From a03d8d9ab872f3a0fc8bf424055ec8b6f7f601fe Mon Sep 17 00:00:00 2001 From: tschettervictor Date: Sun, 14 Dec 2025 13:35:24 -0700 Subject: [PATCH] use lowercase camelcase for all local vars --- usr/local/share/bastille/clone.sh | 2 +- usr/local/share/bastille/cmd.sh | 16 +-- usr/local/share/bastille/common.sh | 195 ++++++++++++++------------ usr/local/share/bastille/config.sh | 32 ++--- usr/local/share/bastille/console.sh | 50 +++---- usr/local/share/bastille/convert.sh | 36 ++--- usr/local/share/bastille/cp.sh | 10 +- usr/local/share/bastille/create.sh | 18 +-- usr/local/share/bastille/destroy.sh | 54 +++---- usr/local/share/bastille/etcupdate.sh | 4 +- usr/local/share/bastille/export.sh | 4 +- usr/local/share/bastille/htop.sh | 4 +- usr/local/share/bastille/import.sh | 16 +-- usr/local/share/bastille/jcp.sh | 12 +- usr/local/share/bastille/limits.sh | 118 ++++++++-------- usr/local/share/bastille/list.sh | 126 ++++++++--------- usr/local/share/bastille/migrate.sh | 168 +++++++++++----------- usr/local/share/bastille/monitor.sh | 36 ++--- usr/local/share/bastille/mount.sh | 118 ++++++++-------- usr/local/share/bastille/network.sh | 6 +- usr/local/share/bastille/pkg.sh | 28 ++-- usr/local/share/bastille/rcp.sh | 4 +- usr/local/share/bastille/rdr.sh | 20 +-- usr/local/share/bastille/rename.sh | 70 ++++----- usr/local/share/bastille/restart.sh | 36 ++--- usr/local/share/bastille/service.sh | 16 +-- usr/local/share/bastille/setup.sh | 124 ++++++++-------- usr/local/share/bastille/start.sh | 108 +++++++------- usr/local/share/bastille/stop.sh | 68 ++++----- usr/local/share/bastille/sysrc.sh | 22 +-- usr/local/share/bastille/tags.sh | 12 +- usr/local/share/bastille/top.sh | 4 +- usr/local/share/bastille/umount.sh | 38 ++--- usr/local/share/bastille/update.sh | 4 +- usr/local/share/bastille/upgrade.sh | 4 +- usr/local/share/bastille/verify.sh | 76 +++++----- usr/local/share/bastille/zfs.sh | 87 ++++++------ 37 files changed, 884 insertions(+), 862 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index ba6bc32d..8cf27fe6 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -49,7 +49,6 @@ EOF # Handle options. AUTO=0 LIVE=0 -VNET_JAIL=0 while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) @@ -99,6 +98,7 @@ fi TARGET="${1}" NEWNAME="${2}" IP="${3}" +VNET_JAIL=0 CLONE_INTERFACE_COUNT=0 bastille_root_check diff --git a/usr/local/share/bastille/cmd.sh b/usr/local/share/bastille/cmd.sh index 03b46351..9c218a02 100644 --- a/usr/local/share/bastille/cmd.sh +++ b/usr/local/share/bastille/cmd.sh @@ -88,24 +88,24 @@ ERRORS=0 set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate jail state - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" # Allow executing commands on linux jails - if grep -qw "linsysfs" "${bastille_jailsdir}/${_jail}/fstab"; then - jexec -l -u root "${_jail}" "$@" + if grep -qw "linsysfs" "${bastille_jailsdir}/${jail}/fstab"; then + jexec -l -u root "${jail}" "$@" else - jexec -l -U root "${_jail}" "$@" + jexec -l -U root "${jail}" "$@" fi if [ "$?" -ne 0 ]; then diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index a99e197e..dac8c140 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -90,9 +90,11 @@ warn() { } check_target_exists() { - local _TARGET="${1}" - local _jaillist="$(bastille list jails)" - if ! echo "${_jaillist}" | grep -Eq "^${_TARGET}$"; then + + local target="${1}" + local jail_list="$(bastille list jails)" + + if ! echo "${jail_list}" | grep -Eq "^${target}$"; then return 1 else return 0 @@ -100,8 +102,10 @@ check_target_exists() { } check_target_is_running() { - _TARGET="${1}" - if ! jls name | grep -Eq "^${_TARGET}$"; then + + local target="${1}" + + if ! jls name | grep -Eq "^${target}$"; then return 1 else return 0 @@ -109,8 +113,10 @@ check_target_is_running() { } check_target_is_stopped() { - _TARGET="${1}" - if jls name | grep -Eq "^${_TARGET}$"; then + + local target="${1}" + + if jls name | grep -Eq "^${target}$"; then return 1 else return 0 @@ -118,8 +124,9 @@ check_target_is_stopped() { } get_bastille_epair_count() { - for _config in /usr/local/etc/bastille/*.conf; do - local bastille_jailsdir="$(sysrc -f "${_config}" -n bastille_jailsdir)" + + for config in /usr/local/etc/bastille/*.conf; do + local bastille_jailsdir="$(sysrc -f "${config}" -n bastille_jailsdir)" BASTILLE_EPAIR_LIST="$(printf '%s\n%s' "$( (grep -Ehos "bastille[0-9]+" ${bastille_jailsdir}/*/jail.conf; ifconfig -g epair | grep -Eos "e[0-9]+a_bastille[0-9]+$" | grep -Eos 'bastille[0-9]+') | sort -u)" "${BASTILLE_EPAIR_LIST}")" done BASTILLE_EPAIR_COUNT=$(printf '%s' "${BASTILLE_EPAIR_LIST}" | sort -u | wc -l | awk '{print $1}') @@ -128,24 +135,28 @@ get_bastille_epair_count() { } get_jail_name() { - local _JID="${1}" - local _jailname="$(jls -j ${_JID} name 2>/dev/null)" - if [ -z "${_jailname}" ]; then + + local jid="${1}" + local jail_name="$(jls -j ${jid} name 2>/dev/null)" + + if [ -z "${jail_name}" ]; then return 1 else - echo "${_jailname}" + echo "${jail_name}" fi } jail_autocomplete() { - local _TARGET="${1}" - local _jaillist="$(bastille list jails)" - local _AUTOTARGET="$(echo "${_jaillist}" | grep -E "^${_TARGET}")" - if [ -n "${_AUTOTARGET}" ]; then - if [ "$(echo "${_AUTOTARGET}" | wc -l)" -eq 1 ]; then - echo "${_AUTOTARGET}" + + local target="${1}" + local jail_list="$(bastille list jails)" + local auto_target="$(echo "${jail_list}" | grep -E "^${target}")" + + if [ -n "${auto_target}" ]; then + if [ "$(echo "${auto_target}" | wc -l)" -eq 1 ]; then + echo "${auto_target}" else - error_continue "Multiple jails found for ${_TARGET}:\n${_AUTOTARGET}" + error_continue "Multiple jails found for ${target}:\n${auto_target}" return 1 fi else @@ -154,80 +165,84 @@ jail_autocomplete() { } list_jail_priority() { - local _jail_list="${1}" + + local jail_list="${1}" + if [ -d "${bastille_jailsdir}" ]; then - for _jail in ${_jail_list}; do + for jail in ${jail_list}; do # Remove boot.conf in favor of settings.conf - if [ -f ${bastille_jailsdir}/${_jail}/boot.conf ]; then - rm -f ${bastille_jailsdir}/${_jail}/boot.conf >/dev/null 2>&1 + if [ -f ${bastille_jailsdir}/${jail}/boot.conf ]; then + rm -f ${bastille_jailsdir}/${jail}/boot.conf >/dev/null 2>&1 fi - local _settings_file=${bastille_jailsdir}/${_jail}/settings.conf + local settings_file=${bastille_jailsdir}/${jail}/settings.conf # Set defaults if settings file does not exist - if [ ! -f ${_settings_file} ]; then - sysrc -f ${_settings_file} boot=on >/dev/null 2>&1 - sysrc -f ${_settings_file} depend="" >/dev/null 2>&1 - sysrc -f ${_settings_file} priority=99 >/dev/null 2>&1 + if [ ! -f ${settings_file} ]; then + sysrc -f ${settings_file} boot=on >/dev/null 2>&1 + sysrc -f ${settings_file} depend="" >/dev/null 2>&1 + sysrc -f ${settings_file} priority=99 >/dev/null 2>&1 fi # Add defaults if they dont exist - if ! grep -oq "boot=" ${_settings_file}; then - sysrc -f ${_settings_file} boot=on >/dev/null 2>&1 + if ! grep -oq "boot=" ${settings_file}; then + sysrc -f ${settings_file} boot=on >/dev/null 2>&1 fi - if ! grep -oq "depend=" ${_settings_file}; then - sysrc -f ${_settings_file} depend="" >/dev/null 2>&1 + if ! grep -oq "depend=" ${settings_file}; then + sysrc -f ${settings_file} depend="" >/dev/null 2>&1 fi - if ! grep -oq "priority=" ${_settings_file}; then - sysrc -f ${_settings_file} priority=99 >/dev/null 2>&1 + if ! grep -oq "priority=" ${settings_file}; then + sysrc -f ${settings_file} priority=99 >/dev/null 2>&1 fi - _priority="$(sysrc -f ${_settings_file} -n priority)" - echo "${_jail} ${_priority}" + priority="$(sysrc -f ${settings_file} -n priority)" + echo "${jail} ${priority}" done fi } set_target() { - local _TARGET=${1} + + local target=${1} if [ "${2}" = "reverse" ]; then - local _order="${2}" + local order="${2}" else - local _order="forward" + local order="forward" fi JAILS="" TARGET="" - if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then + + if [ "${target}" = ALL ] || [ "${target}" = all ]; then target_all_jails else - for _jail in ${_TARGET}; do - if [ ! -d "${bastille_jailsdir}/${_TARGET}" ] && echo "${_jail}" | grep -Eq '^[0-9]+$'; then - if get_jail_name "${_jail}" > /dev/null; then - _jail="$(get_jail_name ${_jail})" + for jail in ${target}; do + if [ ! -d "${bastille_jailsdir}/${target}" ] && echo "${jail}" | grep -Eq '^[0-9]+$'; then + if get_jail_name "${jail}" > /dev/null; then + jail="$(get_jail_name ${jail})" else - error_continue "Error: JID \"${_jail}\" not found. Is jail running?" + error_continue "Error: JID \"${jail}\" not found. Is jail running?" fi - elif ! check_target_exists "${_jail}"; then - if jail_autocomplete "${_jail}" > /dev/null; then - _jail="$(jail_autocomplete ${_jail})" + elif ! check_target_exists "${jail}"; then + if jail_autocomplete "${jail}" > /dev/null; then + jail="$(jail_autocomplete ${jail})" elif [ $? -eq 2 ]; then - if grep -Ehoqw ${_jail} ${bastille_jailsdir}/*/tags 2>/dev/null; then - _jail="$(grep -Eow ${_jail} ${bastille_jailsdir}/*/tags | awk -F"/tags" '{print $1}' | sed "s#${bastille_jailsdir}/##g" | tr '\n' ' ')" + if grep -Ehoqw ${jail} ${bastille_jailsdir}/*/tags 2>/dev/null; then + jail="$(grep -Eow ${jail} ${bastille_jailsdir}/*/tags | awk -F"/tags" '{print $1}' | sed "s#${bastille_jailsdir}/##g" | tr '\n' ' ')" else - error_continue "Jail not found \"${_jail}\"" - fi + error_continue "Jail not found \"${jail}\"" + fi else echo exit 1 fi fi - TARGET="${TARGET} ${_jail}" - JAILS="${JAILS} ${_jail}" + TARGET="${TARGET} ${jail}" + JAILS="${JAILS} ${jail}" done # Exit if no jails if [ -z "${TARGET}" ] && [ -z "${JAILS}" ]; then exit 1 fi - if [ "${_order}" = "forward" ]; then + if [ "${order}" = "forward" ]; then TARGET="$(list_jail_priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" JAILS="$(list_jail_priority "${TARGET}" | sort -k2 -n | awk '{print $1}')" - elif [ "${_order}" = "reverse" ]; then + elif [ "${order}" = "reverse" ]; then TARGET="$(list_jail_priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" JAILS="$(list_jail_priority "${TARGET}" | sort -k2 -nr | awk '{print $1}')" fi @@ -237,33 +252,37 @@ set_target() { } set_target_single() { - local _TARGET="${1}" - if [ "${_TARGET}" = ALL ] || [ "${_TARGET}" = all ]; then + + local target="${1}" + JAILS="" + TARGET="" + + if [ "${target}" = ALL ] || [ "${target}" = all ]; then error_exit "[all|ALL] not supported with this command." - elif [ "$(echo ${_TARGET} | wc -w)" -gt 1 ]; then + elif [ "$(echo ${target} | wc -w)" -gt 1 ]; then error_exit "Error: Command only supports a single TARGET." - elif [ ! -d "${bastille_jailsdir}/${_TARGET}" ] && echo "${_TARGET}" | grep -Eq '^[0-9]+$'; then - if get_jail_name "${_TARGET}" > /dev/null; then - _TARGET="$(get_jail_name ${_TARGET})" + elif [ ! -d "${bastille_jailsdir}/${target}" ] && echo "${target}" | grep -Eq '^[0-9]+$'; then + if get_jail_name "${target}" > /dev/null; then + target="$(get_jail_name ${target})" else - error_exit "Error: JID \"${_TARGET}\" not found. Is jail running?" + error_exit "Error: JID \"${target}\" not found. Is jail running?" fi - elif ! check_target_exists "${_TARGET}"; then - if jail_autocomplete "${_TARGET}" > /dev/null; then - _TARGET="$(jail_autocomplete ${_TARGET})" + elif ! check_target_exists "${target}"; then + if jail_autocomplete "${target}" > /dev/null; then + target="$(jail_autocomplete ${target})" elif [ $? -eq 2 ]; then - error_exit "Jail not found \"${_TARGET}\"" + error_exit "Jail not found \"${target}\"" else echo exit 1 fi fi + TARGET="${target}" + JAILS="${target}" # Exit if no jails - if [ -z "${_TARGET}" ] && [ -z "${_JAILS}" ]; then + if [ -z "${target}" ] && [ -z "${jails}" ]; then exit 1 fi - TARGET="${_TARGET}" - JAILS="${_TARGET}" export TARGET export JAILS } @@ -274,7 +293,7 @@ set_bastille_mountpoints() { if checkyesno bastille_zfs_enable; then # We have to do this if ALTROOT is enabled/present - local _altroot="$(zpool get -Ho value altroot ${bastille_zfs_zpool})" + local altroot="$(zpool get -Ho value altroot ${bastille_zfs_zpool})" # Set mountpoints to *bastille*dir* # shellcheck disable=SC2034 @@ -293,34 +312,36 @@ set_bastille_mountpoints() { bastille_logsdir_mountpoint="${bastille_logsdir}" # Add _altroot to *dir* if set - if [ "${_altroot}" != "-" ]; then + if [ "${altroot}" != "-" ]; then # Set *dir* to include ALTROOT - bastille_prefix="${_altroot}${bastille_prefix}" - bastille_backupsdir="${_altroot}${bastille_backupsdir}" - bastille_cachedir="${_altroot}${bastille_cachedir}" - bastille_jailsdir="${_altroot}${bastille_jailsdir}" - bastille_releasesdir="${_altroot}${bastille_releasesdir}" - bastille_templatesdir="${_altroot}${bastille_templatesdir}" - bastille_logsdir="${_altroot}${bastille_logsdir}" + bastille_prefix="${altroot}${bastille_prefix}" + bastille_backupsdir="${altroot}${bastille_backupsdir}" + bastille_cachedir="${altroot}${bastille_cachedir}" + bastille_jailsdir="${altroot}${bastille_jailsdir}" + bastille_releasesdir="${altroot}${bastille_releasesdir}" + bastille_templatesdir="${altroot}${bastille_templatesdir}" + bastille_logsdir="${altroot}${bastille_logsdir}" fi fi } target_all_jails() { - local _JAILS="$(bastille list jails)" + + local jails="$(bastille list jails)" JAILS="" - for _jail in ${_JAILS}; do - if [ -d "${bastille_jailsdir}/${_jail}" ]; then - JAILS="${JAILS} ${_jail}" + + for jail in ${jails}; do + if [ -d "${bastille_jailsdir}/${jail}" ]; then + JAILS="${JAILS} ${jail}" fi done # Exit if no jails if [ -z "${JAILS}" ]; then exit 1 fi - if [ "${_order}" = "forward" ]; then + if [ "${order}" = "forward" ]; then JAILS="$(list_jail_priority "${JAILS}" | sort -k2 -n | awk '{print $1}')" - elif [ "${_order}" = "reverse" ]; then + elif [ "${order}" = "reverse" ]; then JAILS="$(list_jail_priority "${JAILS}" | sort -k2 -nr | awk '{print $1}')" fi export JAILS @@ -400,6 +421,7 @@ validate_ip() { } generate_static_mac() { + local jail_name="${1}" local external_interface="${2}" local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}')" @@ -407,6 +429,7 @@ generate_static_mac() { local macaddr_prefix="58:9c:fc" # Use hash of interface+jailname for jail MAC suffix local macaddr_suffix="$(echo -n "${external_interface_mac}${jail_name}" | sed 's#:##g' | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then error_notify "Failed to generate MAC address." fi diff --git a/usr/local/share/bastille/config.sh b/usr/local/share/bastille/config.sh index 966a22c9..c7f93045 100644 --- a/usr/local/share/bastille/config.sh +++ b/usr/local/share/bastille/config.sh @@ -124,16 +124,16 @@ print_jail_conf() { ' } -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Backwards compatibility for specifying only an IP with ip[4|6].addr if [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip4.addr" ]; then if ! echo "${VALUE}" | grep -q "|"; then - VALUE="$(bastille config ${_jail} get ip4.addr | awk -F"|" '{print $1}')|${VALUE}" + VALUE="$(bastille config ${jail} get ip4.addr | awk -F"|" '{print $1}')|${VALUE}" fi elif [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip6.addr" ]; then if ! echo "${VALUE}" | grep -q "|"; then - VALUE="$(bastille config ${_jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}" + VALUE="$(bastille config ${jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}" fi fi @@ -142,7 +142,7 @@ for _jail in ${JAILS}; do if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then PROPERTY="priority" - FILE="${bastille_jailsdir}/${_jail}/settings.conf" + FILE="${bastille_jailsdir}/${jail}/settings.conf" if [ "${ACTION}" = "set" ]; then if echo "${VALUE}" | grep -Eq '^[0-9]+$'; then @@ -159,7 +159,7 @@ for _jail in ${JAILS}; do # Boot property elif [ "${PROPERTY}" = "boot" ]; then - FILE="${bastille_jailsdir}/${_jail}/settings.conf" + FILE="${bastille_jailsdir}/${jail}/settings.conf" if [ "${ACTION}" = "set" ]; then if [ "${VALUE}" = "on" ] || [ "${VALUE}" = "off" ]; then @@ -177,7 +177,7 @@ for _jail in ${JAILS}; do elif [ "${PROPERTY}" = "depend" ] || [ "${PROPERTY}" = "depends" ]; then PROPERTY="depend" - FILE="${bastille_jailsdir}/${_jail}/settings.conf" + FILE="${bastille_jailsdir}/${jail}/settings.conf" if [ "${ACTION}" = "set" ]; then @@ -187,7 +187,7 @@ for _jail in ${JAILS}; do set_target "${VALUE}" fi - info "\n[${_jail}]:" + info "\n[${jail}]:" sysrc -f "${FILE}" "${PROPERTY}+=${JAILS}" @@ -199,7 +199,7 @@ for _jail in ${JAILS}; do set_target "${VALUE}" fi - info "\n[${_jail}]:" + info "\n[${jail}]:" sysrc -f "${FILE}" "${PROPERTY}-=${JAILS}" @@ -209,9 +209,9 @@ for _jail in ${JAILS}; do fi else - FILE="${bastille_jailsdir}/${_jail}/jail.conf" + FILE="${bastille_jailsdir}/${jail}/jail.conf" if [ ! -f "${FILE}" ]; then - error_notify "jail.conf does not exist for jail: ${_jail}" + error_notify "jail.conf does not exist for jail: ${jail}" continue fi if [ "${ACTION}" = 'get' ]; then @@ -250,9 +250,9 @@ for _jail in ${JAILS}; do echo "${_output}" fi elif [ "${ACTION}" = "remove" ]; then - if [ "$(bastille config ${_jail} get ${PROPERTY})" != "not set" ]; then + if [ "$(bastille config ${jail} get ${PROPERTY})" != "not set" ]; then - info "\n[${_jail}]:" + info "\n[${jail}]:" sed -i '' "/.