From 8935b5963523c4bb13c64f043dda8ec2f1197380 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Mon, 15 Jul 2019 07:44:45 -0600 Subject: [PATCH 1/3] Bastille Day update --- usr/local/bin/bastille | 67 ++++++++++++--- usr/local/share/bastille/bootstrap.sh | 112 +++++++++++++++++++++++++- usr/local/share/bastille/create.sh | 13 ++- usr/local/share/bastille/list.sh | 8 +- usr/local/share/bastille/start.sh | 4 +- usr/local/share/bastille/stop.sh | 4 +- usr/local/share/bastille/template.sh | 48 ++++++++--- usr/local/share/bastille/zfs.sh | 86 +++++++++++++------- 8 files changed, 283 insertions(+), 59 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index 2e50d013..a5dc719d 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -28,16 +28,53 @@ # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +## root check first. +bastille_root_check() { + if [ $(id -u) -ne 0 ]; then + ## so we can make it colorful + . /usr/local/share/bastille/colors.pre.sh + + ## permission denied + echo -e "${COLOR_RED}Bastille: Permission Denied${COLOR_RESET}" 1>&2 + echo -e "${COLOR_RED}root / sudo / doas required${COLOR_RESET}" 1>&2 + exit 1 + fi +} + +bastille_root_check + +## we only load the config if root_check passes +. /usr/local/etc/bastille/bastille.conf . /usr/local/share/bastille/colors.pre.sh + + +## bastille_prefix should be 0750 +## this restricts file system access to privileged users +bastille_perms_check() { + if [ -d "${bastille_prefix}" ]; then + BASTILLE_PREFIX_PERMS=$(stat -f "%Op" "${bastille_prefix}") + if [ "${BASTILLE_PREFIX_PERMS}" != 40750 ]; then + echo -e "${COLOR_RED}Insecure permissions on ${bastille_prefix}${COLOR_RESET}" 1>&2 + echo -e "${COLOR_RED}Try: chmod 0750 ${bastille_prefix}${COLOR_RESET}" 1>&2 + echo + exit 1 + fi + fi +} + +bastille_perms_check + + +## we only load the config if root_check passes . /usr/local/etc/bastille/bastille.conf ## version -BASTILLE_VERSION="0.4.20190623" +BASTILLE_VERSION="0.4.20190710" usage() { cat << EOF -Bastille is a jail automation framework that allows you to quickly and easily -create and manage FreeBSD jails. +Bastille is a jail automation framework that allows you to quickly create and +manage FreeBSD jails. Usage: bastille command [ALL|glob] [args] @@ -54,6 +91,7 @@ Available Commands: list List containers (running and stopped). pkg Manipulate binary packages within targeted container(s). See pkg(8). restart Restart a running container. + service Manage services within targeted jail(s). start Start a stopped container. stop Stop a running container. sysrc Safely edit rc files within targeted container(s). @@ -61,6 +99,8 @@ Available Commands: top Display and update information about the top(1) cpu processes. update Update container base -pX release. upgrade Upgrade container release to X.Y-RELEASE. + verify Compare release against a "known good" index. + zfs Manage (get|set) zfs attributes on targeted jail(s). Use "bastille -v|--version" for version information. Use "bastille command -h|--help" for more information about a command. @@ -87,9 +127,13 @@ esac # Filter out all non-commands case "${CMD}" in -bootstrap|cmd|console|cp|create|destroy|htop|list|pkg|restart|service) +cmd|cp|create|destroy|list|pkg|restart|start|stop|sysrc|template|verify) ;; -start|stop|sysrc|template|top|update|upgrade|verify|zfs) +update|upgrade) + ;; +service|console|bootstrap|htop|top) + ;; +bootstrap|update|upgrade|zfs) ;; *) usage @@ -97,10 +141,13 @@ usage esac SCRIPTPATH="${bastille_sharedir}/${CMD}.sh" +if [ -f "${SCRIPTPATH}" ]; then + : ${UMASK:=022} + umask ${UMASK} -: ${UMASK:=022} -umask ${UMASK} - -: ${SH:=sh} + : ${SH:=sh} -exec ${SH} "${SCRIPTPATH}" "$@" + exec ${SH} "${SCRIPTPATH}" "$@" +else + echo -e "${COLOR_RED}${SCRIPTPATH} not found.