Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-12 01:49:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Trim trailing whitespace

Browse Source
This commit is contained in:
Michael Osipov
2025-09-23 18:51:04 +02:00
parent e3d0b74ef1
commit 82958fb7b7
53 changed files with 223 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/test.yml vendored
View File

@@ -1,6 +1,6 @@
name: Bastille_Testing name: Bastille_Testing
on: on:
pull_request: pull_request:
branches: branches:
- master - master
@@ -29,7 +29,4 @@ jobs:
cd bastille cd bastille
make install make install
rocinante template tests/masterTest rocinante template tests/masterTest

2
README.md
View File

@@ -94,7 +94,7 @@ sysrc bastille_enable=YES
Upgrading from a previous version Upgrading from a previous version
--------------------------------- ---------------------------------
When upgrading from a previous version of bastille (e.g. 0.10.20230714 to When upgrading from a previous version of bastille (e.g. 0.10.20230714 to
0.10.20231013) you will need to update your bastille.conf 0.10.20231013) you will need to update your bastille.conf
```shell ```shell

10
docs/chapters/centralized-assets.rst
View File

@@ -36,7 +36,7 @@ access, simply use ``ro`` instead of ``rw`` as the option.
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille mount "jail1 jail2" /my/host/directory /my/jail/directory nullfs rw 0 0 ishmael ~ # bastille mount "jail1 jail2" /my/host/directory /my/jail/directory nullfs rw 0 0
Cloning Cloning
------- -------
@@ -46,9 +46,9 @@ To clone your jail, use the following command.
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille clone myjail mynewjail 10.0.0.3 ishmael ~ # bastille clone myjail mynewjail 10.0.0.3
This will create an exact duplicate of ``myjail`` at ``mynewjail``. This will create an exact duplicate of ``myjail`` at ``mynewjail``.
Custom Releases Custom Releases
--------------- ---------------
@@ -61,14 +61,14 @@ process will not work with any other jail types.
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille create -T myjail 14.2-RELEASE 10.0.0.1 ishmael ~ # bastille create -T myjail 14.2-RELEASE 10.0.0.1
Once the jail is up and running, configure it to your liking, then run the Once the jail is up and running, configure it to your liking, then run the
following commmand to create a custom release based on your jail. following commmand to create a custom release based on your jail.
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille convert myjail myrelease ishmael ~ # bastille convert myjail myrelease
Once this process completes, you will be able to run the following command to Once this process completes, you will be able to run the following command to
create a jail based off your newly created release. create a jail based off your newly created release.

12
docs/chapters/gcp.rst
View File

@@ -22,7 +22,7 @@ Apply the below patch to set the correct MTU. You may need to ``cp
--- /usr/local/bin/jib 2022-07-31 03:27:04.163245000 +0000 --- /usr/local/bin/jib 2022-07-31 03:27:04.163245000 +0000
+++ jib.fixed 2022-07-31 03:41:16.710401000 +0000 +++ jib.fixed 2022-07-31 03:41:16.710401000 +0000
@@ -299,14 +299,14 @@ @@ -299,14 +299,14 @@
# Make sure the interface has been bridged # Make sure the interface has been bridged
if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then
- new=$( ifconfig bridge create ) || return - new=$( ifconfig bridge create ) || return
@@ -31,12 +31,12 @@ Apply the below patch to set the correct MTU. You may need to ``cp
ifconfig $new name "$iface$bridge" || return ifconfig $new name "$iface$bridge" || return
ifconfig "$iface$bridge" up || return ifconfig "$iface$bridge" up || return
fi fi
# Create a new interface to the bridge # Create a new interface to the bridge
- new=$( ifconfig epair create ) || return - new=$( ifconfig epair create ) || return
+ new=$( ifconfig epair create mtu 1460 ) || return + new=$( ifconfig epair create mtu 1460 ) || return
ifconfig "$iface$bridge" addm $new || return ifconfig "$iface$bridge" addm $new || return
# Rename the new interface # Rename the new interface
## Configure bridge interface ## Configure bridge interface
@@ -58,16 +58,16 @@ them through the external interface:
.. code-block:: text .. code-block:: text
ext_if="vtnet0" ext_if="vtnet0"
bridge_if="vtnet0bridge" bridge_if="vtnet0bridge"
set skip on lo set skip on lo
scrub in scrub in
# permissive NAT allows jail bridge and wireguard tunnels # permissive NAT allows jail bridge and wireguard tunnels
nat on $ext_if inet from !($ext_if) -> ($ext_if:0) nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
block in block in
pass out pass out
pass in proto tcp to port {22} pass in proto tcp to port {22}
pass in proto icmp icmp-type { echoreq } pass in proto icmp icmp-type { echoreq }
pass in on $bridge_if pass in on $bridge_if

4
docs/chapters/gettingstarted.rst
View File

@@ -23,7 +23,7 @@ To see a list of available options and switches, see the ``setup`` subcommand.
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille setup ishmael ~ # bastille setup
Bootstrapping a Release Bootstrapping a Release
----------------------- -----------------------
@@ -33,7 +33,7 @@ Then we need to bootstrap a release for bastille to use. We will use
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille bootstrap 14.2-RELEASE ishmael ~ # bastille bootstrap 14.2-RELEASE
Creating a Jail Creating a Jail
--------------- ---------------

2
docs/chapters/migration.rst
View File

@@ -88,7 +88,7 @@ for remote systems you can use rsync:
rsync -avh /iocage/images/jailname_$(date +%F).* root@10.0.1.10:/usr/local/bastille/backups/ rsync -avh /iocage/images/jailname_$(date +%F).* root@10.0.1.10:/usr/local/bastille/backups/
Import the iocage backup file (use zip file name) Import the iocage backup file (use zip file name)
.. code-block:: shell .. code-block:: shell

6
docs/chapters/networking.rst
View File

@@ -1,7 +1,7 @@
Networking Networking
========== ==========
Bastille is very flexible with its networking options. Below are the supported Bastille is very flexible with its networking options. Below are the supported
networking modes, how they work, and some tips on where you might want to use each networking modes, how they work, and some tips on where you might want to use each
one. one.
@@ -153,7 +153,7 @@ you are free to use
<https://www.lifewire.com/what-is-a-private-ip-address-2625970>`_. <https://www.lifewire.com/what-is-a-private-ip-address-2625970>`_.
In this environment, we can create the container, give it a In this environment, we can create the container, give it a
unique private ip address within our local subnet, and attach unique private ip address within our local subnet, and attach
its ip address to our primary interface. its ip address to our primary interface.
.. code-block:: shell .. code-block:: shell
@@ -210,7 +210,7 @@ Your server was assigned the following six section subnet:
The `vultr ipv6 subnet calculator The `vultr ipv6 subnet calculator
<https://www.vultr.com/resources/subnet-calculator-ipv6/?prefix_length=64&display=long&ipv6_address=2001%3Adb8%3Aacad%3Ae%3A%3A%2F64>`_ <https://www.vultr.com/resources/subnet-calculator-ipv6/?prefix_length=64&display=long&ipv6_address=2001%3Adb8%3Aacad%3Ae%3A%3A%2F64>`_
is helpful in making sense of that ipv6 address. is helpful in making sense of that ipv6 address.
We could have also written that IPV6 address as 2001:19f0:6c01:114c:0:0 We could have also written that IPV6 address as 2001:19f0:6c01:114c:0:0

4
docs/chapters/subcommands/create.rst
View File

@@ -4,7 +4,7 @@ create
Create a jail uning any available bootstrapped release. To create a jail, Create a jail uning any available bootstrapped release. To create a jail,
simply provide a name, bootstrapped release, and IP address. simply provide a name, bootstrapped release, and IP address.
The format is ``bastille create NAME RELEASE IP [INTERFACE]`` The format is ``bastille create NAME RELEASE IP [INTERFACE]``
Note that the ``interface`` is optional. Bastille will use the default interface Note that the ``interface`` is optional. Bastille will use the default interface
that is configured when running the setup command. See ``bastille setup -l`` or that is configured when running the setup command. See ``bastille setup -l`` or
@@ -56,7 +56,7 @@ options. See the below help output.
Usage: bastille create [option(s)] NAME RELEASE IP [INTERFACE]" Usage: bastille create [option(s)] NAME RELEASE IP [INTERFACE]"
Options: Options:
-B | --bridge Enable VNET, and attach to a specified, already existing external bridge. -B | --bridge Enable VNET, and attach to a specified, already existing external bridge.
-C | --clone Create a clone jail. -C | --clone Create a clone jail.
