mirror of
https://github.com/hackacad/bastille.git
synced 2026-01-03 19:23:42 +01:00
Add double quotes to prevent globbing/word splitting, general code consistency improvements
This commit is contained in:
Jose
@@ -57,7 +57,7 @@ validate_ip() {
|
||||
else
|
||||
local IFS
|
||||
if echo "${IP}" | grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$'; then
|
||||
TEST_IP=$(echo ${IP} | cut -d / -f1)
|
||||
TEST_IP=$(echo "${IP}" | cut -d / -f1)
|
||||
IFS=.
|
||||
set ${TEST_IP}
|
||||
for quad in 1 2 3 4; do
|
||||
@@ -66,7 +66,7 @@ validate_ip() {
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
if ifconfig | grep -qw "$TEST_IP"; then
|
||||
if ifconfig | grep -qw "${TEST_IP}"; then
|
||||
echo -e "${COLOR_YELLOW}Warning: ip address already in use (${TEST_IP}).${COLOR_RESET}"
|
||||
else
|
||||
echo -e "${COLOR_GREEN}Valid: (${IP}).${COLOR_RESET}"
|
||||
@@ -93,19 +93,19 @@ validate_netconf() {
|
||||
echo -e "${COLOR_RED}Invalid network configuration.${COLOR_RESET}"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -z "${bastille_jail_external}" ]; then
|
||||
break
|
||||
elif [ ! -z "${bastille_jail_loopback}" ] && [ -z "${bastille_jail_external}" ]; then
|
||||
if [ -z "${bastille_jail_interface}" ]; then
|
||||
if [ -z "${bastille_jail_external}" ]; then
|
||||
if [ -n "${bastille_jail_loopback}" ] && [ -z "${bastille_jail_external}" ]; then
|
||||
if [ -z "${bastille_jail_interface}" ]; then
|
||||
echo -e "${COLOR_RED}Invalid network configuration.${COLOR_RESET}"
|
||||
exit 1
|
||||
fi
|
||||
elif [ -z "${bastille_jail_loopback}" ] && [ -n "${bastille_jail_interface}" ]; then
|
||||
echo -e "${COLOR_RED}Invalid network configuration.${COLOR_RESET}"
|
||||
exit 1
|
||||
elif [ -z "${bastille_jail_external}" ]; then
|
||||
echo -e "${COLOR_RED}Invalid network configuration.${COLOR_RESET}"
|
||||
exit 1
|
||||
fi
|
||||
elif [ -z "${bastille_jail_loopback}" ] && [ ! -z "${bastille_jail_interface}" ]; then
|
||||
echo -e "${COLOR_RED}Invalid network configuration.${COLOR_RESET}"
|
||||
exit 1
|
||||
elif [ -z "${bastille_jail_external}" ]; then
|
||||
echo -e "${COLOR_RED}Invalid network configuration.${COLOR_RESET}"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -119,7 +119,7 @@ validate_release() {
|
||||
}
|
||||
|
||||
generate_jail_conf() {
|
||||
cat << EOF > ${bastille_jail_conf}
|
||||
cat << EOF > "${bastille_jail_conf}"
|
||||
${NAME} {
|
||||
devfs_ruleset = 4;
|
||||
enforce_statfs = 2;
|
||||
@@ -157,7 +157,7 @@ generate_vnet_jail_conf() {
|
||||
done
|
||||
|
||||
## generate config
|
||||
cat << EOF > ${bastille_jail_conf}
|
||||
cat << EOF > "${bastille_jail_conf}"
|
||||
${NAME} {
|
||||
devfs_ruleset = 13;
|
||||
enforce_statfs = 2;
|
||||
@@ -191,11 +191,11 @@ create_jail() {
|
||||
|
||||
if [ ! -d "${bastille_jailsdir}/${NAME}" ]; then
|
||||
if [ "${bastille_zfs_enable}" = "YES" ]; then
|
||||
if [ ! -z "${bastille_zfs_zpool}" ]; then
|
||||
if [ -n "${bastille_zfs_zpool}" ]; then
|
||||
## create required zfs datasets, mountpoint inherited from system
|
||||
zfs create ${bastille_zfs_options} ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}
|
||||
zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}"
|
||||
if [ -z "${THICK_JAIL}" ]; then
|
||||
zfs create ${bastille_zfs_options} ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root
|
||||
zfs create ${bastille_zfs_options} "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
@@ -221,17 +221,17 @@ create_jail() {
|
||||
|
||||
if [ ! -f "${bastille_jail_fstab}" ]; then
|
||||
if [ -z "${THICK_JAIL}" ]; then
|
||||
echo -e "${bastille_releasesdir}/${RELEASE} ${bastille_jail_base} nullfs ro 0 0" > ${bastille_jail_fstab}
|
||||
echo -e "${bastille_releasesdir}/${RELEASE} ${bastille_jail_base} nullfs ro 0 0" > "${bastille_jail_fstab}"
|
||||
else
|
||||
touch ${bastille_jail_fstab}
|
||||
touch "${bastille_jail_fstab}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f "${bastille_jail_conf}" ]; then
|
||||
