Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-11 09:20:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Trim trailing whitespace

Browse Source
This commit is contained in:
Michael Osipov
2025-09-23 18:51:04 +02:00
parent e3d0b74ef1
commit 82958fb7b7
53 changed files with 223 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/test.yml vendored
View File

@@ -1,6 +1,6 @@
name: Bastille_Testing
on:
on:
pull_request:
branches:
- master
@@ -29,7 +29,4 @@ jobs:
cd bastille
make install
rocinante template tests/masterTest

2
README.md
View File

@@ -94,7 +94,7 @@ sysrc bastille_enable=YES
Upgrading from a previous version
---------------------------------
When upgrading from a previous version of bastille (e.g. 0.10.20230714 to
When upgrading from a previous version of bastille (e.g. 0.10.20230714 to
0.10.20231013) you will need to update your bastille.conf
```shell

10
docs/chapters/centralized-assets.rst
View File

@@ -36,7 +36,7 @@ access, simply use ``ro`` instead of ``rw`` as the option.
.. code-block:: shell
ishmael ~ # bastille mount "jail1 jail2" /my/host/directory /my/jail/directory nullfs rw 0 0
Cloning
-------
@@ -46,9 +46,9 @@ To clone your jail, use the following command.
.. code-block:: shell
ishmael ~ # bastille clone myjail mynewjail 10.0.0.3
This will create an exact duplicate of ``myjail`` at ``mynewjail``.
Custom Releases
---------------
@@ -61,14 +61,14 @@ process will not work with any other jail types.
.. code-block:: shell
ishmael ~ # bastille create -T myjail 14.2-RELEASE 10.0.0.1
Once the jail is up and running, configure it to your liking, then run the
following commmand to create a custom release based on your jail.
.. code-block:: shell
ishmael ~ # bastille convert myjail myrelease
Once this process completes, you will be able to run the following command to
create a jail based off your newly created release.

12
docs/chapters/gcp.rst
View File

@@ -22,7 +22,7 @@ Apply the below patch to set the correct MTU. You may need to ``cp
--- /usr/local/bin/jib 2022-07-31 03:27:04.163245000 +0000
+++ jib.fixed 2022-07-31 03:41:16.710401000 +0000
@@ -299,14 +299,14 @@
# Make sure the interface has been bridged
if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then
- new=$( ifconfig bridge create ) || return
@@ -31,12 +31,12 @@ Apply the below patch to set the correct MTU. You may need to ``cp
ifconfig $new name "$iface$bridge" || return
ifconfig "$iface$bridge" up || return
fi
# Create a new interface to the bridge
- new=$( ifconfig epair create ) || return
+ new=$( ifconfig epair create mtu 1460 ) || return
ifconfig "$iface$bridge" addm $new || return
# Rename the new interface
## Configure bridge interface
@@ -58,16 +58,16 @@ them through the external interface:
.. code-block:: text
ext_if="vtnet0"
bridge_if="vtnet0bridge"
set skip on lo
scrub in
# permissive NAT allows jail bridge and wireguard tunnels
nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
block in
pass out
pass in proto tcp to port {22}
pass in proto icmp icmp-type { echoreq }
pass in on $bridge_if

4
docs/chapters/gettingstarted.rst
View File

@@ -23,7 +23,7 @@ To see a list of available options and switches, see the ``setup`` subcommand.
.. code-block:: shell
ishmael ~ # bastille setup
Bootstrapping a Release
-----------------------
@@ -33,7 +33,7 @@ Then we need to bootstrap a release for bastille to use. We will use
.. code-block:: shell
ishmael ~ # bastille bootstrap 14.2-RELEASE
Creating a Jail
---------------

2
docs/chapters/migration.rst
View File

@@ -88,7 +88,7 @@ for remote systems you can use rsync:
rsync -avh /iocage/images/jailname_$(date +%F).* root@10.0.1.10:/usr/local/bastille/backups/
Import the iocage backup file (use zip file name)
.. code-block:: shell

6
docs/chapters/networking.rst
View File

@@ -1,7 +1,7 @@
Networking
==========
Bastille is very flexible with its networking options. Below are the supported
Bastille is very flexible with its networking options. Below are the supported
networking modes, how they work, and some tips on where you might want to use each
one.
@@ -153,7 +153,7 @@ you are free to use
<https://www.lifewire.com/what-is-a-private-ip-address-2625970>`_.
In this environment, we can create the container, give it a
unique private ip address within our local subnet, and attach
unique private ip address within our local subnet, and attach
its ip address to our primary interface.
.. code-block:: shell
@@ -210,7 +210,7 @@ Your server was assigned the following six section subnet:
The `vultr ipv6 subnet calculator
<https://www.vultr.com/resources/subnet-calculator-ipv6/?prefix_length=64&display=long&ipv6_address=2001%3Adb8%3Aacad%3Ae%3A%3A%2F64>`_
is helpful in making sense of that ipv6 address.
is helpful in making sense of that ipv6 address.
We could have also written that IPV6 address as 2001:19f0:6c01:114c:0:0

4
docs/chapters/subcommands/create.rst
View File

@@ -4,7 +4,7 @@ create
Create a jail uning any available bootstrapped release. To create a jail,
simply provide a name, bootstrapped release, and IP address.
The format is ``bastille create NAME RELEASE IP [INTERFACE]``
The format is ``bastille create NAME RELEASE IP [INTERFACE]``
Note that the ``interface`` is optional. Bastille will use the default interface
that is configured when running the setup command. See ``bastille setup -l`` or
@@ -56,7 +56,7 @@ options. See the below help output.
Usage: bastille create [option(s)] NAME RELEASE IP [INTERFACE]"
Options:
-B | --bridge Enable VNET, and attach to a specified, already existing external bridge.
-C | --clone Create a clone jail.
-D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only).

2
docs/chapters/subcommands/etcupdate.rst
View File

@@ -25,7 +25,7 @@ Next we can use the ``update`` command to apply the update to the jail.
The output will show you which files were added, updated, changed, deleted, or
have conflicts. To automatically resolve the conflicts, run the ``resolve``
command.
.. code-block:: shell
ishmael ~ # bastille etcupdate ishmael resolve

4
docs/chapters/subcommands/limits.rst
View File

@@ -44,7 +44,7 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
ishmael ~ # bastille limits help
Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]
Example: bastille limits TARGET add memoryuse 1G
Example: bastille limits TARGET add cpu 0,1,2
@@ -52,4 +52,4 @@ This file can be edited manually using ``bastille edit TARGET cpuset.conf``.