*${PROPERTY}.*/d" "${FILE}" @@ -276,8 +276,8 @@ for _jail in ${JAILS}; do # there is none, at the end # # awk doesn't have "inplace" editing so we use a temp file - _tmpfile=$(mktemp) || error_exit "unable to set because mktemp failed" - cp "${FILE}" "${_tmpfile}" && \ + tmpfile=$(mktemp) || error_exit "unable to set because mktemp failed" + cp "${FILE}" "${tmpfile}" && \ awk -F= -v line="${LINE}" -v property="${PROPERTY}" ' BEGIN { # build RE as string as we can not expand vars in RE literals @@ -304,8 +304,8 @@ for _jail in ${JAILS}; do # print each uninteresting line unchanged print; } - ' "${_tmpfile}" > "${FILE}" - rm "${_tmpfile}" + ' "${tmpfile}" > "${FILE}" + rm "${tmpfile}" fi fi diff --git a/usr/local/share/bastille/console.sh b/usr/local/share/bastille/console.sh index 15d01ba4..6574dd44 100644 --- a/usr/local/share/bastille/console.sh +++ b/usr/local/share/bastille/console.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in x) enable_debug ;; a) AUTO=1 ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -88,59 +88,59 @@ set_target "${TARGET}" validate_user() { - local _jail="${1}" - local _user="${2}" + local jail="${1}" + local user="${2}" - if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then - USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}" | cut -d: -f7)" + if jexec -l "${jail}" id "${user}" >/dev/null 2>&1; then + USER_SHELL="$(jexec -l "${jail}" getent passwd "${user}" | cut -d: -f7)" if [ -n "${USER_SHELL}" ]; then - if jexec -l "${_jail}" grep -qwF "${USER_SHELL}" /etc/shells; then - jexec -l "${_jail}" $LOGIN -f "${_user}" + if jexec -l "${jail}" grep -qwF "${USER_SHELL}" /etc/shells; then + jexec -l "${jail}" $LOGIN -f "${user}" else - echo "Invalid shell for user ${_user}" + echo "Invalid shell for user ${user}" fi else - echo "User ${_user} has no shell" + echo "User ${user} has no shell" fi else - echo "Unknown user ${_user}" + echo "Unknown user ${user}" fi } check_fib() { - local _jail="${1}" + local jail="${1}" - fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g') + fib=$(grep 'exec.fib' "${bastille_jailsdir}/${jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g') if [ -n "${fib}" ]; then - _setfib="setfib -F ${fib}" + setfib="setfib -F ${fib}" else - _setfib="" + setfib="" fi } -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate jail state - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" - LOGIN="$(jexec -l "${_jail}" which login)" + LOGIN="$(jexec -l "${jail}" which login)" if [ -n "${USER}" ]; then - validate_user "${_jail}" "${USER}" + validate_user "${jail}" "${USER}" else - check_fib "${_jail}" - LOGIN="$(jexec -l "${_jail}" which login)" - ${_setfib} jexec -l "${_jail}" ${LOGIN} -f root + check_fib "${jail}" + LOGIN="$(jexec -l "${jail}" which login)" + ${setfib} jexec -l "${jail}" ${LOGIN} -f root fi done diff --git a/usr/local/share/bastille/convert.sh b/usr/local/share/bastille/convert.sh index f8a91b86..d04fecbd 100644 --- a/usr/local/share/bastille/convert.sh +++ b/usr/local/share/bastille/convert.sh @@ -105,12 +105,12 @@ fi validate_release_name() { - local _name=${1} - local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')" + local name=${1} + local sanity="$(echo "${name}" | tr -c -d 'a-zA-Z0-9-_')" - if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then + if [ -n "$(echo "${sanity}" | awk "/^[-_].*$/" )" ]; then error_exit "[ERROR]: Release names may not begin with (-|_) characters!" - elif [ "${_name}" != "${_sanity}" ]; then + elif [ "${name}" != "${sanity}" ]; then error_exit "[ERROR]: Release names may not contain special characters!" fi @@ -118,10 +118,10 @@ validate_release_name() { convert_jail_to_release() { - _jailname="${1}" - _release="${2}" + jail_name="${1}" + release="${2}" - info "\nAttempting to create '${_release}' from '${_jailname}'..." + info "\nAttempting to create '${release}' from '${jail_name}'..." if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then @@ -136,35 +136,35 @@ convert_jail_to_release() { ## take a temp snapshot of the jail SNAP_NAME="bastille-$(date +%Y-%m-%d-%H%M%S)" # shellcheck disable=SC2140 - zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jailname}/root"@"${SNAP_NAME}" + zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail_name}/root"@"${SNAP_NAME}" ## replicate the release base to the new thickjail and set the default mountpoint # shellcheck disable=SC2140 - zfs send ${OPT_SEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jailname}/root"@"${SNAP_NAME}" | \ - zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}" - zfs set ${ZFS_OPTIONS} mountpoint=none "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}" - zfs inherit mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}" + zfs send ${OPT_SEND} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail_name}/root"@"${SNAP_NAME}" | \ + zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}" + zfs set ${ZFS_OPTIONS} mountpoint=none "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}" + zfs inherit mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}" ## cleanup temp snapshots initially # shellcheck disable=SC2140 - zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jailname}/root"@"${SNAP_NAME}" + zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail_name}/root"@"${SNAP_NAME}" # shellcheck disable=SC2140 - zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}"@"${SNAP_NAME}" + zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}"@"${SNAP_NAME}" fi if [ "$?" -ne 0 ]; then ## notify and clean stale files/directories - zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${_release}" + zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${release}" error_exit "Failed to create release. Please retry!" else - info "\nCreated '${_release}' from '${_jailname}'\n" + info "\nCreated '${release}' from '${jail_name}'\n" fi else ## copy all files for thick jails - cp -a "${bastille_jailsdir}/${_jailname}/root" "${bastille_releasesdir}/${_release}" + cp -a "${bastille_jailsdir}/${jail_name}/root" "${bastille_releasesdir}/${release}" if [ "$?" -ne 0 ]; then ## notify and clean stale files/directories bastille destroy -af "${NAME}" error_exit "[ERROR]: Failed to create release. Please retry!" else - info "\nCreated '${_release}' from '${_jailname}'\n" + info "\nCreated '${release}' from '${jail_name}'\n" fi fi } diff --git a/usr/local/share/bastille/cp.sh b/usr/local/share/bastille/cp.sh index 88e19b30..f04534ce 100644 --- a/usr/local/share/bastille/cp.sh +++ b/usr/local/share/bastille/cp.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in q) OPTION="-a" ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -88,12 +88,12 @@ ERRORS=0 bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do - info "\n[${_jail}]:" + info "\n[${jail}]:" host_path="${HOST_PATH}" - jail_path="$(echo ${bastille_jailsdir}/${_jail}/root/${JAIL_PATH} | sed 's#//#/#g')" + jail_path="$(echo ${bastille_jailsdir}/${jail}/root/${JAIL_PATH} | sed 's#//#/#g')" # Workaround to properly copy host resolv.conf to jail if the host file is a symlink. if [ "${host_path}" = "${bastille_resolv_conf}" ] && [ -L "${host_path}" ]; then diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 51ff6518..78a34d1e 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -198,9 +198,9 @@ validate_netif() { if ! echo "${LIST_INTERFACES} VNET" | grep -qwo "${INTERFACE}"; then error_exit "[ERROR]: Invalid interface: ${INTERFACE}" elif [ "${VNET_JAIL_STANDARD}" -eq 1 ]; then - for _bridge in $(ifconfig -g bridge | grep -vw "${INTERFACE}bridge"); do - if ifconfig ${_bridge} | grep "member" | grep -owq "${INTERFACE}"; then - error_exit "[ERROR]: Interface '${INTERFACE}' is already a member of bridge: ${_bridge}" + for bridge in $(ifconfig -g bridge | grep -vw "${INTERFACE}bridge"); do + if ifconfig ${bridge} | grep "member" | grep -owq "${INTERFACE}"; then + error_exit "[ERROR]: Interface '${INTERFACE}' is already a member of bridge: ${bridge}" fi done else @@ -452,8 +452,8 @@ create_jail() { if [ "${THICK_JAIL}" -eq 0 ] && [ "${CLONE_JAIL}" -eq 0 ]; then LINK_LIST="bin boot lib libexec rescue sbin usr/bin usr/include usr/lib usr/lib32 usr/libdata usr/libexec usr/sbin usr/share usr/src" info "\nCreating a thinjail..." - for _link in ${LINK_LIST}; do - ln -sf /.bastille/${_link} ${_link} + for link in ${LINK_LIST}; do + ln -sf /.bastille/${link} ${link} done # Properly link shared ports on thin jails in read-write. @@ -809,8 +809,8 @@ while [ $# -gt 0 ]; do OPT_NAMESERVER="${2}" # Validate nameserver if [ -n "${OPT_NAMESERVER}" ]; then - for _nameserver in $(echo ${OPT_NAMESERVER} | sed 's/,/ /g'); do - if ! validate_ip "${_nameserver}" >/dev/null 2>/dev/null; then + for nameserver in $(echo ${OPT_NAMESERVER} | sed 's/,/ /g'); do + if ! validate_ip "${nameserver}" >/dev/null 2>/dev/null; then error_exit "[ERROR]: Invalid nameserver(s): ${OPT_NAMESERVER}" fi done @@ -864,8 +864,8 @@ while [ $# -gt 0 ]; do shift 2 ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in B) VNET_JAIL=1 VNET_JAIL_BRIDGE=1 ;; C) CLONE_JAIL=1 ;; D) DUAL_STACK=1 ;; diff --git a/usr/local/share/bastille/destroy.sh b/usr/local/share/bastille/destroy.sh index c6a977dd..44d16920 100644 --- a/usr/local/share/bastille/destroy.sh +++ b/usr/local/share/bastille/destroy.sh @@ -51,30 +51,30 @@ EOF destroy_jail() { - local _jail="${1}" + local jail="${1}" local OPTIONS="" - bastille_jail_base="${bastille_jailsdir}/${_jail}" - bastille_jail_log="${bastille_logsdir}/${_jail}_console.log" + bastille_jail_base="${bastille_jailsdir}/${jail}" + bastille_jail_log="${bastille_logsdir}/${jail}_console.log" # Validate jail state before continuing - check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille stop "${_jail}" + check_target_is_stopped "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille stop "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is running." error_continue "Use [-a|--auto] to auto-stop the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" # Ask if user is sure they want to destroy the jail # but only if AUTO_YES=0 if [ "${AUTO_YES}" -ne 1 ]; then - warn "\nAttempting to destroy jail: ${_jail}\n" + warn "\nAttempting to destroy jail: ${jail}\n" # shellcheck disable=SC3045 - read -p "Are you sure you want to continue? [y|n]:" _answer - case "${_answer}" in + read -p "Are you sure you want to continue? [y|n]:" answer + case "${answer}" in [Yy]|[Yy][Ee][Ss]) ;; [Nn]|[Nn][Oo]) @@ -92,7 +92,7 @@ destroy_jail() { mount_points="$(mount | cut -d ' ' -f 3 | grep ${bastille_jail_base}/root/)" if [ -n "${mount_points}" ]; then - error_notify "[ERROR]: Failed to destroy jail: ${_jail}" + error_notify "[ERROR]: Failed to destroy jail: ${jail}" error_continue "Jail has mounted filesystems:\n$mount_points" fi @@ -100,7 +100,7 @@ destroy_jail() { if checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then - if [ -n "${_jail}" ]; then + if [ -n "${jail}" ]; then OPTIONS="-r" if [ "${FORCE}" = "1" ]; then OPTIONS="-rf" @@ -108,7 +108,7 @@ destroy_jail() { # Remove jail zfs dataset recursively, or abort if error thus precerving jail content. # This will deal with the common "cannot unmount 'XYZ': pool or dataset is busy" # unless the force option is defined by the user, otherwise will have a partially deleted jail. - if ! zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}"; then + if ! zfs destroy "${OPTIONS}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"; then error_continue "[ERROR]: Jail dataset(s) appears to be busy, exiting." fi fi @@ -131,9 +131,9 @@ destroy_jail() { fi # Clear any active rdr rules - if [ ! -z "$(pfctl -a "rdr/${_jail}" -Psn 2>/dev/null)" ]; then + if [ ! -z "$(pfctl -a "rdr/${jail}" -Psn 2>/dev/null)" ]; then echo "Clearing RDR rules..." - pfctl -a "rdr/${_jail}" -Fn + pfctl -a "rdr/${jail}" -Fn fi fi } @@ -159,22 +159,22 @@ destroy_release() { JAIL_LIST=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g") - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do - if grep -qwo "${TARGET}" "${bastille_jailsdir}/${_jail}/fstab" 2>/dev/null; then - error_notify "[ERROR]: (${_jail}) depends on ${TARGET} base." + if grep -qwo "${TARGET}" "${bastille_jailsdir}/${jail}/fstab" 2>/dev/null; then + error_notify "[ERROR]: (${jail}) depends on ${TARGET} base." BASE_HASCHILD="1" elif checkyesno bastille_zfs_enable; then if [ -n "${bastille_zfs_zpool}" ]; then ## check if this release have child clones if zfs list -H -t snapshot -r "${bastille_rel_base}" > /dev/null 2>&1; then SNAP_CLONE=$(zfs list -H -t snapshot -r "${bastille_rel_base}" 2> /dev/null | awk '{print $1}') - for _snap_clone in ${SNAP_CLONE}; do - if zfs list -H -o clones "${_snap_clone}" > /dev/null 2>&1; then - CLONE_JAIL=$(zfs list -H -o clones "${_snap_clone}" | tr ',' '\n') - CLONE_CHECK="${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}/root" + for snap_clone in ${SNAP_CLONE}; do + if zfs list -H -o clones "${snap_clone}" > /dev/null 2>&1; then + CLONE_JAIL=$(zfs list -H -o clones "${snap_clone}" | tr ',' '\n') + CLONE_CHECK="${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}/root" if echo "${CLONE_JAIL}" | grep -qw "${CLONE_CHECK}"; then - error_notify "[ERROR]: (${_jail}) depends on ${TARGET} base." + error_notify "[ERROR]: (${jail}) depends on ${TARGET} base." BASE_HASCHILD="1" fi fi @@ -258,8 +258,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; c) NO_CACHE=1 ;; f) FORCE=1 ;; @@ -338,8 +338,8 @@ case "${TARGET}" in else # Destroy targeted jail(s) set_target "${TARGET}" "reverse" - for _jail in ${JAILS}; do - destroy_jail "${_jail}" + for jail in ${JAILS}; do + destroy_jail "${jail}" done fi ;; diff --git a/usr/local/share/bastille/etcupdate.sh b/usr/local/share/bastille/etcupdate.sh index f92c1041..d21378e0 100644 --- a/usr/local/share/bastille/etcupdate.sh +++ b/usr/local/share/bastille/etcupdate.sh @@ -187,8 +187,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in d) DRY_RUN=1 ;; f) FORCE=1 ;; x) enable_debug ;; diff --git a/usr/local/share/bastille/export.sh b/usr/local/share/bastille/export.sh index bcf43d78..5a7f4f0d 100644 --- a/usr/local/share/bastille/export.sh +++ b/usr/local/share/bastille/export.sh @@ -212,8 +212,8 @@ else shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; l) LIVE=1 ;; x) enable_debug ;; diff --git a/usr/local/share/bastille/htop.sh b/usr/local/share/bastille/htop.sh index adb5f811..1eb16d82 100644 --- a/usr/local/share/bastille/htop.sh +++ b/usr/local/share/bastille/htop.