x" ;;
v) start_options="${start_options} -v" stop_options="${stop_options} -v" ;;
x) start_options="${start_options} -x" stop_options="${stop_options} -x" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
@@ -107,15 +107,15 @@ TARGET="${1}"
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Restart all jails except if --ignore
if [ "${IGNORE}" -eq 0 ]; then
bastille stop ${_stop_options} ${_jail}
bastille start ${_start_options} ${_jail}
bastille stop ${stop_options} ${jail}
bastille start ${start_options} ${jail}
elif [ "${IGNORE}" -eq 1 ]; then
if check_target_is_stopped "${_jail}"; then
info "\n[${_jail}]:"
if check_target_is_stopped "${jail}"; then
info "\n[${jail}]:"
error_continue "Jail is stopped."
fi
fi

16
usr/local/share/bastille/service.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -87,20 +87,20 @@ ERRORS=0
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
jexec -l "${_jail}" /usr/sbin/service "$@"
jexec -l "${jail}" /usr/sbin/service "$@"
if [ "$?" -ne 0 ]; then
ERRORS=$((ERRORS + 1))

124
usr/local/share/bastille/setup.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
y) AUTO_YES=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -197,39 +197,39 @@ configure_loopback_interface() {
configure_shared_interface() {
_auto_if="${1}"
_interface_list="$(ifconfig -l)"
_interface_count=0
auto_if="${1}"
interface_list="$(ifconfig -l)"
interface_count=0
if [ -z "${_interface_list}" ]; then
if [ -z "${interface_list}" ]; then
error_exit "Unable to detect interfaces, exiting."
fi
if [ -z "$(sysrc -f ${BASTILLE_CONFIG} -n bastille_network_shared)" ]; then
info "\nAttempting to configure shared interface for bastille..."
info "\nListing available interfaces..."
if [ -z "${_auto_if}" ]; then
for _if in ${_interface_list}; do
echo "[${_interface_count}] ${_if}"
_if_num="${_if_num} [${_interface_count}]${_if}"
_interface_count=$(expr ${_interface_count} + 1)
if [ -z "${auto_if}" ]; then
for if in ${interface_list}; do
echo "[${interface_count}] ${if}"
if_num="${if_num} [${interface_count}]${if}"
interface_count=$(expr ${interface_count} + 1)
done
# shellcheck disable=SC3045
read -p "Please select the interface you would like to use: " _interface_choice
if ! echo "${_interface_choice}" | grep -Eq "^[0-9]+$"; then
read -p "Please select the interface you would like to use: " interface_choice
if ! echo "${interface_choice}" | grep -Eq "^[0-9]+$"; then
error_exit "Invalid input number, aborting!"
else
_interface_select=$(echo "${_if_num}" | grep -wo "\[${_interface_choice}\][^ ]*" | sed 's/\[.*\]//g')
interface_select=$(echo "${if_num}" | grep -wo "\[${interface_choice}\][^ ]*" | sed 's/\[.*\]//g')
fi
else
_interface_select="${_auto_if}"
interface_select="${auto_if}"
fi
# Adjust bastille.conf to reflect above choices
sysrc -f "${BASTILLE_CONFIG}" bastille_network_loopback=""
sysrc cloned_interfaces-="lo1"
ifconfig bastille0 destroy 2>/dev/null
sysrc -f "${BASTILLE_CONFIG}" bastille_network_shared="${_interface_select}"
info "\nShared interface successfully configured: [${_interface_select}]"
sysrc -f "${BASTILLE_CONFIG}" bastille_network_shared="${interface_select}"
info "\nShared interface successfully configured: [${interface_select}]"
else
info "\nShared interface has already been configured: [$(sysrc -f ${BASTILLE_CONFIG} -n bastille_network_shared)]"
fi
