forked from evolix/evobackup
refactor init and update subcommands
This commit is contained in:
parent
e9e8a790ba
commit
77d0681d14
|
@ -7,30 +7,25 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ -z "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
mkdir -p "${CONFDIR}" "${JAILDIR}"
|
test -d "${jail_path}" && error "${jail_name} : jail already exists."
|
||||||
sshd_config="${TPLDIR}/sshd_config"
|
|
||||||
inctpl="${TPLDIR}/inc.tpl"
|
|
||||||
[ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
|
|
||||||
[ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
|
|
||||||
|
|
||||||
rootdir=$(dirname "${JAILDIR}")
|
# Create config and jails directory
|
||||||
rootdir_inode=$(stat --format=%i "${rootdir}")
|
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
||||||
jaildir_inode=$(stat --format=%i "${JAILDIR}")
|
|
||||||
if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
|
|
||||||
/bin/btrfs subvolume create "${JAILDIR}/${jail}"
|
if is_btrfs "$(dirname "${JAILDIR}")" || is_btrfs "${JAILDIR}"; then
|
||||||
|
/bin/btrfs subvolume create "${jail_path}"
|
||||||
else
|
else
|
||||||
mkdir -p "${JAILDIR}/${jail}"
|
mkdir --parents "${jail_path}"
|
||||||
fi
|
fi
|
||||||
. "${LIBDIR}/mkjail"
|
|
||||||
info "4 - Copie default sshd_config"
|
setup_jail_chroot "${jail_name}"
|
||||||
install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
|
setup_jail_config "${jail_name}"
|
||||||
info "5 - Copie default inc configuration"
|
|
||||||
install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
|
notice "${jail_name} : jail has been created"
|
||||||
"${LIBDIR}/bkctld-port" "${jail}" auto
|
|
||||||
notice "${jail} : created jail"
|
|
||||||
|
|
|
@ -7,12 +7,16 @@
|
||||||
# shellcheck source=./config
|
# shellcheck source=./config
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||||
|
|
||||||
jail="${1:-}"
|
jail_name="${1:-}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ ! -n "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to update inexistant jail"
|
jail_path=$(jail_path "${jail_name}")
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
|
|
||||||
|
|
||||||
. "${LIBDIR}/mkjail"
|
[ -d "${jail_path}" ] || error "${jail_name} : trying to update inexistant jail"
|
||||||
notice "${jail} : updated jail"
|
|
||||||
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||||
|
|
||||||
|
setup_jail_chroot "${jail_name}"
|
||||||
|
|
||||||
|
notice "${jail_name} : jail has been updated."
|
||||||
|
|
81
lib/config
81
lib/config
|
@ -10,10 +10,10 @@ BACKUP_DISK="${BACKUP_DISK:-}"
|
||||||
JAILDIR="${JAILDIR:-/backup/jails}"
|
JAILDIR="${JAILDIR:-/backup/jails}"
|
||||||
INCDIR="${INCDIR:-/backup/incs}"
|
INCDIR="${INCDIR:-/backup/incs}"
|
||||||
TPLDIR="${TPLDIR:-/usr/share/bkctld}"
|
TPLDIR="${TPLDIR:-/usr/share/bkctld}"
|
||||||
|
LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
|
||||||
LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"
|
LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"
|
||||||
INDEX_DIR="${INDEX_DIR:-/backup/index}"
|
INDEX_DIR="${INDEX_DIR:-/backup/index}"
|
||||||
IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
|
IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
|
||||||
LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
|
|
||||||
SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
|
SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
|
||||||
SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
|
SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
|
||||||
AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
|
AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
|
||||||
|
@ -139,3 +139,82 @@ jail_check_policy_file() {
|
||||||
echo ""
|
echo ""
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setup_jail_chroot() {
|
||||||
|
jail_name=$1
|
||||||
|
|
||||||
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
passwd="${TPLDIR}/passwd"
|
||||||
|
shadow="${TPLDIR}/shadow"
|
||||||
|
group="${TPLDIR}/group"
|
||||||
|
sshrc="${TPLDIR}/sshrc"
|
||||||
|
[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
|
||||||
|
[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
|
||||||
|
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
||||||
|
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
|
||||||
|
|
||||||
|
cd "${jail_path}" || error "Failed to change directory to ${jail_path}."