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh index c4846a48..e31e0020 100644 --- a/usr/local/share/bastille/import.sh +++ b/usr/local/share/bastille/import.sh @@ -78,8 +78,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in f) OPT_FORCE=1 ;; M) OPT_STATIC_MAC=1 ;; v) OPT_ZRECV="-u -v" ;; @@ -501,15 +501,15 @@ update_symlinks() { # Update old symlinks info "\nUpdating symlinks..." - for _link in ${SYMLINKS}; do - if [ -L "${_link}" ]; then - ln -sf /.bastille/${_link} ${_link} - elif [ "${ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED:-0}" = "1" ] && [ -d "${_link}" ]; then + for link in ${SYMLINKS}; do + if [ -L "${link}" ]; then + ln -sf /.bastille/${link} ${link} + elif [ "${ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED:-0}" = "1" ] && [ -d "${link}" ]; then # -F will enforce that the directory is empty and replaced by the symlink - ln -sfF /.bastille/${_link} ${_link} || EXIT_CODE=$? + ln -sfF /.bastille/${link} ${link} || EXIT_CODE=$? if [ "${EXIT_CODE:-0}" != "0" ]; then # Assume that the failure was due to the directory not being empty and explain the problem in friendlier terms - warn "[WARNING]: directory ${_link} on imported jail was not empty and will not be updated by Bastille" + warn "[WARNING]: directory ${link} on imported jail was not empty and will not be updated by Bastille" fi fi done diff --git a/usr/local/share/bastille/jcp.sh b/usr/local/share/bastille/jcp.sh index 77247bd1..a7c94e67 100644 --- a/usr/local/share/bastille/jcp.sh +++ b/usr/local/share/bastille/jcp.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in q) OPTION="-a" ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -90,16 +90,16 @@ bastille_root_check set_target_single "${SOURCE_TARGET}" && SOURCE_TARGET="${TARGET}" set_target "${DEST_TARGET}" && DEST_TARGET="${JAILS}" -for _jail in ${DEST_TARGET}; do +for jail in ${DEST_TARGET}; do - if [ "${_jail}" = "${SOURCE_TARGET}" ]; then + if [ "${jail}" = "${SOURCE_TARGET}" ]; then continue else - info "\n[${_jail}]:" + info "\n[${jail}]:" source_path="$(echo ${bastille_jailsdir}/${SOURCE_TARGET}/root/${SOURCE_PATH} | sed 's#//#/#g')" - dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')" + dest_path="$(echo ${bastille_jailsdir}/${jail}/root/${DEST_PATH} | sed 's#//#/#g')" if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then ERRORS=$((ERRORS + 1)) diff --git a/usr/local/share/bastille/limits.sh b/usr/local/share/bastille/limits.sh index 83a020cb..091c20ec 100644 --- a/usr/local/share/bastille/limits.sh +++ b/usr/local/share/bastille/limits.sh @@ -74,8 +74,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; l) OPT_LOG=1 ;; x) enable_debug ;; @@ -114,11 +114,11 @@ set_target "${TARGET}" validate_cpus() { - local _cpus="${1}" + local cpus="${1}" - for _cpu in $(echo ${_cpus} | sed 's/,/ /g'); do - if ! cpuset -l ${_cpu} 2>/dev/null; then - error_notify "[ERROR]: CPU is not available: ${_cpu}" + for cpu in $(echo ${cpus} | sed 's/,/ /g'); do + if ! cpuset -l ${cpu} 2>/dev/null; then + error_notify "[ERROR]: CPU is not available: ${cpu}" return 1 fi done @@ -127,30 +127,30 @@ validate_cpus() { add_cpuset() { - local _jail="${1}" - local _cpus="${2}" - local _cpuset_rule="$(echo ${_cpus} | sed 's/ /,/g')" + local jail="${1}" + local cpus="${2}" + local cpuset_rule="$(echo ${cpus} | sed 's/ /,/g')" # Persist cpuset value - echo "${_cpuset_rule}" >> "${bastille_jailsdir}/${_jail}/cpuset.conf" + echo "${cpuset_rule}" >> "${bastille_jailsdir}/${jail}/cpuset.conf" echo -e "[CPU LIMITS]: ${OPTION} ${VALUE}" # Restart jail to apply cpuset - bastille restart ${_jail} + bastille restart ${jail} } -for _jail in ${JAILS}; do +for jail in ${JAILS}; do - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" case "${ACTION}" in @@ -162,32 +162,32 @@ for _jail in ${JAILS}; do # Limit cpus for jail if [ "${OPTION}" = "cpu" ] || [ "${OPTION}" = "cpus" ] || [ "${OPTION}" = "cpuset" ]; then validate_cpus "${VALUE}" || continue - add_cpuset "${_jail}" "${VALUE}" + add_cpuset "${jail}" "${VALUE}" else # Add rctl rule to rctl.conf - _rctl_rule="jail:${_jail}:${OPTION}:deny=${VALUE}/jail" - _rctl_rule_log="jail:${_jail}:${OPTION}:log=${VALUE}/jail" + rctl_rule="jail:${jail}:${OPTION}:deny=${VALUE}/jail" + rctl_rule_log="jail:${jail}:${OPTION}:log=${VALUE}/jail" # Check whether the entry already exists and, if so, update it. -- cwells - if grep -qs "jail:${_jail}:${OPTION}:deny" "${bastille_jailsdir}/${_jail}/rctl.conf"; then - _escaped_option=$(echo "${OPTION}" | sed 's/\//\\\//g') - _escaped_rctl_rule=$(echo "${_rctl_rule}" | sed 's/\//\\\//g') - _escaped_rctl_rule_log=$(echo "${_rctl_rule_log}" | sed 's/\//\\\//g') - sed -i '' -E "s/jail:${_jail}:${_escaped_option}:deny.+/${_escaped_rctl_rule}/" "${bastille_jailsdir}/${_jail}/rctl.conf" + if grep -qs "jail:${jail}:${OPTION}:deny" "${bastille_jailsdir}/${jail}/rctl.conf"; then + escaped_option=$(echo "${OPTION}" | sed 's/\//\\\//g') + escaped_rctl_rule=$(echo "${rctl_rule}" | sed 's/\//\\\//g') + escaped_rctl_rule_log=$(echo "${rctl_rule_log}" | sed 's/\//\\\//g') + sed -i '' -E "s/jail: ${jail}:${escaped_option}:deny.+/${escaped_rctl_rule}/" "${bastille_jailsdir}/${jail}/rctl.conf" if [ "${OPT_LOG}" -eq 1 ]; then - sed -i '' -E "s/jail:${_jail}:${_escaped_option}:log.+/${_escaped_rctl_rule_log}/" "${bastille_jailsdir}/${_jail}/rctl.conf" + sed -i '' -E "s/jail:${jail}:${escaped_option}:log.+/${escaped_rctl_rule_log}/" "${bastille_jailsdir}/${jail}/rctl.conf" fi else # Just append the entry. -- cwells - echo "${_rctl_rule}" >> "${bastille_jailsdir}/${_jail}/rctl.conf" + echo "${rctl_rule}" >> "${bastille_jailsdir}/${jail}/rctl.conf" if [ "${OPT_LOG}" -eq 1 ]; then - echo "${_rctl_rule_log}" >> "${bastille_jailsdir}/${_jail}/rctl.conf" + echo "${rctl_rule_log}" >> "${bastille_jailsdir}/${jail}/rctl.conf" fi fi if [ "${OPT_LOG}" -eq 1 ]; then echo -e "[LOGGING]: ${OPTION} ${VALUE}" - rctl -a "${_rctl_rule}" "${_rctl_rule_log}" + rctl -a "${rctl_rule}" "${rctl_rule_log}" else echo -e "${OPTION} ${VALUE}" - rctl -a "${_rctl_rule}" + rctl -a "${rctl_rule}" fi fi ;; @@ -199,25 +199,25 @@ for _jail in ${JAILS}; do if [ "${OPTION}" = "cpu" ] || [ "${OPTION}" = "cpus" ] || [ "${OPTION}" = "cpuset" ]; then # Remove cpuset.conf - if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then - rm -f "${bastille_jailsdir}/${_jail}/cpuset.conf" + if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then + rm -f "${bastille_jailsdir}/${jail}/cpuset.conf" echo "cpuset.conf removed." else error_continue "[ERROR]: cpuset.conf not found." fi # Restart jail to clear cpuset - bastille restart ${_jail} + bastille restart ${jail} else - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then # Remove rule from rctl.conf - if grep -qs "jail:${_jail}:${OPTION}:deny" "${bastille_jailsdir}/${_jail}/rctl.conf"; then - _rctl_rule="$(grep "jail:${_jail}:${OPTION}:deny" "${bastille_jailsdir}/${_jail}/rctl.conf")" - _rctl_rule_log="$(grep "jail:${_jail}:${OPTION}:log" "${bastille_jailsdir}/${_jail}/rctl.conf")" - rctl -r "${_rctl_rule}" "${_rctl_rule_log}" 2>/dev/null - sed -i '' "/.*${_jail}:${OPTION}.*/d" "${bastille_jailsdir}/${_jail}/rctl.conf" + if grep -qs "jail:${jail}:${OPTION}:deny" "${bastille_jailsdir}/${jail}/rctl.conf"; then + rctl_rule="$(grep "jail:${jail}:${OPTION}:deny" "${bastille_jailsdir}/${jail}/rctl.conf")" + rctl_rule_log="$(grep "jail:${jail}:${OPTION}:log" "${bastille_jailsdir}/${jail}/rctl.conf")" + rctl -r "${rctl_rule}" "${rctl_rule_log}" 2>/dev/null + sed -i '' "/.*${jail}:${OPTION}.*/d" "${bastille_jailsdir}/${jail}/rctl.conf" fi fi fi @@ -226,10 +226,10 @@ for _jail in ${JAILS}; do clear) # Remove rctl limits (rctl only) - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then - while read _limits; do - rctl -r "${_limits}" 2>/dev/null - done < "${bastille_jailsdir}/${_jail}/rctl.conf" + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then + while read limits; do + rctl -r "${limits}" 2>/dev/null + done < "${bastille_jailsdir}/${jail}/rctl.conf" echo "RCTL limits cleared." fi ;; @@ -237,28 +237,28 @@ for _jail in ${JAILS}; do list|show) # Show rctl limits - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then echo "-------------" echo "[RCTL Limits]" if [ "${1}" = "active" ]; then - rctl jail:${_jail} 2>/dev/null + rctl jail:${jail} 2>/dev/null else - cat "${bastille_jailsdir}/${_jail}/rctl.conf" + cat "${bastille_jailsdir}/${jail}/rctl.conf" fi fi # Show cpuset limits - if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then + if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then echo "-------------" echo "[CPU Limits]" if [ "${1}" = "active" ]; then - cpuset -g -j ${_jail} | head -1 2>/dev/null + cpuset -g -j ${jail} | head -1 2>/dev/null else - cat "${bastille_jailsdir}/${_jail}/cpuset.conf" + cat "${bastille_jailsdir}/${jail}/cpuset.conf" fi fi ;; @@ -266,39 +266,39 @@ for _jail in ${JAILS}; do stats) # Show statistics (rctl only) - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then - rctl -hu jail:${_jail} 2>/dev/null + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then + rctl -hu jail:${jail} 2>/dev/null fi ;; reset) # Remove active limits - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then - while read _limits; do - rctl -r "${_limits}" 2>/dev/null - done < "${bastille_jailsdir}/${_jail}/rctl.conf" + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then + while read limits; do + rctl -r "${limits}" 2>/dev/null + done < "${bastille_jailsdir}/${jail}/rctl.conf" echo "RCTL limits cleared." fi # Remove rctl.conf - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then - rm -f "${bastille_jailsdir}/${_jail}/rctl.conf" + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then + rm -f "${bastille_jailsdir}/${jail}/rctl.conf" echo "rctl.conf removed." else error_continue "[ERROR]: rctl.conf not found." fi # Remove cpuset.conf - if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then - rm -f "${bastille_jailsdir}/${_jail}/cpuset.conf" + if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then + rm -f "${bastille_jailsdir}/${jail}/cpuset.conf" echo "cpuset.conf removed." else error_continue "[ERROR]: cpuset.conf not found." fi # Restart jail to clear cpuset - bastille restart ${_jail} + bastille restart ${jail} ;; esac diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 6b74f9ae..b4bd8ca7 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -51,9 +51,9 @@ EOF print_info() { # Print jails in given order - for _file in $(echo ${_tmp_list} | sort); do - cat ${_file} - rm -f ${_file} + for file in $(echo ${tmp_list} | sort); do + cat ${file} + rm -f ${file} done } @@ -301,7 +301,7 @@ get_jail_info() { list_bastille(){ - _tmp_list= + tmp_list= get_max_lengths get_jail_list @@ -309,18 +309,18 @@ list_bastille(){ # Print header printf " JID%*sName%*sBoot%*sPrio%*sState%*sType%*sIP Address%*sPublished Ports%*sRelease%*sTags\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_TYPE} + ${SPACER} - 4))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do # Validate jail.conf existence - if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then - _tmp_jail=$(mktemp /tmp/bastille-list-${_jail}) + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + tmp_jail=$(mktemp /tmp/bastille-list-${jail}) else continue fi ( - get_jail_info "${_jail}" + get_jail_info "${jail}" # Get JAIL_IP count JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l) @@ -342,9 +342,9 @@ list_bastille(){ printf " ${JID}%*s${JAIL_NAME}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${JAIL_TYPE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_RELEASE}%*s${JAIL_TAGS}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_TYPE} - ${#JAIL_TYPE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" fi - ) > "${_tmp_jail}" & + ) > "${tmp_jail}" & - _tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")" + tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")" done wait @@ -354,7 +354,7 @@ list_bastille(){ list_all(){ - _tmp_list= + tmp_list= get_max_lengths get_jail_list @@ -362,18 +362,18 @@ list_all(){ # Print header printf " JID%*sBoot%*sPrio%*sState%*sIP Address%*sPublished Ports%*sHostname%*sRelease%*sPath\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} + ${SPACER} - 10))" "" "$((${MAX_LENGTH_JAIL_PORTS} + ${SPACER} - 15))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} + ${SPACER} - 8))" "" "$((${MAX_LENGTH_JAIL_RELEASE} + ${SPACER} - 7))" "" - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do # Validate jail.conf existence - if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then - _tmp_jail=$(mktemp /tmp/bastille-list-${_jail}) + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + tmp_jail=$(mktemp /tmp/bastille-list-${jail}) else continue fi ( - get_jail_info "${_jail}" + get_jail_info "${jail}" # Get jail IP count JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l) @@ -395,9 +395,9 @@ list_all(){ printf " ${JID}%*s${BOOT}%*s${PRIORITY}%*s${JAIL_STATE}%*s${JAIL_IP}%*s${JAIL_PORTS}%*s${JAIL_HOSTNAME}%*s${JAIL_RELEASE}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((4 - ${#BOOT} + ${SPACER}))" "" "$((4 - ${#PRIORITY} + ${SPACER}))" "" "$((5 - ${#JAIL_STATE} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_IP} - ${#JAIL_IP} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_PORTS} - ${#JAIL_PORTS} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_HOSTNAME} - ${#JAIL_HOSTNAME} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_RELEASE} - ${#JAIL_RELEASE} + ${SPACER}))" "" fi - ) > "${_tmp_jail}" & + ) > "${tmp_jail}" & - _tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")" + tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")" done wait @@ -407,7 +407,7 @@ list_all(){ list_ips() { - _tmp_list= + tmp_list= get_max_lengths get_jail_list @@ -415,24 +415,24 @@ list_ips() { # Print header printf " JID%*sName%*sIP Address\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" "" - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do # Validate jail.conf existence - if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then - _tmp_jail=$(mktemp /tmp/bastille-list-${_jail}) + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + tmp_jail=$(mktemp /tmp/bastille-list-${jail}) else continue fi ( - get_jail_info "${_jail}" + get_jail_info "${jail}" printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_IP_FULL}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" - ) > "${_tmp_jail}" & + ) > "${tmp_jail}" & - _tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")" + tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")" done wait @@ -442,7 +442,7 @@ list_ips() { list_paths() { - _tmp_list= + tmp_list= get_max_lengths get_jail_list @@ -450,24 +450,24 @@ list_paths() { # Print header printf " JID%*sName%*sPath\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" "" - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do # Validate jail.conf existence - if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then - _tmp_jail=$(mktemp /tmp/bastille-list-${_jail}) + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + tmp_jail=$(mktemp /tmp/bastille-list-${jail}) else continue fi ( - get_jail_info "${_jail}" + get_jail_info "${jail}" printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_PATH}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" - ) > "${_tmp_jail}" & + ) > "${tmp_jail}" & - _tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")" + tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")" done wait @@ -477,7 +477,7 @@ list_paths() { list_ports() { - _tmp_list= + tmp_list= get_max_lengths get_jail_list @@ -485,24 +485,24 @@ list_ports() { # Print header printf " JID%*sName%*sPublished Ports\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" "" - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do # Validate jail.conf existence - if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then - _tmp_jail=$(mktemp /tmp/bastille-list-${_jail}) + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + tmp_jail=$(mktemp /tmp/bastille-list-${jail}) else continue fi ( - get_jail_info "${_jail}" + get_jail_info "${jail}" printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_PORTS_FULL}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" - ) > "${_tmp_jail}" & + ) > "${tmp_jail}" & - _tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")" + tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")" done wait @@ -512,7 +512,7 @@ list_ports() { list_state() { - _tmp_list= + tmp_list= get_max_lengths get_jail_list @@ -520,24 +520,24 @@ list_state() { # Print header printf " JID%*sName%*sState\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" "" - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do # Validate jail.conf existence - if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then - _tmp_jail=$(mktemp /tmp/bastille-list-${_jail}) + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + tmp_jail=$(mktemp /tmp/bastille-list-${jail}) else continue fi ( - get_jail_info "${_jail}" + get_jail_info "${jail}" printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_STATE}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" - ) > "${_tmp_jail}" & + ) > "${tmp_jail}" & - _tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")" + tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")" done wait @@ -547,7 +547,7 @@ list_state() { list_type() { - _tmp_list= + tmp_list= get_max_lengths get_jail_list @@ -555,24 +555,24 @@ list_type() { # Print header printf " JID%*sName%*sType\n" "$((${MAX_LENGTH_JID} + ${SPACER} - 3))" "" "$((${MAX_LENGTH_JAIL_NAME} + ${SPACER} - 4))" "" - for _jail in ${JAIL_LIST}; do + for jail in ${JAIL_LIST}; do # Validate jail.conf existence - if [ -f "${bastille_jailsdir}/${_jail}/jail.conf" ]; then - _tmp_jail=$(mktemp /tmp/bastille-list-${_jail}) + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + tmp_jail=$(mktemp /tmp/bastille-list-${jail}) else continue fi ( - get_jail_info "${_jail}" + get_jail_info "${jail}" printf " ${JID}%*s${JAIL_NAME}%*s${JAIL_TYPE}\n" "$((${MAX_LENGTH_JID} - ${#JID} + ${SPACER}))" "" "$((${MAX_LENGTH_JAIL_NAME} - ${#JAIL_NAME} + ${SPACER}))" "" - ) > "${_tmp_jail}" & + ) > "${tmp_jail}" & - _tmp_list="$(printf "%s\n%s" "${_tmp_list}" "${_tmp_jail}")" + tmp_list="$(printf "%s\n%s" "${tmp_list}" "${tmp_jail}")" done wait @@ -606,11 +606,11 @@ list_snapshot(){ # TODO: Ability to list snapshot data for a single target. # List snapshots with its usage data for valid bastille jails only. if [ -d "${bastille_jailsdir}" ]; then - JAIL_LIST=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g") - for _JAIL in ${JAIL_LIST}; do - if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then - info "\n[${_JAIL}]:" - zfs list -r -t snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_JAIL}" + jail_list=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g") + for jail in ${jail_list}; do + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + info "\n[${jail}]:" + zfs list -r -t snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}" fi done fi @@ -622,10 +622,10 @@ list_template(){ list_jail(){ if [ -d "${bastille_jailsdir}" ]; then - JAIL_LIST=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g") - for _JAIL in ${JAIL_LIST}; do - if [ -f "${bastille_jailsdir}/${_JAIL}/jail.conf" ]; then - echo "${_JAIL}" + jail_list=$(ls -v --color=never "${bastille_jailsdir}" | sed "s/\n//g") + for jail in ${jail_list}; do + if [ -f "${bastille_jailsdir}/${jail}/jail.conf" ]; then + echo "${jail}" fi done fi @@ -678,8 +678,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) error_exit "[ERROR]: \"-a\" is deprecated. Use \"all\" instead." ;; d) OPT_STATE="Down" ;; j) OPT_JSON=1 ;; diff --git a/usr/local/share/bastille/migrate.sh b/usr/local/share/bastille/migrate.sh index 59417427..91f40f0c 100644 --- a/usr/local/share/bastille/migrate.sh +++ b/usr/local/share/bastille/migrate.sh @@ -97,8 +97,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; b) OPT_BACKUP=1 ;; d) OPT_DESTROY=1 ;; @@ -142,27 +142,27 @@ set_target "${TARGET}" validate_host_status() { - local _user="${1}" - local _host="${2}" - local _port="${3}" + local user="${1}" + local host="${2}" + local port="${3}" info "\nChecking remote host status..." # Host uptime - if ! nc -w 1 -z ${_host} ${_port} >/dev/null 2>/dev/null; then + if ! nc -w 1 -z ${host} ${port} >/dev/null 2>/dev/null; then error_exit "[ERROR]: Host appears to be down" fi # Host SSH check if [ "${OPT_PASSWORD}" -eq 1 ]; then - if ! ${_sshpass_cmd} ssh -p ${_port} ${_user}@${_host} exit >/dev/null 2>/dev/null; then + if ! ${sshpass_cmd} ssh -p ${port} ${user}@${host} exit >/dev/null 2>/dev/null; then error_notify "[ERROR]: Could not establish ssh connection to host." error_notify "Please make sure the remote host supports password based authentication" - error_exit "and you are using the correct password for user: '${_user}'" + error_exit "and you are using the correct password for user: '${user}'" fi - elif ! ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} exit >/dev/null 2>/dev/null; then + elif ! ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} exit >/dev/null 2>/dev/null; then error_notify "[ERROR]: Could not establish ssh connection to host." - error_notify "Please make sure user '${_user}' has password-less access" + error_notify "Please make sure user '${user}' has password-less access" error_exit "or use '-p|--password' for password based authentication." fi @@ -171,143 +171,143 @@ validate_host_status() { migrate_cleanup() { - local _jail="${1}" - local _user="${2}" - local _host="${3}" - local _port="${4}" + local jail="${1}" + local user="${2}" + local host="${3}" + local port="${4}" # Backup archives on remote system if [ "${OPT_BACKUP}" -eq 1 ]; then - _remote_bastille_backupsdir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_backupsdir)" + remote_bastille_backupsdir="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_backupsdir)" - ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} cp "${_remote_bastille_migratedir}/*" "${_remote_bastille_backupsdir}" + ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} cp "${remote_bastille_migratedir}/*" "${remote_bastille_backupsdir}" fi # Remove archive files from local and remote system - ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} rm -fr "${_remote_bastille_migratedir}" 2>/dev/null - rm -fr ${_local_bastille_migratedir} 2>/dev/null + ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} rm -fr "${remote_bastille_migratedir}" 2>/dev/null + rm -fr ${local_bastille_migratedir} 2>/dev/null } migrate_create_export() { - local _jail="${1}" - local _user="${2}" - local _host="${3}" - local _port="${4}" + local jail="${1}" + local user="${2}" + local host="${3}" + local port="${4}" info "\nPreparing jail for migration..." # Ensure /tmp/bastille-migrate has 777 perms - chmod 777 ${_local_bastille_migratedir} - ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} chmod 777 ${_remote_bastille_migratedir} + chmod 777 ${local_bastille_migratedir} + ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} chmod 777 ${remote_bastille_migratedir} # --xz for ZFS, otherwise --txz if checkyesno bastille_zfs_enable; then - bastille export --xz ${_jail} ${_local_bastille_migratedir} + bastille export --xz ${jail} ${local_bastille_migratedir} else - bastille export --txz ${_jail} ${_local_bastille_migratedir} + bastille export --txz ${jail} ${local_bastille_migratedir} fi } migrate_jail() { - local _jail="${1}" - local _user="${2}" - local _host="${3}" - local _port="${4}" + local jail="${1}" + local user="${2}" + local host="${3}" + local port="${4}" - _local_bastille_migratedir="$(mktemp -d /tmp/bastille-migrate-${_jail})" - _remote_bastille_zfs_enable="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_zfs_enable)" - _remote_bastille_jailsdir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_jailsdir)" - _remote_bastille_migratedir="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} mktemp -d /tmp/bastille-migrate-${_jail})" - _remote_jail_list="$(${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille list jails)" + local_bastille_migratedir="$(mktemp -d /tmp/bastille-migrate-${jail})" + remote_bastille_zfs_enable="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_zfs_enable)" + remote_bastille_jailsdir="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} sysrc -f /usr/local/etc/bastille/bastille.conf -n bastille_jailsdir)" + remote_bastille_migratedir="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} mktemp -d /tmp/bastille-migrate-${jail})" + remote_jail_list="$(${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille list jails)" - if [ -z "${_local_bastille_migratedir}" ] || [ -z "${_remote_bastille_migratedir}" ]; then - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" + if [ -z "${local_bastille_migratedir}" ] || [ -z "${remote_bastille_migratedir}" ]; then + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" error_notify "[ERROR]: Could not create /tmp/bastille-migrate." error_continue "Ensure it doesn't exist locally or remotely." fi # Verify jail does not exist remotely - if echo "${_remote_jail_list}" | grep -Eoqw "${_jail}"; then - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" - error_exit "[ERROR]: Jail already exists on remote system: ${_jail}" + if echo "${remote_jail_list}" | grep -Eoqw "${jail}"; then + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" + error_exit "[ERROR]: Jail already exists on remote system: ${jail}" fi # Verify ZFS on both systems if checkyesno bastille_zfs_enable; then - if ! checkyesno _remote_bastille_zfs_enable; then + if ! checkyesno remote_bastille_zfs_enable; then error_notify "[ERROR]: ZFS is enabled locally, but not remotely." error_exit "Enable ZFS remotely to continue." else - migrate_create_export "${_jail}" "${_user}" "${_host}" "${_port}" + migrate_create_export "${jail}" "${user}" "${host}" "${port}" info "\nAttempting to migrate jail to remote system..." - _file="$(find "${_local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.xz$" | head -n1)" - _file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')" + file="$(find "${local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${jail}_.*\.xz$" | head -n1)" + file_sha256="$(echo ${file} | sed 's/\..*/.sha256/')" # Send sha256 - if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" + if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file_sha256} ${user}@${host}:${remote_bastille_migratedir}; then + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" error_exit "[ERROR]: Failed to send jail to remote system." fi # Send jail export - if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" + if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file} ${user}@${host}:${remote_bastille_migratedir}; then + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" error_exit "[ERROR]: Failed to send jail to remote system." fi fi else - if checkyesno _remote_bastille_zfs_enable; then + if checkyesno remote_bastille_zfs_enable; then error_notify "[ERROR]: ZFS is enabled remotely, but not locally." error_exit "Enable ZFS locally to continue." else info "\nAttempting to migrate jail to remote system..." - migrate_create_export "${_jail}" "${_user}" "${_host}" "${_port}" + migrate_create_export "${jail}" "${user}" "${host}" "${port}" - _file="$(find "${_local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${_jail}_.*\.txz$" | head -n1)" - _file_sha256="$(echo ${_file} | sed 's/\..*/.sha256/')" + file="$(find "${local_bastille_migratedir}" -maxdepth 1 -type f | grep -Eo "${jail}_.*\.txz$" | head -n1)" + file_sha256="$(echo ${file} | sed 's/\..*/.sha256/')" # Send sha256 - if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file_sha256} ${_user}@${_host}:${_remote_bastille_migratedir}; then - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" + if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file_sha256} ${user}@${host}:${remote_bastille_migratedir}; then + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" error_exit "[ERROR]: Failed to migrate jail to remote system." fi # Send jail export - if ! ${_sshpass_cmd} scp -P ${_port} ${_opt_ssh_key} ${_local_bastille_migratedir}/${_file} ${_user}@${_host}:${_remote_bastille_migratedir}; then - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" + if ! ${sshpass_cmd} scp -P ${port} ${opt_ssh_key} ${local_bastille_migratedir}/${file} ${user}@${host}:${remote_bastille_migratedir}; then + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" error_exit "[ERROR]: Failed to migrate jail to remote system." fi fi fi # Import the jail remotely - if ! ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille import ${_remote_bastille_migratedir}/${_file}; then - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" + if ! ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille import ${remote_bastille_migratedir}/${file}; then + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" error_exit "[ERROR]: Failed to import jail on remote system." fi # Destroy old jail if OPT_DESTROY=1 if [ "${OPT_DESTROY}" -eq 1 ]; then - bastille destroy -afy "${_jail}" + bastille destroy -afy "${jail}" fi # Remove archives - migrate_cleanup "${_jail}" "${_user}" "${_host}" "${_port}" + migrate_cleanup "${jail}" "${user}" "${host}" "${port}" # Reconcile LIVE and AUTO, ensure only one side is running if [ "${AUTO}" -eq 1 ] && [ "${LIVE}" -eq 0 ]; then - ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille start "${_jail}" + ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille start "${jail}" elif [ "${AUTO}" -eq 1 ] && [ "${LIVE}" -eq 1 ]; then - bastille stop "${_jail}" - ${_sshpass_cmd} ssh -p ${_port} ${_opt_ssh_key} ${_user}@${_host} ${OPT_SU} bastille start "${_jail}" + bastille stop "${jail}" + ${sshpass_cmd} ssh -p ${port} ${opt_ssh_key} ${user}@${host} ${OPT_SU} bastille start "${jail}" fi } @@ -320,42 +320,42 @@ if [ "${OPT_PASSWORD}" -eq 1 ]; then printf "Please enter your password: " # We disable terminal output for the password stty -echo - read _password + read password stty echo printf "\n" - _sshpass_cmd="sshpass -p ${_password}" + sshpass_cmd="sshpass -p ${password}" fi else - _sshpass_cmd= + sshpass_cmd= fi # Get user we want to migrate as # We need this to pass the ssh keys properly if [ "${OPT_PASSWORD}" -eq 1 ]; then - _opt_ssh_key= + opt_ssh_key= else - _migrate_user_home="$(getent passwd ${USER} | cut -d: -f6)" + migrate_user_home="$(getent passwd ${USER} | cut -d: -f6)" # Validate custom keyfile if [ -n "${OPT_KEYFILE}" ]; then - if ! [ -f "${_migrate_user_home}/.ssh/${OPT_KEYFILE}" ]; then - error_exit "[ERROR]: Keyfile not found: ${_migrate_user_home}/.ssh/${OPT_KEYFILE}" + if ! [ -f "${migrate_user_home}/.ssh/${OPT_KEYFILE}" ]; then + error_exit "[ERROR]: Keyfile not found: ${migrate_user_home}/.ssh/${OPT_KEYFILE}" else - _migrate_user_ssh_key="${_migrate_user_home}/.ssh/${OPT_KEYFILE}" + migrate_user_ssh_key="${migrate_user_home}/.ssh/${OPT_KEYFILE}" fi else - _migrate_user_ssh_key="find ${_migrate_user_home}/.ssh -maxdepth 1 -type f ! -name '*.pub' | grep -Eos 'id_.*'" + migrate_user_ssh_key="find ${migrate_user_home}/.ssh -maxdepth 1 -type f ! -name '*.pub' | grep -Eos 'id_.