-a | --auto Auto mode. Start/stop jail(s) if required.
-l | --log Enable logging for the specified rule (rctl only).
-x | --debug Enable debug mode.
-x | --debug Enable debug mode.

2
docs/chapters/subcommands/list.rst
View File

@@ -16,7 +16,7 @@ Use ``-p|--pretty`` to print in columns instead of rows.
Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]
[path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)] [type]
Options:
-d | --down List stopped jails only.
-j | --json List jails or sub-arg(s) in json format.
-p | --pretty Print JSON in columns. Must be used with -j|--json.

2
docs/chapters/subcommands/migrate.rst
View File

@@ -13,7 +13,7 @@ port by supplying it as in ``user@host:port``.
ishmael ~ # bastille migrate help
Usage: bastille migrate [option(s)] TARGET USER@HOST[:PORT]
Examples:
bastille migrate attica migrate@192.168.10.100

2
docs/chapters/subcommands/mount.rst
View File

@@ -63,7 +63,7 @@ It is possible to do the same for the jail path, but again, not recommemded.
ishmael ~ # bastille mount azkaban "/storage/my\ directory\ with\ spaces" /media/foo nullfs ro 0 0
[azkaban]:
Added: /storage/my\040directory\040with\040spaces /usr/local/bastille/jails/azkaban/root/media/foo nullfs ro 0 0
.. code-block:: shell
ishmael ~ # bastille mount help

14
docs/chapters/subcommands/rdr.rst
View File

@@ -11,22 +11,22 @@ interfaces as this will include the jail interface - you should specify the
interface they run on in rc.conf (or other config files)
.. code-block:: shell
# bastille rdr dev1 tcp 2001 22
[jail1]:
IPv4 tcp/2001:22 on em0
# bastille rdr dev1 list
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
# bastille rdr dev1 udp 2053 53
[jail1]:
IPv4 udp/2053:53 on em0
# bastille rdr dev1 list
rdr pass on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
rdr pass on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
# bastille rdr dev1 clear
nat cleared
@@ -44,7 +44,7 @@ The ``rdr`` command includes 4 additional options:
# bastille rdr -i vtnet0 dev1 udp 8000 80
[jail1]:
IPv4 tcp/8000:80 on vtnet0
# bastille rdr -s 192.168.0.1 dev1 tcp 8080 81
[jail1]:
IPv4 tcp/8080:81 on em0
@@ -75,7 +75,7 @@ Simply use the table name instead of an IP address or subnet.
# bastille rdr --help
Usage: bastille rdr TARGET [option(s)] [clear|reset|list|(tcp|udp host_port jail_port [log ['(' logopts ')'] ] )]
Options:
-d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.

2
docs/chapters/subcommands/template.rst
View File

@@ -18,7 +18,7 @@ The TEMPLATE arg should be called with the ``project/template`` format.
ishmael ~ # bastille template help
Usage: bastille template [option(s)] TARGET [--convert] TEMPLATE
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.

2
docs/chapters/subcommands/verify.rst
View File

@@ -23,7 +23,7 @@ release or template .
Detected Bastillefile hook.
[Bastillefile]:
CMD mkdir -p /usr/local/etc/pkg/repos
CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' >
CMD echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest" }' >
/usr/local/etc/pkg/repos/FreeBSD.conf
CONFIG set allow.mlock=1;
CONFIG set ip6=inherit;

4
docs/chapters/template.rst
View File

@@ -132,7 +132,7 @@ escape it. Escaping it will cause errors.
Bootstrapping Templates
-----------------------
The official templates for Bastille are all on Gthub, and mirror the directory
The official templates for Bastille are all on Gthub, and mirror the directory
structure of the ports tree. So, ``nginx`` is in the ``www`` directory in the
templates, just like it is in the FreeBSD ports tree. To bootstrap the
entire set of official predefined templates run the following command:
@@ -155,7 +155,7 @@ Creating Templates
Templates can be created and placed inside the templates directory in the
``project/template`` format. Alternatively you can run the ``bastille template``
command from a relative path, making sure it is still in the above format.
Template Examples
-----------------

4
usr/local/bin/bastille
View File

@@ -164,7 +164,7 @@ while [ "$#" -gt 0 ]; do
error_exit "Not a valid config file: ${BASTILLE_CONFIG}"
fi
# Load common.sh after setting BASTILLE_CONFIG
. /usr/local/share/bastille/common.sh
. /usr/local/share/bastille/common.sh
shift 2
;;
-*)
@@ -243,5 +243,5 @@ if [ -f "${SCRIPTPATH}" ]; then
exec "${SH}" "${SCRIPTPATH}" "$@"
else
error_exit "${SCRIPTPATH} not found."
error_exit "${SCRIPTPATH} not found."
fi

12
usr/local/share/bastille/bootstrap.sh
View File

@@ -35,9 +35,9 @@
usage() {
error_notify "Usage: bastille bootstrap [option(s)] RELEASE|TEMPLATE [update|arch]"
cat << EOF
Options:
-x | --debug Enable debug mode.
EOF
@@ -297,7 +297,7 @@ bootstrap_release() {
info "\nBootstrap successful."
echo "See 'bastille --help' for available commands."
}
debootstrap_release() {
@@ -443,12 +443,12 @@ bootstrap_template() {
cp -fR "${_project_dir}" "${bastille_templatesdir}"
bastille verify "${_complete_template}"
done
# Remove the cloned repo
if [ -n "${_user}" ]; then
rm -r "${bastille_templatesdir:?}/${_user:?}"
fi
else
# Verify a single template
bastille verify "${_user}/${_repo}"
@@ -465,7 +465,7 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
error_exit "[ERROR]: Unknown Option: \"${1}\""
;;
*)

14
usr/local/share/bastille/clone.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille clone [option(s)] TARGET NEW_NAME IP"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required. Cannot be used with [-l|--live].