${COLOR_RESET}" 1>&2 +fi diff --git a/usr/local/share/bastille/bootstrap.sh b/usr/local/share/bastille/bootstrap.sh index 10086d52..8ac4d434 100644 --- a/usr/local/share/bastille/bootstrap.sh +++ b/usr/local/share/bastille/bootstrap.sh @@ -43,6 +43,98 @@ help|-h|--help) ;; esac +bootstrap_network_interfaces() { + + ## test for both options empty + if [ -z ${bastille_jail_loopback} ] && [ -z ${bastille_jail_external} ]; then + echo -e "${COLOR_RED}Please set preferred loopback or external interface.${COLOR_RESET}" + echo -e "${COLOR_RED}See bastille.conf.${COLOR_RESET}" + exit 1 + fi + + ## test for required variables -- external + if [ -z ${bastille_jail_loopback} ] && [ ! -z ${bastille_jail_external} ]; then + + ## test for existing interface + ifconfig ${bastille_jail_external} 2>&1 >/dev/null + if [ $? = 0 ]; then + + ## create ifconfig alias + ifconfig ${bastille_jail_external} inet ${bastille_jail_addr} alias && \ + echo -e "${COLOR_GREEN}IP alias added to ${bastille_jail_external} successfully.${COLOR_RESET}" + echo + + ## attempt to ping gateway + echo -e "${COLOR_YELLOW}Attempting to ping default gateway...${COLOR_RESET}" + ping -c3 -t3 -S ${bastille_jail_addr} ${bastille_jail_gateway} + if [ $? = 0 ]; then + echo + echo -e "${COLOR_GREEN}External networking appears functional.${COLOR_RESET}" + echo + else + echo -e "${COLOR_RED}Unable to ping default gateway.${COLOR_RESET}" + fi + fi + fi + + ## test for required variables -- loopback + if [ -z ${bastille_jail_external} ] && [ ! -z ${bastille_jail_loopback} ] && \ + [ ! -z ${bastille_jail_addr} ]; then + + echo -e "${COLOR_GREEN}Detecting...${COLOR_RESET}" + ## test for existing interface + ifconfig ${bastille_jail_interface} >&2 >/dev/null + + ## if above return code is 1; create interface + if [ $? = 1 ]; then + sysrc ifconfig_${bastille_jail_loopback}_name | grep ${bastille_jail_interface} >&2 >/dev/null + if [ $? = 1 ]; then + echo + echo -e "${COLOR_GREEN}Defining secure loopback interface.${COLOR_RESET}" + sysrc cloned_interfaces+="${bastille_jail_loopback}" && + sysrc ifconfig_${bastille_jail_loopback}_name="${bastille_jail_interface}" + sysrc ifconfig_${bastille_jail_interface}_aliases+="inet ${bastille_jail_addr}/32" + + ## create and name interface; assign address + echo + echo -e "${COLOR_GREEN}Creating secure loopback interface.${COLOR_RESET}" + ifconfig ${bastille_jail_loopback} create name ${bastille_jail_interface} + ifconfig ${bastille_jail_interface} up + ifconfig ${bastille_jail_interface} inet ${bastille_jail_addr}/32 + + ## reload firewall + pfctl -f /etc/pf.conf + + ## look for nat rule for bastille_jail_addr + echo -e "${COLOR_GREEN}Detecting NAT from bastille0 interface...${COLOR_RESET}" + pfctl -s nat | grep nat | grep ${bastille_jail_addr} + if [ $? = 0 ]; then + ## test connectivity; ping from bastille_jail_addr + echo + echo -e "${COLOR_YELLOW}Attempting to ping default gateway...${COLOR_RESET}" + ping -c3 -t3 -S ${bastille_jail_addr} ${bastille_jail_gateway} + if [ $? = 0 ]; then + echo + echo -e "${COLOR_GREEN}Private networking appears functional.