*'" fi - _opt_ssh_key="-i ${_migrate_user_ssh_key}" + opt_ssh_key="-i ${migrate_user_ssh_key}" # Exit if no keys found - if [ -z "${_migrate_user_home}" ] || [ -z "${_migrate_user_ssh_key}" ]; then + if [ -z "${migrate_user_home}" ] || [ -z "${migrate_user_ssh_key}" ]; then error_exit "[ERROR]: Could not find keys for user: ${USER}" # Exit if multiple keys - elif [ "$(echo "${_migrate_user_ssh_key}" | wc -l)" -ne 1 ]; then - error_notify "[ERROR]: Multiple ssh keys found:\n${_migrate_user_ssh_key}" + elif [ "$(echo "${migrate_user_ssh_key}" | wc -l)" -ne 1 ]; then + error_notify "[ERROR]: Multiple ssh keys found:\n${migrate_user_ssh_key}" error_exit "Please use -k|--keyfile to specify one." fi fi @@ -363,27 +363,27 @@ fi # Validate host uptime validate_host_status "${USER}" "${HOST}" "${PORT}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate jail state if [ "${LIVE}" -eq 1 ]; then - if ! check_target_is_running "${_jail}"; then + if ! check_target_is_running "${jail}"; then error_exit "[ERROR]: [-l|--live] can only be used with a running jail." fi - elif ! check_target_is_stopped "${_jail}"; then + elif ! check_target_is_stopped "${jail}"; then if [ "${AUTO}" -eq 1 ]; then - bastille stop "${_jail}" + bastille stop "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "[ERROR]: Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail, or [-l|--live] (ZFS only) to migrate a running jail." fi fi - info "\nAttempting to migrate '${_jail}' to '${HOST}'..." + info "\nAttempting to migrate '${jail}' to '${HOST}'..." - migrate_jail "${_jail}" "${USER}" "${HOST}" "${PORT}" + migrate_jail "${jail}" "${USER}" "${HOST}" "${PORT}" - info "\nSuccessfully migrated '${_jail}' to '${HOST}'.\n" + info "\nSuccessfully migrated '${jail}' to '${HOST}'.\n" done diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index e46611e5..2bbf76bc 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -116,25 +116,25 @@ SERVICE_FAILED=0 bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do - bastille_jail_monitor="${bastille_jailsdir}/${_jail}/monitor" + bastille_jail_monitor="${bastille_jailsdir}/${jail}/monitor" # Skip if jail is not running or no monitor file - if ! check_target_is_running "${_jail}" || [ ! -f "${bastille_jail_monitor}" ]; then + if ! check_target_is_running "${jail}" || [ ! -f "${bastille_jail_monitor}" ]; then continue fi ## iterate service(s) and check service status; restart on failure if [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then - for _service in $(xargs < "${bastille_jail_monitor}"); do + for service in $(xargs < "${bastille_jail_monitor}"); do ## check service status - if ! jexec -l -U root "${_jail}" service "${_service}" status >/dev/null 2>/dev/null; then - echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "${bastille_monitor_logfile}" + if ! jexec -l -U root "${jail}" service "${service}" status >/dev/null 2>/dev/null; then + echo "$(date '+%Y-%m-%d %H:%M:%S'): ${service} service not running in ${jail}. Restarting..." | tee -a "${bastille_monitor_logfile}" ## attempt to restart the service if needed; update logs if unable - if ! jexec -l -U root "${_jail}" service "${_service}" restart; then - echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${_service} service in ${_jail}." | tee -a "${bastille_monitor_logfile}" + if ! jexec -l -U root "${jail}" service "${service}" restart; then + echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${service} service in ${jail}." | tee -a "${bastille_monitor_logfile}" SERVICE_FAILED=1 fi fi @@ -143,20 +143,20 @@ for _jail in ${JAILS}; do case ${ACTION} in add) [ -z "${SERVICE}" ] && usage - for _service in $(echo "${SERVICE}" | tr , ' '); do - if ! grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then - echo "${_service}" >> "${bastille_jail_monitor}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" + for service in $(echo "${SERVICE}" | tr , ' '); do + if ! grep -Eqs "^${service}\$" "${bastille_jail_monitor}"; then + echo "${service}" >> "${bastille_jail_monitor}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${service} on ${jail}" >> "${bastille_monitor_logfile}" fi done ;; del*) [ -z "${SERVICE}" ] && usage - for _service in $(echo "${SERVICE}" | tr , ' '); do + for service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file - if grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then - sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" + if grep -Eqs "^${service}\$" "${bastille_jail_monitor}"; then + sed -i '' "/^${service}\$/d" "${bastille_jail_monitor}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${service} on ${jail}" >> "${bastille_monitor_logfile}" fi # delete monitor file if empty [ ! -s "${bastille_jail_monitor}" ] && rm "${bastille_jail_monitor}" @@ -169,12 +169,12 @@ for _jail in ${JAILS}; do fi [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file if grep -Eqs "^${SERVICE}\$" "${bastille_jail_monitor}"; then - echo "${_jail}" + echo "${jail}" continue fi else if [ -f "${bastille_jail_monitor}" ]; then - info "\n[${_jail}]:" + info "\n[${jail}]:" xargs < "${bastille_jail_monitor}" fi fi diff --git a/usr/local/share/bastille/mount.sh b/usr/local/share/bastille/mount.sh index 4aa5fe7b..ba80266b 100644 --- a/usr/local/share/bastille/mount.sh +++ b/usr/local/share/bastille/mount.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" @@ -84,121 +84,121 @@ TARGET="${1}" shift if [ "$#" -eq 2 ]; then - _fstab="$(echo "$* nullfs ro 0 0" | sed 's#\\ #\\040#g')" + fstab="$(echo "$* nullfs ro 0 0" | sed 's#\\ #\\040#g')" else - _fstab="$(echo "$*" | sed 's#\\ #\\040#g')" + fstab="$(echo "$*" | sed 's#\\ #\\040#g')" fi bastille_root_check set_target "${TARGET}" # Assign variables -_hostpath_fstab=$(echo "${_fstab}" | awk '{print $1}') -_hostpath="$(echo "${_hostpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" -_jailpath_fstab=$(echo "${_fstab}" | awk '{print $2}') -_jailpath="$(echo "${_jailpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" -_type=$(echo "${_fstab}" | awk '{print $3}') -_perms=$(echo "${_fstab}" | awk '{print $4}') -_checks=$(echo "${_fstab}" | awk '{print $5" "$6}') +hostpath_fstab=$(echo "${fstab}" | awk '{print $1}') +hostpath="$(echo "${hostpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" +jailpath_fstab=$(echo "${fstab}" | awk '{print $2}') +jailpath="$(echo "${jailpath_fstab}" 2>/dev/null | sed 's#\\040# #g')" +type=$(echo "${fstab}" | awk '{print $3}') +perms=$(echo "${fstab}" | awk '{print $4}') +checks=$(echo "${fstab}" | awk '{print $5" "$6}') # Exit if any variables are empty -if [ -z "${_hostpath}" ] || [ -z "${_jailpath}" ] || [ -z "${_type}" ] || [ -z "${_perms}" ] || [ -z "${_checks}" ]; then +if [ -z "${hostpath}" ] || [ -z "${jailpath}" ] || [ -z "${type}" ] || [ -z "${perms}" ] || [ -z "${checks}" ]; then error_notify "FSTAB format not recognized." warn "Format: /host/path /jail/path nullfs ro 0 0" - warn "Read: ${_fstab}" + warn "Read: ${fstab}" fi # Warn on advanced mount option "tmpfs,linprocfs,linsysfs,fdescfs,procfs,zfs" # Create host path if non-existent -if { [ "${_hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \ - { [ "${_hostpath}" = "linprocfs" ] && [ "${_type}" = "linprocfs" ]; } || \ - { [ "${_hostpath}" = "linsysfs" ] && [ "${_type}" = "linsysfs" ]; } || \ - { [ "${_hostpath}" = "proc" ] && [ "${_type}" = "procfs" ]; } || \ - { [ "${_hostpath}" = "fdesc" ] && [ "${_type}" = "fdescfs" ]; } || \ - { [ "${_type}" = "zfs" ] && zfs list ${_hostpath} >/dev/null 2>/dev/null; } then - warn "\n[WARNING]: Detected advanced mount type: \"${_type}\"" -elif [ ! -e "${_hostpath}" ] && [ "${_type}" = "nullfs" ]; then - mkdir -p "${_hostpath}" -elif [ ! -e "${_hostpath}" ] || [ "${_type}" != "nullfs" ]; then +if { [ "${hostpath}" = "tmpfs" ] && [ "$_type" = "tmpfs" ]; } || \ + { [ "${hostpath}" = "linprocfs" ] && [ "${type}" = "linprocfs" ]; } || \ + { [ "${hostpath}" = "linsysfs" ] && [ "${type}" = "linsysfs" ]; } || \ + { [ "${hostpath}" = "proc" ] && [ "${type}" = "procfs" ]; } || \ + { [ "${hostpath}" = "fdesc" ] && [ "${type}" = "fdescfs" ]; } || \ + { [ "${type}" = "zfs" ] && zfs list ${hostpath} >/dev/null 2>/dev/null; } then + warn "\n[WARNING]: Detected advanced mount type: \"${type}\"" +elif [ ! -e "${hostpath}" ] && [ "${type}" = "nullfs" ]; then + mkdir -p "${hostpath}" +elif [ ! -e "${hostpath}" ] || [ "${type}" != "nullfs" ]; then error_notify "[ERROR]: Invalid host path or incorrect mount type in FSTAB." warn "Format: /host/path /jail/path nullfs ro 0 0" - warn "Read: ${_fstab}" + warn "Read: ${fstab}" exit 1 fi # Mount permissions,options must include one of "ro, rw, rq, sw, xx" -if ! echo "${_perms}" | grep -Eq '(ro|rw|rq|sw|xx)(,.*)?$'; then +if ! echo "${perms}" | grep -Eq '(ro|rw|rq|sw|xx)(,.*)?$'; then error_notify "Detected invalid mount permissions in FSTAB." warn "Format: /host/path /jail/path nullfs ro 0 0" - warn "Read: ${_fstab}" + warn "Read: ${fstab}" exit 1 fi # Dump and pass need to be "0 0 - 1 1" -if [ "${_checks}" != "0 0" ] && [ "${_checks}" != "1 0" ] && [ "${_checks}" != "0 1" ] && [ "${_checks}" != "1 1" ]; then +if [ "${checks}" != "0 0" ] && [ "${checks}" != "1 0" ] && [ "${checks}" != "0 1" ] && [ "${checks}" != "1 1" ]; then error_notify "Detected invalid fstab options in FSTAB." warn "Format: /host/path /jail/path nullfs ro 0 0" - warn "Read: ${_fstab}" + warn "Read: ${fstab}" exit 1 fi -for _jail in ${JAILS}; do +for jail in ${JAILS}; do - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" - _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )" - _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}" 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" + fullpath_fstab="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath_fstab}" 2>/dev/null | sed 's#//#/#' )" + fullpath="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath}" 2>/dev/null | sed 's#//#/#' )" + fstab_entry="${hostpath_fstab} ${fullpath_fstab} ${type} ${perms} ${checks}" # Check if mount point has already been added - _existing_mount="$(echo ${_fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" - if grep -Eq "[[:blank:]]${_existing_mount}[[:blank:]]" "${bastille_jailsdir}/${_jail}/fstab"; then - warn "Mountpoint already present in ${bastille_jailsdir}/${_jail}/fstab" - grep -E "[[:blank:]]${_existing_mount}" "${bastille_jailsdir}/${_jail}/fstab" + existing_mount="$(echo ${fullpath_fstab} 2>/dev/null | sed 's#\\#\\\\#g')" + if grep -Eq "[[:blank:]]${existing_mount}[[:blank:]]" "${bastille_jailsdir}/${jail}/fstab"; then + warn "Mountpoint already present in ${bastille_jailsdir}/${jail}/fstab" + grep -E "[[:blank:]]${existing_mount}" "${bastille_jailsdir}/${jail}/fstab" continue fi # Create mount point if it does not exist - if { [ -d "${_hostpath}" ] || [ "${_type}" = "zfs" ]; } && [ ! -d "${_fullpath}" ]; then - mkdir -p "${_fullpath}" || error_continue "Failed to create mount point." - elif [ -f "${_hostpath}" ] ; then - _filename="$( basename ${_hostpath} )" - if echo "${_fullpath}" 2>/dev/null | grep -qow "${_filename}"; then - mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." - if [ ! -f "${_fullpath}" ]; then - touch "${_fullpath}" || error_continue "Failed to create mount point." + if { [ -d "${hostpath}" ] || [ "${type}" = "zfs" ]; } && [ ! -d "${fullpath}" ]; then + mkdir -p "${fullpath}" || error_continue "Failed to create mount point." + elif [ -f "${hostpath}" ] ; then + filename="$( basename ${hostpath} )" + if echo "${fullpath}" 2>/dev/null | grep -qow "${filename}"; then + mkdir -p "$( dirname "${fullpath}" )" || error_continue "Failed to create mount point." + if [ ! -f "${fullpath}" ]; then + touch "${fullpath}" || error_continue "Failed to create mount point." else error_notify "Failed. File exists at mount point." - warn "${_fullpath}" + warn "${fullpath}" continue fi else - _fullpath_fstab="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath_fstab}/${_filename}" 2>/dev/null | sed 's#//#/#' )" - _fullpath="$( echo "${bastille_jailsdir}/${_jail}/root/${_jailpath}/${_filename}" 2>/dev/null | sed 's#//#/#' )" - _fstab_entry="${_hostpath_fstab} ${_fullpath_fstab} ${_type} ${_perms} ${_checks}" - mkdir -p "$( dirname "${_fullpath}" )" || error_continue "Failed to create mount point." - if [ ! -f "${_fullpath}" ]; then - touch "${_fullpath}" || error_continue "Failed to create mount point." + fullpath_fstab="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath_fstab}/${filename}" 2>/dev/null | sed 's#//#/#' )" + fullpath="$( echo "${bastille_jailsdir}/${jail}/root/${jailpath}/${filename}" 2>/dev/null | sed 's#//#/#' )" + fstab_entry="${hostpath_fstab} ${fullpath_fstab} ${type} ${perms} ${checks}" + mkdir -p "$( dirname "${fullpath}" )" || error_continue "Failed to create mount point." + if [ ! -f "${fullpath}" ]; then + touch "${fullpath}" || error_continue "Failed to create mount point." else error_notify "Failed. File exists at mount point." - warn "${_fullpath}" + warn "${fullpath}" continue fi fi fi # Add entry to fstab and mount - echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}" - mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" - echo "Added: ${_fstab_entry}" + echo "${fstab_entry}" >> "${bastille_jailsdir}/${jail}/fstab" || error_continue "Failed to create fstab entry: ${fstab_entry}" + mount -F "${bastille_jailsdir}/${jail}/fstab" -a || error_continue "Failed to mount volume: ${fullpath}" + echo "Added: ${fstab_entry}" done diff --git a/usr/local/share/bastille/network.sh b/usr/local/share/bastille/network.sh index 72f050fb..101d5aa0 100644 --- a/usr/local/share/bastille/network.sh +++ b/usr/local/share/bastille/network.sh @@ -104,8 +104,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _o in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do - case ${_o} in + for opt in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; B) BRIDGE=1 ;; M) STATIC_MAC=1 ;; @@ -615,7 +615,7 @@ add_vlan() { local jail_epair="$(grep 'e[0-9]+b_[^;" ]+' ${jail_config})" local jail_vnet="$(grep "${jail_epair}_name" ${jail_rc_config} | grep -Eo "vnet[0-9]+")" elif [ "${PASSTHROUGH}" -eq 1 ]; then - local _jail_vnet="${interface}" + local jail_vnet="${interface}" fi if grep -Eq "ifconfig_${jail_vnet}_${vlan_id}" "${bastille_jailsdir}/${jailname}/root/etc/rc.conf"; then error_exit "[ERROR]: VLAN has already been added: VLAN ${vlan_id}" diff --git a/usr/local/share/bastille/pkg.sh b/usr/local/share/bastille/pkg.sh index a767b688..05620f4b 100644 --- a/usr/local/share/bastille/pkg.sh +++ b/usr/local/share/bastille/pkg.sh @@ -73,8 +73,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; H) USE_HOST_PKG=1 ;; y) AUTO_YES=1 ;; @@ -101,36 +101,36 @@ ERRORS=0 bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate jail state - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" - bastille_jail_path="${bastille_jailsdir}/${_jail}/root" + bastille_jail_path="${bastille_jailsdir}/${jail}/root" if [ -f "/usr/sbin/mport" ]; then - jexec -l -U root "${_jail}" /usr/sbin/mport "$@" + jexec -l -U root "${jail}" /usr/sbin/mport "$@" elif [ -f "${bastille_jail_path}/usr/bin/apt" ]; then - jexec -l "${_jail}" /usr/bin/apt "$@" + jexec -l "${jail}" /usr/bin/apt "$@" elif [ "${USE_HOST_PKG}" -eq 1 ]; then if [ "${AUTO_YES}" -eq 1 ]; then - env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg -j ${_jail} "$@" + env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg -j ${jail} "$@" else - /usr/sbin/pkg -j ${_jail} "$@" + /usr/sbin/pkg -j ${jail} "$@" fi else if [ "${AUTO_YES}" -eq 1 ]; then - jexec -l -U root ${_jail} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg "$@" + jexec -l -U root ${jail} env ASSUME_ALWAYS_YES=yes /usr/sbin/pkg "$@" else - jexec -l -U root ${_jail} /usr/sbin/pkg "$@" + jexec -l -U root ${jail} /usr/sbin/pkg "$@" fi fi diff --git a/usr/local/share/bastille/rcp.sh b/usr/local/share/bastille/rcp.sh index 5e461656..f7e975fd 100644 --- a/usr/local/share/bastille/rcp.sh +++ b/usr/local/share/bastille/rcp.