@@ -70,7 +70,7 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
@@ -251,7 +251,7 @@ update_jailconf_vnet() {
local _epair_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")"
local _old_host_epair="${_if}"
local _old_jail_epair="${_old_if_prefix%a}b_${_old_if_suffix}"
if [ "$(echo -n "e${_epair_num}a_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then
# Generate new epair name
local _new_host_epair="e${_epair_num}a_${NEWNAME}"
@@ -268,7 +268,7 @@ update_jailconf_vnet() {
if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then
# For -V jails
# Replace host epair name in jail.conf
# Replace host epair name in jail.conf
sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}"
@@ -293,7 +293,7 @@ update_jailconf_vnet() {
sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}"
else
# For -B jails
# Replace host epair name in jail.conf
# Replace host epair name in jail.conf
sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
@@ -384,7 +384,7 @@ update_jailconf_vnet() {
local _new_if_prefix="$(echo ${_if} | awk -F'_' '{print $1}')"
local _new_if_suffix="$(echo ${_if} | awk -F'_' '{print $2}')"
# Replace netgraph interface name
# Replace netgraph interface name
sed -i '' "s|jng bridge ${_old_if_suffix}|jng bridge ${_new_if_suffix}|g" "${_jail_conf}"
sed -i '' "s|${_old_ngif} ether|${_new_ngif} ether|g" "${_jail_conf}"
sed -i '' "s|jng shutdown ${_old_if_suffix}|jng shutdown ${_new_if_suffix}|g" "${_jail_conf}"
@@ -515,7 +515,7 @@ clone_jail() {
fi
else
check_target_is_stopped "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${TARGET}"
else

8
usr/local/share/bastille/cmd.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille cmd [option(s)] TARGET COMMAND"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -111,7 +111,7 @@ for _jail in ${JAILS}; do
if [ "$?" -ne 0 ]; then
ERRORS=$((ERRORS + 1))
fi
done
if [ "${ERRORS}" -ne 0 ]; then

8
usr/local/share/bastille/common.sh
View File

@@ -34,7 +34,7 @@
# because all commands load this file
# shellcheck disable=SC1090
. ${BASTILLE_CONFIG}
COLOR_RED=
COLOR_GREEN=
COLOR_YELLOW=
@@ -56,7 +56,7 @@ enable_debug() {
# Enable debug mode.
warn "***DEBUG MODE***"
set -x
}
}
# If "NO_COLOR" environment variable is present, or we aren't speaking to a
# tty, disable output colors.
@@ -287,7 +287,7 @@ set_bastille_mountpoints() {
bastille_logsdir_mountpoint="${bastille_logsdir}"
# Add _altroot to *dir* if set
if [ "${_altroot}" != "-" ]; then
if [ "${_altroot}" != "-" ]; then
# Set *dir* to include ALTROOT
bastille_prefix="${_altroot}${bastille_prefix}"
bastille_backupsdir="${_altroot}${bastille_backupsdir}"
@@ -295,7 +295,7 @@ set_bastille_mountpoints() {
bastille_jailsdir="${_altroot}${bastille_jailsdir}"
bastille_releasesdir="${_altroot}${bastille_releasesdir}"
bastille_templatesdir="${_altroot}${bastille_templatesdir}"
bastille_logsdir="${_altroot}${bastille_logsdir}"
bastille_logsdir="${_altroot}${bastille_logsdir}"
fi
fi
}

14
usr/local/share/bastille/config.sh
View File

@@ -36,7 +36,7 @@
usage() {
error_notify "Usage: bastille config [option(s)] TARGET [get|(set|add)|remove] PROPERTY [VALUE]"
cat << EOF
Options:
-x | --debug Enable debug mode.
@@ -52,7 +52,7 @@ print_jail_conf() {
# line
jail -f "$1" -e '
'
}
}
# Handle options.
while [ "$#" -gt 0 ]; do
@@ -93,7 +93,7 @@ case "${ACTION}" in
error_exit "[ERROR]: Too many parameters for [get|remove] operation."
fi
;;
add|set)
add|set)
;;
*)
error_exit "[ERROR]: Only (add|set), get and remove are supported."
@@ -121,10 +121,10 @@ print_jail_conf() {
# line
jail -f "${1}" -e '
'
}
}
for _jail in ${JAILS}; do
# Backwards compatibility for specifying only an IP with ip[4|6].addr
if [ "${ACTION}" = "set" ] && [ "${PROPERTY}" = "ip4.addr" ]; then
if ! echo "${VALUE}" | grep -q "|"; then
@@ -135,7 +135,7 @@ for _jail in ${JAILS}; do
VALUE="$(bastille config ${_jail} get ip6.addr | awk -F"|" '{print $1}')|${VALUE}"
fi
fi
# Handle Bastille specific properties
# Currently only 'depend' 'priority' and 'boot'
if [ "${PROPERTY}" = "priority" ] || [ "${PROPERTY}" = "prio" ]; then
@@ -307,7 +307,7 @@ for _jail in ${JAILS}; do
rm "${_tmpfile}"
fi
fi
done
# Only display this message once at the end (not for every jail). -- cwells

12
usr/local/share/bastille/console.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille console [option(s)] TARGET [USER]"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
x) enable_debug ;;
a) AUTO=1 ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -90,7 +90,7 @@ validate_user() {
local _jail="${1}"
local _user="${2}"
if jexec -l "${_jail}" id "${_user}" >/dev/null 2>&1; then
USER_SHELL="$(jexec -l "${_jail}" getent passwd "${_user}" | cut -d: -f7)"
if [ -n "${USER_SHELL}" ]; then
@@ -110,7 +110,7 @@ validate_user() {
check_fib() {
local _jail="${1}"
fib=$(grep 'exec.fib' "${bastille_jailsdir}/${_jail}/jail.conf" | awk '{print $3}' | sed 's/\;//g')
if [ -n "${fib}" ]; then
@@ -132,7 +132,7 @@ for _jail in ${JAILS}; do
fi
info "\n[${_jail}]:"
LOGIN="$(jexec -l "${_jail}" which login)"
if [ -n "${USER}" ]; then
@@ -142,5 +142,5 @@ for _jail in ${JAILS}; do
LOGIN="$(jexec -l "${_jail}" which login)"
${_setfib} jexec -l "${_jail}" ${LOGIN} -f root
fi
done

12
usr/local/share/bastille/convert.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille convert [option(s)] TARGET [RELEASE]"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -66,13 +66,13 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
y) AUTO_YES=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -106,7 +106,7 @@ validate_release_name() {
local _name=${1}
local _sanity="$(echo "${_name}" | tr -c -d 'a-zA-Z0-9-_')"
if [ -n "$(echo "${_sanity}" | awk "/^[-_].*$/" )" ]; then
error_exit "[ERROR]: Release names may not begin with (-|_) characters!"
elif [ "${_name}" != "${_sanity}" ]; then
@@ -119,7 +119,7 @@ convert_jail_to_release() {
_jailname="${1}"
_release="${2}"
info "\nAttempting to create '${_release}' from '${_jailname}'..."
if checkyesno bastille_zfs_enable; then
@@ -272,7 +272,7 @@ if [ "$#" -eq 1 ]; then
elif ! grep -qw ".bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_exit "[ERROR]: ${TARGET} is not a thin container."
fi
# Ask if user is sure they want to convert the jail
# but only if AUTO_YES=0
if [ "${AUTO_YES}" -ne 1 ]; then

22
usr/local/share/bastille/create.sh
View File

@@ -39,7 +39,7 @@ usage() {
cat << EOF
Options:
-B | --bridge Enable VNET, and attach to a specified, already existing external bridge.