${COLOR_RESET}" + echo + else + echo -e "${COLOR_RED}Unable to ping default gateway.${COLOR_RESET}" + echo -e "${COLOR_YELLOW}See https://github.com/BastilleBSD/bastille/blob/master/README.md#etcpfconf.${COLOR_RESET}" + echo -e + fi + else + echo -e "${COLOR_RED}Unable to detect firewall 'nat' rule.${COLOR_RESET}" + echo -e "${COLOR_YELLOW}See https://github.com/BastilleBSD/bastille/blob/master/README.md#etcpfconf.${COLOR_RESET}" + fi + else + echo -e "${COLOR_RED}Interface ${bastille_jail_loopback} already configured; bailing out.${COLOR_RESET}" + fi + else + echo -e "${COLOR_RED}Interface ${bastille_jail_interface} already active; bailing out.${COLOR_RESET}" + fi + fi +} + bootstrap_directories() { ## ensure required directories are in place @@ -54,6 +146,7 @@ bootstrap_directories() { fi else mkdir -p "${bastille_prefix}" + chmod 0750 "${bastille_prefix}" fi fi @@ -62,7 +155,7 @@ bootstrap_directories() { if [ "${bastille_zfs_enable}" = "YES" ]; then if [ ! -z "${bastille_zfs_zpool}" ]; then zfs create ${bastille_zfs_options} -o mountpoint=${bastille_cachedir} ${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache - mkdir -p ${bastille_cachedir}/${RELEASE} + zfs create ${bastille_zfs_options} -o mountpoint=${bastille_cachedir}/${RELEASE} ${bastille_zfs_zpool}/${bastille_zfs_prefix}/cache/${RELEASE} fi else mkdir -p "${bastille_cachedir}/${RELEASE}" @@ -107,7 +200,7 @@ bootstrap_directories() { if [ "${bastille_zfs_enable}" = "YES" ]; then if [ ! -z "${bastille_zfs_zpool}" ]; then zfs create ${bastille_zfs_options} -o mountpoint=${bastille_releasesdir} ${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases - mkdir -p "${bastille_releasesdir}/${RELEASE}" + zfs create ${bastille_zfs_options} -o mountpoint=${bastille_releasesdir}/${RELEASE} ${bastille_zfs_zpool}/${bastille_zfs_prefix}/releases/${RELEASE} fi else mkdir -p "${bastille_releasesdir}/${RELEASE}" @@ -187,14 +280,22 @@ bootstrap_template() { done # template overlay - if [ -s ${_template}/CONFIG ]; then + if [ -s ${_template}/OVERLAY ]; then _hook_validate=$((_hook_validate+1)) + echo -e "${COLOR_GREEN}Detected OVERLAY hook.${COLOR_RESET}" + while read _dir; do + echo -e "${COLOR_GREEN}[${_dir}]:${COLOR_RESET}" + tree -a ${_template}/${_dir} + done < ${_template}/OVERLAY + echo + fi + if [ -s ${_template}/CONFIG ]; then echo -e "${COLOR_GREEN}Detected CONFIG hook.${COLOR_RESET}" + echo -e "${COLOR_YELLOW}CONFIG deprecated; rename to OVERLAY.${COLOR_RESET}" while read _dir; do echo -e "${COLOR_GREEN}[${_dir}]:${COLOR_RESET}" tree -a ${_template}/${_dir} done < ${_template}/CONFIG - echo fi ## remove bad templates @@ -250,6 +351,9 @@ http?://github.com/*/*|http?://gitlab.com/*/*) bootstrap_directories bootstrap_template ;; +network) + bootstrap_network_interfaces + ;; *) usage ;; diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 68b137e1..cc69c8ba 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -94,7 +94,13 @@ create_jail() { fi if [ ! -f "${bastille_jail_conf}" ]; then -echo -e "interface = lo1;\nhost.hostname = ${NAME};\nexec.consolelog = \ + if [ -z ${bastille_jail_loopback} ] && [ ! -z ${bastille_jail_external} ]; then + local bastille_jail_conf_interface=${bastille_jail_external} + fi + if [ ! -z ${bastille_jail_loopback} ] && [ -z ${bastille_jail_external} ]; then + local bastille_jail_conf_interface=${bastille_jail_interface} + fi +echo -e "interface = ${bastille_jail_conf_interface};\nhost.hostname = ${NAME};\nexec.consolelog = \ ${bastille_jail_log};\npath = ${bastille_jail_path};\nip6 = \ disable;\nsecurelevel = 2;\ndevfs_ruleset = 4;\nenforce_statfs = \ 2;\nexec.start = '/bin/sh /etc/rc';\nexec.stop = '/bin/sh \ @@ -167,6 +173,11 @@ if [ $# -gt 3 ] || [ $# -lt 3 ]; then usage fi +if [ $(grep '@' $3) ]; then + BASTILLE_JAIL_IP=$(echo $3 | awk -F@ '{print $2}') + BASTILLE_JAIL_INTERFACES=$( echo $3 | awk -F@ '{print $1}') +fi + NAME="$1" RELEASE="$2" IP="$3" diff --git a/usr/local/share/bastille/list.sh b/usr/local/share/bastille/list.sh index 3e8c3329..31e509ac 100644 --- a/usr/local/share/bastille/list.sh +++ b/usr/local/share/bastille/list.sh @@ -47,16 +47,16 @@ if [ $# -gt 0 ]; then usage ;; release|releases) - ls "${bastille_releasesdir}" | sed "s/\n//g" + find "${bastille_releasesdir}" -type d -maxdepth 1 ;; template|templates) - ls "${bastille_templatesdir}" | sed "s/\n//g" + find "${bastille_templatesdir}" -type d -maxdepth 2 ;; jail|jails) - ls "${bastille_jailsdir}" | sed "s/\n//g" + ls "${bastille_jailsdir}" | sed "s/\n//g" ;; log|logs) - ls "${bastille_logsdir}" | sed "s/\n//g" + find "${bastille_logsdir}" -type f -maxdepth 1 ;; *) usage diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh index 40e6e9fa..4b1e9d05 100644 --- a/usr/local/share/bastille/start.sh +++ b/usr/local/share/bastille/start.sh @@ -60,7 +60,9 @@ for _jail in ${JAILS}; do elif [ ! $(jls name | grep ${_jail}) ]; then echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -c ${_jail} - pfctl -f /etc/pf.conf + if [ ! -z ${bastille_jail_loopback} ]; then + pfctl -f /etc/pf.conf + fi fi echo done diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh index af2c2ba3..75c05ede 100644 --- a/usr/local/share/bastille/stop.sh +++ b/usr/local/share/bastille/stop.sh @@ -57,6 +57,8 @@ fi for _jail in ${JAILS}; do echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r ${_jail} - pfctl -f /etc/pf.conf + if [ ! -z ${bastille_jail_loopback} ]; then + pfctl -f /etc/pf.conf + fi echo done diff --git a/usr/local/share/bastille/template.sh b/usr/local/share/bastille/template.sh index 298cea41..6e36ce5a 100644 --- a/usr/local/share/bastille/template.sh +++ b/usr/local/share/bastille/template.sh @@ -60,11 +60,12 @@ bastille_template=${bastille_templatesdir}/${TEMPLATE} bastille_template_TARGET=${bastille_template}/TARGET bastille_template_INCLUDE=${bastille_template}/INCLUDE bastille_template_PRE=${bastille_template}/PRE -bastille_template_CONFIG=${bastille_template}/CONFIG +bastille_template_OVERLAY=${bastille_template}/OVERLAY bastille_template_FSTAB=${bastille_template}/FSTAB bastille_template_PF=${bastille_template}/PF bastille_template_PKG=${bastille_template}/PKG bastille_template_SYSRC=${bastille_template}/SYSRC +bastille_template_SERVICE=${bastille_template}/SERVICE bastille_template_CMD=${bastille_template}/CMD for _jail in ${JAILS}; do @@ -91,40 +92,57 @@ for _jail in ${JAILS}; do if [ -s "${bastille_template_INCLUDE}" ]; then echo -e "${COLOR_GREEN}Detected INCLUDE.${COLOR_RESET}" while read _include; do - echo -e "${COLOR_GREEN}${_include}${COLOR_RESET}" + echo + echo -e "${COLOR_GREEN}INCLUDE: ${_include}${COLOR_RESET}" + echo -e "${COLOR_GREEN}Bootstrapping ${_include}...${COLOR_RESET}" + bastille bootstrap ${_include} + + echo + echo -e "${COLOR_GREEN}Applying ${_include}...