forked from evolix/evobackup
use new conventions
This commit is contained in:
parent
01cc972d83
commit
779dd9c518
|
@ -7,19 +7,31 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
|
||||||
|
if [ ! -n "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
|
iptables_input_accept() {
|
||||||
|
jail_name="${1}"
|
||||||
|
port="${2}"
|
||||||
|
ip="${3}"
|
||||||
|
|
||||||
|
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}"
|
||||||
|
}
|
||||||
|
|
||||||
if [ -n "${FIREWALL_RULES}" ]; then
|
if [ -n "${FIREWALL_RULES}" ]; then
|
||||||
[ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
|
[ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail_name}$/d" "${FIREWALL_RULES}"
|
||||||
if [ -d "${JAILDIR}/${jail}" ]; then
|
if [ -d "${jail_path}" ]; then
|
||||||
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
||||||
for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
|
for ip in $("${LIBDIR}/bkctld-ip" "${jail_name}"); do
|
||||||
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
|
iptables_input_accept "${jail_name}" "${port}" "${ip}" >> "${FIREWALL_RULES}"
|
||||||
done
|
done
|
||||||
[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
|
[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
|
||||||
fi
|
fi
|
||||||
notice "${jail} : firewall rules updated"
|
notice "${jail_name}: firewall rules have been updated."
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -25,7 +25,7 @@ create_inc_btrfs() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
end=$(current_time)
|
||||||
notice "${jail_name} : ${inc_name} inc created [${start}/${end}]"
|
notice "${jail_name}: ${inc_name} inc created [${start}/${end}]"
|
||||||
}
|
}
|
||||||
create_inc_ext() {
|
create_inc_ext() {
|
||||||
jail_name=$1
|
jail_name=$1
|
||||||
|
@ -36,7 +36,7 @@ create_inc_ext() {
|
||||||
|
|
||||||
lock="${LOCKDIR}/inc-${jail_name}.lock"
|
lock="${LOCKDIR}/inc-${jail_name}.lock"
|
||||||
if [ -f "${lock}" ]; then
|
if [ -f "${lock}" ]; then
|
||||||
warning "${jail_name} : skipping ${inc_name}, it is already being created."
|
warning "${jail_name}: skipping ${inc_name}, it is already being created."
|
||||||
else
|
else
|
||||||
(
|
(
|
||||||
start=$(current_time)
|
start=$(current_time)
|
||||||
|
@ -53,7 +53,7 @@ create_inc_ext() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
end=$(current_time)
|
||||||
notice "${jail_name} : ${inc_name} inc created [${start}/${end}]"
|
notice "${jail_name}: ${inc_name} inc created [${start}/${end}]"
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -75,9 +75,9 @@ for jail_name in $(jails_list); do
|
||||||
create_inc_ext "${jail_name}" "${inc_name}"
|
create_inc_ext "${jail_name}" "${inc_name}"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
warning "${jail_name} : skipping ${inc_name}, it already exists."
|
warning "${jail_name}: skipping ${inc_name}, it already exists."
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
warning "${jail_name} : skipping ${inc_name}, incs policy not found."
|
warning "${jail_name}: skipping ${inc_name}, incs policy not found."
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" && error "${jail_name} : jail already exists."
|
test -d "${jail_path}" && error "${jail_name}: jail already exists."