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in q) OPTION="-a" ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index 5254819c..fee20afa 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -54,24 +54,24 @@ check_jail_validity() { # Validate jail network type and set IP4/6 if [ "$( bastille config ${TARGET} get vnet )" != 'enabled' ]; then - _ip4_interfaces="$(bastille config ${TARGET} get ip4.addr | sed 's/,/ /g')" - _ip6_interfaces="$(bastille config ${TARGET} get ip6.addr | sed 's/,/ /g')" + ip4_interfaces="$(bastille config ${TARGET} get ip4.addr | sed 's/,/ /g')" + ip6_interfaces="$(bastille config ${TARGET} get ip6.addr | sed 's/,/ /g')" # Check if jail ip4.addr is valid (non-VNET only) - if [ "${_ip4_interfaces}" != "not set" ] && [ "${_ip4_interfaces}" != "disable" ]; then - if echo "${_ip4_interfaces}" | grep -q "|"; then - JAIL_IP="$(echo ${_ip4_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" + if [ "${ip4_interfaces}" != "not set" ] && [ "${ip4_interfaces}" != "disable" ]; then + if echo "${ip4_interfaces}" | grep -q "|"; then + JAIL_IP="$(echo ${ip4_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else - JAIL_IP="$(echo ${_ip4_interfaces} | sed -E 's#/[0-9]+$##g')" + JAIL_IP="$(echo ${ip4_interfaces} | sed -E 's#/[0-9]+$##g')" fi fi # Check if jail ip6.addr is valid (non-VNET only) - if [ "${_ip6_interfaces}" != "not set" ] && [ "${_ip6_interfaces}" != "disable" ]; then - if echo "${_ip6_interfaces}" | grep -q "|"; then - JAIL_IP6="$(echo ${_ip6_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" + if [ "${ip6_interfaces}" != "not set" ] && [ "${ip6_interfaces}" != "disable" ]; then + if echo "${ip6_interfaces}" | grep -q "|"; then + JAIL_IP6="$(echo ${ip6_interfaces} | awk '{print $1}' | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else - JAIL_IP6="$(echo ${_ip6_interfaces} | sed -E 's#/[0-9]+$##g')" + JAIL_IP6="$(echo ${ip6_interfaces} | sed -E 's#/[0-9]+$##g')" fi fi else diff --git a/usr/local/share/bastille/rename.sh b/usr/local/share/bastille/rename.sh index 154a7c22..352f7e1c 100644 --- a/usr/local/share/bastille/rename.sh +++ b/usr/local/share/bastille/rename.sh @@ -54,8 +54,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "Unknown Option: \"${1}\"" @@ -105,18 +105,18 @@ validate_name() { update_jailconf() { # Update jail.conf - local jail_conf="${bastille_jailsdir}/${NEWNAME}/jail.conf" + local jail_config="${bastille_jailsdir}/${NEWNAME}/jail.conf" local jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf" - if [ -f "${jail_conf}" ]; then - if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${jail_conf}"; then - sed -i '' "s|host.hostname.*=.*${TARGET};|host.hostname = ${NEWNAME};|" "${jail_conf}" - sed -i '' "s|exec.consolelog.*=.*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${jail_conf}" - sed -i '' "s|path.*=.*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${jail_conf}" - sed -i '' "s|mount.fstab.*=.*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${jail_conf}" - sed -i '' "s|^${TARGET}.*{$|${NEWNAME} {|" "${jail_conf}" + if [ -f "${jail_config}" ]; then + if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${jail_config}"; then + sed -i '' "s|host.hostname.*=.*${TARGET};|host.hostname = ${NEWNAME};|" "${jail_config}" + sed -i '' "s|exec.consolelog.*=.*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${jail_config}" + sed -i '' "s|path.*=.*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${jail_config}" + sed -i '' "s|mount.fstab.*=.*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${jail_config}" + sed -i '' "s|^${TARGET}.*{$|${NEWNAME} {|" "${jail_config}" fi - if grep -qo "vnet;" "${jail_conf}"; then + if grep -qo "vnet;" "${jail_config}"; then update_jailconf_vnet fi fi @@ -124,13 +124,13 @@ update_jailconf() { update_jailconf_vnet() { - local jail_conf="${bastille_jailsdir}/${NEWNAME}/jail.conf" + local jail_config="${bastille_jailsdir}/${NEWNAME}/jail.conf" local jail_rc_conf="${bastille_jailsdir}/${NEWNAME}/root/etc/rc.conf" if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then - local if_list="$(grep -Eo 'e[0-9]+a_[^;" ]+' ${jail_conf} | sort -u)" + local if_list="$(grep -Eo 'e[0-9]+a_[^;" ]+' ${jail_config} | sort -u)" elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then - local if_list="$(grep -Eo 'ng[0-9]+_[^;" ]+' ${jail_conf} | sort -u)" + local if_list="$(grep -Eo 'ng[0-9]+_[^;" ]+' ${jail_config} | sort -u)" fi for if in ${if_list}; do @@ -167,39 +167,39 @@ update_jailconf_vnet() { local new_if_prefix="$(echo ${new_host_epair} | awk -F'_' '{print $1}')" local new_if_suffix="$(echo ${new_host_epair} | awk -F'_' '{print $2}')" - if grep "${old_if_suffix}" "${jail_conf}" | grep -oq "jib addm"; then + if grep "${old_if_suffix}" "${jail_config}" | grep -oq "jib addm"; then # For -V jails # Replace host epair name in jail.conf - sed -i '' "s|jib addm ${old_if_suffix}\>|jib addm ${new_if_suffix}|g" "${jail_conf}" - sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_conf}" - sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_conf}" - sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_conf}" + sed -i '' "s|jib addm ${old_if_suffix}\>|jib addm ${new_if_suffix}|g" "${jail_config}" + sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_config}" + sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_config}" + sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_config}" # Replace jail epair name in jail.conf - sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_conf}" - sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_conf}" + sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_config}" + sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_config}" # Replace epair description - sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_conf}" + sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_config}" # Replace epair name in /etc/rc.conf sed -i '' "s|ifconfig_${old_jail_epair}_name|ifconfig_${new_jail_epair}_name|g" "${jail_rc_conf}" else # For -B jails # Replace host epair name in jail.conf - sed -i '' "s|up name ${old_host_epair}\>|up name ${new_host_epair}|g" "${jail_conf}" - sed -i '' "s|addm ${old_host_epair}\>|addm ${new_host_epair}|g" "${jail_conf}" - sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_conf}" - sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_conf}" - sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_conf}" + sed -i '' "s|up name ${old_host_epair}\>|up name ${new_host_epair}|g" "${jail_config}" + sed -i '' "s|addm ${old_host_epair}\>|addm ${new_host_epair}|g" "${jail_config}" + sed -i '' "s|\<${old_host_epair} ether|${new_host_epair} ether|g" "${jail_config}" + sed -i '' "s|\<${old_host_epair} destroy|${new_host_epair} destroy|g" "${jail_config}" + sed -i '' "s|\<${old_host_epair} description|${new_host_epair} description|g" "${jail_config}" # Replace jail epair name in jail.conf - sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_conf}" - sed -i '' "s|up name ${old_jail_epair}\>|up name ${new_jail_epair}|g" "${jail_conf}" - sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_conf}" + sed -i '' "s|= ${old_jail_epair};|= ${new_jail_epair};|g" "${jail_config}" + sed -i '' "s|up name ${old_jail_epair}\>|up name ${new_jail_epair}|g" "${jail_config}" + sed -i '' "s|\<${old_jail_epair} ether|${new_jail_epair} ether|g" "${jail_config}" # Replace epair description - sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_conf}" + sed -i '' "s|host interface for Bastille jail ${TARGET}\>|host interface for Bastille jail ${NEWNAME}|g" "${jail_config}" # Replace epair name in /etc/rc.conf sed -i '' "s|ifconfig_${old_jail_epair}_name|ifconfig_${new_jail_epair}_name|g" "${jail_rc_conf}" @@ -216,12 +216,12 @@ update_jailconf_vnet() { local new_if_suffix="$(echo ${new_ngif} | awk -F'_' '{print $2}')" # Replace netgraph interface name - sed -i '' "s|jng bridge ${old_if_suffix}\>|jng bridge ${new_if_suffix}|g" "${jail_conf}" - sed -i '' "s|\<${old_ngif} ether|${new_ngif} ether|g" "${jail_conf}" - sed -i '' "s|jng shutdown ${old_if_suffix}\>|jng shutdown ${new_if_suffix}|g" "${jail_conf}" + sed -i '' "s|jng bridge ${old_if_suffix}\>|jng bridge ${new_if_suffix}|g" "${jail_config}" + sed -i '' "s|\<${old_ngif} ether|${new_ngif} ether|g" "${jail_config}" + sed -i '' "s|jng shutdown ${old_if_suffix}\>|jng shutdown ${new_if_suffix}|g" "${jail_config}" # Replace jail epair name in jail.conf - sed -i '' "s|= ${old_ngif};|= ${new_ngif};|g" "${jail_conf}" + sed -i '' "s|= ${old_ngif};|= ${new_ngif};|g" "${jail_config}" # Replace epair name in /etc/rc.conf sed -i '' "s|ifconfig_${old_ngif}_name|ifconfig_${new_ngif}_name|g" "${jail_rc_conf}" diff --git a/usr/local/share/bastille/restart.sh b/usr/local/share/bastille/restart.sh index 7a6727fc..e3f73be5 100644 --- a/usr/local/share/bastille/restart.sh +++ b/usr/local/share/bastille/restart.sh @@ -50,8 +50,8 @@ EOF # Handle options. # We pass these to start and stop. -_start_options="" -_stop_options="" +start_options="" +stop_options="" IGNORE=0 while [ "$#" -gt 0 ]; do case "${1}" in @@ -59,11 +59,11 @@ while [ "$#" -gt 0 ]; do usage ;; -b|--boot) - _start_options="${_start_options} -b" + start_options="${start_options} -b" shift ;; -d|--delay) - _start_options="${_start_options} -d ${2}" + start_options="${start_options} -d ${2}" shift 2 ;; -i|--ignore) @@ -71,22 +71,22 @@ while [ "$#" -gt 0 ]; do shift ;; -v|--verbose) - _start_options="${_start_options} -v" - _stop_options="${_stop_options} -v" + start_options="${start_options} -v" + stop_options="${stop_options} -v" shift ;; -x|--debug) - _start_options="${_start_options} -x" - _stop_options="${_stop_options} -x" + start_options="${start_options} -x" + stop_options="${stop_options} -x" shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in - b) _start_options="${_start_options} -b" ;; + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in + b) start_options="${start_options} -b" ;; i) IGNORE=1 ;; - v) _start_options="${_start_options} -v" _stop_options="${_stop_options} -v" ;; - x) _start_options="${_start_options} -x" _stop_options="${_stop_options} -x" ;; + v) start_options="${start_options} -v" stop_options="${stop_options} -v" ;; + x) start_options="${start_options} -x" stop_options="${stop_options} -x" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; esac done @@ -107,15 +107,15 @@ TARGET="${1}" bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Restart all jails except if --ignore if [ "${IGNORE}" -eq 0 ]; then - bastille stop ${_stop_options} ${_jail} - bastille start ${_start_options} ${_jail} + bastille stop ${stop_options} ${jail} + bastille start ${start_options} ${jail} elif [ "${IGNORE}" -eq 1 ]; then - if check_target_is_stopped "${_jail}"; then - info "\n[${_jail}]:" + if check_target_is_stopped "${jail}"; then + info "\n[${jail}]:" error_continue "Jail is stopped." fi fi diff --git a/usr/local/share/bastille/service.sh b/usr/local/share/bastille/service.sh index 5f7742a3..a0e928ae 100644 --- a/usr/local/share/bastille/service.sh +++ b/usr/local/share/bastille/service.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -87,20 +87,20 @@ ERRORS=0 bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate jail state - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" - jexec -l "${_jail}" /usr/sbin/service "$@" + jexec -l "${jail}" /usr/sbin/service "$@" if [ "$?" -ne 0 ]; then ERRORS=$((ERRORS + 1)) diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh index a1e2b366..3d95c319 100644 --- a/usr/local/share/bastille/setup.sh +++ b/usr/local/share/bastille/setup.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in y) AUTO_YES=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -197,39 +197,39 @@ configure_loopback_interface() { configure_shared_interface() { - _auto_if="${1}" - _interface_list="$(ifconfig -l)" - _interface_count=0 + auto_if="${1}" + interface_list="$(ifconfig -l)" + interface_count=0 - if [ -z "${_interface_list}" ]; then + if [ -z "${interface_list}" ]; then error_exit "Unable to detect interfaces, exiting." fi if [ -z "$(sysrc -f ${BASTILLE_CONFIG} -n bastille_network_shared)" ]; then info "\nAttempting to configure shared interface for bastille..." info "\nListing available interfaces..." - if [ -z "${_auto_if}" ]; then - for _if in ${_interface_list}; do - echo "[${_interface_count}] ${_if}" - _if_num="${_if_num} [${_interface_count}]${_if}" - _interface_count=$(expr ${_interface_count} + 1) + if [ -z "${auto_if}" ]; then + for if in ${interface_list}; do + echo "[${interface_count}] ${if}" + if_num="${if_num} [${interface_count}]${if}" + interface_count=$(expr ${interface_count} + 1) done # shellcheck disable=SC3045 - read -p "Please select the interface you would like to use: " _interface_choice - if ! echo "${_interface_choice}" | grep -Eq "^[0-9]+$"; then + read -p "Please select the interface you would like to use: " interface_choice + if ! echo "${interface_choice}" | grep -Eq "^[0-9]+$"; then error_exit "Invalid input number, aborting!" else - _interface_select=$(echo "${_if_num}" | grep -wo "\[${_interface_choice}\][^ ]*" | sed 's/\[.*\]//g') + interface_select=$(echo "${if_num}" | grep -wo "\[${interface_choice}\][^ ]*" | sed 's/\[.*\]//g') fi else - _interface_select="${_auto_if}" + interface_select="${auto_if}" fi # Adjust bastille.conf to reflect above choices sysrc -f "${BASTILLE_CONFIG}" bastille_network_loopback="" sysrc cloned_interfaces-="lo1" ifconfig bastille0 destroy 2>/dev/null - sysrc -f "${BASTILLE_CONFIG}" bastille_network_shared="${_interface_select}" - info "\nShared interface successfully configured: [${_interface_select}]" + sysrc -f "${BASTILLE_CONFIG}" bastille_network_shared="${interface_select}" + info "\nShared interface successfully configured: [${interface_select}]" else info "\nShared interface has already been configured: [$(sysrc -f ${BASTILLE_CONFIG} -n bastille_network_shared)]" fi @@ -238,46 +238,46 @@ configure_shared_interface() { configure_bridge() { - _auto_if="${1}" - _interface_list="$(ifconfig -l)" - _interface_count=0 + auto_if="${1}" + interface_list="$(ifconfig -l)" + interface_count=0 - if [ -z "${_interface_list}" ]; then + if [ -z "${interface_list}" ]; then error_exit "Unable to detect interfaces, exiting." fi - if ! ifconfig -g bridge | grep -oqw "${_bridge_name}"; then - info "\nConfiguring ${_bridge_name} bridge interface..." + if ! ifconfig -g bridge | grep -oqw "${bridge_name}"; then + info "\nConfiguring ${bridge_name} bridge interface..." - if [ -z "${_auto_if}" ]; then + if [ -z "${auto_if}" ]; then info "\nListing available interfaces..." - for _if in ${_interface_list}; do - if ifconfig -g bridge | grep -oqw "${_if}" || ifconfig -g lo | grep -oqw "${_if}"; then + for if in ${interface_list}; do + if ifconfig -g bridge | grep -oqw "${if}" || ifconfig -g lo | grep -oqw "${if}"; then continue else - echo "[${_interface_count}] ${_if}" - _if_num="${_if_num} [${_interface_count}]${_if}" - _interface_count=$(expr ${_interface_count} + 1) + echo "[${interface_count}] ${if}" + if_num="${if_num} [${interface_count}]${if}" + interface_count=$(expr ${interface_count} + 1) fi done # shellcheck disable=SC3045 - read -p "Please select the interface to attach the bridge to: " _interface_choice - if ! echo "${_interface_choice}" | grep -Eq "^[0-9]+$"; then + read -p "Please select the interface to attach the bridge to: " interface_choice + if ! echo "${interface_choice}" | grep -Eq "^[0-9]+$"; then error_exit "Invalid input number, aborting!" else - _interface_select=$(echo "${_if_num}" | grep -wo "\[${_interface_choice}\][^ ]*" | sed 's/\[.*\]//g') + interface_select=$(echo "${if_num}" | grep -wo "\[${interface_choice}\][^ ]*" | sed 's/\[.