From 779dd9c518a2d94fce1d4eaa919b7348a6adcc42 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 2 Apr 2020 01:07:12 +0200 Subject: [PATCH] use new conventions --- lib/bkctld-firewall | 28 ++++++++++++++++++++-------- lib/bkctld-inc | 10 +++++----- lib/bkctld-init | 4 ++-- lib/bkctld-ip | 25 ++++++++++++++----------- lib/bkctld-is-on | 22 +++++++++++++--------- lib/bkctld-key | 19 +++++++++++-------- lib/bkctld-port | 21 +++++++++++++-------- lib/bkctld-reload | 15 +++++++++------ lib/bkctld-remove | 37 +++++++++++++++++++++---------------- lib/bkctld-restart | 13 ++++++++----- lib/bkctld-rm | 6 +++--- lib/bkctld-start | 35 +++++++++++++++++++++-------------- lib/bkctld-stats | 21 ++++++++++++++++----- lib/bkctld-stop | 25 +++++++++++++++++-------- lib/bkctld-sync | 20 ++++++++++++-------- lib/bkctld-update | 4 ++-- lib/includes | 2 +- 17 files changed, 188 insertions(+), 119 deletions(-) diff --git a/lib/bkctld-firewall b/lib/bkctld-firewall index 56fa4c8..e9a99a2 100755 --- a/lib/bkctld-firewall +++ b/lib/bkctld-firewall @@ -7,19 +7,31 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" + +if [ ! -n "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi +jail_path=$(jail_path "${jail_name}") + +test -d "${jail_path}" || error "${jail_name}: jail is missing." + +iptables_input_accept() { + jail_name="${1}" + port="${2}" + ip="${3}" + + echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}" +} if [ -n "${FIREWALL_RULES}" ]; then - [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}" - if [ -d "${JAILDIR}/${jail}" ]; then - port=$("${LIBDIR}/bkctld-port" "${jail}") - for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do - echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}" + [ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail_name}$/d" "${FIREWALL_RULES}" + if [ -d "${jail_path}" ]; then + port=$("${LIBDIR}/bkctld-port" "${jail_name}") + for ip in $("${LIBDIR}/bkctld-ip" "${jail_name}"); do + iptables_input_accept "${jail_name}" "${port}" "${ip}" >> "${FIREWALL_RULES}" done [ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null fi - notice "${jail} : firewall rules updated" + notice "${jail_name}: firewall rules have been updated." fi diff --git a/lib/bkctld-inc b/lib/bkctld-inc index aaf3c25..cf7a3b5 100755 --- a/lib/bkctld-inc +++ b/lib/bkctld-inc @@ -25,7 +25,7 @@ create_inc_btrfs() { fi end=$(current_time) - notice "${jail_name} : ${inc_name} inc created [${start}/${end}]" + notice "${jail_name}: ${inc_name} inc created [${start}/${end}]" } create_inc_ext() { jail_name=$1 @@ -36,7 +36,7 @@ create_inc_ext() { lock="${LOCKDIR}/inc-${jail_name}.lock" if [ -f "${lock}" ]; then - warning "${jail_name} : skipping ${inc_name}, it is already being created." + warning "${jail_name}: skipping ${inc_name}, it is already being created." else ( start=$(current_time) @@ -53,7 +53,7 @@ create_inc_ext() { fi end=$(current_time) - notice "${jail_name} : ${inc_name} inc created [${start}/${end}]" + notice "${jail_name}: ${inc_name} inc created [${start}/${end}]" ) fi } @@ -75,9 +75,9 @@ for jail_name in $(jails_list); do create_inc_ext "${jail_name}" "${inc_name}" fi else - warning "${jail_name} : skipping ${inc_name}, it already exists." + warning "${jail_name}: skipping ${inc_name}, it already exists." fi else - warning "${jail_name} : skipping ${inc_name}, incs policy not found." + warning "${jail_name}: skipping ${inc_name}, incs policy not found." fi done diff --git a/lib/bkctld-init b/lib/bkctld-init index 4892760..46731b6 100755 --- a/lib/bkctld-init +++ b/lib/bkctld-init @@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -test -d "${jail_path}" && error "${jail_name} : jail already exists." +test -d "${jail_path}" && error "${jail_name}: jail already exists." # Create config and jails directory mkdir --parents "${CONFDIR}" "${JAILDIR}" @@ -28,4 +28,4 @@ fi setup_jail_chroot "${jail_name}" setup_jail_config "${jail_name}" -notice "${jail_name} : jail