@@ -238,46 +238,46 @@ configure_shared_interface() {
configure_bridge() {
_auto_if="${1}"
_interface_list="$(ifconfig -l)"
_interface_count=0
auto_if="${1}"
interface_list="$(ifconfig -l)"
interface_count=0
if [ -z "${_interface_list}" ]; then
if [ -z "${interface_list}" ]; then
error_exit "Unable to detect interfaces, exiting."
fi
if ! ifconfig -g bridge | grep -oqw "${_bridge_name}"; then
info "\nConfiguring ${_bridge_name} bridge interface..."
if ! ifconfig -g bridge | grep -oqw "${bridge_name}"; then
info "\nConfiguring ${bridge_name} bridge interface..."
if [ -z "${_auto_if}" ]; then
if [ -z "${auto_if}" ]; then
info "\nListing available interfaces..."
for _if in ${_interface_list}; do
if ifconfig -g bridge | grep -oqw "${_if}" || ifconfig -g lo | grep -oqw "${_if}"; then
for if in ${interface_list}; do
if ifconfig -g bridge | grep -oqw "${if}" || ifconfig -g lo | grep -oqw "${if}"; then
continue
else
echo "[${_interface_count}] ${_if}"
_if_num="${_if_num} [${_interface_count}]${_if}"
_interface_count=$(expr ${_interface_count} + 1)
echo "[${interface_count}] ${if}"
if_num="${if_num} [${interface_count}]${if}"
interface_count=$(expr ${interface_count} + 1)
fi
done
# shellcheck disable=SC3045
read -p "Please select the interface to attach the bridge to: " _interface_choice
if ! echo "${_interface_choice}" | grep -Eq "^[0-9]+$"; then
read -p "Please select the interface to attach the bridge to: " interface_choice
if ! echo "${interface_choice}" | grep -Eq "^[0-9]+$"; then
error_exit "Invalid input number, aborting!"
else
_interface_select=$(echo "${_if_num}" | grep -wo "\[${_interface_choice}\][^ ]*" | sed 's/\[.*\]//g')
interface_select=$(echo "${if_num}" | grep -wo "\[${interface_choice}\][^ ]*" | sed 's/\[.*\]//g')
fi
else
_interface_select="${_auto_if}"
interface_select="${auto_if}"
fi
# Create bridge and persist on reboot
_bridge_name="${_interface_select}bridge"
bridge_name="${interface_select}bridge"
ifconfig bridge0 create
ifconfig bridge0 name ${_bridge_name}
ifconfig ${_bridge_name} addm ${_interface_select} up
ifconfig bridge0 name ${bridge_name}
ifconfig ${bridge_name} addm ${interface_select} up
sysrc cloned_interfaces+="bridge0"
sysrc ifconfig_bridge0_name="${_bridge_name}"
sysrc ifconfig_${_bridge_name}="addm ${_interface_select} up"
sysrc ifconfig_bridge0_name="${bridge_name}"
sysrc ifconfig_${bridge_name}="addm ${interface_select} up"
# Set some sysctl values
sysctl net.inet.ip.forwarding=1
@@ -290,9 +290,9 @@ configure_bridge() {
echo net.link.bridge.pfil_member=0 >> /etc/sysctl.conf
info "\nBridge interface successfully configured: [${_bridge_name}]"
info "\nBridge interface successfully configured: [${bridge_name}]"
else
info "\nBridge has alread been configured: [${_bridge_name}]"
info "\nBridge has alread been configured: [${bridge_name}]"
fi
}
@@ -370,38 +370,38 @@ configure_storage() {
if mount | grep "zfs" >/dev/null 2>/dev/null; then
_auto_zpool="${1}"
auto_zpool="${1}"
if [ ! "$(kldstat -m zfs)" ]; then
info "\nZFS module not loaded; skipping..."
elif sysrc -f ${BASTILLE_CONFIG} -n bastille_zfs_enable | grep -Eoq "([Y|y][E|e][S|s])"; then
info "\nZFS has already been configured!"
else
if [ -z "${_auto_zpool}" ]; then
_zpool_list=$(zpool list | grep -v NAME | awk '{print $1}')
_zpool_count=0
if [ -z "${auto_zpool}" ]; then
zpool_list=$(zpool list | grep -v NAME | awk '{print $1}')
zpool_count=0