|
||||||
|
|
||||||
# Create config and jails directory
|
# Create config and jails directory
|
||||||
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
||||||
|
@ -28,4 +28,4 @@ fi
|
||||||
setup_jail_chroot "${jail_name}"
|
setup_jail_chroot "${jail_name}"
|
||||||
setup_jail_config "${jail_name}"
|
setup_jail_config "${jail_name}"
|
||||||
|
|
||||||
notice "${jail_name} : jail has been created"
|
notice "${jail_name}: jail has been created"
|
||||||
|
|
|
@ -7,30 +7,33 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
ip="${2:-}"
|
ip="${2:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
|
||||||
|
if [ ! -n "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
if [ -z "${ip}" ]; then
|
if [ -z "${ip}" ]; then
|
||||||
grep -E "^AllowUsers" "${JAILDIR}/$jail/${SSHD_CONFIG}"|grep -Eo "root@[^ ]+"| while read allow; do
|
grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do
|
||||||
echo "${allow}"|cut -d'@' -f2
|
echo "${allow}" | cut -d'@' -f2
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
||||||
ips="0.0.0.0/0"
|
ips="0.0.0.0/0"
|
||||||
else
|
else
|
||||||
ips=$("${LIBDIR}/bkctld-ip" "${jail}")
|
ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
|
||||||
ips=$(echo "${ips}" "${ip}"|xargs -n1|grep -v "0.0.0.0/0"|sort|uniq)
|
ips=$(echo "${ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
|
||||||
fi
|
fi
|
||||||
allow="AllowUsers"
|
allow="AllowUsers"
|
||||||
for ip in $ips; do
|
for ip in $ips; do
|
||||||
allow="${allow} root@${ip}"
|
allow="${allow} root@${ip}"
|
||||||
done
|
done
|
||||||
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
sed -i "s~^AllowUsers .*~${allow}~" "${jail_path}/${SSHD_CONFIG}"
|
||||||
notice "${jail} : update ip => ${ip}"
|
notice "${jail_name}: update ip => ${ip}"
|
||||||
"${LIBDIR}/bkctld-reload" "${jail}"
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -7,21 +7,25 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
|
||||||
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to check inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
|
jail_pid_file="${jail_path}/${SSHD_PID}"
|
||||||
|
|
||||||
jail="${1}"
|
|
||||||
return=1
|
return=1
|
||||||
if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then
|
if [ -f "${jail_pid_file}" ]; then
|
||||||
pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
|
pid=$(cat "${jail_pid_file}")
|
||||||
ps -p "${pid}" > /dev/null && return=0
|
ps -p "${pid}" > /dev/null && return=0
|
||||||
fi
|
fi
|
||||||
if [ "${return}" -eq 1 ]; then
|
if [ "${return}" -eq 1 ]; then
|
||||||
rm -f "${JAILDIR}/${jail}/${SSHD_PID}"
|
rm -f "${jail_pid_file}"
|
||||||
grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/"
|
grep -q "${jail_path}/proc" /proc/mounts && umount --lazy "${jail_path}/proc/"
|
||||||
grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev"
|
grep -q "${jail_path}/dev" /proc/mounts && umount --lazy --recursive "${jail_path}/dev"
|
||||||
fi
|
fi
|
||||||
exit "${return}"
|
exit "${return}"
|
||||||
|
|
|
@ -7,20 +7,23 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
keyfile="${2:-}"
|
keyfile="${2:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
|
||||||
|
if [ ! -n "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
if [ -z "${keyfile}" ]; then
|
if [ -z "${keyfile}" ]; then
|
||||||
if [ -f "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}" ]; then
|
if [ -f "${jail_path}/${AUTHORIZED_KEYS}" ]; then
|
||||||
cat "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
cat "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
[ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
|
[ -e "${keyfile}" ] || error "Keyfile ${keyfile} dosen't exist !"
|
||||||
cat "${keyfile}" > "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
cat "${keyfile}" > "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
chmod 600 "${JAILDIR}/${jail}/${AUTHORIZED_KEYS}"
|
chmod 600 "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
notice "${jail} : update key => ${keyfile}"
|
notice "${jail_name}: update key => ${keyfile}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -7,23 +7,28 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
port="${2:-}"
|
port="${2:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
|
||||||
|
if [ ! -n "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail'"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
if [ -z "${port}" ]; then
|
if [ -z "${port}" ]; then
|
||||||
grep -E "Port [0-9]+" "${JAILDIR}/${jail}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
|
grep -E "Port [0-9]+" "${jail_path}/${SSHD_CONFIG}"|grep -oE "[0-9]+"
|
||||||
else
|
else
|
||||||
if [ "${port}" = "auto" ]; then
|
if [ "${port}" = "auto" ]; then
|
||||||
port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
|
port=$(grep -h Port "${JAILDIR}"/*/"${SSHD_CONFIG}" 2>/dev/null | grep -Eo "[0-9]+" | sort -n | tail -1)
|
||||||