has been created" +notice "${jail_name}: jail has been created" diff --git a/lib/bkctld-ip b/lib/bkctld-ip index ff6665f..cf11d68 100755 --- a/lib/bkctld-ip +++ b/lib/bkctld-ip @@ -7,30 +7,33 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" +jail_name="${1:-}" ip="${2:-}" -if [ ! -n "${jail}" ]; then + +if [ ! -n "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'" +jail_path=$(jail_path "${jail_name}") + +test -d "${jail_path}" || error "${jail_name}: jail is missing." if [ -z "${ip}" ]; then - grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do - echo "${allow}"|cut -d'@' -f2 + grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do + echo "${allow}" | cut -d'@' -f2 done else if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then ips="0.0.0.0/0" else - ips=$("${LIBDIR}/bkctld-ip" "${jail}") - ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq) + ips=$("${LIBDIR}/bkctld-ip" "${jail_name}") + ips=$(echo "${ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq) fi allow="AllowUsers" for ip in $ips; do allow="${allow} root@${ip}" done - sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}" - notice "${jail} : update ip => ${ip}" - "${LIBDIR}/bkctld-reload" "${jail}" - "${LIBDIR}/bkctld-firewall" "${jail}" + sed -i "s~^AllowUsers .*~${allow}~" "${jail_path}/${SSHD_CONFIG}" + notice "${jail_name}: update ip => ${ip}" + "${LIBDIR}/bkctld-reload" "${jail_name}" + "${LIBDIR}/bkctld-firewall" "${jail_name}" fi diff --git a/lib/bkctld-is-on b/lib/bkctld-is-on index 99e625c..9a22b9d 100755 --- a/lib/bkctld-is-on +++ b/lib/bkctld-is-on @@ -7,21 +7,25 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" + +if [ -z "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to check inexistant jail" +jail_path=$(jail_path "${jail_name}") + +test -d "${jail_path}" || error "${jail_name}: jail is missing." + +jail_pid_file="${jail_path}/${SSHD_PID}" -jail="${1}" return=1 -if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then - pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}") +if [ -f "${jail_pid_file}" ]; then + pid=$(cat "${jail_pid_file}") ps -p "${pid}" > /dev/null && return=0 fi if [ "${return}" -eq 1 ]; then - rm -f "${JAILDIR}/${jail}/${SSHD_PID}" - grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/" - grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev" + rm -f "${jail_pid_file}" + grep -q "${jail_path}/proc" /proc/mounts && umount --lazy "${jail_path}/proc/" + grep -q "${jail_path}/dev" /proc/mounts && umount --lazy --recursive "${jail_path}/dev" fi exit "${return}" diff --git a/lib/bkctld-key b/lib/bkctld-key index 5bef87d..4e93f8d 100755 --- a/lib/bkctld-key +++ b/lib/bkctld-key @@ -7,20 +7,23 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" +jail_name="${1:-}" keyfile="${2:-}" -if [ ! -n "${jail}" ]; then + +if [ ! -n "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'" +jail_path=$(jail_path "${jail_name}") + +test -d "${jail_path}" || error "${jail_name}: jail is missing." if [ -z "${keyfile}" ]; then - if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then - cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" + if [ -f "${jail_path}/${AUTHORIZED_KEYS}" ]; then + cat "${jail_path}/${AUTHORIZED_KEYS}" fi else [ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !" - cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" - chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" - notice "${jail} : update key => ${keyfile}" + cat "${keyfile}" > "${jail_path}/${AUTHORIZED_KEYS}" + chmod 600 "${jail_path}/${AUTHORIZED_KEYS}" + notice "${jail_name}: update key => ${keyfile}" fi diff --git a/lib/bkctld-port b/lib/bkctld-port index f182a83..887b18e 100755 --- a/lib/bkctld-port +++ b/lib/bkctld-port @@ -7,23 +7,28 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" +jail_name="${1:-}" port="${2:-}" -if [ ! -n "${jail}" ]; then + +if [ ! -n "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'" +jail_path=$(jail_path "${jail_name}") + +test -d "${jail_path}" || error "${jail_name}: jail is missing." if [ -z "${port}" ]; then - grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+" + grep -E "Port [0-9]+" "${jail_path}/${SSHD_CONFIG}"|grep -oE "[0-9]+" else if [ "${port}" = "auto" ]; then port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1) port=$((port+1)) [ "${port}" -le 1 ] && port=2222 fi - sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}" - notice "${jail} : update port => ${port}" - "${LIBDIR}/bkctld-reload" "${jail}" - "${LIBDIR}/bkctld-firewall" "${jail}" + sed -i "s/^Port .*/Port ${port}/" "${jail_path}/${SSHD_CONFIG}" + + notice "${jail_name}: update port => ${port}" + + "${LIBDIR}/bkctld-reload" "${jail_name}" + "${LIBDIR}/bkctld-firewall" "${jail_name}" fi diff --git a/lib/bkctld-reload b/lib/bkctld-reload index 18b528e..22d1d5f 100755 --- a/lib/bkctld-reload +++ b/lib/bkctld-reload @@ -7,13 +7,16 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" +if [ -z "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to reload inexistant jail" -"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0 +jail_path=$(jail_path "${jail_name}") -pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}") +test -d "${jail_path}" || error "${jail_name}: jail is missing." -kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]" +"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0 + +pid=$(cat "${jail_path}/${SSHD_PID}") + +kill -HUP "${pid}" && notice "${jail_name}: jail has been reloaded [${pid}]" diff --git a/lib/bkctld-remove b/lib/bkctld-remove index b886aa1..b868b51 100755 --- a/lib/bkctld-remove +++ b/lib/bkctld-remove @@ -7,31 +7,36 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" +if [ -z "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to remove inexistant jail" -"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}" +jail_path=$(jail_path "${jail_name}") +incs_path=$(incs_path "${jail_name}") -rm -f "${CONFDIR}/${jail}" -jail_inode=$(stat --format=%i "${JAILDIR}/${jail}") +test -d "${jail_path}" || error "${jail_name}: jail is missing." + +"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}" + +rm -f "${CONFDIR}/${jail_name}" +jail_inode=$(stat --format=%i "${jail_path}") if [ "${jail_inode}" -eq 256 ]; then - /bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug + /bin/btrfs subvolume delete "${jail_path}" | debug else - rm -rf "${JAILDIR}/${jail}" | debug + rm -rf "${jail_path}" | debug fi -if [ -d "${INCDIR}/${jail}" ]; then - incs=$(ls "${INCDIR}/${jail}") +# TODO: use functions here +if [ -d "${incs_path}" ]; then + incs=$(ls "${incs_path}") for inc in ${incs}; do - inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}") + inc_inode=$(stat --format=%i "${incs_path}/${inc}") if [ "${inc_inode}" -eq 256 ]; then - /bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug + /bin/btrfs subvolume delete "${incs_path}/${inc}" | debug else - warning "You need to purge ${INCDIR}/${jail}/${inc} manually !" + warning "You need to purge ${incs_path}/${inc} manually !" fi done - rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug + rmdir --ignore-fail-on-non-empty "${incs_path}" | debug fi -"${LIBDIR}/bkctld-firewall" "${jail}" -notice "${jail} : deleted jail" +"${LIBDIR}/bkctld-firewall" "${jail_name}" +notice "${jail_name}: jail has been deleted." diff --git a/lib/bkctld-restart b/lib/bkctld-restart index 985d3d7..872c506 100755 --- a/lib/bkctld-restart +++ b/lib/bkctld-restart @@ -9,10 +9,13 @@ set -eu # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" +if [ -z "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to restart inexistant jail" -"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}" -"${LIBDIR}/bkctld-start" "${jail}" +jail_path=$(jail_path "${jail_name}") + +test -d "${jail_path}" || error "${jail_name}: jail is missing." + +"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}" +"${LIBDIR}/bkctld-start" "${jail_name}" diff --git a/lib/bkctld-rm b/lib/bkctld-rm index ee1a852..203a59d 100755 --- a/lib/bkctld-rm +++ b/lib/bkctld-rm @@ -32,7 +32,7 @@ delete_inc_btrfs() { fi end=$(current_time) - notice "${jail_name} : ${inc_name} inc deleted [${start}/${end}]" + notice "${jail_name}: ${inc_name} inc deleted [${start}/${end}]" } delete_inc_ext() { jail_name=$1 @@ -42,7 +42,7 @@ delete_inc_ext() { lock_file="${LOCKDIR}/rm-${jail_name}.lock" if [ -f "${lock_file}" ]; then - warning "${jail_name} : skipping ${inc_name}, it is already being deleted." + warning "${jail_name}: skipping ${inc_name}, it is already being deleted." else ( mkdir --parents "${LOCKDIR}" && touch "${lock_file}" || error "Failed to acquire lock file '${lock_file}'" @@ -58,7 +58,7 @@ delete_inc_ext() { rmdir "${inc_path}/" end=$(current_time) - notice "${jail_name} : ${inc_name} inc deleted [${start}/${end}]" + notice "${jail_name}: ${inc_name} inc deleted [${start}/${end}]" ) fi } diff --git a/lib/bkctld-start b/lib/bkctld-start index 7d960aa..d062b2f 100755 --- a/lib/bkctld-start +++ b/lib/bkctld-start @@ -7,16 +7,20 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" +if [ -z "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to start inexistant jail" -"${LIBDIR}/bkctld-is-on" "${jail}" && exit 0 +jail_path=$(jail_path "${jail_name}") -cd "${JAILDIR}/${jail}" -grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc -grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev +test -d "${jail_path}" || error "${jail_name}: jail is missing." + +"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0 + +cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}." + +grep -q "${jail_path}/proc" /proc/mounts || mount -t proc "proc-${jail_name}" proc +grep -q "${jail_path}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail_name}" dev [ -e "dev/console" ] || mknod -m 622 dev/console c 5 1 [ -e "dev/null" ] || mknod -m 666 dev/null c 1 3 [ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5 @@ -32,12 +36,15 @@ ln -fs proc/self/fd/2 dev/stderr ln -fs proc/kcore dev/core mkdir -p dev/pts mkdir -p dev/shm -grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts -grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm -chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd" -pidfile="${JAILDIR}/${jail}/${SSHD_PID}" -for try in {1..10}; do - [ -f "${pidfile}" ] || sleep 0.3 +grep -q "${jail_path}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts +grep -q "${jail_path}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm + +chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start sshd" +pidfile="${jail_path}/${SSHD_PID}" + +for try in $(seq 1 10); do + test -f "${pidfile}" || sleep 0.3 done pid=$(cat "${pidfile}") -notice "${jail} was started [${pid}]" + +notice "${jail_name}: jail has been started [${pid}]" diff --git a/lib/bkctld-stats b/lib/bkctld-stats index 122b773..2096a98 100755 --- a/lib/bkctld-stats +++ b/lib/bkctld-stats @@ -8,28 +8,39 @@ LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" mkdir -p "${INDEX_DIR}" + lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- </dev/null 2>&1 & + ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}" touch "${INDEX_DIR}/.lastrun.duc" EOF + [ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0 [ ! -f ${IDX_FILE} ] && error "Index file do not exits !" + printf "Last update of index file : " stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}" echo " " | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }' + duc_output=$(mktemp) stat_output=$(mktemp) incs_output=$(mktemp) + +# shellcheck disable=SC2064 trap "rm ${duc_output} ${incs_output} ${stat_output}" 0 + "${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}" -awk '{ print $2 }' "${duc_output}" | while read jail; do - stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}" + +awk '{ print $2 }' "${duc_output}" | while read jail_name; do + jail_path=$(jail_path "${jail_name}") + stat --format=%Y "${jail_path}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}" inc=0 - if [ -f "${CONFDIR}/${jail}" ]; then - day=$(grep -c "day" "${CONFDIR}/${jail}") - month=$(grep -c "month" "${CONFDIR}/${jail}") + if [ -f "${CONFDIR}/${jail_name}" ]; then + day=$(grep -c "day" "${CONFDIR}/${jail_name}") + month=$(grep -c "month" "${CONFDIR}/${jail_name}") inc="${day}/${month}" fi echo "${inc}" >> "${incs_output}" done + paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }' diff --git a/lib/bkctld-stop b/lib/bkctld-stop index 3d3fc99..18dc502 100755 --- a/lib/bkctld-stop +++ b/lib/bkctld-stop @@ -7,17 +7,26 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" +if [ -z "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to stop inexistant jail" -"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0 +jail_path=$(jail_path "${jail_name}") -pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}") +test -d "${jail_path}" || error "${jail_name}: jail is missing." + +"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0 + +pid=$(cat "${jail_path}/${SSHD_PID}") for conn in $(ps --ppid "${pid}" -o pid=); do kill "${conn}" done -kill "${pid}" && notice "${jail} was stopped [${pid}]" -umount --lazy --recursive "${JAILDIR}/${jail}/dev" -umount --lazy "${JAILDIR}/${jail}/proc/" + +if kill "${pid}"; then + notice "${jail_name}: jail has been stopped [${pid}]" + + umount --lazy --recursive "${jail_path}/dev" + umount --lazy "${jail_path}/proc/" +else + error "${jail_name}: failed to stop jail [${pid}]" +fi diff --git a/lib/bkctld-sync b/lib/bkctld-sync index 68c85b9..8550241 100755 --- a/lib/bkctld-sync +++ b/lib/bkctld-sync @@ -7,19 +7,23 @@ # shellcheck source=./config LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes" -jail="${1:-}" -if [ ! -n "${jail}" ]; then +jail_name="${1:-}" +if [ -z "${jail_name}" ]; then "${LIBDIR}/bkctld-help" && exit 1 fi -[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to sync inexistant jail" +jail_path=$(jail_path "${jail_name}") + +test -d "${jail_path}" || error "${jail_name}: jail is missing." [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !" -jail="${1}" -ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug -rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/* -rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}" -"${LIBDIR}/bkctld-is-on" "${jail}" && ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug + +ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail_name}" | debug +rsync -a "${jail_path}/" "${NODE}:${jail_path}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/* +rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}" + +"${LIBDIR}/bkctld-is-on" "${jail_name}" && ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail_name}" | debug + if [ -n "${FIREWALL_RULES}" ]; then rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}" ssh "${NODE}" /etc/init.d/minifirewall restart | debug diff --git a/lib/bkctld-update b/lib/bkctld-update index 09b2bf5..21d30e8 100755 --- a/lib/bkctld-update +++ b/lib/bkctld-update @@ -13,10 +13,10 @@ if [ ! -n "${jail_name}" ]; then fi jail_path=$(jail_path "${jail_name}") -[ -d "${jail_path}" ] || error "${jail_name} : trying to update inexistant jail" +test -d "${jail_path}" || error "${jail_name}: jail is missing." "${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}" setup_jail_chroot "${jail_name}" -notice "${jail_name} : jail has been updated." +notice "${jail_name}: jail has been updated." diff --git a/lib/includes b/lib/includes index ffacac0..ff36a5c 100755 --- a/lib/includes +++ b/lib/includes @@ -154,7 +154,7 @@ setup_jail_chroot() { [ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group" [ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc" - cd "${jail_path}" || error "Failed to change directory to ${jail_path}." + cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}." umask 077 info "1 - Creating the chroot"