-D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only).

2
docs/chapters/subcommands/etcupdate.rst
View File

@@ -25,7 +25,7 @@ Next we can use the ``update`` command to apply the update to the jail.
The output will show you which files were added, updated, changed, deleted, or The output will show you which files were added, updated, changed, deleted, or
have conflicts. To automatically resolve the conflicts, run the ``resolve`` have conflicts. To automatically resolve the conflicts, run the ``resolve``
command. command.
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille etcupdate ishmael resolve ishmael ~ # bastille etcupdate ishmael resolve

4
docs/chapters/subcommands/limits.rst
View File

@@ -44,7 +44,7 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
ishmael ~ # bastille limits help ishmael ~ # bastille limits help
Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE] Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]
Example: bastille limits TARGET add memoryuse 1G Example: bastille limits TARGET add memoryuse 1G
Example: bastille limits TARGET add cpu 0,1,2 Example: bastille limits TARGET add cpu 0,1,2
@@ -52,4 +52,4 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
-l | --log Enable logging for the specified rule (rctl only). -l | --log Enable logging for the specified rule (rctl only).
-x | --debug Enable debug mode. -x | --debug Enable debug mode.

2
docs/chapters/subcommands/list.rst
View File

@@ -16,7 +16,7 @@ Use ``-p|--pretty`` to print in columns instead of rows.
Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)] Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]
[path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type] [path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type]
Options: Options:
-d | --down List stopped jails only. -d | --down List stopped jails only.
-j | --json List jails or sub-arg(s) in json format. -j | --json List jails or sub-arg(s) in json format.
-p | --pretty Print JSON in columns. Must be used with -j|--json. -p | --pretty Print JSON in columns. Must be used with -j|--json.

2
docs/chapters/subcommands/migrate.rst
View File

@@ -13,7 +13,7 @@ port by supplying it as in ``user@host:port``.
ishmael ~ # bastille migrate help ishmael ~ # bastille migrate help
Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT] Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT]
Examples: Examples:
bastille migrate attica migrate@192.168.10.100 bastille migrate attica migrate@192.168.10.100

2
docs/chapters/subcommands/mount.rst
View File

@@ -63,7 +63,7 @@ It is possible to do the same for the jail path, but again, not recommemded.
ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0 ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0
[azkaban]: [azkaban]:
Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0 Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0
.. code-block:: shell .. code-block:: shell
ishmael ~ # bastille mount help ishmael ~ # bastille mount help

14
docs/chapters/subcommands/rdr.rst
View File

@@ -11,22 +11,22 @@ interfaces as this will include the jail interface - you should specify the
interface they run on in rc.conf (or other config files) interface they run on in rc.conf (or other config files)
.. code-block:: shell .. code-block:: shell
# bastille rdr dev1 tcp 2001 22 # bastille rdr dev1 tcp 2001 22
[jail1]: [jail1]:
IPv4 tcp/2001:22 on em0 IPv4 tcp/2001:22 on em0
# bastille rdr dev1 list # bastille rdr dev1 list
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
# bastille rdr dev1 udp 2053 53 # bastille rdr dev1 udp 2053 53
[jail1]: [jail1]:
IPv4 udp/2053:53 on em0 IPv4 udp/2053:53 on em0
# bastille rdr dev1 list # bastille rdr dev1 list
rdr pass on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr pass on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
rdr pass on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53 rdr pass on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
# bastille rdr dev1 clear # bastille rdr dev1 clear
nat cleared nat cleared
@@ -44,7 +44,7 @@ The ``rdr`` command includes 4 additional options:
# bastille rdr -i vtnet0 dev1 udp 8000 80 # bastille rdr -i vtnet0 dev1 udp 8000 80
[jail1]: [jail1]:
IPv4 tcp/8000:80 on vtnet0 IPv4 tcp/8000:80 on vtnet0
# bastille rdr -s 192.168.0.1 dev1 tcp 8080 81 # bastille rdr -s 192.168.0.1 dev1 tcp 8080 81
[jail1]: [jail1]:
IPv4 tcp/8080:81 on em0 IPv4 tcp/8080:81 on em0
@@ -75,7 +75,7 @@ Simply use the table name instead of an IP address or subnet.
# bastille rdr --help # bastille rdr --help
Usage: bastille rdr TARGET [option(s)] [clear|reset|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )] Usage: bastille rdr TARGET [option(s)] [clear|reset|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )]
Options: Options:
-d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. -d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.

2
docs/chapters/subcommands/template.rst
View File

@@ -18,7 +18,7 @@ The TEMPLATE arg should be called with the ``project/template`` format.
ishmael ~ # bastille template help ishmael ~ # bastille template help
Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.

2
docs/chapters/subcommands/verify.rst
View File

@@ -23,7 +23,7 @@ release or template .
Detected Bastillefile hook. Detected Bastillefile hook.
[Bastillefile]: [Bastillefile]:
CMD mkdir -p /usr/local/etc/pkg/repos CMD mkdir -p /usr/local/etc/pkg/repos
CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' > CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' >
/usr/local/etc/pkg/repos/FreeBSD.conf /usr/local/etc/pkg/repos/FreeBSD.conf
CONFIG set allow.mlock=1; CONFIG set allow.mlock=1;
CONFIG set ip6=inherit; CONFIG set ip6=inherit;

4
docs/chapters/template.rst
View File

@@ -132,7 +132,7 @@ escape it. Escaping it will cause errors.
Bootstrapping Templates Bootstrapping Templates
----------------------- -----------------------
The official templates for Bastille are all on Gthub, and mirror the directory The official templates for Bastille are all on Gthub, and mirror the directory
structure of the ports tree. So, ``nginx`` is in the ``www`` directory in the structure of the ports tree. So, ``nginx`` is in the ``www`` directory in the
templates, just like it is in the FreeBSD ports tree. To bootstrap the templates, just like it is in the FreeBSD ports tree. To bootstrap the
entire set of official predefined templates run the following command: entire set of official predefined templates run the following command:
@@ -155,7 +155,7 @@ Creating Templates
Templates can be created and placed inside the templates directory in the Templates can be created and placed inside the templates directory in the
``project/template`` format. Alternatively you can run the ``bastille template`` ``project/template`` format. Alternatively you can run the ``bastille template``
command from a relative path, making sure it is still in the above format. command from a relative path, making sure it is still in the above format.
Template Examples Template Examples
----------------- -----------------

4
usr/local/bin/bastille
View File

@@ -164,7 +164,7 @@ while [ "$#" -gt 0 ]; do
error_exit "Not a valid config file: ${BASTILLE_CONFIG}" error_exit "Not a valid config file: ${BASTILLE_CONFIG}"
fi fi
# Load common.sh after setting BASTILLE_CONFIG # Load common.sh after setting BASTILLE_CONFIG
. /usr/local/share/bastille/common.sh . /usr/local/share/bastille/common.sh
shift 2 shift 2
;; ;;
-*) -*)
@@ -243,5 +243,5 @@ if [ -f "${SCRIPTPATH}" ]; then
exec "${SH}" "${SCRIPTPATH}" "$@" exec "${SH}" "${SCRIPTPATH}" "$@"
else else
error_exit "${SCRIPTPATH} not found." error_exit "${SCRIPTPATH} not found."
fi fi

12
usr/local/share/bastille/bootstrap.sh
View File

@@ -35,9 +35,9 @@
usage() { usage() {
error_notify "Usage: bastille bootstrap [option(s)] RELEASE|TEMPLATE [update|arch]" error_notify "Usage: bastille bootstrap [option(s)] RELEASE|TEMPLATE [update|arch]"
cat << EOF cat << EOF
Options: Options:
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
EOF EOF
@@ -297,7 +297,7 @@ bootstrap_release() {
info "\nBootstrap successful." info "\nBootstrap successful."
echo "See 'bastille --help' for available commands." echo "See 'bastille --help' for available commands."
} }
debootstrap_release() { debootstrap_release() {
@@ -443,12 +443,12 @@ bootstrap_template() {
cp -fR "${_project_dir}" "${bastille_templatesdir}" cp -fR "${_project_dir}" "${bastille_templatesdir}"
bastille verify "${_complete_template}" bastille verify "${_complete_template}"
done done
# Remove the cloned repo # Remove the cloned repo
if [ -n "${_user}" ]; then if [ -n "${_user}" ]; then
rm -r "${bastille_templatesdir:?}/${_user:?}" rm -r "${bastille_templatesdir:?}/${_user:?}"
fi fi
else else
# Verify a single template # Verify a single template
bastille verify "${_user}/${_repo}" bastille verify "${_user}/${_repo}"
@@ -465,7 +465,7 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
error_exit "[ERROR]: Unknown Option: \"${1}\"" error_exit "[ERROR]: Unknown Option: \"${1}\""
;; ;;
*) *)

14
usr/local/share/bastille/clone.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille clone [option(s)] TARGET NEW_NAME IP" error_notify "Usage: bastille clone [option(s)] TARGET NEW_NAME IP"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. Cannot be used with [-l|--live]. -a | --auto Auto mode. Start/stop jail(s) if required. Cannot be used with [-l|--live].