port=$((port+1))
|
port=$((port+1))
|
||||||
[ "${port}" -le 1 ] && port=2222
|
[ "${port}" -le 1 ] && port=2222
|
||||||
fi
|
fi
|
||||||
sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
sed -i "s/^Port .*/Port ${port}/" "${jail_path}/${SSHD_CONFIG}"
|
||||||
notice "${jail} : update port => ${port}"
|
|
||||||
"${LIBDIR}/bkctld-reload" "${jail}"
|
notice "${jail_name}: update port => ${port}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail}"
|
|
||||||
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -7,13 +7,16 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to reload inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
|
|
||||||
|
|
||||||
pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
kill -HUP "${pid}" && notice "${jail} was reloaded [${pid}]"
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
||||||
|
|
||||||
|
pid=$(cat "${jail_path}/${SSHD_PID}")
|
||||||
|
|
||||||
|
kill -HUP "${pid}" && notice "${jail_name}: jail has been reloaded [${pid}]"
|
||||||
|
|
|
@ -7,31 +7,36 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to remove inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
|
incs_path=$(incs_path "${jail_name}")
|
||||||
|
|
||||||
rm -f "${CONFDIR}/${jail}"
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
jail_inode=$(stat --format=%i "${JAILDIR}/${jail}")
|
|
||||||
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||||
|
|
||||||
|
rm -f "${CONFDIR}/${jail_name}"
|
||||||
|
jail_inode=$(stat --format=%i "${jail_path}")
|
||||||
if [ "${jail_inode}" -eq 256 ]; then
|
if [ "${jail_inode}" -eq 256 ]; then
|
||||||
/bin/btrfs subvolume delete "${JAILDIR}/${jail}" | debug
|
/bin/btrfs subvolume delete "${jail_path}" | debug
|
||||||
else
|
else
|
||||||
rm -rf "${JAILDIR}/${jail}" | debug
|
rm -rf "${jail_path}" | debug
|
||||||
fi
|
fi
|
||||||
if [ -d "${INCDIR}/${jail}" ]; then
|
# TODO: use functions here
|
||||||
incs=$(ls "${INCDIR}/${jail}")
|
if [ -d "${incs_path}" ]; then
|
||||||
|
incs=$(ls "${incs_path}")
|
||||||
for inc in ${incs}; do
|
for inc in ${incs}; do
|
||||||
inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${inc}")
|
inc_inode=$(stat --format=%i "${incs_path}/${inc}")
|
||||||
if [ "${inc_inode}" -eq 256 ]; then
|
if [ "${inc_inode}" -eq 256 ]; then
|
||||||
/bin/btrfs subvolume delete "${INCDIR}/${jail}/${inc}" | debug
|
/bin/btrfs subvolume delete "${incs_path}/${inc}" | debug
|
||||||
else
|
else
|
||||||
warning "You need to purge ${INCDIR}/${jail}/${inc} manually !"
|
warning "You need to purge ${incs_path}/${inc} manually !"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
|
rmdir --ignore-fail-on-non-empty "${incs_path}" | debug
|
||||||
fi
|
fi
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
notice "${jail} : deleted jail"
|
notice "${jail_name}: jail has been deleted."
|
||||||
|
|
|
@ -9,10 +9,13 @@ set -eu
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to restart inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
|
|
||||||
"${LIBDIR}/bkctld-start" "${jail}"
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||||
|
"${LIBDIR}/bkctld-start" "${jail_name}"
|
||||||
|
|
|
@ -32,7 +32,7 @@ delete_inc_btrfs() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
end=$(current_time)
|
||||||
notice "${jail_name} : ${inc_name} inc deleted [${start}/${end}]"
|
notice "${jail_name}: ${inc_name} inc deleted [${start}/${end}]"
|
||||||
}
|
}
|
||||||
delete_inc_ext() {
|
delete_inc_ext() {
|
||||||
jail_name=$1
|
jail_name=$1
|
||||||
|
@ -42,7 +42,7 @@ delete_inc_ext() {
|
||||||
|
|
||||||
lock_file="${LOCKDIR}/rm-${jail_name}.lock"
|
lock_file="${LOCKDIR}/rm-${jail_name}.lock"
|
||||||
if [ -f "${lock_file}" ]; then
|
if [ -f "${lock_file}" ]; then
|
||||||
warning "${jail_name} : skipping ${inc_name}, it is already being deleted."
|
warning "${jail_name}: skipping ${inc_name}, it is already being deleted."
|
||||||
else
|
else
|
||||||
(
|
(
|
||||||
mkdir --parents "${LOCKDIR}" && touch "${lock_file}" || error "Failed to acquire lock file '${lock_file}'"
|
mkdir --parents "${LOCKDIR}" && touch "${lock_file}" || error "Failed to acquire lock file '${lock_file}'"
|
||||||
|
@ -58,7 +58,7 @@ delete_inc_ext() {
|
||||||
rmdir "${inc_path}/"
|
rmdir "${inc_path}/"
|
||||||
|
|
||||||
end=$(current_time)
|
end=$(current_time)
|
||||||
notice "${jail_name} : ${inc_name} inc deleted [${start}/${end}]"
|
notice "${jail_name}: ${inc_name} inc deleted [${start}/${end}]"
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,16 +7,20 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to start inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" && exit 0
|
|
||||||
|
|
||||||
cd "${JAILDIR}/${jail}"
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
|
|
||||||
grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
||||||
|
|
||||||
|
cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}."