-C | --clone Create a clone jail.
-D | --dual Create jail with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only).
@@ -65,7 +65,7 @@ validate_name() {
local NAME_VERIFY=${NAME}
local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')"
# Make sure NAME has only allowed characters
if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
error_exit "[ERROR]: Jail names may not begin with (-|_) characters!"
@@ -607,7 +607,7 @@ create_jail() {
if [ -f /usr/share/examples/jails/jng ] && [ ! -f /usr/local/bin/jng ]; then
install -m 0544 /usr/share/examples/jails/jng /usr/local/bin/jng
fi
fi
fi
fi
fi
elif [ -n "${LINUX_JAIL}" ]; then
@@ -646,7 +646,7 @@ create_jail() {
if [ -n "${VNET_JAIL}" ]; then
if [ -n "${bastille_template_vnet}" ]; then
## rename interface to generic vnet0
uniq_epair=$(grep vnet.interface "${bastille_jailsdir}/${NAME}/jail.conf" | awk '{print $3}' | sed 's/;//; s/-/_/g')
_gateway=''
@@ -668,12 +668,12 @@ create_jail() {
_gateway="$(netstat -4rn | awk '/default/ {print $2}')"
fi
fi
# Add IPv4 address (this is empty if DHCP is used)
if [ -n "${IP4_ADDR}" ]; then
_ifconfig_inet="${_ifconfig_inet} inet ${IP4_ADDR}"
fi
# Enable IPv6 if used
if [ -n "${IP6_ADDR}" ]; then
_ifconfig_inet6='inet6 -ifdisabled'
@@ -689,12 +689,12 @@ create_jail() {
fi
fi
fi
# Add IPv6 address (this is empty if SLAAC is used)
if [ -n "${IP6_ADDR}" ]; then
_ifconfig_inet6="${_ifconfig_inet6} ${IP6_ADDR}"
fi
# We need to pass IP4 and IP6 separately
_ifconfig="${_ifconfig_inet}"
_ifconfig6="${_ifconfig_inet6}"
@@ -832,7 +832,7 @@ while [ $# -gt 0 ]; do
if echo "${2}" | grep -Eoq "^[0-9]+$"; then
PRIORITY="${2}"
shift 2
else
else
error_exit "Not a valid priority value: \"${2}\""
fi
;;
@@ -868,7 +868,7 @@ while [ $# -gt 0 ]; do
bastille_zfs_options="${2}"
shift 2
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
B) VNET_JAIL=1 VNET_JAIL_BRIDGE=1 ;;
@@ -880,7 +880,7 @@ while [ $# -gt 0 ]; do
T) THICK_JAIL=1 ;;
V) VNET_JAIL=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift

4
usr/local/share/bastille/destroy.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille destroy [option(s)] JAIL|RELEASE"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -256,7 +256,7 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;

4
usr/local/share/bastille/edit.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille edit [option(s)] TARGET [FILE]"
cat << EOF
Options:
-x | --debug Enable debug mode.
@@ -71,7 +71,7 @@ fi
TARGET="${1}"
if [ "$#" -eq 2 ]; then
TARGET_FILENAME="${2}"
else
else
TARGET_FILENAME="jail.conf"
fi

10
usr/local/share/bastille/etcupdate.sh
View File

@@ -32,7 +32,7 @@
usage() {
error_notify "Usage: bastille etcupdate [option(s)] [bootstrap|TARGET] [diff|resolve|update RELEASE]"
cat << EOF
Options:
-d | --dry-run Show output, but do not apply.
@@ -92,7 +92,7 @@ diff_review() {
fi
echo "Running: etcupdate --diff mode"
etcupdate diff -D "${bastille_jailsdir}/${_jail}/root"
etcupdate diff -D "${bastille_jailsdir}/${_jail}/root"
}
resolve_conflicts() {
@@ -104,7 +104,7 @@ resolve_conflicts() {
fi
echo "Running: etcupdate resolve"
etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root"
etcupdate resolve -D "${bastille_jailsdir}/${_jail}/root"
}
update_jail_etc() {
@@ -144,13 +144,13 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
d) DRY_RUN=1 ;;
f) FORCE=1 ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift

4
usr/local/share/bastille/export.sh
View File

@@ -39,7 +39,7 @@ usage() {
# If no compression option specified, user must redirect standard output
error_notify "Usage: bastille export [option(s)] TARGET PATH"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -275,7 +275,7 @@ clean_zfs_snap() {
zfs destroy "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET}@bastille_${TARGET}_${DATE}"
}
export_check() {
export_check() {
# Inform the user about the exporting method
if [ -z "${USER_EXPORT}" ]; then
if [ -n "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then

10
usr/local/share/bastille/import.sh
View File

@@ -37,7 +37,7 @@ usage() {
# If no file/extension specified, will import from standard input
error_notify "Usage: bastille import [option(s)] FILE [RELEASE]"
cat << EOF
Options:
-f | --force Force an archive import regardless if the checksum file does not match or missing.