if [ "$(zpool list | grep -v NAME | awk '{print $1}' | wc -l)" -eq 1 ]; then
_bastille_zpool="${_zpool_list}"
bastille_zpool="${zpool_list}"
else
info "\nMultiple zpools detected:"
for _zpool in ${_zpool_list}; do
echo "[${_zpool_count}] ${_zpool}"
_zpool_num="${_zpool_num} [${_zpool_count}]${_zpool}"
_zpool_count=$(expr ${_zpool_count} + 1)
for zpool in ${zpool_list}; do
echo "[${zpool_count}] ${zpool}"
zpool_num="${zpool_num} [${zpool_count}]${zpool}"
zpool_count=$(expr ${zpool_count} + 1)
done
# shellcheck disable=SC3045
read -p "Please select the zpool for Bastille to use: " _zpool_choice
if ! echo "${_zpool_choice}" | grep -Eq "^[0-9]+$"; then
read -p "Please select the zpool for Bastille to use: " zpool_choice
if ! echo "${zpool_choice}" | grep -Eq "^[0-9]+$"; then
error_exit "Invalid input number, aborting!"
else
_zpool_select=$(echo "${_zpool_num}" | grep -wo "\[${_zpool_choice}\][^ ]*" | sed 's/\[.*\]//g')
zpool_select=$(echo "${zpool_num}" | grep -wo "\[${zpool_choice}\][^ ]*" | sed 's/\[.*\]//g')
fi
fi
else
_bastille_zpool="${_auto_zpool}"
bastille_zpool="${auto_zpool}"
fi
sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_enable=YES
sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_zpool="${_bastille_zpool}"
sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_zpool="${bastille_zpool}"
info "\nUsing ZFS filesystem."
fi
elif mount | grep "ufs" >/dev/null 2>/dev/null; then
@@ -430,8 +430,8 @@ case "${OPT_CONFIG}" in
warn "[WARNING]: Running linux jails requires loading additional kernel"
warn "modules, as well as installing the 'debootstrap' package."
# shellcheck disable=SC3045
read -p "Do you want to proceed with setup? [y|n]:" _answer
case "${_answer}" in
read -p "Do you want to proceed with setup? [y|n]:" answer
case "${answer}" in
[Yy]|[Yy][Ee][Ss])
configure_linux
;;
@@ -453,8 +453,8 @@ case "${OPT_CONFIG}" in
warn "as VNET network options. You CANNOT use both on the same system. If you have"
warn "already started using bastille with 'if_bridge' do not continue."
# shellcheck disable=SC3045
read -p "Do you really want to continue setting up netgraph for Bastille? [y|n]:" _answer
case "${_answer}" in
read -p "Do you really want to continue setting up netgraph for Bastille? [y|n]:" answer
case "${answer}" in
[Yy]|[Yy][Ee][Ss])
configure_vnet
configure_netgraph
@@ -476,8 +476,8 @@ case "${OPT_CONFIG}" in
warn "interface to be configured ant one time. If you continue, the 'shared'"
warn "interface will be disabled, and the 'loopback' interface will be used as default."
# shellcheck disable=SC3045
read -p "Do you really want to continue setting up the loopback interface? [y|n]:" _answer
case "${_answer}" in
read -p "Do you really want to continue setting up the loopback interface? [y|n]:" answer
case "${answer}" in
[Yy]|[Yy][Ee][Ss])
configure_loopback_interface
;;
@@ -498,8 +498,8 @@ case "${OPT_CONFIG}" in
warn "interface to be configured at one time. If you continue, the 'loopback'"
warn "interface will be disabled, and the shared interface will be used as default."
# shellcheck disable=SC3045
read -p "Do you really want to continue setting up the shared interface? [y|n]:" _answer
case "${_answer}" in
read -p "Do you really want to continue setting up the shared interface? [y|n]:" answer
case "${answer}" in
[Yy]|[Yy][Ee][Ss])
configure_shared_interface "${OPT_ARG}"
;;