|
||||||
|
|
||||||
|
grep -q "${jail_path}/proc" /proc/mounts || mount -t proc "proc-${jail_name}" proc
|
||||||
|
grep -q "${jail_path}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail_name}" dev
|
||||||
[ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
|
[ -e "dev/console" ] || mknod -m 622 dev/console c 5 1
|
||||||
[ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
|
[ -e "dev/null" ] || mknod -m 666 dev/null c 1 3
|
||||||
[ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
|
[ -e "dev/zero" ] || mknod -m 666 dev/zero c 1 5
|
||||||
|
@ -32,12 +36,15 @@ ln -fs proc/self/fd/2 dev/stderr
|
||||||
ln -fs proc/kcore dev/core
|
ln -fs proc/kcore dev/core
|
||||||
mkdir -p dev/pts
|
mkdir -p dev/pts
|
||||||
mkdir -p dev/shm
|
mkdir -p dev/shm
|
||||||
grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
|
grep -q "${jail_path}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
|
||||||
grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
|
grep -q "${jail_path}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
|
||||||
chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
|
|
||||||
pidfile="${JAILDIR}/${jail}/${SSHD_PID}"
|
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start sshd"
|
||||||
for try in {1..10}; do
|
pidfile="${jail_path}/${SSHD_PID}"
|
||||||
[ -f "${pidfile}" ] || sleep 0.3
|
|
||||||
|
for try in $(seq 1 10); do
|
||||||
|
test -f "${pidfile}" || sleep 0.3
|
||||||
done
|
done
|
||||||
pid=$(cat "${pidfile}")
|
pid=$(cat "${pidfile}")
|
||||||
notice "${jail} was started [${pid}]"
|
|
||||||
|
notice "${jail_name}: jail has been started [${pid}]"
|
||||||
|
|
|
@ -8,28 +8,39 @@
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
mkdir -p "${INDEX_DIR}"
|
mkdir -p "${INDEX_DIR}"
|
||||||
|
|
||||||
lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
|
lsof "${IDX_FILE}" >/dev/null 2>&1 || nohup sh -s -- <<EOF >/dev/null 2>&1 &
|
||||||
|
|
||||||
ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
|
ionice -c3 "${DUC}" index -d "${IDX_FILE}" "${JAILDIR}"
|
||||||
touch "${INDEX_DIR}/.lastrun.duc"
|
touch "${INDEX_DIR}/.lastrun.duc"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
[ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
|
[ ! -f "${INDEX_DIR}/.lastrun.duc" ] && notice "First run of DUC always in progress ..." && exit 0
|
||||||
[ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
|
[ ! -f ${IDX_FILE} ] && error "Index file do not exits !"
|
||||||
|
|
||||||
printf "Last update of index file : "
|
printf "Last update of index file : "
|
||||||
stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
|
stat --format=%Y "${INDEX_DIR}/.lastrun.duc" | xargs -i -n1 date -R -d "@{}"
|
||||||
echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
|
echo "<jail> <size> <incs> <lastconn>" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $1, $2, $3, $4); }'
|
||||||
|
|
||||||
duc_output=$(mktemp)
|
duc_output=$(mktemp)
|
||||||
stat_output=$(mktemp)
|
stat_output=$(mktemp)
|
||||||
incs_output=$(mktemp)
|
incs_output=$(mktemp)
|
||||||
|
|
||||||
|
# shellcheck disable=SC2064
|
||||||
trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
|
trap "rm ${duc_output} ${incs_output} ${stat_output}" 0
|
||||||
|
|
||||||
"${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
|
"${DUC}" ls -d "${IDX_FILE}" "${JAILDIR}" > "${duc_output}"
|
||||||
awk '{ print $2 }' "${duc_output}" | while read jail; do
|
|
||||||
stat --format=%Y "/backup/jails/${jail}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
|
awk '{ print $2 }' "${duc_output}" | while read jail_name; do
|
||||||
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
stat --format=%Y "${jail_path}/var/log/lastlog" | xargs -i -n1 date -d "@{}" "+%d-%m-%Y" >> "${stat_output}"
|
||||||
inc=0
|
inc=0
|
||||||
if [ -f "${CONFDIR}/${jail}" ]; then
|