@@ -77,14 +77,14 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
f) OPT_FORCE=1 ;;
M) OPT_STATIC_MAC=1 ;;
v) OPT_ZRECV="-u -v" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -137,7 +137,7 @@ validate_archive() {
}
update_zfsmount() {
# Update the mountpoint property on the received ZFS data stream
OLD_ZFS_MOUNTPOINT=$(zfs get -H mountpoint "${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${TARGET_TRIM}/root" | awk '{print $3}')
NEW_ZFS_MOUNTPOINT="${bastille_jailsdir}/${TARGET_TRIM}/root"
@@ -232,7 +232,7 @@ generate_config() {
IPVX_CONFIG=$(grep -wo "jail_${TARGET_TRIM}_ip=.*" ${PROP_CONFIG} | tr -d '" ' | sed "s/jail_${TARGET_TRIM}_ip=//")
if [ -z "${RELEASE}" ]; then
CONFIG_RELEASE=$(echo ${PROP_CONFIG} | grep -o '[0-9]\{2\}\.[0-9]_RELEASE' | sed 's/_/-/g')
else
else
CONFIG_RELEASE="${RELEASE}"
fi
fi

10
usr/local/share/bastille/jcp.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille jcp [option(s)] SOURCE_JAIL JAIL_PATH DEST_JAIL JAIL_PATH"
cat << EOF
Options:
-q | --quiet Suppress output.
@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -100,14 +100,14 @@ for _jail in ${DEST_TARGET}; do
source_path="$(echo ${bastille_jailsdir}/${SOURCE_TARGET}/root/${SOURCE_PATH} | sed 's#//#/#g')"
dest_path="$(echo ${bastille_jailsdir}/${_jail}/root/${DEST_PATH} | sed 's#//#/#g')"
if ! cp "${OPTION}" "${source_path}" "${dest_path}"; then
ERRORS=$((ERRORS + 1))
error_continue "[ERROR]: JCP failed: ${source_path} -> ${dest_path}"
fi
fi
done
if [ "${ERRORS}" -ne 0 ]; then

14
usr/local/share/bastille/limits.sh
View File

@@ -36,10 +36,10 @@
usage() {
error_notify "Usage: bastille limits [option(s)] TARGET [add|remove|clear|reset|(list|show [active])|stats] OPTION [VALUE]"
cat << EOF
Example: bastille limits TARGET add memoryuse 1G
Example: bastille limits TARGET add cpu 0,1,2
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -70,13 +70,13 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
l) OPT_LOG=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -93,7 +93,7 @@ fi
TARGET="${1}"
ACTION="${2}"
# Retain support for no action (will default to add)
# Retain support for no action (will default to add)
if [ "${ACTION}" != "add" ] && [ "${ACTION}" != "remove" ] && [ "${ACTION}" != "clear" ] && [ "${ACTION}" != "list" ] && [ "${ACTION}" != "show" ] && [ "${ACTION}" != "reset" ] && [ "${ACTION}" != "stats" ]; then
ACTION="add"
shift 1
@@ -148,7 +148,7 @@ for _jail in ${JAILS}; do
fi
info "\n[${_jail}]:"
case "${ACTION}" in
add)
@@ -299,5 +299,5 @@ for _jail in ${JAILS}; do
;;
esac
done

10
usr/local/share/bastille/list.sh
View File

@@ -235,7 +235,7 @@ get_jail_info() {
# Get info if jail is DOWN
if [ "$(awk '$1 == "vnet;" { print $1 }' "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null)" ]; then
JAIL_IP4=$(grep -E "^ifconfig_vnet.*inet .*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -o "inet .*" | awk '{print $2}' | sed -E 's#/[0-9]+.*##g' | sed 's/"//g')
JAIL_IP6=$(grep -E "^ifconfig_vnet.*inet6.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -Eow "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?" | sed -E 's#/[0-9]+.*##g' | sed 's/"//g')
JAIL_IP6=$(grep -E "^ifconfig_vnet.*inet6.*" "${bastille_jailsdir}/${JAIL_NAME}/root/etc/rc.conf" 2> /dev/null | grep -Eow "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?" | sed -E 's#/[0-9]+.*##g' | sed 's/"//g')
else
JAIL_IP4=$(sed -n "s/^[ ].*ip4.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g')
JAIL_IP6=$(sed -n "s/^[ ].*ip6.addr[ ].*=[ ]\(.*\);$/\1/p" "${bastille_jailsdir}/${JAIL_NAME}/jail.conf" 2> /dev/null | sed -e 's#/.*##g' -e 's#.*|##g')
@@ -275,7 +275,7 @@ get_jail_info() {
if [ "${OPT_STATE}" != "all" ] && [ "${JAIL_STATE}" != "${OPT_STATE}" ]; then
# shellcheck disable=SC2104
continue
fi
fi
# Add ... if JAIL_PORTS is too long
JAIL_PORTS_FULL="${JAIL_PORTS}"
@@ -300,7 +300,7 @@ get_jail_info() {
list_bastille(){
_tmp_list=
get_max_lengths
get_jail_list
@@ -317,13 +317,13 @@ list_bastille(){
fi
(
get_jail_info "${_jail}"
# Get JAIL_IP count
JAIL_IP_COUNT=$(echo "${JAIL_IP}" | wc -l)
# Print JAIL_IP in columns if -gt 1
# Print JAIL_IP in columns if -gt 1
if [ ${JAIL_IP_COUNT} -gt 1 ]; then
# vnet0 has more than one IPs assigned.
# Put each IP in its own line below the jails first address. For instance:

8
usr/local/share/bastille/migrate.sh
View File

@@ -95,7 +95,7 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
@@ -104,7 +104,7 @@ while [ "$#" -gt 0 ]; do
l) LIVE=1 ;;
p) OPT_PASSWORD=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -144,7 +144,7 @@ validate_host_status() {
local _user="${1}"
local _host="${2}"
local _port="${3}"
info "\nChecking remote host status..."
# Host uptime
@@ -364,7 +364,7 @@ for _jail in ${JAILS}; do
fi
info "\nAttempting to migrate '${_jail}' to '${HOST}'..."
migrate_jail "${_jail}" "${USER}" "${HOST}" "${PORT}"
info "\nSuccessfully migrated '${_jail}' to '${HOST}'.\n"

8
usr/local/share/bastille/mount.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille mount [option(s)] TARGET HOST_PATH JAIL_PATH [filesystem_type options dump pass_number]"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -194,11 +194,11 @@ for _jail in ${JAILS}; do
continue
fi
fi
fi
fi
# Add entry to fstab and mount
echo "${_fstab_entry}" >> "${bastille_jailsdir}/${_jail}/fstab" || error_continue "Failed to create fstab entry: ${_fstab_entry}"
mount -F "${bastille_jailsdir}/${_jail}/fstab" -a || error_continue "Failed to mount volume: ${_fullpath}"
echo "Added: ${_fstab_entry}"
done

36
usr/local/share/bastille/network.sh
View File

@@ -36,7 +36,7 @@
usage() {
error_notify "Usage: bastille network [option(s)] TARGET [remove|add] INTERFACE [IP]"
cat << EOF
Options:
-a | --auto Start/stop jail(s) if required.