if [ -z "${bastille_jail_loopback}" ] && [ ! -z "${bastille_jail_external}" ]; then
|
||||
if [ -z "${bastille_jail_loopback}" ] && [ -n "${bastille_jail_external}" ]; then
|
||||
local bastille_jail_conf_interface=${bastille_jail_external}
|
||||
fi
|
||||
if [ ! -z "${bastille_jail_loopback}" ] && [ -z "${bastille_jail_external}" ]; then
|
||||
if [ -n "${bastille_jail_loopback}" ] && [ -z "${bastille_jail_external}" ]; then
|
||||
local bastille_jail_conf_interface=${bastille_jail_interface}
|
||||
fi
|
||||
if [ -n "${INTERFACE}" ]; then
|
||||
@@ -252,7 +252,7 @@ create_jail() {
|
||||
echo
|
||||
echo -e "${COLOR_GREEN}NAME: ${NAME}.${COLOR_RESET}"
|
||||
echo -e "${COLOR_GREEN}IP: ${IP}.${COLOR_RESET}"
|
||||
if [ ! -z ${INTERFACE} ]; then
|
||||
if [ -n "${INTERFACE}" ]; then
|
||||
echo -e "${COLOR_GREEN}INTERFACE: ${INTERFACE}.${COLOR_RESET}"
|
||||
fi
|
||||
echo -e "${COLOR_GREEN}RELEASE: ${RELEASE}.${COLOR_RESET}"
|
||||
@@ -274,10 +274,10 @@ create_jail() {
|
||||
for files in ${FILE_LIST}; do
|
||||
if [ -f "${bastille_releasesdir}/${RELEASE}/${files}" ] || [ -d "${bastille_releasesdir}/${RELEASE}/${files}" ]; then
|
||||
cp -a "${bastille_releasesdir}/${RELEASE}/${files}" "${bastille_jail_path}/${files}"
|
||||
if [ $? -ne 0 ]; then
|
||||
if [ "$?" -ne 0 ]; then
|
||||
## notify and clean stale files/directories
|
||||
echo -e "${COLOR_RED}Failed to copy release files, please retry create!${COLOR_RESET}"
|
||||
bastille destroy ${NAME}
|
||||
bastille destroy "${NAME}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
@@ -285,7 +285,7 @@ create_jail() {
|
||||
else
|
||||
echo -e "${COLOR_GREEN}Creating a thickjail, this may take a while...${COLOR_RESET}"
|
||||
if [ "${bastille_zfs_enable}" = "YES" ]; then
|
||||
if [ ! -z "${bastille_zfs_zpool}" ]; then
|
||||
if [ -n "${bastille_zfs_zpool}" ]; then
|
||||
## perform release base replication
|
||||
|
||||
## sane bastille zfs options
|
||||
@@ -293,31 +293,31 @@ create_jail() {
|
||||
|
||||
## take a temp snapshot of the base release
|
||||
SNAP_NAME="bastille-$(date +%Y-%m-%d-%H%M%S)"
|
||||
zfs snapshot ${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}@${SNAP_NAME}
|
||||
zfs snapshot "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
|
||||
|
||||
## replicate the release base to the new thickjail and set the default mountpoint
|
||||
zfs send -R ${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}@${SNAP_NAME} | \
|
||||
zfs receive ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root
|
||||
zfs set ${ZFS_OPTIONS} mountpoint=${bastille_jailsdir}/${NAME}/root ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root
|
||||
zfs send -R "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}" | \
|
||||
zfs receive "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
|
||||
zfs set ${ZFS_OPTIONS} mountpoint="${bastille_jailsdir}/${NAME}/root" "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"
|
||||
|
||||
## cleanup temp snapshots initially
|
||||
zfs destroy ${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}@${SNAP_NAME}
|
||||
zfs destroy ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root@${SNAP_NAME}
|
||||
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE}"@"${SNAP_NAME}"
|
||||
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${NAME}/root"@"${SNAP_NAME}"
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
if [ "$?" -ne 0 ]; then
|
||||
## notify and clean stale files/directories
|
||||
echo -e "${COLOR_RED}Failed release base replication, please retry create!${COLOR_RESET}"
|
||||
bastille destroy ${NAME}
|
||||
bastille destroy "${NAME}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
## copy all files for thick jails
|
||||
cp -a "${bastille_releasesdir}/${RELEASE}/" "${bastille_jail_path}"
|
||||
if [ $? -ne 0 ]; then
|
||||
if [ "$?" -ne 0 ]; then
|
||||
## notify and clean stale files/directories
|
||||
echo -e "${COLOR_RED}Failed to copy release files, please retry create!${COLOR_RESET}"
