evobackup/lib/includes

#!/bin/sh
#
# Config for bkctld
#

[ -f /etc/default/bkctld ] && . /etc/default/bkctld
LIBDIR=${LIBDIR:-/usr/lib/bkctld}
CONFDIR="${CONFDIR:-/etc/evobackup}"
BACKUP_DISK="${BACKUP_DISK:-}"
JAILDIR="${JAILDIR:-/backup/jails}"
INCDIR="${INCDIR:-/backup/incs}"
TPLDIR="${TPLDIR:-/usr/share/bkctld}"
LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"
INDEX_DIR="${INDEX_DIR:-/backup/index}"
IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
FIREWALL_RULES="${FIREWALL_RULES:-}"
LOGLEVEL="${LOGLEVEL:-6}"
CRITICAL="${CRITICAL:-48}"
WARNING="${WARNING:-24}"
DUC=$(command -v duc-nox||command -v duc)

debug() {
    msg="${1:-$(cat /dev/stdin)}"
    if [ "${LOGLEVEL}" -ge 7 ]; then
        echo "${msg}"
        logger -t bkctld -p daemon.debug "${msg}"
    fi
}

info() {
    msg="${1:-$(cat /dev/stdin)}"
    if [ "${LOGLEVEL}" -ge 6 ]; then
        tty -s && echo "${msg}"
        logger -t bkctld -p daemon.info "${msg}"
    fi
}

notice() {
    msg="${1:-$(cat /dev/stdin)}"
    tty -s && echo "${msg}"
    [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
}

warning() {
    msg="${1:-$(cat /dev/stdin)}"
    tty -s && echo "WARNING : ${msg}" >&2
    if [ "${LOGLEVEL}" -ge 4 ]; then
        tty -s || echo "WARNING : ${msg}" >&2
        logger -t bkctld -p daemon.warning "${msg}"
    fi
}

error() {
    msg="${1:-$(cat /dev/stdin)}"
    tty -s && echo "ERROR : ${msg}" >&2
    if [ "${LOGLEVEL}" -ge 5 ]; then
        tty -s || echo "ERROR : ${msg}" >&2
        logger -t bkctld -p daemon.error "${msg}"
    fi
    exit 1
}

dry_run() {
    test "$DRY_RUN" = "1"
}

current_time() {
    date +"%H:%M:%S"
}

# Returns true if the given path is on a btrfs filesystem
is_btrfs() {
    path=$1

    inode=$(stat --format=%i "${path}")

    test $inode -eq 256
}

# Returns the list of all jails
jails_list() {
    # shellcheck disable=SC2091
    "${LIBDIR}/bkctld-list"
}
# Returns the list of all incs for a jail
incs_list() {
    jail_name=${1:?}
    # shellcheck disable=SC2091
    ls "$(incs_path "${jail_name}")/"
}
# Returns the complete path of a jail
jail_path() {
    jail_name=${1:?}

    echo "${JAILDIR}/${jail_name}"
}
# Returns the path of incs for a jail
incs_path() {
    jail_name=${1:?}

    echo "${INCDIR}/${jail_name}"
}
# Returns the path of a specific inc for a jail
inc_path() {
    jail_name=${1:?}
    inc_name=${2:?}

    echo "${INCDIR}/${jail_name}/${inc_name}"
}
jail_config_dir() {
    jail_name=${1:?}

    echo "${CONFDIR}/${jail_name}.d"
}
jail_incs_policy_file() {
    jail_name=${1:?}

    jail_config_dir=$(jail_config_dir "${jail_name}")

    echo "${jail_config_dir}/incs_policy"
}
current_jail_incs_policy_file() {
    jail_name=${1:?}

    new_file="$(jail_incs_policy_file "${jail_name}")"
    old_file="${CONFDIR}/${jail_name}"