@@ -70,7 +70,7 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
@@ -251,7 +251,7 @@ update_jailconf_vnet() {
local _epair_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")" local _epair_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")"
local _old_host_epair="${_if}" local _old_host_epair="${_if}"
local _old_jail_epair="${_old_if_prefix%a}b_${_old_if_suffix}" local _old_jail_epair="${_old_if_prefix%a}b_${_old_if_suffix}"
if [ "$(echo -n "e${_epair_num}a_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then if [ "$(echo -n "e${_epair_num}a_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then
# Generate new epair name # Generate new epair name
local _new_host_epair="e${_epair_num}a_${NEWNAME}" local _new_host_epair="e${_epair_num}a_${NEWNAME}"
@@ -268,7 +268,7 @@ update_jailconf_vnet() {
if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then
# For -V jails # For -V jails
# Replace host epair name in jail.conf # Replace host epair name in jail.conf
sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}" sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}"
@@ -293,7 +293,7 @@ update_jailconf_vnet() {
sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}" sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}"
else else
# For -B jails # For -B jails
# Replace host epair name in jail.conf # Replace host epair name in jail.conf
sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
@@ -384,7 +384,7 @@ update_jailconf_vnet() {
local _new_if_prefix="$(echo ${_if} | awk -F'_' '{print $1}')" local _new_if_prefix="$(echo ${_if} | awk -F'_' '{print $1}')"
local _new_if_suffix="$(echo ${_if} | awk -F'_' '{print $2}')" local _new_if_suffix="$(echo ${_if} | awk -F'_' '{print $2}')"
# Replace netgraph interface name # Replace netgraph interface name
sed -i '' "s|jng bridge ${_old_if_suffix}|jng bridge ${_new_if_suffix}|g" "${_jail_conf}" sed -i '' "s|jng bridge ${_old_if_suffix}|jng bridge ${_new_if_suffix}|g" "${_jail_conf}"
sed -i '' "s|${_old_ngif} ether|${_new_ngif} ether|g" "${_jail_conf}" sed -i '' "s|${_old_ngif} ether|${_new_ngif} ether|g" "${_jail_conf}"
sed -i '' "s|jng shutdown ${_old_if_suffix}|jng shutdown ${_new_if_suffix}|g" "${_jail_conf}" sed -i '' "s|jng shutdown ${_old_if_suffix}|jng shutdown ${_new_if_suffix}|g" "${_jail_conf}"
@@ -515,7 +515,7 @@ clone_jail() {
fi fi
else else
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${TARGET}" bastille stop "${TARGET}"
else else

8
usr/local/share/bastille/cmd.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille cmd [option(s)] TARGET COMMAND" error_notify "Usage: bastille cmd [option(s)] TARGET COMMAND"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -111,7 +111,7 @@ for _jail in ${JAILS}; do
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
done done
if [ "${ERRORS}" -ne 0 ]; then if [ "${ERRORS}" -ne 0 ]; then

8
usr/local/share/bastille/common.sh
View File

@@ -34,7 +34,7 @@
# because all commands load this file # because all commands load this file
# shellcheck disable=SC1090 # shellcheck disable=SC1090
. ${BASTILLE_CONFIG} . ${BASTILLE_CONFIG}
COLOR_RED= COLOR_RED=
COLOR_GREEN= COLOR_GREEN=
COLOR_YELLOW= COLOR_YELLOW=
@@ -56,7 +56,7 @@ enable_debug() {
# Enable debug mode. # Enable debug mode.
warn "***DEBUG MODE***" warn "***DEBUG MODE***"
set -x set -x
} }
# If "NO_COLOR" environment variable is present, or we aren't speaking to a # If "NO_COLOR" environment variable is present, or we aren't speaking to a
# tty, disable output colors. # tty, disable output colors.
@@ -287,7 +287,7 @@ set_bastille_mountpoints() {
bastille_logsdir_mountpoint="${bastille_logsdir}" bastille_logsdir_mountpoint="${bastille_logsdir}"
# Add _altroot to *dir* if set # Add _altroot to *dir* if set
if [ "${_altroot}" != "-" ]; then if [ "${_altroot}" != "-" ]; then
# Set *dir* to include ALTROOT # Set *dir* to include ALTROOT
bastille_prefix="${_altroot}${bastille_prefix}" bastille_prefix="${_altroot}${bastille_prefix}"
bastille_backupsdir="${_altroot}${bastille_backupsdir}" bastille_backupsdir="${_altroot}${bastille_backupsdir}"
@@ -295,7 +295,7 @@ set_bastille_mountpoints() {
bastille_jailsdir="${_altroot}${bastille_jailsdir}" bastille_jailsdir="${_altroot}${bastille_jailsdir}"
bastille_releasesdir="${_altroot}${bastille_releasesdir}" bastille_releasesdir="${_altroot}${bastille_releasesdir}"
bastille_templatesdir="${_altroot}${bastille_templatesdir}" bastille_templatesdir="${_altroot}${bastille_templatesdir}"
bastille_logsdir="${_altroot}${bastille_logsdir}" bastille_logsdir="${_altroot}${bastille_logsdir}"
fi fi
fi fi
} }

14
usr/local/share/bastille/config.sh
View File

@@ -36,7 +36,7 @@
usage() { usage() {
error_notify "Usage: bastille config [option(s)] TARGET [get|(set|add)|remove] PROPERTY [VALUE]" error_notify "Usage: bastille config [option(s)] TARGET [get|(set|add)|remove] PROPERTY [VALUE]"
cat << EOF cat << EOF
Options: Options:
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
@@ -52,7 +52,7 @@ print_jail_conf() {
# line # line
jail -f "$1" -e ' jail -f "$1" -e '
' '
} }
# Handle options. # Handle options.
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
@@ -93,7 +93,7 @@ case "${ACTION}" in
error_exit "[ERROR]: Too many parameters for [get|remove] operation." error_exit "[ERROR]: Too many parameters for [get|remove] operation."
fi fi
;; ;;
add|set) add|set)
;; ;;
*) *)
error_exit "[ERROR]: Only (add|set), get and remove are supported." error_exit "[ERROR]: Only (add|set), get and remove are supported."
@@ -121,10 +121,10 @@ print_jail_conf() {
# line # line
jail -f "${1}" -e ' jail -f "${1}" -e '
' '
} }
for _jail in ${JAILS}; do for _jail in ${JAILS}; do
# Backwards compatibility for specifying only an IP with ip[4|6].addr # Backwards compatibility for specifying only an IP with ip[4|6].addr
if [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip4.addr" ]; then if [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip4.addr" ]; then
if ! echo "${VALUE}" | grep -q "|"; then if ! echo "${VALUE}" | grep -q "|"; then
@@ -135,7 +135,7 @@ for _jail in ${JAILS}; do
VALUE="$(bastille config ${_jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}" VALUE="$(bastille config ${_jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}"
fi fi
fi fi
# Handle Bastille specific properties # Handle Bastille specific properties
# Currently only 'depend' 'priority' and 'boot' # Currently only 'depend' 'priority' and 'boot'
if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then
@@ -307,7 +307,7 @@ for _jail in ${JAILS}; do
rm "${_tmpfile}" rm "${_tmpfile}"
fi fi
fi fi
done done
# Only display this message once at the end (not for every jail). -- cwells # Only display this message once at the end (not for every jail). -- cwells

12
usr/local/share/bastille/console.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille console [option(s)] TARGET [USER]" error_notify "Usage: bastille console [option(s)] TARGET [USER]"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in case ${_opt} in
x) enable_debug ;; x) enable_debug ;;
a) AUTO=1 ;; a) AUTO=1 ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -90,7 +90,7 @@ validate_user() {
local _jail="${1}" local _jail="${1}"
local _user="${2}" local _user="${2}"
if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}" | cut -d: -f7)" USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}" | cut -d: -f7)"
if [ -n "${USER_SHELL}" ]; then if [ -n "${USER_SHELL}" ]; then
@@ -110,7 +110,7 @@ validate_user() {
check_fib() { check_fib() {
local _jail="${1}" local _jail="${1}"
fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g') fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
if [ -n "${fib}" ]; then if [ -n "${fib}" ]; then
@@ -132,7 +132,7 @@ for _jail in ${JAILS}; do
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
LOGIN="$(jexec -l "${_jail}" which login)" LOGIN="$(jexec -l "${_jail}" which login)"
if [ -n "${USER}" ]; then if [ -n "${USER}" ]; then
@@ -142,5 +142,5 @@ for _jail in ${JAILS}; do
LOGIN="$(jexec -l "${_jail}" which login)" LOGIN="$(jexec -l "${_jail}" which login)"
${_setfib} jexec -l "${_jail}" ${LOGIN} -f root ${_setfib} jexec -l "${_jail}" ${LOGIN} -f root
fi fi
done done

12
usr/local/share/bastille/convert.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille convert [option(s)] TARGET [RELEASE]" error_notify "Usage: bastille convert [option(s)] TARGET [RELEASE]"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -66,13 +66,13 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
y) AUTO_YES=1 ;; y) AUTO_YES=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -106,7 +106,7 @@ validate_release_name() {
local _name=${1} local _name=${1}
local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')" local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then
error_exit "[ERROR]: Release names may not begin with (-|_) characters!" error_exit "[ERROR]: Release names may not begin with (-|_) characters!"