${COLOR_RESET}" + BASTILLE_TEMPLATE_PROJECT=$(echo "${_include}" | awk -F / '{ print $4}') + BASTILLE_TEMPLATE_REPO=$(echo "${_include}" | awk -F / '{ print $5}') + bastille template ${_jail} ${BASTILLE_TEMPLATE_PROJECT}/${BASTILLE_TEMPLATE_REPO} done < "${bastille_template_INCLUDE}" fi - ## pre + ## PRE if [ -s "${bastille_template_PRE}" ]; then echo -e "${COLOR_GREEN}Executing PRE-command(s).${COLOR_RESET}" jexec -l ${_jail} /bin/sh < "${bastille_template_PRE}" fi - ## config - if [ -s "${bastille_template_CONFIG}" ]; then + ## CONFIG / OVERLAY + if [ -s "${bastille_template_OVERLAY}" ]; then echo -e "${COLOR_GREEN}Copying files...${COLOR_RESET}" while read _dir; do cp -a "${bastille_template}/${_dir}" "${bastille_jail_path}" - done < ${bastille_template_CONFIG} + done < ${bastille_template_OVERLAY} + echo -e "${COLOR_GREEN}Copy complete.${COLOR_RESET}" + fi + if [ -s "${bastille_template}/CONFIG" ]; then + echo -e "${COLOR_YELLOW}CONFIG deprecated; rename to OVERLAY.${COLOR_RESET}" + echo -e "${COLOR_GREEN}Copying files...${COLOR_RESET}" + while read _dir; do + cp -a "${bastille_template}/${_dir}" "${bastille_jail_path}" + done < ${bastille_template}/CONFIG echo -e "${COLOR_GREEN}Copy complete.${COLOR_RESET}" fi - ## fstab + ## FSTAB if [ -s "${bastille_template_FSTAB}" ]; then bastille_templatefstab=$(cat "${bastille_template_FSTAB}") echo -e "${COLOR_GREEN}Updating fstab.${COLOR_RESET}" echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}" fi - ## pf + ## PF if [ -s "${bastille_template_PF}" ]; then bastille_templatepf=$(cat "${bastille_template_PF}") echo -e "${COLOR_GREEN}Generating PF profile.${COLOR_RESET}" echo -e "${COLOR_GREEN}NOT YET IMPLEMENTED.${COLOR_RESET}" fi - ## pkg (bootstrap + pkg) + ## PKG (bootstrap + pkg) if [ -s "${bastille_template_PKG}" ]; then echo -e "${COLOR_GREEN}Installing packages.${COLOR_RESET}" jexec -l "${_jail}" env ASSUME_ALWAYS_YES=YES /usr/sbin/pkg bootstrap @@ -132,7 +150,7 @@ for _jail in ${JAILS}; do jexec -l "${_jail}" env ASSUME_ALWAYS_YES=YES /usr/sbin/pkg install $(cat ${bastille_template_PKG}) fi - ## sysrc + ## SYSRC if [ -s "${bastille_template_SYSRC}" ]; then echo -e "${COLOR_GREEN}Updating services.${COLOR_RESET}" while read _sysrc; do @@ -140,7 +158,15 @@ for _jail in ${JAILS}; do done < "${bastille_template_SYSRC}" fi - ## cmd + ## SERVICE + if [ -s "${bastille_template_SERVICE}" ]; then + echo -e "${COLOR_GREEN}Managing services.${COLOR_RESET}" + while read _sysrc; do + jexec -l ${_jail} /usr/sbin/service "${_sysrc}" + done < "${bastille_template_SERVICE}" + fi + + ## CMD if [ -s "${bastille_template_CMD}" ]; then echo -e "${COLOR_GREEN}Executing final command(s).${COLOR_RESET}" jexec -l ${_jail} /bin/sh < "${bastille_template_CMD}" diff --git a/usr/local/share/bastille/zfs.sh b/usr/local/share/bastille/zfs.sh index 0b2811d9..456bd94c 100644 --- a/usr/local/share/bastille/zfs.sh +++ b/usr/local/share/bastille/zfs.sh @@ -32,10 +32,42 @@ . /usr/local/etc/bastille/bastille.conf usage() { - echo -e "${COLOR_RED}Usage: bastille zfs [ALL|glob] '[set|get] key=value'${COLOR_RESET}" + echo -e "${COLOR_RED}Usage: bastille zfs [ALL|glob] [set|get|snap] [key=value|date]'${COLOR_RESET}" exit 1 } +zfs_snapshot() { +for _jail in ${JAILS}; do + echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" + zfs snapshot ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail}@${TAG} + echo +done +} + +zfs_set_value() { +for _jail in ${JAILS}; do + echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" + zfs $ATTRIBUTE ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail} + echo +done +} + +zfs_get_value() { +for _jail in ${JAILS}; do + echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" + zfs get $ATTRIBUTE ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail} + echo +done +} + +zfs_disk_usage() { +for _jail in ${JAILS}; do + echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" + zfs list -t all -o name,used,avail,refer,mountpoint,compress,ratio -r ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail} + echo +done +} + # Handle special-case commands first. case "$1" in help|-h|--help) @@ -45,45 +77,45 @@ esac ## check ZFS enabled if [ ! "${bastille_zfs_enable}" = "YES" ]; then - echo -e "${COLOR_RED}ZFS not enabled.'${COLOR_RESET}" - exit 1 + echo -e "${COLOR_RED}ZFS not enabled.'${COLOR_RESET}" + exit 1 fi ## check zpool defined if [ -z "${bastille_zfs_zpool}" ]; then - echo -e "${COLOR_RED}ZFS zpool not defined.'${COLOR_RESET}" - exit 1 + echo -e "${COLOR_RED}ZFS zpool not defined.'${COLOR_RESET}" + exit 1 fi -if [ $# -gt 2 ] || [ $# -lt 2 ]; then +if [ $# -gt 3 ] || [ $# -lt 2 ]; then usage fi if [ "$1" = 'ALL' ]; then JAILS=$(jls name) fi -if [ "$1" != 'ALL' ]; then - JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)") -fi - -if [ "$1" = 'ALL' ]; then - if [ "$2" = 'df' ]; then - zfs list -o name,used,avail,refer,mountpoint,quota,ratio -r ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails - fi -fi if [ "$1" != 'ALL' ]; then - if [ "$2" = 'df' ]; then - for _jail in ${JAILS}; do - zfs list -o name,used,avail,refer,mountpoint,quota,ratio -r ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail} - done - fi + JAILS=$(jls name | grep -E "(^|\b)${1}($|\b)") fi -if [ "$2" != 'df' ]; then - for _jail in ${JAILS}; do - echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}" - zfs $2 ${bastille_zfs_zpool}/${bastille_zfs_prefix}/jails/${_jail} - echo - done -fi +case "$2" in +set) + ATTRIBUTE=$3 + JAILS=${JAILS} + zfs_set_value + ;; +get) + ATTRIBUTE=$3 + JAILS=${JAILS} + zfs_get_value + ;; +snap|snapshot) + TAG=$3 + JAILS=${JAILS} + zfs_snapshot + ;; +df|usage) + zfs_disk_usage + ;; +esac From 95cb13739d6710ebeac02e86c5571ad76669e674 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Mon, 15 Jul 2019 07:47:43 -0600 Subject: [PATCH 2/3] version rev --- usr/local/bin/bastille | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index a5dc719d..251fddcb 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -1,5 +1,5 @@ #!/bin/sh -# +# # Copyright (c) 2018-2019, Christer Edwards # All rights reserved. # @@ -69,7 +69,7 @@ bastille_perms_check . /usr/local/etc/bastille/bastille.conf ## version -BASTILLE_VERSION="0.4.20190710" +BASTILLE_VERSION="0.4.20190714" usage() { cat << EOF From e8570939798936456b3d57de5da952deeeedef8b Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Mon, 15 Jul 2019 07:51:43 -0600 Subject: [PATCH 3/3] minor fix in create.sh --- usr/local/share/bastille/create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index cc69c8ba..75892e30 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -173,7 +173,7 @@ if [ $# -gt 3 ] || [ $# -lt 3 ]; then usage fi -if [ $(grep '@' $3) ]; then +if [ $(echo $3 | grep '@' ) ]; then BASTILLE_JAIL_IP=$(echo $3 | awk -F@ '{print $2}') BASTILLE_JAIL_INTERFACES=$( echo $3 | awk -F@ '{print $1}') fi