108
usr/local/share/bastille/start.sh
View File

@@ -77,8 +77,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
b) BOOT=1 ;;
v) OPTION="-v" ;;
x) enable_debug ;;
@@ -102,118 +102,118 @@ TARGET="${1}"
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Continue if '-b|--boot' is set and 'boot=off'
if [ "${BOOT}" -eq 1 ]; then
BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n boot)"
BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${jail}/settings.conf -n boot)"
if [ "${BOOT_ENABLED}" = "off" ]; then
continue
fi
fi
# Validate that all 'depends' jails are running
_depend_jails="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n depend)"
for _depend_jail in ${_depend_jails}; do
depend_jails="$(sysrc -f ${bastille_jailsdir}/${jail}/settings.conf -n depend)"
for depend_jail in ${depend_jails}; do
if check_target_is_running; then
continue
else
bastille start ${_depend_jail}
bastille start ${depend_jail}
fi
done
if check_target_is_running "${_jail}"; then
info "\n[${_jail}]:"
if check_target_is_running "${jail}"; then
info "\n[${jail}]:"
error_continue "Jail is already running."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
# Validate interfaces and add IPs to firewall table
if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then
_ip4_interfaces="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"
_ip6_interfaces="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')"
if [ "$(bastille config ${jail} get vnet)" != 'enabled' ]; then
ip4_interfaces="$(bastille config ${jail} get ip4.addr | sed 's/,/ /g')"
ip6_interfaces="$(bastille config ${jail} get ip6.addr | sed 's/,/ /g')"
# IP4
if [ "${_ip4_interfaces}" != "not set" ]; then
for _interface in ${_ip4_interfaces}; do
if echo "${_interface}" | grep -q "|"; then
_if="$(echo ${_interface} 2>/dev/null | awk -F"|" '{print $1}')"
_ip="$(echo ${_interface} 2>/dev/null | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
if [ "${ip4_interfaces}" != "not set" ]; then
for interface in ${ip4_interfaces}; do
if echo "${interface}" | grep -q "|"; then
if="$(echo ${interface} 2>/dev/null | awk -F"|" '{print $1}')"
ip="$(echo ${interface} 2>/dev/null | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
else
_if="$(bastille config ${_jail} get interface)"
_ip="$(echo ${_interface} | sed -E 's#/[0-9]+$##g')"
if="$(bastille config ${jail} get interface)"
ip="$(echo ${interface} | sed -E 's#/[0-9]+$##g')"
fi
if ifconfig | grep "^${_if}:" >/dev/null; then
if ifconfig | grep -qwF "${_ip}"; then
warn "[WARNING]: IP address (${_ip}) already in use, continuing..."
if ifconfig | grep "^${if}:" >/dev/null; then
if ifconfig | grep -qwF "${ip}"; then
warn "[WARNING]: IP address (${ip}) already in use, continuing..."
fi
## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed)
if route -n get ${_ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
if route -n get ${ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}"
fi
else
error_continue "[ERROR]: ${_if} interface does not exist."
error_continue "[ERROR]: ${if} interface does not exist."
fi
done
fi
# IP6
if [ "${_ip6_interfaces}" != "not set" ]; then
for _interface in ${_ip6_interfaces}; do
if echo "${_interface}" | grep -q "|"; then
_if="$(echo ${_interface} | awk -F"|" '{print $1}')"
_ip="$(echo ${_interface} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
if [ "${ip6_interfaces}" != "not set" ]; then
for interface in ${ip6_interfaces}; do
if echo "${interface}" | grep -q "|"; then
if="$(echo ${interface} | awk -F"|" '{print $1}')"
ip="$(echo ${interface} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
else
_if="$(bastille config ${_jail} get interface)"
_ip="$(echo ${_interface} | sed -E 's#/[0-9]+$##g')"
if="$(bastille config ${jail} get interface)"
ip="$(echo ${interface} | sed -E 's#/[0-9]+$##g')"
fi
if ifconfig | grep "^${_if}:" >/dev/null; then
if ifconfig | grep -qwF "${_ip}"; then
warn "[WARNING]: IP address (${_ip}) already in use, continuing..."
if ifconfig | grep "^${if}:" >/dev/null; then
if ifconfig | grep -qwF "${ip}"; then
warn "[WARNING]: IP address (${ip}) already in use, continuing..."
fi
## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed)
if route -6 -n get ${_ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}"
if route -6 -n get ${ip} | grep "gateway" >/dev/null; then
pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}"
fi
else
error_continue "[ERROR]: ${_if} interface does not exist."
error_continue "[ERROR]: ${if} interface does not exist."
fi
done
fi
fi
# Validate jailed datasets mountpoint
if [ -s "${bastille_jailsdir}/${_jail}/zfs.conf" ]; then
if [ -s "${bastille_jailsdir}/${jail}/zfs.conf" ]; then
while read dataset mount; do
if [ "$(zfs get -H -o value mountpoint ${dataset})" != "${mount}" ]; then
zfs set jailed=off "${dataset}"
zfs set mountpoint="${mount}" "${dataset}"
zfs set jailed=on "${dataset}"
fi
done < "${bastille_jailsdir}/${_jail}/zfs.conf"
done < "${bastille_jailsdir}/${jail}/zfs.conf"
fi
# Start jail
jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -c "${_jail}"
jail ${OPTION} -f "${bastille_jailsdir}/${jail}/jail.conf" -c "${jail}"
# Add rctl limits
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
while read _limits; do
rctl -a "${_limits}"
done < "${bastille_jailsdir}/${_jail}/rctl.conf"
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
while read limits; do
rctl -a "${limits}"
done < "${bastille_jailsdir}/${jail}/rctl.conf"
fi
# Add cpuset limits
if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then
while read _limits; do
cpuset -l "${_limits}" -j "${_jail}"
done < "${bastille_jailsdir}/${_jail}/cpuset.conf"
if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then
while read limits; do
cpuset -l "${limits}" -j "${jail}"
done < "${bastille_jailsdir}/${jail}/cpuset.conf"
fi
# Add rdr rules
if [ -s "${bastille_jailsdir}/${_jail}/rdr.conf" ]; then
while read _rules; do
bastille rdr ${_jail} ${_rules}
done < "${bastille_jailsdir}/${_jail}/rdr.conf"
if [ -s "${bastille_jailsdir}/${jail}/rdr.conf" ]; then
while read rules; do
bastille rdr ${jail} ${rules}
done < "${bastille_jailsdir}/${jail}/rdr.conf"
fi
# Delay between jail action