elif [ "${_name}" != "${_sanity}" ]; then elif [ "${_name}" != "${_sanity}" ]; then
@@ -119,7 +119,7 @@ convert_jail_to_release() {
_jailname="${1}" _jailname="${1}"
_release="${2}" _release="${2}"
info "\nAttempting to create '${_release}' from '${_jailname}'..." info "\nAttempting to create '${_release}' from '${_jailname}'..."
if checkyesno bastille_zfs_enable; then if checkyesno bastille_zfs_enable; then
@@ -272,7 +272,7 @@ if [ "$#" -eq 1 ]; then
elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_exit "[ERROR]: ${TARGET} is not a thin container." error_exit "[ERROR]: ${TARGET} is not a thin container."
fi fi
# Ask if user is sure they want to convert the jail # Ask if user is sure they want to convert the jail
# but only if AUTO_YES=0 # but only if AUTO_YES=0
if [ "${AUTO_YES}" -ne 1 ]; then if [ "${AUTO_YES}" -ne 1 ]; then

22
usr/local/share/bastille/create.sh
View File

@@ -39,7 +39,7 @@ usage() {
cat << EOF cat << EOF
Options: Options:
-B | --bridge Enable VNET, and attach to a specified, already existing external bridge. -B | --bridge Enable VNET, and attach to a specified, already existing external bridge.
-C | --clone Create a clone jail. -C | --clone Create a clone jail.
-D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). -D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only).
@@ -65,7 +65,7 @@ validate_name() {
local NAME_VERIFY=${NAME} local NAME_VERIFY=${NAME}
local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')" local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')"
# Make sure NAME has only allowed characters # Make sure NAME has only allowed characters
if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
error_exit "[ERROR]: Jail names may not begin with (-|_) characters!" error_exit "[ERROR]: Jail names may not begin with (-|_) characters!"
@@ -607,7 +607,7 @@ create_jail() {
if [ -f /usr/share/examples/jails/jng ] && [ ! -f /usr/local/bin/jng ]; then if [ -f /usr/share/examples/jails/jng ] && [ ! -f /usr/local/bin/jng ]; then
install -m 0544 /usr/share/examples/jails/jng /usr/local/bin/jng install -m 0544 /usr/share/examples/jails/jng /usr/local/bin/jng
fi fi
fi fi
fi fi
fi fi
elif [ -n "${LINUX_JAIL}" ]; then elif [ -n "${LINUX_JAIL}" ]; then
@@ -646,7 +646,7 @@ create_jail() {
if [ -n "${VNET_JAIL}" ]; then if [ -n "${VNET_JAIL}" ]; then
if [ -n "${bastille_template_vnet}" ]; then if [ -n "${bastille_template_vnet}" ]; then
## rename interface to generic vnet0 ## rename interface to generic vnet0
uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g') uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g')
_gateway='' _gateway=''
@@ -668,12 +668,12 @@ create_jail() {
_gateway="$(netstat -4rn | awk '/default/ {print $2}')" _gateway="$(netstat -4rn | awk '/default/ {print $2}')"
fi fi
fi fi
# Add IPv4 address (this is empty if DHCP is used) # Add IPv4 address (this is empty if DHCP is used)
if [ -n "${IP4_ADDR}" ]; then if [ -n "${IP4_ADDR}" ]; then
_ifconfig_inet="${_ifconfig_inet} inet ${IP4_ADDR}" _ifconfig_inet="${_ifconfig_inet} inet ${IP4_ADDR}"
fi fi
# Enable IPv6 if used # Enable IPv6 if used
if [ -n "${IP6_ADDR}" ]; then if [ -n "${IP6_ADDR}" ]; then
_ifconfig_inet6='inet6 -ifdisabled' _ifconfig_inet6='inet6 -ifdisabled'
@@ -689,12 +689,12 @@ create_jail() {
fi fi
fi fi
fi fi
# Add IPv6 address (this is empty if SLAAC is used) # Add IPv6 address (this is empty if SLAAC is used)
if [ -n "${IP6_ADDR}" ]; then if [ -n "${IP6_ADDR}" ]; then
_ifconfig_inet6="${_ifconfig_inet6} ${IP6_ADDR}" _ifconfig_inet6="${_ifconfig_inet6} ${IP6_ADDR}"
fi fi
# We need to pass IP4 and IP6 separately # We need to pass IP4 and IP6 separately
_ifconfig="${_ifconfig_inet}" _ifconfig="${_ifconfig_inet}"
_ifconfig6="${_ifconfig_inet6}" _ifconfig6="${_ifconfig_inet6}"
@@ -832,7 +832,7 @@ while [ $# -gt 0 ]; do
if echo "${2}" | grep -Eoq "^[0-9]+$"; then if echo "${2}" | grep -Eoq "^[0-9]+$"; then
PRIORITY="${2}" PRIORITY="${2}"
shift 2 shift 2
else else
error_exit "Not a valid priority value: \"${2}\"" error_exit "Not a valid priority value: \"${2}\""
fi fi
;; ;;
@@ -868,7 +868,7 @@ while [ $# -gt 0 ]; do
bastille_zfs_options="${2}" bastille_zfs_options="${2}"
shift 2 shift 2
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
B) VNET_JAIL=1 VNET_JAIL_BRIDGE=1 ;; B) VNET_JAIL=1 VNET_JAIL_BRIDGE=1 ;;
@@ -880,7 +880,7 @@ while [ $# -gt 0 ]; do
T) THICK_JAIL=1 ;; T) THICK_JAIL=1 ;;
V) VNET_JAIL=1 ;; V) VNET_JAIL=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift

4
usr/local/share/bastille/destroy.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille destroy [option(s)] JAIL|RELEASE" error_notify "Usage: bastille destroy [option(s)] JAIL|RELEASE"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -256,7 +256,7 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;

4
usr/local/share/bastille/edit.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille edit [option(s)] TARGET [FILE]" error_notify "Usage: bastille edit [option(s)] TARGET [FILE]"
cat << EOF cat << EOF
Options: Options:
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
@@ -71,7 +71,7 @@ fi
TARGET="${1}" TARGET="${1}"
if [ "$#" -eq 2 ]; then if [ "$#" -eq 2 ]; then
TARGET_FILENAME="${2}" TARGET_FILENAME="${2}"
else else
TARGET_FILENAME="jail.conf" TARGET_FILENAME="jail.conf"
fi fi

10
usr/local/share/bastille/etcupdate.sh
View File

@@ -32,7 +32,7 @@
usage() { usage() {
error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]" error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]"
cat << EOF cat << EOF
Options: Options:
-d | --dry-run Show output, but do not apply. -d | --dry-run Show output, but do not apply.