|
||||||
|
umask 077
|
||||||
|
|
||||||
|
info "1 - Creating the chroot"
|
||||||
|
rm -rf bin lib lib64 run usr var/run etc/ssh/*key
|
||||||
|
mkdir -p ./dev
|
||||||
|
mkdir -p ./proc
|
||||||
|
mkdir -p ./usr/bin
|
||||||
|
mkdir -p ./usr/sbin
|
||||||
|
mkdir -p ./usr/lib ./usr/lib/x86_64-linux-gnu ./usr/lib/openssh ./usr/lib64
|
||||||
|
mkdir -p ./etc/ssh
|
||||||
|
mkdir -p ./var/log
|
||||||
|
mkdir -p ./run/sshd
|
||||||
|
# shellcheck disable=SC2174
|
||||||
|
mkdir -p ./root/.ssh --mode 0700
|
||||||
|
# shellcheck disable=SC2174
|
||||||
|
mkdir -p ./var/backup --mode 0700
|
||||||
|
ln -s ./usr/bin ./bin
|
||||||
|
ln -s ./usr/lib ./lib
|
||||||
|
ln -s ./usr/lib64 ./lib64
|
||||||
|
ln -s --target-directory=./var ../run
|
||||||
|
touch ./var/log/lastlog ./var/log/wtmp ./run/utmp
|
||||||
|
|
||||||
|
info "2 - Copying essential files"
|
||||||
|
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh
|
||||||
|
[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh
|
||||||
|
[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh
|
||||||
|
touch "./${AUTHORIZED_KEYS}"
|
||||||
|
chmod 600 "./${AUTHORIZED_KEYS}"
|
||||||
|
cp "${passwd}" ./etc
|
||||||
|
cp "${shadow}" ./etc
|
||||||
|
cp "${group}" ./etc
|
||||||
|
cp "${sshrc}" ./etc/ssh
|
||||||
|
|
||||||
|
info "3 - Copying binaries"
|
||||||
|
cp -f /lib/ld-linux.so.2 ./lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 ./lib64
|
||||||
|
cp /lib/x86_64-linux-gnu/libnss* ./lib/x86_64-linux-gnu
|
||||||
|
|
||||||
|
for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
|
||||||
|
cp -f "${dbin}" "./${dbin}";
|
||||||
|
for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
|
||||||
|
cp -p "${lib}" "./${lib}"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
setup_jail_config() {
|
||||||
|
jail_name=$1
|
||||||
|
|
||||||
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
|
sshd_config="${TPLDIR}/sshd_config"
|
||||||
|
test -f "${LOCALTPLDIR}/sshd_config" && sshd_config="${LOCALTPLDIR}/sshd_config"
|
||||||
|
|
||||||
|
info "4 - Copie default sshd_config"
|
||||||
|
install -m 0640 "${sshd_config}" "${jail_path}/${SSHD_CONFIG}"
|
||||||
|
|
||||||
|
inctpl="${TPLDIR}/inc.tpl"
|
||||||
|
test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl"
|
||||||
|
|
||||||
|
info "5 - Copie default inc configuration"
|
||||||
|
install -m 0640 "${inctpl}" "${jail_path}"
|
||||||
|
"${LIBDIR}/bkctld-port" "${jail_name}" auto
|
||||||
|
}
|
||||||
|
|
44
lib/mkjail
44
lib/mkjail
|
@ -1,44 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
passwd="${TPLDIR}/passwd"
|
|
||||||
shadow="${TPLDIR}/shadow"
|
|
||||||
group="${TPLDIR}/group"
|
|
||||||
sshrc="${TPLDIR}/sshrc"
|
|
||||||
[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
|
|
||||||
[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
|
|
||||||
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
|
||||||
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
|
|
||||||
umask 077
|
|
||||||
|
|
||||||
info "1 - Creating the chroot"
|
|
||||||
cd "${JAILDIR}/${jail}"
|
|
||||||
rm -rf bin lib lib64 run usr var/run etc/ssh/*key
|
|
||||||
mkdir -p dev proc
|
|
||||||
mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
|
|
||||||
mkdir -p etc/ssh var/log run/sshd
|
|
||||||
mkdir -p root/.ssh var/backup -m 0700
|
|
||||||
ln -s usr/bin bin
|
|
||||||
ln -s usr/lib lib
|
|
||||||
ln -s usr/lib64 lib64
|
|
||||||
ln -st var ../run
|
|
||||||
touch var/log/lastlog var/log/wtmp run/utmp
|
|
||||||
|
|
||||||
info "2 - Copying essential files"
|
|
||||||
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
|
|
||||||
[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
|
|
||||||
[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
|
|
||||||
cp "${passwd}" etc
|
|
||||||
cp "${shadow}" etc
|
|
||||||
cp "${group}" etc
|
|
||||||
cp "${sshrc}" etc/ssh
|
|
||||||
|
|
||||||
info "3 - Copying binaries"
|
|
||||||
cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
|
|
||||||
cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
|
|
||||||
|
|
||||||
for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
|
|
||||||
cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
|
|
||||||
for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
|
|
||||||
cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
|
|
||||||
done
|
|
||||||
done
|
|
Loading…
Reference in a new issue