@@ -47,7 +47,7 @@ usage() {
-V | --vnet Add a VNET interface.
-v | --vlan VLANID Assign VLAN ID to interface (VNET only).
-x | --debug Enable debug mode.
EOF
exit 1
}
@@ -101,7 +101,7 @@ while [ "$#" -gt 0 ]; do
-x|--debug)
enable_debug
shift
;;
;;
-*)
for _o in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do
case ${_o} in
@@ -112,7 +112,7 @@ while [ "$#" -gt 0 ]; do
P) PASSTHROUGH=1 ;;
V) VNET=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -135,7 +135,7 @@ else
fi
# Default is standard interface
if [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then
if [ "${VNET}" -eq 0 ] && [ "${BRIDGE}" -eq 0 ] && [ "${PASSTHROUGH}" -eq 0 ]; then
STANDARD=1
fi
@@ -224,11 +224,11 @@ check_interface_added() {
local _jailname="${1}"
local _if="${2}"
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf"
if grep -qo "${_if}" "${_jail_config}"; then
return 0
else
else
return 1
fi
}
@@ -294,7 +294,7 @@ EOF
}
EOF
fi
# Add config to /etc/rc.conf
sysrc -f "${_jail_rc_config}" ifconfig_${jail_epair}_name="${_jail_vnet}"
if [ -n "${IP6_ADDR}" ]; then
@@ -377,7 +377,7 @@ EOF
break
fi
done
echo "Added VNET interface: \"${_if}\""
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
@@ -428,8 +428,8 @@ EOF
fi
break
fi
done
echo "Added VNET interface: \"${_if}\""
done
echo "Added VNET interface: \"${_if}\""
fi
elif [ "${PASSTHROUGH}" -eq 1 ]; then
@@ -458,7 +458,7 @@ EOF
fi
fi
echo "Added Passthrough interface: \"${_if}\""
elif [ "${STANDARD}" -eq 1 ]; then
if [ -n "${IP6_ADDR}" ]; then
sed -i '' "s/interface = .*/&\n ip6.addr += ${_if}|${_ip};/" ${_jail_config}
@@ -507,7 +507,7 @@ remove_interface() {
else
error_exit "[ERROR]: Could not find interface inside jail: \"${_if_jail}\""
fi
# Get vnetX value from rc.conf
if [ "${_if_type}" = "if_bridge" ]; then
if grep -oq "${_if_jail}" ${_jail_config}; then
@@ -528,7 +528,7 @@ remove_interface() {
error_exit "[ERROR]: Interface not found: ${_if_jail}"
fi
fi
# Do not allow removing default vnet0 interface
if [ "${_if_vnet}" = "vnet0" ]; then
error_exit "[ERROR]: Default interface cannot be removed."
@@ -538,7 +538,7 @@ remove_interface() {
if [ -z "${_if_jail}" ]; then
error_exit "[ERROR]: Could not find specifed interface."
fi
# Remove interface from /etc/rc.conf
if [ "${_if_type}" = "if_bridge" ]; then
if [ -n "${_if_vnet}" ] && echo ${_if_vnet} | grep -Eoq 'vnet[0-9]+'; then
@@ -563,11 +563,11 @@ remove_interface() {
# Remove VNET interface from jail.conf (VNET)
if [ -n "${_if_jail}" ]; then
if [ "${_if_type}" = "if_bridge" ]; then
sed -i '' "/.*${_epaira}.*/d" "${_jail_config}"
sed -i '' "/.*${_epaira}.*/d" "${_jail_config}"
sed -i '' "/.*${_epairb}.*/d" "${_jail_config}"
sed -i '' "/.*${_if}.*/d" "${_jail_config}"
elif [ "${_if_type}" = "netgraph" ]; then
sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}"
sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}"
sed -i '' "/.*${_if}.*/d" "${_jail_config}"
elif [ "${_if_type}" = "passthrough" ]; then
sed -i '' "/.*${_if_jail}.*/d" "${_jail_config}"
@@ -690,7 +690,7 @@ case "${ACTION}" in
fi
;;
remove|delete)
check_interface_added "${TARGET}" "${INTERFACE}" || error_exit "Interface not found in jail.conf: \"${INTERFACE}\""
check_interface_added "${TARGET}" "${INTERFACE}" || error_exit "Interface not found in jail.conf: \"${INTERFACE}\""
validate_netif "${INTERFACE}"
if ! grep -q "${INTERFACE}" ${bastille_jailsdir}/${TARGET}/jail.conf; then
error_exit "[ERROR]: Interface not found in jail.conf: \"${INTERFACE}\""

8
usr/local/share/bastille/pkg.sh
View File

@@ -72,14 +72,14 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
H) USE_HOST_PKG=1 ;;
y) AUTO_YES=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -97,7 +97,7 @@ fi
TARGET="${1}"
shift
ERRORS=0
bastille_root_check
set_target "${TARGET}"
@@ -137,7 +137,7 @@ for _jail in ${JAILS}; do
if [ "$?" -ne 0 ]; then
ERRORS=$((ERRORS + 1))
fi
done
if [ "${ERRORS}" -ne 0 ]; then

2
usr/local/share/bastille/rcp.sh
View File

@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
case ${_opt} in
q) OPTION="-a" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift

14
usr/local/share/bastille/rdr.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille rdr [option(s)] TARGET [clear|reset|list|(tcp|udp)] HOST_PORT JAIL_PORT [log ['(' logopts ')'] ]"
cat << EOF
Options:
-d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
@@ -76,7 +76,7 @@ check_jail_validity() {
else
error_exit "[ERROR]: VNET jails do not support rdr."