@@ -92,7 +92,7 @@ diff_review() {
fi fi
echo "Running: etcupdate --diff mode" echo "Running: etcupdate --diff mode"
etcupdate diff -D "${bastille_jailsdir}/${_jail}/root" etcupdate diff -D "${bastille_jailsdir}/${_jail}/root"
} }
resolve_conflicts() { resolve_conflicts() {
@@ -104,7 +104,7 @@ resolve_conflicts() {
fi fi
echo "Running: etcupdate resolve" echo "Running: etcupdate resolve"
etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root" etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root"
} }
update_jail_etc() { update_jail_etc() {
@@ -144,13 +144,13 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
d) DRY_RUN=1 ;; d) DRY_RUN=1 ;;
f) FORCE=1 ;; f) FORCE=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;; *) error_exit "Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift

4
usr/local/share/bastille/export.sh
View File

@@ -39,7 +39,7 @@ usage() {
# If no compression option specified, user must redirect standard output # If no compression option specified, user must redirect standard output
error_notify "Usage: bastille export [option(s)] TARGET PATH" error_notify "Usage: bastille export [option(s)] TARGET PATH"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -275,7 +275,7 @@ clean_zfs_snap() {
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}" zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"
} }
export_check() { export_check() {
# Inform the user about the exporting method # Inform the user about the exporting method
if [ -z "${USER_EXPORT}" ]; then if [ -z "${USER_EXPORT}" ]; then
if [ -n "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then if [ -n "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then

10
usr/local/share/bastille/import.sh
View File

@@ -37,7 +37,7 @@ usage() {
# If no file/extension specified, will import from standard input # If no file/extension specified, will import from standard input
error_notify "Usage: bastille import [option(s)] FILE [RELEASE]" error_notify "Usage: bastille import [option(s)] FILE [RELEASE]"
cat << EOF cat << EOF
Options: Options:
-f | --force Force an archive import regardless if the checksum file does not match or missing. -f | --force Force an archive import regardless if the checksum file does not match or missing.
@@ -77,14 +77,14 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
f) OPT_FORCE=1 ;; f) OPT_FORCE=1 ;;
M) OPT_STATIC_MAC=1 ;; M) OPT_STATIC_MAC=1 ;;
v) OPT_ZRECV="-u -v" ;; v) OPT_ZRECV="-u -v" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -137,7 +137,7 @@ validate_archive() {
} }
update_zfsmount() { update_zfsmount() {
# Update the mountpoint property on the received ZFS data stream # Update the mountpoint property on the received ZFS data stream
OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}') OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}')
NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root" NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root"
@@ -232,7 +232,7 @@ generate_config() {
IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//") IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//")
if [ -z "${RELEASE}" ]; then if [ -z "${RELEASE}" ]; then
CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g') CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g')
else else
CONFIG_RELEASE="${RELEASE}" CONFIG_RELEASE="${RELEASE}"
fi fi
fi fi

10
usr/local/share/bastille/jcp.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH" error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH"
cat << EOF cat << EOF
Options: Options:
-q | --quiet Suppress output. -q | --quiet Suppress output.
@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in case ${_opt} in
q) OPTION="-a" ;; q) OPTION="-a" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -100,14 +100,14 @@ for _jail in ${DEST_TARGET}; do
source_path="$(echo ${bastille_jailsdir}/${SOURCE_TARGET}/root/${SOURCE_PATH} | sed 's#//#/#g')" source_path="$(echo ${bastille_jailsdir}/${SOURCE_TARGET}/root/${SOURCE_PATH} | sed 's#//#/#g')"
dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')" dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
error_continue "[ERROR]: JCP failed: ${source_path} -> ${dest_path}" error_continue "[ERROR]: JCP failed: ${source_path} -> ${dest_path}"
fi fi
fi fi
done done
if [ "${ERRORS}" -ne 0 ]; then if [ "${ERRORS}" -ne 0 ]; then

14
usr/local/share/bastille/limits.sh
View File

@@ -36,10 +36,10 @@
usage() { usage() {
error_notify "Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]" error_notify "Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]"
cat << EOF cat << EOF
Example: bastille limits TARGET add memoryuse 1G Example: bastille limits TARGET add memoryuse 1G
Example: bastille limits TARGET add cpu 0,1,2 Example: bastille limits TARGET add cpu 0,1,2
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -70,13 +70,13 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
l) OPT_LOG=1 ;; l) OPT_LOG=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -93,7 +93,7 @@ fi
TARGET="${1}" TARGET="${1}"
ACTION="${2}" ACTION="${2}"
# Retain support for no action (will default to add) # Retain support for no action (will default to add)
if [ "${ACTION}" != "add" ] && [ "${ACTION}" != "remove" ] && [ "${ACTION}" != "clear" ] && [ "${ACTION}" != "list" ] && [ "${ACTION}" != "show" ] && [ "${ACTION}" != "reset" ] && [ "${ACTION}" != "stats" ]; then if [ "${ACTION}" != "add" ] && [ "${ACTION}" != "remove" ] && [ "${ACTION}" != "clear" ] && [ "${ACTION}" != "list" ] && [ "${ACTION}" != "show" ] && [ "${ACTION}" != "reset" ] && [ "${ACTION}" != "stats" ]; then
ACTION="add" ACTION="add"
shift 1 shift 1
@@ -148,7 +148,7 @@ for _jail in ${JAILS}; do
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
case "${ACTION}" in case "${ACTION}" in
add) add)
@@ -299,5 +299,5 @@ for _jail in ${JAILS}; do
;; ;;
esac esac
done done

10
usr/local/share/bastille/list.sh
View File

@@ -235,7 +235,7 @@ get_jail_info() {
# Get info if jail is DOWN # Get info if jail is DOWN
if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then
JAIL_IP4=$(grep -E "^ifconfig_vnet.*inet .*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -o "inet .*" | awk '{print $2}' | sed -E 's#/[0-9]+.*##g' | sed 's/"//g') JAIL_IP4=$(grep -E "^ifconfig_vnet.*inet .*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -o "inet .*" | awk '{print $2}' | sed -E 's#/[0-9]+.*##g' | sed 's/"//g')
JAIL_IP6=$(grep -E "^ifconfig_vnet.*inet6.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -Eow "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?" | sed -E 's#/[0-9]+.*##g' | sed 's/"//g') JAIL_IP6=$(grep -E "^ifconfig_vnet.*inet6.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -Eow "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?" | sed -E 's#/[0-9]+.*##g' | sed 's/"//g')
else else
JAIL_IP4=$(sed -n "s/^[ ].*ip4.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g') JAIL_IP4=$(sed -n "s/^[ ].*ip4.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g')
JAIL_IP6=$(sed -n "s/^[ ].*ip6.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g') JAIL_IP6=$(sed -n "s/^[ ].*ip6.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g')
@@ -275,7 +275,7 @@ get_jail_info() {
if [ "${OPT_STATE}" != "all" ] && [ "${JAIL_STATE}" != "${OPT_STATE}" ]; then if [ "${OPT_STATE}" != "all" ] && [ "${JAIL_STATE}" != "${OPT_STATE}" ]; then
# shellcheck disable=SC2104 # shellcheck disable=SC2104
continue continue
fi fi
# Add ... if JAIL_PORTS is too long # Add ... if JAIL_PORTS is too long
JAIL_PORTS_FULL="${JAIL_PORTS}" JAIL_PORTS_FULL="${JAIL_PORTS}"
@@ -300,7 +300,7 @@ get_jail_info() {
list_bastille(){ list_bastille(){
_tmp_list= _tmp_list=
get_max_lengths get_max_lengths
get_jail_list get_jail_list
@@ -317,13 +317,13 @@ list_bastille(){
fi fi
( (
get_jail_info "${_jail}" get_jail_info "${_jail}"
# Get JAIL_IP count # Get JAIL_IP count
JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l) JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l)
# Print JAIL_IP in columns if -gt 1 # Print JAIL_IP in columns if -gt 1
if [ ${JAIL_IP_COUNT} -gt 1 ]; then if [ ${JAIL_IP_COUNT} -gt 1 ]; then
# vnet0 has more than one IPs assigned. # vnet0 has more than one IPs assigned.
# Put each IP in its own line below the jails first address. For instance: # Put each IP in its own line below the jails first address. For instance:

8
usr/local/share/bastille/migrate.sh
View File

@@ -95,7 +95,7 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
@@ -104,7 +104,7 @@ while [ "$#" -gt 0 ]; do
l) LIVE=1 ;; l) LIVE=1 ;;
p) OPT_PASSWORD=1 ;; p) OPT_PASSWORD=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -144,7 +144,7 @@ validate_host_status() {
local _user="${1}" local _user="${1}"
local _host="${2}" local _host="${2}"
local _port="${3}" local _port="${3}"
info "\nChecking remote host status..." info "\nChecking remote host status..."