*\]//g') fi else - _interface_select="${_auto_if}" + interface_select="${auto_if}" fi # Create bridge and persist on reboot - _bridge_name="${_interface_select}bridge" + bridge_name="${interface_select}bridge" ifconfig bridge0 create - ifconfig bridge0 name ${_bridge_name} - ifconfig ${_bridge_name} addm ${_interface_select} up + ifconfig bridge0 name ${bridge_name} + ifconfig ${bridge_name} addm ${interface_select} up sysrc cloned_interfaces+="bridge0" - sysrc ifconfig_bridge0_name="${_bridge_name}" - sysrc ifconfig_${_bridge_name}="addm ${_interface_select} up" + sysrc ifconfig_bridge0_name="${bridge_name}" + sysrc ifconfig_${bridge_name}="addm ${interface_select} up" # Set some sysctl values sysctl net.inet.ip.forwarding=1 @@ -290,9 +290,9 @@ configure_bridge() { echo net.link.bridge.pfil_member=0 >> /etc/sysctl.conf - info "\nBridge interface successfully configured: [${_bridge_name}]" + info "\nBridge interface successfully configured: [${bridge_name}]" else - info "\nBridge has alread been configured: [${_bridge_name}]" + info "\nBridge has alread been configured: [${bridge_name}]" fi } @@ -370,38 +370,38 @@ configure_storage() { if mount | grep "zfs" >/dev/null 2>/dev/null; then - _auto_zpool="${1}" + auto_zpool="${1}" if [ ! "$(kldstat -m zfs)" ]; then info "\nZFS module not loaded; skipping..." elif sysrc -f ${BASTILLE_CONFIG} -n bastille_zfs_enable | grep -Eoq "([Y|y][E|e][S|s])"; then info "\nZFS has already been configured!" else - if [ -z "${_auto_zpool}" ]; then - _zpool_list=$(zpool list | grep -v NAME | awk '{print $1}') - _zpool_count=0 + if [ -z "${auto_zpool}" ]; then + zpool_list=$(zpool list | grep -v NAME | awk '{print $1}') + zpool_count=0 if [ "$(zpool list | grep -v NAME | awk '{print $1}' | wc -l)" -eq 1 ]; then - _bastille_zpool="${_zpool_list}" + bastille_zpool="${zpool_list}" else info "\nMultiple zpools detected:" - for _zpool in ${_zpool_list}; do - echo "[${_zpool_count}] ${_zpool}" - _zpool_num="${_zpool_num} [${_zpool_count}]${_zpool}" - _zpool_count=$(expr ${_zpool_count} + 1) + for zpool in ${zpool_list}; do + echo "[${zpool_count}] ${zpool}" + zpool_num="${zpool_num} [${zpool_count}]${zpool}" + zpool_count=$(expr ${zpool_count} + 1) done # shellcheck disable=SC3045 - read -p "Please select the zpool for Bastille to use: " _zpool_choice - if ! echo "${_zpool_choice}" | grep -Eq "^[0-9]+$"; then + read -p "Please select the zpool for Bastille to use: " zpool_choice + if ! echo "${zpool_choice}" | grep -Eq "^[0-9]+$"; then error_exit "Invalid input number, aborting!" else - _zpool_select=$(echo "${_zpool_num}" | grep -wo "\[${_zpool_choice}\][^ ]*" | sed 's/\[.*\]//g') + zpool_select=$(echo "${zpool_num}" | grep -wo "\[${zpool_choice}\][^ ]*" | sed 's/\[.*\]//g') fi fi else - _bastille_zpool="${_auto_zpool}" + bastille_zpool="${auto_zpool}" fi sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_enable=YES - sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_zpool="${_bastille_zpool}" + sysrc -f "${BASTILLE_CONFIG}" bastille_zfs_zpool="${bastille_zpool}" info "\nUsing ZFS filesystem." fi elif mount | grep "ufs" >/dev/null 2>/dev/null; then @@ -430,8 +430,8 @@ case "${OPT_CONFIG}" in warn "[WARNING]: Running linux jails requires loading additional kernel" warn "modules, as well as installing the 'debootstrap' package." # shellcheck disable=SC3045 - read -p "Do you want to proceed with setup? [y|n]:" _answer - case "${_answer}" in + read -p "Do you want to proceed with setup? [y|n]:" answer + case "${answer}" in [Yy]|[Yy][Ee][Ss]) configure_linux ;; @@ -453,8 +453,8 @@ case "${OPT_CONFIG}" in warn "as VNET network options. You CANNOT use both on the same system. If you have" warn "already started using bastille with 'if_bridge' do not continue." # shellcheck disable=SC3045 - read -p "Do you really want to continue setting up netgraph for Bastille? [y|n]:" _answer - case "${_answer}" in + read -p "Do you really want to continue setting up netgraph for Bastille? [y|n]:" answer + case "${answer}" in [Yy]|[Yy][Ee][Ss]) configure_vnet configure_netgraph @@ -476,8 +476,8 @@ case "${OPT_CONFIG}" in warn "interface to be configured ant one time. If you continue, the 'shared'" warn "interface will be disabled, and the 'loopback' interface will be used as default." # shellcheck disable=SC3045 - read -p "Do you really want to continue setting up the loopback interface? [y|n]:" _answer - case "${_answer}" in + read -p "Do you really want to continue setting up the loopback interface? [y|n]:" answer + case "${answer}" in [Yy]|[Yy][Ee][Ss]) configure_loopback_interface ;; @@ -498,8 +498,8 @@ case "${OPT_CONFIG}" in warn "interface to be configured at one time. If you continue, the 'loopback'" warn "interface will be disabled, and the shared interface will be used as default." # shellcheck disable=SC3045 - read -p "Do you really want to continue setting up the shared interface? [y|n]:" _answer - case "${_answer}" in + read -p "Do you really want to continue setting up the shared interface? [y|n]:" answer + case "${answer}" in [Yy]|[Yy][Ee][Ss]) configure_shared_interface "${OPT_ARG}" ;; diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index decbdec5..ef207bd5 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -77,8 +77,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in b) BOOT=1 ;; v) OPTION="-v" ;; x) enable_debug ;; @@ -102,118 +102,118 @@ TARGET="${1}" bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Continue if '-b|--boot' is set and 'boot=off' if [ "${BOOT}" -eq 1 ]; then - BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n boot)" + BOOT_ENABLED="$(sysrc -f ${bastille_jailsdir}/${jail}/settings.conf -n boot)" if [ "${BOOT_ENABLED}" = "off" ]; then continue fi fi # Validate that all 'depends' jails are running - _depend_jails="$(sysrc -f ${bastille_jailsdir}/${_jail}/settings.conf -n depend)" - for _depend_jail in ${_depend_jails}; do + depend_jails="$(sysrc -f ${bastille_jailsdir}/${jail}/settings.conf -n depend)" + for depend_jail in ${depend_jails}; do if check_target_is_running; then continue else - bastille start ${_depend_jail} + bastille start ${depend_jail} fi done - if check_target_is_running "${_jail}"; then - info "\n[${_jail}]:" + if check_target_is_running "${jail}"; then + info "\n[${jail}]:" error_continue "Jail is already running." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" # Validate interfaces and add IPs to firewall table - if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then - _ip4_interfaces="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" - _ip6_interfaces="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')" + if [ "$(bastille config ${jail} get vnet)" != 'enabled' ]; then + ip4_interfaces="$(bastille config ${jail} get ip4.addr | sed 's/,/ /g')" + ip6_interfaces="$(bastille config ${jail} get ip6.addr | sed 's/,/ /g')" # IP4 - if [ "${_ip4_interfaces}" != "not set" ]; then - for _interface in ${_ip4_interfaces}; do - if echo "${_interface}" | grep -q "|"; then - _if="$(echo ${_interface} 2>/dev/null | awk -F"|" '{print $1}')" - _ip="$(echo ${_interface} 2>/dev/null | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" + if [ "${ip4_interfaces}" != "not set" ]; then + for interface in ${ip4_interfaces}; do + if echo "${interface}" | grep -q "|"; then + if="$(echo ${interface} 2>/dev/null | awk -F"|" '{print $1}')" + ip="$(echo ${interface} 2>/dev/null | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else - _if="$(bastille config ${_jail} get interface)" - _ip="$(echo ${_interface} | sed -E 's#/[0-9]+$##g')" + if="$(bastille config ${jail} get interface)" + ip="$(echo ${interface} | sed -E 's#/[0-9]+$##g')" fi - if ifconfig | grep "^${_if}:" >/dev/null; then - if ifconfig | grep -qwF "${_ip}"; then - warn "[WARNING]: IP address (${_ip}) already in use, continuing..." + if ifconfig | grep "^${if}:" >/dev/null; then + if ifconfig | grep -qwF "${ip}"; then + warn "[WARNING]: IP address (${ip}) already in use, continuing..." fi ## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed) - if route -n get ${_ip} | grep "gateway" >/dev/null; then - pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}" + if route -n get ${ip} | grep "gateway" >/dev/null; then + pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}" fi else - error_continue "[ERROR]: ${_if} interface does not exist." + error_continue "[ERROR]: ${if} interface does not exist." fi done fi # IP6 - if [ "${_ip6_interfaces}" != "not set" ]; then - for _interface in ${_ip6_interfaces}; do - if echo "${_interface}" | grep -q "|"; then - _if="$(echo ${_interface} | awk -F"|" '{print $1}')" - _ip="$(echo ${_interface} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" + if [ "${ip6_interfaces}" != "not set" ]; then + for interface in ${ip6_interfaces}; do + if echo "${interface}" | grep -q "|"; then + if="$(echo ${interface} | awk -F"|" '{print $1}')" + ip="$(echo ${interface} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else - _if="$(bastille config ${_jail} get interface)" - _ip="$(echo ${_interface} | sed -E 's#/[0-9]+$##g')" + if="$(bastille config ${jail} get interface)" + ip="$(echo ${interface} | sed -E 's#/[0-9]+$##g')" fi - if ifconfig | grep "^${_if}:" >/dev/null; then - if ifconfig | grep -qwF "${_ip}"; then - warn "[WARNING]: IP address (${_ip}) already in use, continuing..." + if ifconfig | grep "^${if}:" >/dev/null; then + if ifconfig | grep -qwF "${ip}"; then + warn "[WARNING]: IP address (${ip}) already in use, continuing..." fi ## add ip to firewall table if it is not reachable through local interface (assumes NAT/rdr is needed) - if route -6 -n get ${_ip} | grep "gateway" >/dev/null; then - pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip}" + if route -6 -n get ${ip} | grep "gateway" >/dev/null; then + pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}" fi else - error_continue "[ERROR]: ${_if} interface does not exist." + error_continue "[ERROR]: ${if} interface does not exist." fi done fi fi # Validate jailed datasets mountpoint - if [ -s "${bastille_jailsdir}/${_jail}/zfs.conf" ]; then + if [ -s "${bastille_jailsdir}/${jail}/zfs.conf" ]; then while read dataset mount; do if [ "$(zfs get -H -o value mountpoint ${dataset})" != "${mount}" ]; then zfs set jailed=off "${dataset}" zfs set mountpoint="${mount}" "${dataset}" zfs set jailed=on "${dataset}" fi - done < "${bastille_jailsdir}/${_jail}/zfs.conf" + done < "${bastille_jailsdir}/${jail}/zfs.conf" fi # Start jail - jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -c "${_jail}" + jail ${OPTION} -f "${bastille_jailsdir}/${jail}/jail.conf" -c "${jail}" # Add rctl limits - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then - while read _limits; do - rctl -a "${_limits}" - done < "${bastille_jailsdir}/${_jail}/rctl.conf" + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then + while read limits; do + rctl -a "${limits}" + done < "${bastille_jailsdir}/${jail}/rctl.conf" fi # Add cpuset limits - if [ -s "${bastille_jailsdir}/${_jail}/cpuset.conf" ]; then - while read _limits; do - cpuset -l "${_limits}" -j "${_jail}" - done < "${bastille_jailsdir}/${_jail}/cpuset.conf" + if [ -s "${bastille_jailsdir}/${jail}/cpuset.conf" ]; then + while read limits; do + cpuset -l "${limits}" -j "${jail}" + done < "${bastille_jailsdir}/${jail}/cpuset.conf" fi # Add rdr rules - if [ -s "${bastille_jailsdir}/${_jail}/rdr.conf" ]; then - while read _rules; do - bastille rdr ${_jail} ${_rules} - done < "${bastille_jailsdir}/${_jail}/rdr.conf" + if [ -s "${bastille_jailsdir}/${jail}/rdr.conf" ]; then + while read rules; do + bastille rdr ${jail} ${rules} + done < "${bastille_jailsdir}/${jail}/rdr.conf" fi # Delay between jail action diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index 7447716e..74dbbe59 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in v) OPTION="-v" ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -85,70 +85,70 @@ TARGET="${1}" bastille_root_check set_target "${TARGET}" "reverse" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate that all jails that 'depend' on this one are stopped - for _depend_jail in $(ls -v --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do - if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${_depend_jail}/settings.conf; then - sysrc -q -f ${bastille_jailsdir}/${_depend_jail}/settings.conf depend="" >/dev/null + for depend_jail in $(ls -v --color=never ${bastille_jailsdir} | sed -e 's/\n//g'); do + if ! grep -hoqsw "depend=" ${bastille_jailsdir}/${depend_jail}/settings.conf; then + sysrc -q -f ${bastille_jailsdir}/${depend_jail}/settings.conf depend="" >/dev/null fi - if [ "${_jail}" = "${_depend_jail}" ]; then + if [ "${jail}" = "${depend_jail}" ]; then continue - elif grep -hoqsw "${_jail}" "${bastille_jailsdir}/${_depend_jail}/settings.conf"; then - bastille stop ${_depend_jail} + elif grep -hoqsw "${jail}" "${bastille_jailsdir}/${depend_jail}/settings.conf"; then + bastille stop ${depend_jail} fi done - if check_target_is_stopped "${_jail}"; then - info "\n[${_jail}]:" + if check_target_is_stopped "${jail}"; then + info "\n[${jail}]:" error_continue "Jail is already stopped." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" # Remove RDR rules - if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then - _ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" - _ip6="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')" - if [ "${_ip4}" != "not set" ] || [ "${_ip6}" != "not set" ]; then + if [ "$(bastille config ${jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then + ip4="$(bastille config ${jail} get ip4.addr | sed 's/,/ /g')" + ip6="$(bastille config ${jail} get ip6.addr | sed 's/,/ /g')" + if [ "${ip4}" != "not set" ] || [ "${ip6}" != "not set" ]; then if which -s pfctl; then - if bastille rdr ${_jail} list >/dev/null 2>&1; then - bastille rdr "${_jail}" clear + if bastille rdr ${jail} list >/dev/null 2>&1; then + bastille rdr "${jail}" clear fi fi fi fi # Remove rctl limits - if [ -s "${bastille_jailsdir}/${_jail}/rctl.conf" ]; then - bastille limits "${_jail}" clear + if [ -s "${bastille_jailsdir}/${jail}/rctl.conf" ]; then + bastille limits "${jail}" clear fi # Stop jail - jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}" + jail ${OPTION} -f "${bastille_jailsdir}/${jail}/jail.conf" -r "${jail}" # Remove (captured above) IPs from firewall table - if [ "${_ip4}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then - for _ip in ${_ip4}; do - if echo "${_ip}" | grep -q "|"; then - _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" + if [ "${ip4}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then + for ip in ${ip4}; do + if echo "${ip}" | grep -q "|"; then + ip="$(echo ${ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else - _ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')" + ip="$(echo ${ip} | sed -E 's#/[0-9]+$##g')" fi - pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" + pfctl -q -t "${bastille_network_pf_table}" -T delete "${ip}" done fi - if [ "${_ip6}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then - for _ip in ${_ip6}; do - if echo "${_ip}" | grep -q "|"; then - _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" + if [ "${ip6}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then + for ip in ${ip6}; do + if echo "${ip}" | grep -q "|"; then + ip="$(echo ${ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" else - _ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')" + ip="$(echo ${ip} | sed -E 's#/[0-9]+$##g')" fi - pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" + pfctl -q -t "${bastille_network_pf_table}" -T delete "${ip}" done fi - update_jail_syntax_v1 "${_jail}" + update_jail_syntax_v1 "${jail}" done diff --git a/usr/local/share/bastille/sysrc.sh b/usr/local/share/bastille/sysrc.sh index 4f24d997..f1d096cf 100644 --- a/usr/local/share/bastille/sysrc.sh +++ b/usr/local/share/bastille/sysrc.sh @@ -49,7 +49,7 @@ EOF AUTO=0 while [ "$#" -gt 0 ]; do case "${1}" in - -h|--help|help) + -h|--help|help) usage ;; -a|--auto) @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -87,23 +87,23 @@ ERRORS=0 bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate jail state - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${_jail}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" - if [ -f "${bastille_jailsdir}/${_jail}/root/usr/sbin/sysrc" ]; then - jexec -l "${_jail}" /usr/sbin/sysrc "$@" + if [ -f "${bastille_jailsdir}/${jail}/root/usr/sbin/sysrc" ]; then + jexec -l "${jail}" /usr/sbin/sysrc "$@" else - sysrc -j "${_jail}" "$@" + sysrc -j "${jail}" "$@" fi if [ "$?" -ne 0 ]; then diff --git a/usr/local/share/bastille/tags.sh b/usr/local/share/bastille/tags.sh index 32f22577..a713016d 100644 --- a/usr/local/share/bastille/tags.sh +++ b/usr/local/share/bastille/tags.sh @@ -76,23 +76,23 @@ TAGS="${3}" bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do - bastille_jail_tags="${bastille_jailsdir}/${_jail}/tags" + bastille_jail_tags="${bastille_jailsdir}/${jail}/tags" case ${ACTION} in add) - for _tag in $(echo ${TAGS} | tr , ' '); do - echo ${_tag} >> "${bastille_jail_tags}" + for tag in $(echo ${TAGS} | tr , ' '); do + echo ${tag} >> "${bastille_jail_tags}" tmpfile="$(mktemp)" sort "${bastille_jail_tags}" | uniq > "${tmpfile}" mv "${tmpfile}" "${bastille_jail_tags}" done ;; del*) - for _tag in $(echo ${TAGS} | tr , ' '); do + for tag in $(echo ${TAGS} | tr , ' '); do [ ! -f "${bastille_jail_tags}" ] && break # skip if no tags file tmpfile="$(mktemp)" - grep -Ev "^${_tag}\$" "${bastille_jail_tags}" > "${tmpfile}" + grep -Ev "^${tag}\$" "${bastille_jail_tags}" > "${tmpfile}" mv "${tmpfile}" "${bastille_jail_tags}" # delete tags file if empty [ ! -s "${bastille_jail_tags}" ] && rm "${bastille_jail_tags}" diff --git a/usr/local/share/bastille/top.sh b/usr/local/share/bastille/top.sh index 1745e0fa..961a576a 100644 --- a/usr/local/share/bastille/top.sh +++ b/usr/local/share/bastille/top.