68
usr/local/share/bastille/stop.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
v) OPTION="-v" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -85,70 +85,70 @@ TARGET="${1}"
bastille_root_check
set_target "${TARGET}" "reverse"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate that all jails that 'depend' on this one are stopped
for _depend_jail in $(ls -v --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do
if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then
sysrc -q -f ${bastille_jailsdir}/${_depend_jail}/settings.conf depend="" >/dev/null
for depend_jail in $(ls -v --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do
if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${depend_jail}/settings.conf; then
sysrc -q -f ${bastille_jailsdir}/${depend_jail}/settings.conf depend="" >/dev/null
fi
if [ "${_jail}" = "${_depend_jail}" ]; then
if [ "${jail}" = "${depend_jail}" ]; then
continue
elif grep -hoqsw "${_jail}" "${bastille_jailsdir}/${_depend_jail}/settings.conf"; then
bastille stop ${_depend_jail}
elif grep -hoqsw "${jail}" "${bastille_jailsdir}/${depend_jail}/settings.conf"; then
bastille stop ${depend_jail}
fi
done
if check_target_is_stopped "${_jail}"; then
info "\n[${_jail}]:"
if check_target_is_stopped "${jail}"; then
info "\n[${jail}]:"
error_continue "Jail is already stopped."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
# Remove RDR rules
if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then
_ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"
_ip6="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')"
if [ "${_ip4}" != "not set" ] || [ "${_ip6}" != "not set" ]; then
if [ "$(bastille config ${jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then
ip4="$(bastille config ${jail} get ip4.addr | sed 's/,/ /g')"
ip6="$(bastille config ${jail} get ip6.addr | sed 's/,/ /g')"
if [ "${ip4}" != "not set" ] || [ "${ip6}" != "not set" ]; then
if which -s pfctl; then
if bastille rdr ${_jail} list >/dev/null 2>&1; then
bastille rdr "${_jail}" clear
if bastille rdr ${jail} list >/dev/null 2>&1; then
bastille rdr "${jail}" clear
fi
fi
fi
fi
# Remove rctl limits
if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then
bastille limits "${_jail}" clear
if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then
bastille limits "${jail}" clear
fi
# Stop jail
jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
jail ${OPTION} -f "${bastille_jailsdir}/${jail}/jail.conf" -r "${jail}"
# Remove (captured above) IPs from firewall table
if [ "${_ip4}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then
for _ip in ${_ip4}; do
if echo "${_ip}" | grep -q "|"; then
_ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
if [ "${ip4}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then
for ip in ${ip4}; do
if echo "${ip}" | grep -q "|"; then
ip="$(echo ${ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
else
_ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')"
ip="$(echo ${ip} | sed -E 's#/[0-9]+$##g')"
fi
pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
pfctl -q -t "${bastille_network_pf_table}" -T delete "${ip}"
done
fi
if [ "${_ip6}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then
for _ip in ${_ip6}; do
if echo "${_ip}" | grep -q "|"; then
_ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
if [ "${ip6}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then
for ip in ${ip6}; do
if echo "${ip}" | grep -q "|"; then
ip="$(echo ${ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
else
_ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')"
ip="$(echo ${ip} | sed -E 's#/[0-9]+$##g')"
fi
pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
pfctl -q -t "${bastille_network_pf_table}" -T delete "${ip}"
done
fi
update_jail_syntax_v1 "${_jail}"
update_jail_syntax_v1 "${jail}"
done

22
usr/local/share/bastille/sysrc.sh
View File

@@ -49,7 +49,7 @@ EOF
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
-h|--help|help)
usage
;;
-a|--auto)
@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -87,23 +87,23 @@ ERRORS=0
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${_jail}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
if [ -f "${bastille_jailsdir}/${_jail}/root/usr/sbin/sysrc" ]; then
jexec -l "${_jail}" /usr/sbin/sysrc "$@"
if [ -f "${bastille_jailsdir}/${jail}/root/usr/sbin/sysrc" ]; then
jexec -l "${jail}" /usr/sbin/sysrc "$@"
else
sysrc -j "${_jail}" "$@"
sysrc -j "${jail}" "$@"
fi
if [ "$?" -ne 0 ]; then

12
usr/local/share/bastille/tags.sh
View File

@@ -76,23 +76,23 @@ TAGS="${3}"
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags"
bastille_jail_tags="${bastille_jailsdir}/${jail}/tags"
case ${ACTION} in
add)
for _tag in $(echo ${TAGS} | tr , ' '); do
echo ${_tag} >> "${bastille_jail_tags}"
for tag in $(echo ${TAGS} | tr , ' '); do
echo ${tag} >> "${bastille_jail_tags}"
tmpfile="$(mktemp)"
sort "${bastille_jail_tags}" | uniq > "${tmpfile}"
mv "${tmpfile}" "${bastille_jail_tags}"
done
;;
del*)
for _tag in $(echo ${TAGS} | tr , ' '); do
for tag in $(echo ${TAGS} | tr , ' '); do
[ ! -f "${bastille_jail_tags}" ] && break # skip if no tags file
tmpfile="$(mktemp)"
grep -Ev "^${_tag}\$" "${bastille_jail_tags}" > "${tmpfile}"
grep -Ev "^${tag}\$" "${bastille_jail_tags}" > "${tmpfile}"
mv "${tmpfile}" "${bastille_jail_tags}"
# delete tags file if empty
[ ! -s "${bastille_jail_tags}" ] && rm "${bastille_jail_tags}"

4
usr/local/share/bastille/top.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\""