# Host uptime # Host uptime
@@ -364,7 +364,7 @@ for _jail in ${JAILS}; do
fi fi
info "\nAttempting to migrate '${_jail}' to '${HOST}'..." info "\nAttempting to migrate '${_jail}' to '${HOST}'..."
migrate_jail "${_jail}" "${USER}" "${HOST}" "${PORT}" migrate_jail "${_jail}" "${USER}" "${HOST}" "${PORT}"
info "\nSuccessfully migrated '${_jail}' to '${HOST}'.\n" info "\nSuccessfully migrated '${_jail}' to '${HOST}'.\n"

8
usr/local/share/bastille/mount.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]" error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -194,11 +194,11 @@ for _jail in ${JAILS}; do
continue continue
fi fi
fi fi
fi fi
# Add entry to fstab and mount # Add entry to fstab and mount
echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}" echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}"
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}" mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}"
echo "Added: ${_fstab_entry}" echo "Added: ${_fstab_entry}"
done done

36
usr/local/share/bastille/network.sh
View File

@@ -36,7 +36,7 @@
usage() { usage() {
error_notify "Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP]" error_notify "Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP]"
cat << EOF cat << EOF
Options: Options:
-a | --auto Start/stop jail(s) if required. -a | --auto Start/stop jail(s) if required.
@@ -47,7 +47,7 @@ usage() {
-V | --vnet Add a VNET interface. -V | --vnet Add a VNET interface.
-v | --vlan VLANID Assign VLAN ID to interface (VNET only). -v | --vlan VLANID Assign VLAN ID to interface (VNET only).
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
EOF EOF
exit 1 exit 1
} }
@@ -101,7 +101,7 @@ while [ "$#" -gt 0 ]; do
-x|--debug) -x|--debug)
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _o in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do for _o in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do
case ${_o} in case ${_o} in
@@ -112,7 +112,7 @@ while [ "$#" -gt 0 ]; do
P) PASSTHROUGH=1 ;; P) PASSTHROUGH=1 ;;
V) VNET=1 ;; V) VNET=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -135,7 +135,7 @@ else
fi fi
# Default is standard interface # Default is standard interface
if [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then if [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then
STANDARD=1 STANDARD=1
fi fi
@@ -224,11 +224,11 @@ check_interface_added() {
local _jailname="${1}" local _jailname="${1}"
local _if="${2}" local _if="${2}"
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf" local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
if grep -qo "${_if}" "${_jail_config}"; then if grep -qo "${_if}" "${_jail_config}"; then
return 0 return 0
else else
return 1 return 1
fi fi
} }
@@ -294,7 +294,7 @@ EOF
} }
EOF EOF
fi fi
# Add config to /etc/rc.conf # Add config to /etc/rc.conf
sysrc -f "${_jail_rc_config}" ifconfig_${jail_epair}_name="${_jail_vnet}" sysrc -f "${_jail_rc_config}" ifconfig_${jail_epair}_name="${_jail_vnet}"
if [ -n "${IP6_ADDR}" ]; then if [ -n "${IP6_ADDR}" ]; then
@@ -377,7 +377,7 @@ EOF
break break
fi fi
done done
echo "Added VNET interface: \"${_if}\"" echo "Added VNET interface: \"${_if}\""
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
@@ -428,8 +428,8 @@ EOF
fi fi
break break
fi fi
done done
echo "Added VNET interface: \"${_if}\"" echo "Added VNET interface: \"${_if}\""
fi fi
elif [ "${PASSTHROUGH}" -eq 1 ]; then elif [ "${PASSTHROUGH}" -eq 1 ]; then
@@ -458,7 +458,7 @@ EOF
fi fi
fi fi
echo "Added Passthrough interface: \"${_if}\"" echo "Added Passthrough interface: \"${_if}\""
elif [ "${STANDARD}" -eq 1 ]; then elif [ "${STANDARD}" -eq 1 ]; then
if [ -n "${IP6_ADDR}" ]; then if [ -n "${IP6_ADDR}" ]; then
sed -i '' "s/interface = .*/&\n ip6.addr += ${_if}|${_ip};/" ${_jail_config} sed -i '' "s/interface = .*/&\n ip6.addr += ${_if}|${_ip};/" ${_jail_config}
@@ -507,7 +507,7 @@ remove_interface() {
else else
error_exit "[ERROR]: Could not find interface inside jail: \"${_if_jail}\"" error_exit "[ERROR]: Could not find interface inside jail: \"${_if_jail}\""
fi fi
# Get vnetX value from rc.conf # Get vnetX value from rc.conf
if [ "${_if_type}" = "if_bridge" ]; then if [ "${_if_type}" = "if_bridge" ]; then
if grep -oq "${_if_jail}" ${_jail_config}; then if grep -oq "${_if_jail}" ${_jail_config}; then
@@ -528,7 +528,7 @@ remove_interface() {
error_exit "[ERROR]: Interface not found: ${_if_jail}" error_exit "[ERROR]: Interface not found: ${_if_jail}"
fi fi
fi fi
# Do not allow removing default vnet0 interface # Do not allow removing default vnet0 interface
if [ "${_if_vnet}" = "vnet0" ]; then if [ "${_if_vnet}" = "vnet0" ]; then
error_exit "[ERROR]: Default interface cannot be removed." error_exit "[ERROR]: Default interface cannot be removed."
@@ -538,7 +538,7 @@ remove_interface() {
if [ -z "${_if_jail}" ]; then if [ -z "${_if_jail}" ]; then
error_exit "[ERROR]: Could not find specifed interface." error_exit "[ERROR]: Could not find specifed interface."
fi fi
# Remove interface from /etc/rc.conf # Remove interface from /etc/rc.conf
if [ "${_if_type}" = "if_bridge" ]; then if [ "${_if_type}" = "if_bridge" ]; then
if [ -n "${_if_vnet}" ] && echo ${_if_vnet} | grep -Eoq 'vnet[0-9]+'; then if [ -n "${_if_vnet}" ] && echo ${_if_vnet} | grep -Eoq 'vnet[0-9]+'; then
@@ -563,11 +563,11 @@ remove_interface() {
# Remove VNET interface from jail.conf (VNET) # Remove VNET interface from jail.conf (VNET)
if [ -n "${_if_jail}" ]; then if [ -n "${_if_jail}" ]; then
if [ "${_if_type}" = "if_bridge" ]; then if [ "${_if_type}" = "if_bridge" ]; then
sed -i '' "/.*${_epaira}.*/d" "${_jail_config}" sed -i '' "/.*${_epaira}.*/d" "${_jail_config}"
sed -i '' "/.*${_epairb}.*/d" "${_jail_config}" sed -i '' "/.*${_epairb}.*/d" "${_jail_config}"
sed -i '' "/.*${_if}.*/d" "${_jail_config}" sed -i '' "/.*${_if}.*/d" "${_jail_config}"
elif [ "${_if_type}" = "netgraph" ]; then elif [ "${_if_type}" = "netgraph" ]; then
sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}" sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}"
sed -i '' "/.*${_if}.*/d" "${_jail_config}" sed -i '' "/.*${_if}.*/d" "${_jail_config}"
elif [ "${_if_type}" = "passthrough" ]; then elif [ "${_if_type}" = "passthrough" ]; then
sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}" sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}"
@@ -690,7 +690,7 @@ case "${ACTION}" in
fi fi
;; ;;
remove|delete) remove|delete)
check_interface_added "${TARGET}" "${INTERFACE}" || error_exit "Interface not found in jail.conf: \"${INTERFACE}\"" check_interface_added "${TARGET}" "${INTERFACE}" || error_exit "Interface not found in jail.conf: \"${INTERFACE}\""
validate_netif "${INTERFACE}" validate_netif "${INTERFACE}"
if ! grep -q "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf; then if ! grep -q "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf; then
error_exit "[ERROR]: Interface not found in jail.conf: \"${INTERFACE}\"" error_exit "[ERROR]: Interface not found in jail.conf: \"${INTERFACE}\""

8
usr/local/share/bastille/pkg.sh
View File

@@ -72,14 +72,14 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
H) USE_HOST_PKG=1 ;; H) USE_HOST_PKG=1 ;;
y) AUTO_YES=1 ;; y) AUTO_YES=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -97,7 +97,7 @@ fi
TARGET="${1}" TARGET="${1}"
shift shift
ERRORS=0 ERRORS=0
bastille_root_check bastille_root_check
set_target "${TARGET}" set_target "${TARGET}"
@@ -137,7 +137,7 @@ for _jail in ${JAILS}; do
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
done done
if [ "${ERRORS}" -ne 0 ]; then if [ "${ERRORS}" -ne 0 ]; then

2
usr/local/share/bastille/rcp.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in case ${_opt} in
q) OPTION="-a" ;; q) OPTION="-a" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift

14
usr/local/share/bastille/rdr.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]" error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]"
cat << EOF cat << EOF
Options: Options:
-d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. -d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
@@ -76,7 +76,7 @@ check_jail_validity() {
else else
error_exit "[ERROR]: VNET jails do not support rdr." error_exit "[ERROR]: VNET jails do not support rdr."