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" diff --git a/usr/local/share/bastille/umount.sh b/usr/local/share/bastille/umount.sh index 87ef4e42..2df8e890 100644 --- a/usr/local/share/bastille/umount.sh +++ b/usr/local/share/bastille/umount.sh @@ -61,8 +61,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" @@ -86,46 +86,46 @@ MOUNT_PATH="${2}" bastille_root_check set_target "${TARGET}" -for _jail in ${JAILS}; do +for jail in ${JAILS}; do # Validate jail state - check_target_is_running "${_jail}" || if [ "${AUTO}" -eq 1 ]; then - bastille start "${_jail}" + check_target_is_running "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille start "${jail}" else - info "\n[${TARGET}]:" + info "\n[${jail}]:" error_notify "Jail is not running." error_continue "Use [-a|--auto] to auto-start the jail." fi - info "\n[${_jail}]:" + info "\n[${jail}]:" - _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" - _mount="$( mount | grep -Eo "[[:blank:]]${_jailpath}[[:blank:]]" )" - _jailpath_fstab="$(echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" | sed 's#//#/#g' | sed 's# #\\#g' | sed 's#\\#\\\\040#g')" - _fstab_entry="$(grep -Eo "[[:blank:]]${_jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${_jail}/fstab)" + jailpath="$( echo "${bastille_jailsdir}/${jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" + mount="$( mount | grep -Eo "[[:blank:]]${jailpath}[[:blank:]]" )" + jailpath_fstab="$(echo "${bastille_jailsdir}/${jail}/root/${MOUNT_PATH}" | sed 's#//#/#g' | sed 's# #\\#g' | sed 's#\\#\\\\040#g')" + fstab_entry="$(grep -Eo "[[:blank:]]${jailpath_fstab}[[:blank:]]" ${bastille_jailsdir}/${jail}/fstab)" # Exit if mount point non-existent - if [ -z "${_mount}" ] && [ -z "${_fstab_entry}" ]; then + if [ -z "${mount}" ] && [ -z "${fstab_entry}" ]; then error_continue "[ERROR]: The specified mount point does not exist." fi # Unmount - if [ -n "${_mount}" ]; then - umount "${_jailpath}" || error_continue "[ERROR]: Failed to unmount volume: ${MOUNT_PATH}" + if [ -n "${mount}" ]; then + umount "${jailpath}" || error_continue "[ERROR]: Failed to unmount volume: ${MOUNT_PATH}" fi # Remove entry from fstab - if [ -n "${_fstab_entry}" ]; then - if ! sed -E -i '' "\, +${_jailpath_fstab} +,d" "${bastille_jailsdir}/${_jail}/fstab"; then + if [ -n "${fstab_entry}" ]; then + if ! sed -E -i '' "\, +${jailpath_fstab} +,d" "${bastille_jailsdir}/${jail}/fstab"; then error_continue "[ERROR]: Failed to delete fstab entry: ${MOUNT_PATH}" fi fi # Delete if mount point was a file - if [ -f "${_jailpath}" ]; then - rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" + if [ -f "${jailpath}" ]; then + rm -f "${jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" fi - echo "Unmounted: ${_jailpath}" + echo "Unmounted: ${jailpath}" done \ No newline at end of file diff --git a/usr/local/share/bastille/update.sh b/usr/local/share/bastille/update.sh index fd5a5f5a..cbf613da 100644 --- a/usr/local/share/bastille/update.sh +++ b/usr/local/share/bastille/update.sh @@ -74,8 +74,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; f) OPTION="-F" ;; x) enable_debug ;; diff --git a/usr/local/share/bastille/upgrade.sh b/usr/local/share/bastille/upgrade.sh index a79bdbca..dea7c8b3 100644 --- a/usr/local/share/bastille/upgrade.sh +++ b/usr/local/share/bastille/upgrade.sh @@ -68,8 +68,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; f) OPTION="-F" ;; x) enable_debug ;; diff --git a/usr/local/share/bastille/verify.sh b/usr/local/share/bastille/verify.sh index 10cb2294..a7194176 100644 --- a/usr/local/share/bastille/verify.sh +++ b/usr/local/share/bastille/verify.sh @@ -80,72 +80,72 @@ handle_template_include() { verify_template() { - _template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE} - _hook_validate=0 + template_path=${bastille_templatesdir}/${BASTILLE_TEMPLATE} + hook_validate=0 - for _hook in TARGET INCLUDE PRE OVERLAY FSTAB PF PKG SYSRC SERVICE CMD Bastillefile; do - _path=${_template_path}/${_hook} - if [ -s "${_path}" ]; then - _hook_validate=$((_hook_validate+1)) - info "\nDetected ${_hook} hook." + for hook in TARGET INCLUDE PRE OVERLAY FSTAB PF PKG SYSRC SERVICE CMD Bastillefile; do + path=${template_path}/${hook} + if [ -s "${path}" ]; then + hook_validate=$((_hook_validate+1)) + info "\nDetected ${hook} hook." ## line count must match newline count # shellcheck disable=SC2046 # shellcheck disable=SC3003 - if [ $(wc -l "${_path}" | awk '{print $1}') -ne "$(tr -d -c '\n' < "${_path}" | wc -c)" ]; then - info "[${_hook}]:" - error_notify "[ERROR]: ${BASTILLE_TEMPLATE}:${_hook} [failed]." + if [ $(wc -l "${path}" | awk '{print $1}') -ne "$(tr -d -c '\n' < "${path}" | wc -c)" ]; then + info "[${hook}]:" + error_notify "[ERROR]: ${BASTILLE_TEMPLATE}:${hook} [failed]." error_notify "Line numbers don't match line breaks." error_exit "Template validation failed." ## if INCLUDE; recursive verify - elif [ "${_hook}" = 'INCLUDE' ]; then - info "[${_hook}]:" - cat "${_path}" - while read _include; do - info "[${_hook}]:[${_include}]:" - TEMPLATE_INCLUDE="${_include}" + elif [ "${hook}" = 'INCLUDE' ]; then + info "[${hook}]:" + cat "${path}" + while read include; do + info "[${hook}]:[${include}]:" + TEMPLATE_INCLUDE="${include}" handle_template_include - done < "${_path}" + done < "${path}" ## if tree; tree -a bastille_template/_dir - elif [ "${_hook}" = 'OVERLAY' ]; then - info "[${_hook}]:" - cat "${_path}" - while read _dir; do - info "[${_hook}]:[${_dir}]:" + elif [ "${hook}" = 'OVERLAY' ]; then + info "[${hook}]:" + cat "${path}" + while read dir; do + info "[${hook}]:[${dir}]:" if [ -x "/usr/local/bin/tree" ]; then - /usr/local/bin/tree -a "${_template_path}/${_dir}" + /usr/local/bin/tree -a "${template_path}/${dir}" else - find "${_template_path}/${_dir}" -print | sed -e 's;[^/]*/;|___;g;s;___|; |;g' + find "${template_path}/${dir}" -print | sed -e 's;[^/]*/;|___;g;s;___|; |;g' fi - done < "${_path}" - elif [ "${_hook}" = 'Bastillefile' ]; then - info "[${_hook}]:" - cat "${_path}" - while read _line; do - _cmd=$(echo "${_line}" | awk '{print tolower($1);}') + done < "${path}" + elif [ "${hook}" = 'Bastillefile' ]; then + info "[${hook}]:" + cat "${path}" + while read line; do + cmd=$(echo "${line}" | awk '{print tolower($1);}') ## if include; recursive verify - if [ "${_cmd}" = 'include' ]; then - TEMPLATE_INCLUDE=$(echo "${_line}" | awk '{print $2;}') + if [ "${cmd}" = 'include' ]; then + TEMPLATE_INCLUDE=$(echo "${line}" | awk '{print $2;}') handle_template_include fi - done < "${_path}" + done < "${path}" else - info "[${_hook}]:" - cat "${_path}" + info "[${hook}]:" + cat "${path}" fi fi done # Remove bad templates - if [ "${_hook_validate}" -lt 1 ]; then - rm -rf "${_template_path}" + if [ "${hook_validate}" -lt 1 ]; then + rm -rf "${template_path}" error_notify "[ERROR]: No valid template hooks found." error_exit "Template discarded." fi ## if validated; ready to use - if [ "${_hook_validate}" -gt 0 ]; then + if [ "${hook_validate}" -gt 0 ]; then info "\nTemplate ready to use." fi } diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 1c6a0624..8ef69d5c 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -52,7 +52,7 @@ EOF zfs_jail_dataset() { - local jail_config="${bastille_jailsdir}/${JAIL}/jail.conf" + local jail_config="${bastille_jailsdir}/${jail}/jail.conf" # Exit if MOUNT or DATASET is empty if [ -z "${MOUNT}" ] || [ -z "${DATASET}" ]; then @@ -68,45 +68,45 @@ zfs_jail_dataset() { fi # Validate jail state - check_target_is_stopped "${JAIL}" || if [ "${AUTO}" -eq 1 ]; then - bastille stop "${JAIL}" + check_target_is_stopped "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille stop "${jail}" else error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." fi # Add necessary config variables to jail - bastille config ${JAIL} set enforce_statfs 1 >/dev/null - bastille config ${JAIL} set allow.mount >/dev/null - bastille config ${JAIL} set allow.mount.devfs >/dev/null - bastille config ${JAIL} set allow.mount.zfs >/dev/null + bastille config ${jail} set enforce_statfs 1 >/dev/null + bastille config ${jail} set allow.mount >/dev/null + bastille config ${jail} set allow.mount.devfs >/dev/null + bastille config ${jail} set allow.mount.zfs >/dev/null # Enable ZFS inside jail - sysrc -f "${bastille_jailsdir}/${JAIL}/root/etc/rc.conf" zfs_enable="YES" + sysrc -f "${bastille_jailsdir}/${jail}/root/etc/rc.conf" zfs_enable="YES" # Jail the dataset zfs set mountpoint="${MOUNT}" "${DATASET}" zfs set jailed=on "${DATASET}" # Add dataset to zfs.conf - echo "${DATASET} ${MOUNT}" >> "${bastille_jailsdir}/${JAIL}/zfs.conf" + echo "${DATASET} ${MOUNT}" >> "${bastille_jailsdir}/${jail}/zfs.conf" # Add config to jail.conf sed -i '' '/^}$/d' "${jail_config}" cat << EOF >> "${jail_config}" # Jailed dataset: ${DATASET} - exec.created += "zfs jail ${JAIL} ${DATASET}"; + exec.created += "zfs jail ${jail} ${DATASET}"; } EOF if [ "${AUTO}" -eq 1 ]; then - bastille start "${JAIL}" + bastille start "${jail}" fi } zfs_unjail_dataset() { - local jail_config="${bastille_jailsdir}/${JAIL}/jail.conf" + local jail_config="${bastille_jailsdir}/${jail}/jail.conf" # Exit if DATASET is empty if [ -z "${DATASET}" ]; then @@ -117,8 +117,8 @@ zfs_unjail_dataset() { fi # Validate jail state - check_target_is_stopped "${JAIL}" || if [ "${AUTO}" -eq 1 ]; then - bastille stop "${JAIL}" + check_target_is_stopped "${jail}" || if [ "${AUTO}" -eq 1 ]; then + bastille stop "${jail}" else error_notify "Jail is running." error_exit "Use [-a|--auto] to auto-stop the jail." @@ -129,54 +129,54 @@ zfs_unjail_dataset() { zfs umount "${DATASET}" # Remove dataset from zfs.conf - if ! grep -hoqsw "${DATASET}" ${bastille_jailsdir}/${JAIL}/zfs.conf; then + if ! grep -hoqsw "${DATASET}" ${bastille_jailsdir}/${jail}/zfs.conf; then error_exit "[ERROR]: Dataset not present in zfs.conf." else - sed -i '' "\#.*${DATASET}.*#d" "${bastille_jailsdir}/${JAIL}/zfs.conf" + sed -i '' "\#.*${DATASET}.*#d" "${bastille_jailsdir}/${jail}/zfs.conf" fi # Remove config from jail.conf sed -i '' "\#.*Jailed dataset: ${DATASET}.*#d" "${jail_config}" - sed -i '' "\#.*zfs jail ${JAIL} ${DATASET}.*#d" "${jail_config}" + sed -i '' "\#.*zfs jail ${jail} ${DATASET}.*#d" "${jail_config}" if [ "${AUTO}" -eq 1 ]; then - bastille start "${JAIL}" + bastille start "${jail}" fi } zfs_snapshot() { # shellcheck disable=SC2140 - zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"@"${TAG}" - _return=$? + zfs snapshot -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"@"${TAG}" + return=$? } zfs_rollback() { # shellcheck disable=SC2140 - zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"@"${TAG}" + zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"@"${TAG}" # shellcheck disable=SC2140 - zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}/root"@"${TAG}" - _return=$? + zfs rollback -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}/root"@"${TAG}" + return=$? } zfs_destroy_snapshot() { # shellcheck disable=SC2140 - zfs destroy ${OPT_DESTROY} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}"@"${TAG}" - _return=$? + zfs destroy ${OPT_DESTROY} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}"@"${TAG}" + return=$? } zfs_set_value() { - zfs set "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}" - _return=$? + zfs set "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}" + return=$? } zfs_get_value() { - zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}" - _return=$? + zfs get "${ATTRIBUTE}" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}" + return=$? } zfs_disk_usage() { - zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL}" - _return=$? + zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail}" + return=$? } snapshot_checks() { @@ -189,10 +189,10 @@ snapshot_checks() { # Verify rollback snapshots if [ "${SNAP_ROLLBACK}" -eq 1 ]; then if [ -n "${TAG}" ]; then - SNAP_TAG_CHECK="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL} | grep -o "${TAG}$" | tail -n 1)" + SNAP_TAG_CHECK="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail} | grep -o "${TAG}$" | tail -n 1)" else - TAG="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${JAIL} | grep -o "bastille_${JAIL}_.*$" | tail -n 1)" - SNAP_TAG_CHECK=$(echo ${TAG} | grep -wo "bastille_${JAIL}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}") + TAG="$(zfs list -H -t snapshot -o name ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${jail} | grep -o "bastille_${jail}_.*$" | tail -n 1)" + SNAP_TAG_CHECK=$(echo ${TAG} | grep -wo "bastille_${jail}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}") fi if [ -z "${SNAP_TAG_CHECK}" ]; then error_continue "[ERROR]: Snapshot not found: ${TAG}" @@ -204,10 +204,10 @@ snapshot_checks() { # Generate a relatively short but unique name for the snapshots based on the current date/jail name. elif [ "${AUTO_TAG}" -eq 1 ]; then DATE=$(date +%F-%H%M%S) - TAG="bastille_${JAIL}_${DATE}" + TAG="bastille_${jail}_${DATE}" # Check for the generated snapshot name. SNAP_GEN_CHECK="" - SNAP_GEN_CHECK=$(echo ${TAG} | grep -wo "bastille_${JAIL}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}") + SNAP_GEN_CHECK=$(echo ${TAG} | grep -wo "bastille_${jail}_[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}-[0-9]\{6\}") if [ -z "${SNAP_GEN_CHECK}" ]; then error_notify "[ERROR]: Failed to validate snapshot name." fi @@ -220,7 +220,7 @@ snapshot_create() { zfs_snapshot # Check for exit status and notify only for user reference. - if [ "${_return}" -ne 0 ]; then + if [ "${return}" -ne 0 ]; then error_notify "[ERROR]: Failed to create snapshot." else echo "Snapshot created: ${TAG}" @@ -235,7 +235,7 @@ snapshot_rollback() { zfs_rollback # Check for exit status and just notify. - if [ "${_return}" -ne 0 ]; then + if [ "${return}" -ne 0 ]; then error_notify "[ERROR]: Failed to restore snapshot: ${TAG}." else echo "Snapshot restored: ${TAG}" @@ -257,7 +257,7 @@ snapshot_destroy() { zfs_destroy_snapshot # Check for exit status and just notify. - if [ "${_return}" -ne 0 ]; then + if [ "${return}" -ne 0 ]; then error_notify "[ERROR]: Failed to destroy snapshot: ${TAG}" else echo "Snapshot destroyed: ${TAG}" @@ -288,8 +288,8 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for opt in $(echo ${1} | sed 's/-//g' | fold -w1); do + case ${opt} in a) AUTO=1 ;; x) enable_debug ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; @@ -323,9 +323,9 @@ if [ -z "${bastille_zfs_zpool}" ]; then error_exit "[ERROR]: ZFS zpool not defined." fi -for JAIL in ${JAILS}; do +for jail in ${JAILS}; do - info "\n[${JAIL}]:" + info "\n[${jail}]:" case "${ACTION}" in destroy|destroy_snap|destroy_snapshot) @@ -366,5 +366,4 @@ for JAIL in ${JAILS}; do usage ;; esac - done