38
usr/local/share/bastille/umount.sh
View File

@@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\""
@@ -86,46 +86,46 @@ MOUNT_PATH="${2}"
bastille_root_check
set_target "${TARGET}"
for _jail in ${JAILS}; do
for jail in ${JAILS}; do
# Validate jail state
check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${_jail}"
check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${jail}"
else
info "\n[${TARGET}]:"
info "\n[${jail}]:"
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
info "\n[${jail}]:"
_jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')"
_mount="$( mount | grep -Eo "[[:blank:]]${_jailpath}[[:blank:]]" )"
_jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#g' | sed 's# #\\#g' | sed 's#\\#\\\\040#g')"
_fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)"
jailpath="$( echo "${bastille_jailsdir}/${jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')"
mount="$( mount | grep -Eo "[[:blank:]]${jailpath}[[:blank:]]" )"
jailpath_fstab="$(echo "${bastille_jailsdir}/${jail}/root/${MOUNT_PATH}" | sed 's#//#/#g' | sed 's# #\\#g' | sed 's#\\#\\\\040#g')"
fstab_entry="$(grep -Eo "[[:blank:]]${jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${jail}/fstab)"
# Exit if mount point non-existent
if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then
if [ -z "${mount}" ] && [ -z "${fstab_entry}" ]; then
error_continue "[ERROR]: The specified mount point does not exist."
fi
# Unmount
if [ -n "${_mount}" ]; then
umount "${_jailpath}" || error_continue "[ERROR]: Failed to unmount volume: ${MOUNT_PATH}"
if [ -n "${mount}" ]; then
umount "${jailpath}" || error_continue "[ERROR]: Failed to unmount volume: ${MOUNT_PATH}"
fi
# Remove entry from fstab
if [ -n "${_fstab_entry}" ]; then
if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then
if [ -n "${fstab_entry}" ]; then
if ! sed -E -i '' "\, +${jailpath_fstab} +,d" "${bastille_jailsdir}/${jail}/fstab"; then
error_continue "[ERROR]: Failed to delete fstab entry: ${MOUNT_PATH}"
fi
fi
# Delete if mount point was a file
if [ -f "${_jailpath}" ]; then
rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}"
if [ -f "${jailpath}" ]; then
rm -f "${jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}"
fi
echo "Unmounted: ${_jailpath}"
echo "Unmounted: ${jailpath}"
done

4
usr/local/share/bastille/update.sh
View File

@@ -74,8 +74,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
f) OPTION="-F" ;;
x) enable_debug ;;

4
usr/local/share/bastille/upgrade.sh
View File

@@ -68,8 +68,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
f) OPTION="-F" ;;
x) enable_debug ;;

76
usr/local/share/bastille/verify.sh
View File

@@ -80,72 +80,72 @@ handle_template_include() {
verify_template() {
_template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE}
_hook_validate=0
template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE}
hook_validate=0
for _hook in TARGET INCLUDE PRE OVERLAY FSTAB PF PKG SYSRC SERVICE CMD Bastillefile; do
_path=${_template_path}/${_hook}
if [ -s "${_path}" ]; then
_hook_validate=$((_hook_validate+1))
info "\nDetected ${_hook} hook."
for hook in TARGET INCLUDE PRE OVERLAY FSTAB PF PKG SYSRC SERVICE CMD Bastillefile; do
path=${template_path}/${hook}
if [ -s "${path}" ]; then
hook_validate=$((_hook_validate+1))
info "\nDetected ${hook} hook."
## line count must match newline count
# shellcheck disable=SC2046
# shellcheck disable=SC3003
if [ $(wc -l "${_path}" | awk '{print $1}') -ne "$(tr -d -c '\n' < "${_path}" | wc -c)" ]; then
info "[${_hook}]:"
error_notify "[ERROR]: ${BASTILLE_TEMPLATE}:${_hook} [failed]."
if [ $(wc -l "${path}" | awk '{print $1}') -ne "$(tr -d -c '\n' < "${path}" | wc -c)" ]; then
info "[${hook}]:"
error_notify "[ERROR]: ${BASTILLE_TEMPLATE}:${hook} [failed]."
error_notify "Line numbers don't match line breaks."
error_exit "Template validation failed."
## if INCLUDE; recursive verify
elif [ "${_hook}" = 'INCLUDE' ]; then
info "[${_hook}]:"
cat "${_path}"
while read _include; do
info "[${_hook}]:[${_include}]:"
TEMPLATE_INCLUDE="${_include}"
elif [ "${hook}" = 'INCLUDE' ]; then
info "[${hook}]:"
cat "${path}"
while read include; do
info "[${hook}]:[${include}]:"
TEMPLATE_INCLUDE="${include}"
handle_template_include
done < "${_path}"
done < "${path}"
## if tree; tree -a bastille_template/_dir
elif [ "${_hook}" = 'OVERLAY' ]; then
info "[${_hook}]:"
cat "${_path}"
while read _dir; do
info "[${_hook}]:[${_dir}]:"
elif [ "${hook}" = 'OVERLAY' ]; then
info "[${hook}]:"
cat "${path}"
while read dir; do
info "[${hook}]:[${dir}]:"
if [ -x "/usr/local/bin/tree" ]; then
/usr/local/bin/tree -a "${_template_path}/${_dir}"
/usr/local/bin/tree -a "${template_path}/${dir}"
else
find "${_template_path}/${_dir}" -print | sed -e 's;[^/]*/;|___;g;s;___|; |;g'
find "${template_path}/${dir}" -print | sed -e 's;[^/]*/;|___;g;s;___|; |;g'
fi
done < "${_path}"
elif [ "${_hook}" = 'Bastillefile' ]; then
info "[${_hook}]:"
cat "${_path}"
while read _line; do
_cmd=$(echo "${_line}" | awk '{print tolower($1);}')
done < "${path}"
elif [ "${hook}" = 'Bastillefile' ]; then
info "[${hook}]:"
cat "${path}"
while read line; do
cmd=$(echo "${line}" | awk '{print tolower($1);}')
## if include; recursive verify
if [ "${_cmd}" = 'include' ]; then
TEMPLATE_INCLUDE=$(echo "${_line}" | awk '{print $2;}')
if [ "${cmd}" = 'include' ]; then
TEMPLATE_INCLUDE=$(echo "${line}" | awk '{print $2;}')
handle_template_include
fi
done < "${_path}"
done < "${path}"
else
info "[${_hook}]:"
cat "${_path}"
info "[${hook}]:"
cat "${path}"
fi
fi
done
# Remove bad templates
if [ "${_hook_validate}" -lt 1 ]; then
rm -rf "${_template_path}"
if [ "${hook_validate}" -lt 1 ]; then
rm -rf "${template_path}"
error_notify "[ERROR]: No valid template hooks found."
error_exit "Template discarded."
fi
## if validated; ready to use
if [ "${_hook_validate}" -gt 0 ]; then
if [ "${hook_validate}" -gt 0 ]; then
info "\nTemplate ready to use."
fi
}