if [ -f "${CONFDIR}/${jail_name}" ]; then
|
||||||
day=$(grep -c "day" "${CONFDIR}/${jail}")
|
day=$(grep -c "day" "${CONFDIR}/${jail_name}")
|
||||||
month=$(grep -c "month" "${CONFDIR}/${jail}")
|
month=$(grep -c "month" "${CONFDIR}/${jail_name}")
|
||||||
inc="${day}/${month}"
|
inc="${day}/${month}"
|
||||||
fi
|
fi
|
||||||
echo "${inc}" >> "${incs_output}"
|
echo "${inc}" >> "${incs_output}"
|
||||||
done
|
done
|
||||||
|
|
||||||
paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
|
paste "${duc_output}" "${incs_output}" "${stat_output}" | awk '{ printf("%- 30s %- 10s %- 10s %- 15s\n", $2, $1, $3, $4); }'
|
||||||
|
|
|
@ -7,17 +7,26 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to stop inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" || exit 0
|
|
||||||
|
|
||||||
pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
||||||
|
|
||||||
|
pid=$(cat "${jail_path}/${SSHD_PID}")
|
||||||
for conn in $(ps --ppid "${pid}" -o pid=); do
|
for conn in $(ps --ppid "${pid}" -o pid=); do
|
||||||
kill "${conn}"
|
kill "${conn}"
|
||||||
done
|
done
|
||||||
kill "${pid}" && notice "${jail} was stopped [${pid}]"
|
|
||||||
umount --lazy --recursive "${JAILDIR}/${jail}/dev"
|
if kill "${pid}"; then
|
||||||
umount --lazy "${JAILDIR}/${jail}/proc/"
|
notice "${jail_name}: jail has been stopped [${pid}]"
|
||||||
|
|
||||||
|
umount --lazy --recursive "${jail_path}/dev"
|
||||||
|
umount --lazy "${jail_path}/proc/"
|
||||||
|
else
|
||||||
|
error "${jail_name}: failed to stop jail [${pid}]"
|
||||||
|
fi
|
||||||
|
|
|
@ -7,19 +7,23 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to sync inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
|
[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
|
||||||
|
|
||||||
jail="${1}"
|
|
||||||
ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail}" | debug
|
ssh "${NODE}" "${LIBDIR}/bkctld-init" "${jail_name}" | debug
|
||||||
rsync -a "${JAILDIR}/${jail}/" "${NODE}:${JAILDIR}/${jail}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
|
rsync -a "${jail_path}/" "${NODE}:${jail_path}/" --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
|
||||||
rsync -a "${CONFDIR}/${jail}" "${NODE}:${CONFDIR}/${jail}"
|
rsync -a "${CONFDIR}/${jail_name}" "${NODE}:${CONFDIR}/${jail_name}"
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" && ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail}" | debug
|
|
||||||
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && ssh "${NODE}" "${LIBDIR}/bkctld-start" "${jail_name}" | debug
|
||||||
|
|
||||||
if [ -n "${FIREWALL_RULES}" ]; then
|
if [ -n "${FIREWALL_RULES}" ]; then
|
||||||
rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
|
rsync -a "${FIREWALL_RULES}" "${NODE}:${FIREWALL_RULES}"
|
||||||
ssh "${NODE}" /etc/init.d/minifirewall restart | debug
|
ssh "${NODE}" /etc/init.d/minifirewall restart | debug
|
||||||
|
|
|
@ -13,10 +13,10 @@ if [ ! -n "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
[ -d "${jail_path}" ] || error "${jail_name} : trying to update inexistant jail"
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||||
|
|
||||||
setup_jail_chroot "${jail_name}"
|
setup_jail_chroot "${jail_name}"
|
||||||
|
|
||||||
notice "${jail_name} : jail has been updated."
|
notice "${jail_name}: jail has been updated."
|
||||||
|
|
|
@ -154,7 +154,7 @@ setup_jail_chroot() {
|
||||||
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
||||||
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
|
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
|
||||||
|
|
||||||
cd "${jail_path}" || error "Failed to change directory to ${jail_path}."
|
cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}."
|
||||||
umask 077
|
umask 077
|
||||||
|
|
||||||
info "1 - Creating the chroot"
|
info "1 - Creating the chroot"
|
||||||
|
|
Loading…
Reference in a new issue