fi fi
# Check if rdr-anchor is defined in pf.conf # Check if rdr-anchor is defined in pf.conf
if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then
error_exit "[ERROR]: rdr-anchor not found in pf.conf" error_exit "[ERROR]: rdr-anchor not found in pf.conf"
@@ -185,7 +185,7 @@ load_rdr_rule() {
| pfctl -a "rdr/${TARGET}" -f-; then | pfctl -a "rdr/${TARGET}" -f-; then
error_exit "[ERROR]: Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\"" error_exit "[ERROR]: Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else else
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}" echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi fi
fi fi
# Create IPv6 rdr rule (if ip6.addr is enabled) # Create IPv6 rdr rule (if ip6.addr is enabled)
@@ -228,7 +228,7 @@ load_rdr_log_rule() {
# Create IPv6 rdr rule with log (if ip6.addr is enabled) # Create IPv6 rdr rule with log (if ip6.addr is enabled)
# shellcheck disable=SC2193 # shellcheck disable=SC2193
if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then
if ! ( pfctl -a "rdr/${TARGET}" -Psn; if ! ( pfctl -a "rdr/${TARGET}" -Psn;
printf '%s\nrdr pass %s on $%s inet6 proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \ printf '%s\nrdr pass %s on $%s inet6 proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \
| pfctl -a "rdr/${TARGET}" -f-; then | pfctl -a "rdr/${TARGET}" -f-; then
@@ -355,7 +355,7 @@ while [ "$#" -gt 0 ]; do
fi fi
fi fi
shift shift
;; ;;
tcp|udp) tcp|udp)
if [ "$#" -lt 3 ]; then if [ "$#" -lt 3 ]; then
usage usage
@@ -388,7 +388,7 @@ while [ "$#" -gt 0 ]; do
check_jail_validity check_jail_validity
validate_rdr_rule "$RDR_IF" $RDR_SRC $RDR_DST $1 $2 $3 validate_rdr_rule "$RDR_IF" $RDR_SRC $RDR_DST $1 $2 $3
persist_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@" persist_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
load_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@" load_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
shift $# shift $#
else else
usage usage
@@ -412,7 +412,7 @@ while [ "$#" -gt 0 ]; do
*) *)
if [ "${1}" = "dual" ] || [ "${1}" = "ipv4" ] || [ "${1}" = "ipv6" ]; then if [ "${1}" = "dual" ] || [ "${1}" = "ipv4" ] || [ "${1}" = "ipv6" ]; then
RDR_INET="${1}" RDR_INET="${1}"
else else
usage usage
fi fi
if [ "$#" -eq 7 ] && { [ "${5}" = "tcp" ] || [ "${5}" = "udp" ]; } then if [ "$#" -eq 7 ] && { [ "${5}" = "tcp" ] || [ "${5}" = "udp" ]; } then

8
usr/local/share/bastille/rename.sh
View File

@@ -53,7 +53,7 @@ while [ "$#" -gt 0 ]; do
AUTO=1 AUTO=1
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
@@ -161,7 +161,7 @@ update_jailconf_vnet() {
if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then
# For -V jails # For -V jails
# Replace host epair name in jail.conf # Replace host epair name in jail.conf
sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}" sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}"
@@ -178,7 +178,7 @@ update_jailconf_vnet() {
sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}" sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}"
else else
# For -B jails # For -B jails
# Replace host epair name in jail.conf # Replace host epair name in jail.conf
sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}" sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}" sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
@@ -198,7 +198,7 @@ update_jailconf_vnet() {
fi fi
# For netgraph network type # For netgraph network type
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
local _ngif_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")" local _ngif_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")"
local _old_ngif="${_if}" local _old_ngif="${_if}"

8
usr/local/share/bastille/restart.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille restart [option(s)] TARGET" error_notify "Usage: bastille restart [option(s)] TARGET"
cat << EOF cat << EOF
Options: Options:
-b | --boot Respect jail boot setting. -b | --boot Respect jail boot setting.
@@ -74,7 +74,7 @@ while [ "$#" -gt 0 ]; do
_stop_options="${_stop_options} -x" _stop_options="${_stop_options} -x"
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
b) b)
@@ -84,13 +84,13 @@ while [ "$#" -gt 0 ]; do
_start_options="${_start_options} -v" _start_options="${_start_options} -v"
_stop_options="${_stop_options} -v" _stop_options="${_stop_options} -v"
;; ;;
x) x)
_start_options="${_start_options} -x" _start_options="${_start_options} -x"
_stop_options="${_stop_options} -x" _stop_options="${_stop_options} -x"
;; ;;
*) *)
error_exit "[ERROR]: Unknown Option: \"${1}\"" error_exit "[ERROR]: Unknown Option: \"${1}\""
;; ;;
esac esac
done done
shift shift

8
usr/local/share/bastille/service.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS" error_notify "Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -99,7 +99,7 @@ for _jail in ${JAILS}; do
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/service "$@" jexec -l "${_jail}" /usr/sbin/service "$@"
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then

4
usr/local/share/bastille/setup.sh
View File

@@ -40,7 +40,7 @@ usage() {
error_notify " [vnet]" error_notify " [vnet]"
error_notify " [storage]" error_notify " [storage]"
cat << EOF cat << EOF
Options: Options:
-y | --yes Assume always yes on prompts. -y | --yes Assume always yes on prompts.
@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
y) AUTO_YES=1 ;; y) AUTO_YES=1 ;;

12
usr/local/share/bastille/start.sh
View File

@@ -38,7 +38,7 @@ usage() {
Options: Options:
-b | --boot Respect jail boot setting. -b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail. -d | --delay VALUE Time (seconds) to wait after starting each jail.
-v | --verbose Print every action on jail start. -v | --verbose Print every action on jail start.
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
@@ -76,13 +76,13 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
b) BOOT=1 ;; b) BOOT=1 ;;
v) OPTION="-v" ;; v) OPTION="-v" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -121,14 +121,14 @@ for _jail in ${JAILS}; do
bastille start ${_depend_jail} bastille start ${_depend_jail}
fi fi
done done
if check_target_is_running "${_jail}"; then if check_target_is_running "${_jail}"; then
info "\n[${_jail}]:" info "\n[${_jail}]:"
error_continue "Jail is already running." error_continue "Jail is already running."
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
# Validate interfaces and add IPs to firewall table # Validate interfaces and add IPs to firewall table
if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then
_ip4_interfaces="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" _ip4_interfaces="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"
@@ -217,5 +217,5 @@ for _jail in ${JAILS}; do
# Delay between jail action # Delay between jail action
sleep "${DELAY_TIME}" sleep "${DELAY_TIME}"
done done

8
usr/local/share/bastille/stop.sh
View File

@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
v) OPTION="-v" ;; v) OPTION="-v" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -103,7 +103,7 @@ for _jail in ${JAILS}; do
info "\n[${_jail}]:" info "\n[${_jail}]:"
error_continue "Jail is already stopped." error_continue "Jail is already stopped."
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
# Remove RDR rules # Remove RDR rules
@@ -153,7 +153,7 @@ for _jail in ${JAILS}; do
else else
_ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')" _ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')"
fi fi
pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
done done
fi fi

10
usr/local/share/bastille/sysrc.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille sysrc [option(s)] TARGET ARGS" error_notify "Usage: bastille sysrc [option(s)] TARGET ARGS"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -99,13 +99,13 @@ for _jail in ${JAILS}; do
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/sysrc "$@" jexec -l "${_jail}" /usr/sbin/sysrc "$@"
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
ERRORS=$((ERRORS + 1)) ERRORS=$((ERRORS + 1))
fi fi
done done
if [ "${ERRORS}" -ne 0 ]; then if [ "${ERRORS}" -ne 0 ]; then

12
usr/local/share/bastille/template.sh
View File

@@ -144,12 +144,12 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -281,7 +281,7 @@ for _jail in ${JAILS}; do
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
echo "Applying template: ${TEMPLATE}..." echo "Applying template: ${TEMPLATE}..."