87
usr/local/share/bastille/zfs.sh
View File

@@ -52,7 +52,7 @@ EOF
zfs_jail_dataset() {
local jail_config="${bastille_jailsdir}/${JAIL}/jail.conf"
local jail_config="${bastille_jailsdir}/${jail}/jail.conf"
# Exit if MOUNT or DATASET is empty
if [ -z "${MOUNT}" ] || [ -z "${DATASET}" ]; then
@@ -68,45 +68,45 @@ zfs_jail_dataset() {
fi
# Validate jail state
check_target_is_stopped "${JAIL}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${JAIL}"
check_target_is_stopped "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${jail}"
else
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
# Add necessary config variables to jail
bastille config ${JAIL} set enforce_statfs 1 >/dev/null
bastille config ${JAIL} set allow.mount >/dev/null
bastille config ${JAIL} set allow.mount.devfs >/dev/null
bastille config ${JAIL} set allow.mount.zfs >/dev/null
bastille config ${jail} set enforce_statfs 1 >/dev/null
bastille config ${jail} set allow.mount >/dev/null
bastille config ${jail} set allow.mount.devfs >/dev/null
bastille config ${jail} set allow.mount.zfs >/dev/null
# Enable ZFS inside jail
sysrc -f "${bastille_jailsdir}/${JAIL}/root/etc/rc.conf" zfs_enable="YES"
sysrc -f "${bastille_jailsdir}/${jail}/root/etc/rc.conf" zfs_enable="YES"
# Jail the dataset
zfs set mountpoint="${MOUNT}" "${DATASET}"
zfs set jailed=on "${DATASET}"
# Add dataset to zfs.conf
echo "${DATASET} ${MOUNT}" >> "${bastille_jailsdir}/${JAIL}/zfs.conf"
echo "${DATASET} ${MOUNT}" >> "${bastille_jailsdir}/${jail}/zfs.conf"
# Add config to jail.conf
sed -i '' '/^}$/d' "${jail_config}"
cat << EOF >> "${jail_config}"
# Jailed dataset: ${DATASET}
exec.created += "zfs jail ${JAIL} ${DATASET}";
exec.created += "zfs jail ${jail} ${DATASET}";
}
EOF
if [ "${AUTO}" -eq 1 ]; then
bastille start "${JAIL}"
bastille start "${jail}"
fi
}
zfs_unjail_dataset() {
local jail_config="${bastille_jailsdir}/${JAIL}/jail.conf"
local jail_config="${bastille_jailsdir}/${jail}/jail.conf"
# Exit if DATASET is empty
if [ -z "${DATASET}" ]; then
@@ -117,8 +117,8 @@ zfs_unjail_dataset() {
fi
# Validate jail state
check_target_is_stopped "${JAIL}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${JAIL}"
check_target_is_stopped "${jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${jail}"
else
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
@@ -129,54 +129,54 @@ zfs_unjail_dataset() {
zfs umount "${DATASET}"
# Remove dataset from zfs.conf
if ! grep -hoqsw "${DATASET}" ${bastille_jailsdir}/${JAIL}/zfs.conf; then
if ! grep -hoqsw "${DATASET}" ${bastille_jailsdir}/${jail}/zfs.conf; then
error_exit "[ERROR]: Dataset not present in zfs.conf."
else
sed -i '' "\#.*${DATASET}.*#d" "${bastille_jailsdir}/${JAIL}/zfs.conf"
sed -i '' "\#.*${DATASET}.*#d" "${bastille_jailsdir}/${jail}/zfs.conf"
fi
# Remove config from jail.conf
sed -i '' "\#.*Jailed dataset: ${DATASET}.*#d" "${jail_config}"
sed -i '' "\#.*zfs jail ${JAIL} ${DATASET}.*#d" "${jail_config}"
sed -i '' "\#.*zfs jail ${jail} ${DATASET}.*#d" "${jail_config}"
if [ "${AUTO}" -eq 1 ]; then
bastille start "${JAIL}"
bastille start "${jail}"
fi
}
zfs_snapshot() {
# shellcheck disable=SC2140
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"@"${TAG}"
_return=$?
zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"@"${TAG}"
return=$?
}
zfs_rollback() {
# shellcheck disable=SC2140
zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"@"${TAG}"
zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"@"${TAG}"
# shellcheck disable=SC2140
zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}/root"@"${TAG}"
_return=$?
zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}/root"@"${TAG}"
return=$?
}
zfs_destroy_snapshot() {
# shellcheck disable=SC2140
zfs destroy ${OPT_DESTROY} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"@"${TAG}"
_return=$?
zfs destroy ${OPT_DESTROY} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"@"${TAG}"
return=$?
}
zfs_set_value() {
zfs set "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"
_return=$?
zfs set "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"
return=$?
}
zfs_get_value() {
zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"
_return=$?
zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"
return=$?
}
zfs_disk_usage() {
zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"
_return=$?
zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"
return=$?
}
snapshot_checks() {
@@ -189,10 +189,10 @@ snapshot_checks() {
# Verify rollback snapshots
if [ "${SNAP_ROLLBACK}" -eq 1 ]; then
if [ -n "${TAG}" ]; then
SNAP_TAG_CHECK="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL} | grep -o "${TAG}$" | tail -n 1)"
SNAP_TAG_CHECK="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail} | grep -o "${TAG}$" | tail -n 1)"
else
TAG="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL} | grep -o "bastille_${JAIL}_.*$" | tail -n 1)"
SNAP_TAG_CHECK=$(echo ${TAG} | grep -wo "bastille_${JAIL}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}")
TAG="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail} | grep -o "bastille_${jail}_.*$" | tail -n 1)"
SNAP_TAG_CHECK=$(echo ${TAG} | grep -wo "bastille_${jail}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}")
fi
if [ -z "${SNAP_TAG_CHECK}" ]; then
error_continue "[ERROR]: Snapshot not found: ${TAG}"
@@ -204,10 +204,10 @@ snapshot_checks() {
# Generate a relatively short but unique name for the snapshots based on the current date/jail name.
elif [ "${AUTO_TAG}" -eq 1 ]; then
DATE=$(date +%F-%H%M%S)
TAG="bastille_${JAIL}_${DATE}"
TAG="bastille_${jail}_${DATE}"
# Check for the generated snapshot name.
SNAP_GEN_CHECK=""
SNAP_GEN_CHECK=$(echo ${TAG} | grep -wo "bastille_${JAIL}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}")
SNAP_GEN_CHECK=$(echo ${TAG} | grep -wo "bastille_${jail}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}")
if [ -z "${SNAP_GEN_CHECK}" ]; then
error_notify "[ERROR]: Failed to validate snapshot name."
fi
@@ -220,7 +220,7 @@ snapshot_create() {
zfs_snapshot
# Check for exit status and notify only for user reference.
if [ "${_return}" -ne 0 ]; then
if [ "${return}" -ne 0 ]; then
error_notify "[ERROR]: Failed to create snapshot."
else
echo "Snapshot created: ${TAG}"
@@ -235,7 +235,7 @@ snapshot_rollback() {
zfs_rollback
# Check for exit status and just notify.
if [ "${_return}" -ne 0 ]; then
if [ "${return}" -ne 0 ]; then
error_notify "[ERROR]: Failed to restore snapshot: ${TAG}."
else
echo "Snapshot restored: ${TAG}"
@@ -257,7 +257,7 @@ snapshot_destroy() {
zfs_destroy_snapshot
# Check for exit status and just notify.
if [ "${_return}" -ne 0 ]; then
if [ "${return}" -ne 0 ]; then
error_notify "[ERROR]: Failed to destroy snapshot: ${TAG}"
else
echo "Snapshot destroyed: ${TAG}"
@@ -288,8 +288,8 @@ while [ "$#" -gt 0 ]; do
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
@@ -323,9 +323,9 @@ if [ -z "${bastille_zfs_zpool}" ]; then
error_exit "[ERROR]: ZFS zpool not defined."
fi
for JAIL in ${JAILS}; do
for jail in ${JAILS}; do
info "\n[${JAIL}]:"
info "\n[${jail}]:"
case "${ACTION}" in
destroy|destroy_snap|destroy_snapshot)
@@ -366,5 +366,4 @@ for JAIL in ${JAILS}; do
usage
;;
esac
done