fi
# Check if rdr-anchor is defined in pf.conf
if ! (pfctl -sn | grep rdr-anchor | grep 'rdr/\*' >/dev/null); then
error_exit "[ERROR]: rdr-anchor not found in pf.conf"
@@ -185,7 +185,7 @@ load_rdr_rule() {
| pfctl -a "rdr/${TARGET}" -f-; then
error_exit "[ERROR]: Failed to create IPv4 rdr rule \"${if_name} ${src} ${dst} ${proto} ${host_port} ${jail_port}\""
else
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
echo "IPv4 ${proto}/${host_port}:${jail_port} on ${if_name}"
fi
fi
# Create IPv6 rdr rule (if ip6.addr is enabled)
@@ -228,7 +228,7 @@ load_rdr_log_rule() {
# Create IPv6 rdr rule with log (if ip6.addr is enabled)
# shellcheck disable=SC2193
if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then
if [ -n "${JAIL_IP6}" ] && { [ "${inet}" = "ipv6" ] || [ "${inet}" = "dual" ]; } then
if ! ( pfctl -a "rdr/${TARGET}" -Psn;
printf '%s\nrdr pass %s on $%s inet6 proto %s from %s to %s port %s -> %s port %s\n' "$if" "$log" "${bastille_network_pf_ext_if}" "$proto" "$src" "$dst" "$host_port" "$JAIL_IP6" "$jail_port" ) \
| pfctl -a "rdr/${TARGET}" -f-; then
@@ -355,7 +355,7 @@ while [ "$#" -gt 0 ]; do
fi
fi
shift
;;
;;
tcp|udp)
if [ "$#" -lt 3 ]; then
usage
@@ -388,7 +388,7 @@ while [ "$#" -gt 0 ]; do
check_jail_validity
validate_rdr_rule "$RDR_IF" $RDR_SRC $RDR_DST $1 $2 $3
persist_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
load_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
load_rdr_log_rule $RDR_INET "$RDR_IF" $RDR_SRC $RDR_DST $proto $host_port $jail_port "$@"
shift $#
else
usage
@@ -412,7 +412,7 @@ while [ "$#" -gt 0 ]; do
*)
if [ "${1}" = "dual" ] || [ "${1}" = "ipv4" ] || [ "${1}" = "ipv6" ]; then
RDR_INET="${1}"
else
else
usage
fi
if [ "$#" -eq 7 ] && { [ "${5}" = "tcp" ] || [ "${5}" = "udp" ]; } then

8
usr/local/share/bastille/rename.sh
View File

@@ -53,7 +53,7 @@ while [ "$#" -gt 0 ]; do
AUTO=1
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
@@ -161,7 +161,7 @@ update_jailconf_vnet() {
if grep "${_old_if_suffix}" "${_jail_conf}" | grep -oq "jib addm"; then
# For -V jails
# Replace host epair name in jail.conf
# Replace host epair name in jail.conf
sed -i '' "s|jib addm ${_old_if_suffix}|jib addm ${_new_if_suffix}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} destroy|${_new_host_epair} destroy|g" "${_jail_conf}"
@@ -178,7 +178,7 @@ update_jailconf_vnet() {
sed -i '' "/ifconfig/ s|${_old_jail_epair}|${_new_jail_epair}|g" "${_rc_conf}"
else
# For -B jails
# Replace host epair name in jail.conf
# Replace host epair name in jail.conf
sed -i '' "s|up name ${_old_host_epair}|up name ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|addm ${_old_host_epair}|addm ${_new_host_epair}|g" "${_jail_conf}"
sed -i '' "s|${_old_host_epair} ether|${_new_host_epair} ether|g" "${_jail_conf}"
@@ -198,7 +198,7 @@ update_jailconf_vnet() {
fi
# For netgraph network type
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
local _ngif_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")"
local _old_ngif="${_if}"

8
usr/local/share/bastille/restart.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille restart [option(s)] TARGET"
cat << EOF
Options:
-b | --boot Respect jail boot setting.
@@ -74,7 +74,7 @@ while [ "$#" -gt 0 ]; do
_stop_options="${_stop_options} -x"
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
b)
@@ -84,13 +84,13 @@ while [ "$#" -gt 0 ]; do
_start_options="${_start_options} -v"
_stop_options="${_stop_options} -v"
;;
x)
x)
_start_options="${_start_options} -x"
_stop_options="${_stop_options} -x"
;;
*)
error_exit "[ERROR]: Unknown Option: \"${1}\""
;;
;;
esac
done
shift

8
usr/local/share/bastille/service.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille service [option(s)] TARGET SERVICE_NAME ARGS"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -99,7 +99,7 @@ for _jail in ${JAILS}; do
fi
info "\n[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/service "$@"
if [ "$?" -ne 0 ]; then

4
usr/local/share/bastille/setup.sh
View File

@@ -40,7 +40,7 @@ usage() {
error_notify " [vnet]"
error_notify " [storage]"
cat << EOF
Options:
-y | --yes Assume always yes on prompts.
@@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
y) AUTO_YES=1 ;;

12
usr/local/share/bastille/start.sh
View File

@@ -38,7 +38,7 @@ usage() {
Options:
-b | --boot Respect jail boot setting.
-b | --boot Respect jail boot setting.
-d | --delay VALUE Time (seconds) to wait after starting each jail.
-v | --verbose Print every action on jail start.
-x | --debug Enable debug mode.
@@ -76,13 +76,13 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
b) BOOT=1 ;;
v) OPTION="-v" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -121,14 +121,14 @@ for _jail in ${JAILS}; do
bastille start ${_depend_jail}
fi
done
if check_target_is_running "${_jail}"; then
info "\n[${_jail}]:"
error_continue "Jail is already running."
fi
info "\n[${_jail}]:"
# Validate interfaces and add IPs to firewall table
if [ "$(bastille config ${_jail} get vnet)" != 'enabled' ]; then
_ip4_interfaces="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"
@@ -217,5 +217,5 @@ for _jail in ${JAILS}; do
# Delay between jail action
sleep "${DELAY_TIME}"
done

8
usr/local/share/bastille/stop.sh
View File

@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
v) OPTION="-v" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -103,7 +103,7 @@ for _jail in ${JAILS}; do
info "\n[${_jail}]:"
error_continue "Jail is already stopped."
fi
info "\n[${_jail}]:"
# Remove RDR rules
@@ -153,7 +153,7 @@ for _jail in ${JAILS}; do
else
_ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')"
fi
pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
done
fi

10
usr/local/share/bastille/sysrc.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille sysrc [option(s)] TARGET ARGS"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -60,12 +60,12 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -99,13 +99,13 @@ for _jail in ${JAILS}; do
fi
info "\n[${_jail}]:"
jexec -l "${_jail}" /usr/sbin/sysrc "$@"
if [ "$?" -ne 0 ]; then
ERRORS=$((ERRORS + 1))
fi
done
if [ "${ERRORS}" -ne 0 ]; then

12
usr/local/share/bastille/template.sh
View File

@@ -144,12 +144,12 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -281,7 +281,7 @@ for _jail in ${JAILS}; do
fi
info "\n[${_jail}]:"
echo "Applying template: ${TEMPLATE}..."