## get jail ip4 and ip6 values ## get jail ip4 and ip6 values
@@ -311,7 +311,7 @@ for _jail in ${JAILS}; do
{ [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disable" ]; } then { [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disable" ]; } then
error_notify "Jail IP not found: ${_jail}" error_notify "Jail IP not found: ${_jail}"
fi fi
## TARGET ## TARGET
if [ -s "${bastille_template}/TARGET" ]; then if [ -s "${bastille_template}/TARGET" ]; then
if grep -qw "${_jail}" "${bastille_template}/TARGET"; then if grep -qw "${_jail}" "${bastille_template}/TARGET"; then
@@ -471,7 +471,7 @@ for _jail in ${JAILS}; do
echo echo
fi fi
done done
info "\nTemplate applied: ${TEMPLATE}" info "\nTemplate applied: ${TEMPLATE}"
done done

8
usr/local/share/bastille/umount.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille umount [option(s)] TARGET JAIL_PATH" error_notify "Usage: bastille umount [option(s)] TARGET JAIL_PATH"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -96,7 +96,7 @@ for _jail in ${JAILS}; do
error_notify "Jail is not running." error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail." error_continue "Use [-a|--auto] to auto-start the jail."
fi fi
info "\n[${_jail}]:" info "\n[${_jail}]:"
_jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')" _jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')"
@@ -125,9 +125,9 @@ for _jail in ${JAILS}; do
if [ -f "${_jailpath}" ]; then if [ -f "${_jailpath}" ]; then
rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}" rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}"
fi fi
echo "Unmounted: ${_jailpath}" echo "Unmounted: ${_jailpath}"
done done
echo echo

12
usr/local/share/bastille/update.sh
View File

@@ -69,13 +69,13 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
f) OPTION="-F" ;; f) OPTION="-F" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -134,7 +134,7 @@ jail_update() {
local _workdir="${_jailpath}/var/db/freebsd-update" local _workdir="${_jailpath}/var/db/freebsd-update"
# Update a thick container # Update a thick container
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null) CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
if [ -z "${CURRENT_VERSION}" ]; then if [ -z "${CURRENT_VERSION}" ]; then
error_exit "[ERROR]: Can't determine '${TARGET}' version." error_exit "[ERROR]: Can't determine '${TARGET}' version."
@@ -186,10 +186,10 @@ template_update() {
if [ -d $_template_path ]; then if [ -d $_template_path ]; then
info "\n[${BASTILLE_TEMPLATE}]:" info "\n[${BASTILLE_TEMPLATE}]:"
if ! git -C $_template_path pull; then if ! git -C $_template_path pull; then
error_exit "[ERROR]: ${BASTILLE_TEMPLATE} update unsuccessful." error_exit "[ERROR]: ${BASTILLE_TEMPLATE} update unsuccessful."
fi fi
bastille verify "${BASTILLE_TEMPLATE}" bastille verify "${BASTILLE_TEMPLATE}"
else else
error_exit "[ERROR]: ${BASTILLE_TEMPLATE} not found. See 'bastille bootstrap'." error_exit "[ERROR]: ${BASTILLE_TEMPLATE} not found. See 'bastille bootstrap'."
fi fi
} }
@@ -212,7 +212,7 @@ templates_update() {
if [ "$_updated_templates" -ne "0" ]; then if [ "$_updated_templates" -ne "0" ]; then
info "\n$_updated_templates templates updated." info "\n$_updated_templates templates updated."
else else
error_exit "[ERROR]: No templates found. See 'bastille bootstrap'." error_exit "[ERROR]: No templates found. See 'bastille bootstrap'."
fi fi
} }

12
usr/local/share/bastille/upgrade.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install" error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install"
cat << EOF cat << EOF
Options: Options:
-a | --auto Auto mode. Start/stop jail(s) if required. -a | --auto Auto mode. Start/stop jail(s) if required.
@@ -66,13 +66,13 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
f) OPTION="-F" ;; f) OPTION="-F" ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift
@@ -93,7 +93,7 @@ NEWRELEASE="${2}"
bastille_root_check bastille_root_check
set_target_single "${TARGET}" set_target_single "${TARGET}"
# Check for unsupported actions # Check for unsupported actions
if [ -f "/bin/midnightbsd-version" ]; then if [ -f "/bin/midnightbsd-version" ]; then
error_exit "[ERROR]: Not yet supported on MidnightBSD." error_exit "[ERROR]: Not yet supported on MidnightBSD."
fi fi
@@ -186,7 +186,7 @@ jail_upgrade() {
-d "${_workdir}" \ -d "${_workdir}" \
-f "${_freebsd_update_conf}" \ -f "${_freebsd_update_conf}" \
-r "${_newrelease}" upgrade -r "${_newrelease}" upgrade
# Update "osrelease" inside jail.conf using 'bastille config' # Update "osrelease" inside jail.conf using 'bastille config'
bastille config ${_jailname} set osrelease ${_newrelease} bastille config ${_jailname} set osrelease ${_newrelease}
warn "Please run 'bastille upgrade ${_jailname} install', restart the jail, then run 'bastille upgrade ${_jailname} install' again to finish installing updates." warn "Please run 'bastille upgrade ${_jailname} install', restart the jail, then run 'bastille upgrade ${_jailname} install' again to finish installing updates."
@@ -201,7 +201,7 @@ jail_updates_install() {
local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf" local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf"
# Finish installing upgrade on a thick container # Finish installing upgrade on a thick container
if [ -d "${bastille_jailsdir}/${_jailname}" ]; then if [ -d "${bastille_jailsdir}/${_jailname}" ]; then
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \ env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
-j "${_jailname}" \ -j "${_jailname}" \
-d "${_workdir}" \ -d "${_workdir}" \

6
usr/local/share/bastille/verify.sh
View File

@@ -35,7 +35,7 @@
usage() { usage() {
error_notify "Usage: bastille verify [option(s)] RELEASE|TEMPLATE" error_notify "Usage: bastille verify [option(s)] RELEASE|TEMPLATE"
cat << EOF cat << EOF
Options: Options:
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
@@ -49,7 +49,7 @@ verify_release() {
if [ -f "/bin/midnightbsd-version" ]; then if [ -f "/bin/midnightbsd-version" ]; then
error_exit "[ERROR]: Not yet supported on MidnightBSD." error_exit "[ERROR]: Not yet supported on MidnightBSD."
fi fi
if freebsd-version | grep -qi HBSD; then if freebsd-version | grep -qi HBSD; then
error_exit "[ERROR]: Not yet supported on HardenedBSD." error_exit "[ERROR]: Not yet supported on HardenedBSD."
fi fi
@@ -160,7 +160,7 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
error_exit "[ERROR]: Unknown Option: \"${1}\"" error_exit "[ERROR]: Unknown Option: \"${1}\""
;; ;;
*) *)

14
usr/local/share/bastille/zfs.sh
View File

@@ -33,7 +33,7 @@
. /usr/local/share/bastille/common.sh . /usr/local/share/bastille/common.sh
usage() { usage() {
error_notify "Usage: bastille zfs [option(s)] TARGET destroy|rollback|snapshot [TAG]" error_notify "Usage: bastille zfs [option(s)] TARGET destroy|rollback|snapshot [TAG]"
error_notify " df|usage" error_notify " df|usage"
error_notify " get|set key=value" error_notify " get|set key=value"
@@ -52,7 +52,7 @@ EOF
} }
zfs_jail_dataset() { zfs_jail_dataset() {
# Exit if MOUNT or DATASET is empty # Exit if MOUNT or DATASET is empty
if [ -z "${MOUNT}" ] || [ -z "${DATASET}" ]; then if [ -z "${MOUNT}" ] || [ -z "${DATASET}" ]; then
usage usage
@@ -68,7 +68,7 @@ zfs_jail_dataset() {
# Validate jail state # Validate jail state
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${_jail}" bastille stop "${_jail}"
else else
error_notify "Jail is running." error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail." error_exit "Use [-a|--auto] to auto-stop the jail."
fi fi
@@ -100,7 +100,7 @@ zfs_unjail_dataset() {
# Validate jail state # Validate jail state
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${_jail}" bastille stop "${_jail}"
else else
error_notify "Jail is running." error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail." error_exit "Use [-a|--auto] to auto-stop the jail."
fi fi
@@ -226,7 +226,7 @@ snapshot_destroy() {
else else
OPT_DESTROY="-r" OPT_DESTROY="-r"
fi fi
zfs_destroy_snapshot zfs_destroy_snapshot
# Check for exit status and just notify. # Check for exit status and just notify.
@@ -260,12 +260,12 @@ while [ "$#" -gt 0 ]; do
enable_debug enable_debug
shift shift
;; ;;
-*) -*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in case ${_opt} in
a) AUTO=1 ;; a) AUTO=1 ;;
x) enable_debug ;; x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;; *) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac esac
done done
shift shift