|
||||
bastille destroy ${NAME}
|
||||
bastille destroy "${NAME}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
@@ -329,14 +329,14 @@ create_jail() {
|
||||
## + cron_flags="-J 60" ## cedwards 20181118
|
||||
if [ ! -f "${bastille_jail_rc_conf}" ]; then
|
||||
touch "${bastille_jail_rc_conf}"
|
||||
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" syslogd_flags=-ss
|
||||
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" sendmail_enable=NONE
|
||||
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" cron_flags='-J 60'
|
||||
sysrc -f "${bastille_jail_rc_conf}" syslogd_flags=-ss
|
||||
sysrc -f "${bastille_jail_rc_conf}" sendmail_enable=NONE
|
||||
sysrc -f "${bastille_jail_rc_conf}" cron_flags='-J 60'
|
||||
|
||||
## VNET specific
|
||||
if [ -n "${VNET_JAIL}" ]; then
|
||||
## rename interface to generic vnet0
|
||||
uniq_epair=$(grep vnet.interface ${bastille_jailsdir}/${NAME}/jail.conf | awk '{print $3}' | sed 's/;//')
|
||||
uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//')
|
||||
/usr/sbin/sysrc -f "${bastille_jail_rc_conf}" "ifconfig_${uniq_epair}_name"=vnet0
|
||||
|
||||
## if 0.0.0.0 set DHCP
|
||||
@@ -348,7 +348,7 @@ create_jail() {
|
||||
fi
|
||||
|
||||
## VNET requires jib script
|
||||
if [ ! $(command -v jib) ]; then
|
||||
if [ ! "$(command -v jib)" ]; then
|
||||
if [ -f /usr/share/examples/jails/jib ] && [ ! -f /usr/local/bin/jib ]; then
|
||||
install -m 0544 /usr/share/examples/jails/jib /usr/local/bin/jib
|
||||
fi
|
||||
@@ -358,11 +358,11 @@ create_jail() {
|
||||
|
||||
## resolv.conf (default: copy from host)
|
||||
if [ ! -f "${bastille_jail_resolv_conf}" ]; then
|
||||
cp -L ${bastille_resolv_conf} ${bastille_jail_resolv_conf}
|
||||
cp -L "${bastille_resolv_conf}" "${bastille_jail_resolv_conf}"
|
||||
fi
|
||||
|
||||
## TZ: configurable (default: etc/UTC)
|
||||
ln -s /usr/share/zoneinfo/${bastille_tzdata} etc/localtime
|
||||
ln -s "/usr/share/zoneinfo/${bastille_tzdata}" etc/localtime
|
||||
}
|
||||
|
||||
# Handle special-case commands first.
|
||||
@@ -372,9 +372,9 @@ help|-h|--help)
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ $(echo $3 | grep '@' ) ]; then
|
||||
BASTILLE_JAIL_IP=$(echo $3 | awk -F@ '{print $2}')
|
||||
BASTILLE_JAIL_INTERFACES=$( echo $3 | awk -F@ '{print $1}')
|
||||
if echo "$3" | grep '@'; then
|
||||
BASTILLE_JAIL_IP=$(echo "$3" | awk -F@ '{print $2}')
|
||||
BASTILLE_JAIL_INTERFACES=$( echo "$3" | awk -F@ '{print $1}')
|
||||
fi
|
||||
|
||||
## reset this options
|
||||
@@ -402,9 +402,6 @@ else
|
||||
echo -e "${COLOR_RED}Unknown Option.${COLOR_RESET}"
|
||||
usage
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
@@ -418,7 +415,7 @@ if [ $# -gt 4 ] || [ $# -lt 3 ]; then
|
||||
fi
|
||||
|
||||
## don't allow for dots(.) in container names
|
||||
if [ $(echo "${NAME}" | grep "[.]") ]; then
|
||||
if echo "${NAME}" | grep -q "[.]"; then
|
||||
echo -e "${COLOR_RED}Container names may not contain a dot(.)!${COLOR_RESET}"
|
||||
exit 1
|
||||
fi
|
||||
@@ -469,7 +466,7 @@ fi
|
||||
|
||||
## check for required release
|
||||
if [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then
|
||||
echo -e "${COLOR_RED}Release must be bootstrapped first; see `bastille bootstrap`.${COLOR_RESET}"
|
||||
echo -e "${COLOR_RED}Release must be bootstrapped first; see 'bastille bootstrap'.${COLOR_RESET}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -479,17 +476,17 @@ if [ -n "${NAME}" ]; then
|
||||
fi
|
||||
|
||||
## check if ip address is valid
|
||||
if [ ! -z "${IP}" ]; then
|
||||
if [ -n "${IP}" ]; then
|
||||
validate_ip
|
||||
else
|
||||
usage
|
||||
fi
|
||||
|
||||
## check if interface is valid
|
||||
if [ ! -z ${INTERFACE} ]; then
|
||||
if [ -n "${INTERFACE}" ]; then
|
||||
validate_netif
|
||||
else
|
||||
validate_netconf
|
||||
fi
|
||||
|
||||
create_jail ${NAME} ${RELEASE} ${IP} ${INTERFACE}
|
||||
create_jail "${NAME}" "${RELEASE}" "${IP}" "${INTERFACE}"
|
||||
|
||||
Reference in New Issue
Block a user