## get jail ip4 and ip6 values
@@ -311,7 +311,7 @@ for _jail in ${JAILS}; do
{ [ "${_jail_ip6}" = "not set" ] || [ "${_jail_ip6}" = "disable" ]; } then
error_notify "Jail IP not found: ${_jail}"
fi
## TARGET
if [ -s "${bastille_template}/TARGET" ]; then
if grep -qw "${_jail}" "${bastille_template}/TARGET"; then
@@ -471,7 +471,7 @@ for _jail in ${JAILS}; do
echo
fi
done
info "\nTemplate applied: ${TEMPLATE}"
done

8
usr/local/share/bastille/umount.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille umount [option(s)] TARGET JAIL_PATH"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -96,7 +96,7 @@ for _jail in ${JAILS}; do
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
info "\n[${_jail}]:"
_jailpath="$( echo "${bastille_jailsdir}/${_jail}/root/${MOUNT_PATH}" 2>/dev/null | sed 's#//#/#' | sed 's#\\##g')"
@@ -125,9 +125,9 @@ for _jail in ${JAILS}; do
if [ -f "${_jailpath}" ]; then
rm -f "${_jailpath}" || error_continue "Failed to unmount volume: ${MOUNT_PATH}"
fi
echo "Unmounted: ${_jailpath}"
done
echo

12
usr/local/share/bastille/update.sh
View File

@@ -69,13 +69,13 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
f) OPTION="-F" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -134,7 +134,7 @@ jail_update() {
local _workdir="${_jailpath}/var/db/freebsd-update"
# Update a thick container
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
if [ -z "${CURRENT_VERSION}" ]; then
error_exit "[ERROR]: Can't determine '${TARGET}' version."
@@ -186,10 +186,10 @@ template_update() {
if [ -d $_template_path ]; then
info "\n[${BASTILLE_TEMPLATE}]:"
if ! git -C $_template_path pull; then
error_exit "[ERROR]: ${BASTILLE_TEMPLATE} update unsuccessful."
error_exit "[ERROR]: ${BASTILLE_TEMPLATE} update unsuccessful."
fi
bastille verify "${BASTILLE_TEMPLATE}"
else
else
error_exit "[ERROR]: ${BASTILLE_TEMPLATE} not found. See 'bastille bootstrap'."
fi
}
@@ -212,7 +212,7 @@ templates_update() {
if [ "$_updated_templates" -ne "0" ]; then
info "\n$_updated_templates templates updated."
else
else
error_exit "[ERROR]: No templates found. See 'bastille bootstrap'."
fi
}

12
usr/local/share/bastille/upgrade.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille upgrade [option(s)] TARGET NEW_RELEASE|install"
cat << EOF
Options:
-a | --auto Auto mode. Start/stop jail(s) if required.
@@ -66,13 +66,13 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
f) OPTION="-F" ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift
@@ -93,7 +93,7 @@ NEWRELEASE="${2}"
bastille_root_check
set_target_single "${TARGET}"
# Check for unsupported actions
# Check for unsupported actions
if [ -f "/bin/midnightbsd-version" ]; then
error_exit "[ERROR]: Not yet supported on MidnightBSD."
fi
@@ -186,7 +186,7 @@ jail_upgrade() {
-d "${_workdir}" \
-f "${_freebsd_update_conf}" \
-r "${_newrelease}" upgrade
# Update "osrelease" inside jail.conf using 'bastille config'
bastille config ${_jailname} set osrelease ${_newrelease}
warn "Please run 'bastille upgrade ${_jailname} install', restart the jail, then run 'bastille upgrade ${_jailname} install' again to finish installing updates."
@@ -201,7 +201,7 @@ jail_updates_install() {
local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf"
# Finish installing upgrade on a thick container
if [ -d "${bastille_jailsdir}/${_jailname}" ]; then
if [ -d "${bastille_jailsdir}/${_jailname}" ]; then
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron \
-j "${_jailname}" \
-d "${_workdir}" \

6
usr/local/share/bastille/verify.sh
View File

@@ -35,7 +35,7 @@
usage() {
error_notify "Usage: bastille verify [option(s)] RELEASE|TEMPLATE"
cat << EOF
Options:
-x | --debug Enable debug mode.
@@ -49,7 +49,7 @@ verify_release() {
if [ -f "/bin/midnightbsd-version" ]; then
error_exit "[ERROR]: Not yet supported on MidnightBSD."
fi
if freebsd-version | grep -qi HBSD; then
error_exit "[ERROR]: Not yet supported on HardenedBSD."
fi
@@ -160,7 +160,7 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
error_exit "[ERROR]: Unknown Option: \"${1}\""
;;
*)

14
usr/local/share/bastille/zfs.sh
View File

@@ -33,7 +33,7 @@
. /usr/local/share/bastille/common.sh
usage() {
error_notify "Usage: bastille zfs [option(s)] TARGET destroy|rollback|snapshot [TAG]"
error_notify " df|usage"
error_notify " get|set key=value"
@@ -52,7 +52,7 @@ EOF
}
zfs_jail_dataset() {
# Exit if MOUNT or DATASET is empty
if [ -z "${MOUNT}" ] || [ -z "${DATASET}" ]; then
usage
@@ -68,7 +68,7 @@ zfs_jail_dataset() {
# Validate jail state
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${_jail}"
else
else
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
@@ -100,7 +100,7 @@ zfs_unjail_dataset() {
# Validate jail state
check_target_is_stopped "${_jail}" || if [ "${AUTO}" -eq 1 ]; then
bastille stop "${_jail}"
else
else
error_notify "Jail is running."
error_exit "Use [-a|--auto] to auto-stop the jail."
fi
@@ -226,7 +226,7 @@ snapshot_destroy() {
else
OPT_DESTROY="-r"
fi
zfs_destroy_snapshot
# Check for exit status and just notify.
@@ -260,12 +260,12 @@ while [ "$#" -gt 0 ]; do
enable_debug
shift
;;
-*)
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
x) enable_debug ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
*) error_exit "[ERROR]: Unknown Option: \"${1}\"" ;;
esac
done
shift