    if [ -f "${new_file}" ]; then
        echo "${new_file}"
    elif [ -f "${old_file}" ]; then
        echo "${old_file}"
    else
        echo ""
    fi
}
jail_check_policy_file() {
    jail_name=${1:?}

    jail_config_dir=$(jail_config_dir "${jail_name}")

    echo "${jail_config_dir}/check_policy"
}
current_jail_check_policy_file() {
    jail_name=${1:?}

    new_file="$(jail_check_policy_file "${jail_name}")"
    # old_file="${JAILDIR}/${jail_name}/etc/bkctld-check"

    if [ -f "${new_file}" ]; then
        echo "${new_file}"
    # elif [ -f "${old_file}" ]; then
    #     echo "${old_file}"
    else
        echo ""
    fi
}

setup_jail_chroot() {
    jail_name=${1:?}

    jail_path=$(jail_path "${jail_name}")

    passwd="${TPLDIR}/passwd"
    shadow="${TPLDIR}/shadow"
    group="${TPLDIR}/group"
    sshrc="${TPLDIR}/sshrc"
    [ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
    [ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
    [ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
    [ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"

    cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}."
    umask 077

    info "1 - Creating the chroot"
    rm -rf bin lib lib64 run usr var/run etc/ssh/*key
    mkdir -p ./dev
    mkdir -p ./proc
    mkdir -p ./usr/bin
    mkdir -p ./usr/sbin
    mkdir -p ./usr/lib ./usr/lib/x86_64-linux-gnu ./usr/lib/openssh ./usr/lib64
    mkdir -p ./etc/ssh
    mkdir -p ./var/log
    mkdir -p ./run/sshd
    # shellcheck disable=SC2174
    mkdir -p ./root/.ssh --mode 0700
    # shellcheck disable=SC2174
    mkdir -p ./var/backup --mode 0700
    ln -s ./usr/bin ./bin
    ln -s ./usr/lib ./lib
    ln -s ./usr/lib64 ./lib64
    ln -s --target-directory=./var ../run
    touch ./var/log/lastlog ./var/log/wtmp ./run/utmp

    info "2 - Copying essential files"
    [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh
    [ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh
    [ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh
    touch "./${AUTHORIZED_KEYS}"
    chmod 600 "./${AUTHORIZED_KEYS}"
    cp "${passwd}" ./etc
    cp "${shadow}" ./etc
    cp "${group}" ./etc
    cp "${sshrc}" ./etc/ssh

    info "3 - Copying binaries"
    cp -f /lib/ld-linux.so.2 ./lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 ./lib64
    cp /lib/x86_64-linux-gnu/libnss* ./lib/x86_64-linux-gnu

    for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
        cp -f "${dbin}" "./${dbin}";
        for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
            cp -p "${lib}" "./${lib}"
        done
    done
}

setup_jail_config() {
    jail_name=${1:?}

    jail_path=$(jail_path "${jail_name}")

    sshd_config="${TPLDIR}/sshd_config"
    test -f "${LOCALTPLDIR}/sshd_config" && sshd_config="${LOCALTPLDIR}/sshd_config"

    info "4 - Copie default sshd_config"
    install -m 0640 "${sshd_config}" "${jail_path}/${SSHD_CONFIG}"

    inctpl="${TPLDIR}/inc.tpl"
    test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl"

    info "5 - Copie default inc configuration"
    jail_incs_policy_file=$(jail_incs_policy_file "${jail_name}")
    mkdir --parents "$(dirname "${jail_incs_policy_file}")"
    install -m 0640 "${inctpl}" "${jail_incs_policy_file}"
    "${LIBDIR}/bkctld-port" "${jail_name}" auto
}
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`#!/bin/sh`
Move logging functions into config 2019-01-07 16:57:12 +01:00			`#`
			`# Config for bkctld`
			`#`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00
			`[ -f /etc/default/bkctld ] && . /etc/default/bkctld`
			`LIBDIR=${LIBDIR:-/usr/lib/bkctld}`
			`CONFDIR="${CONFDIR:-/etc/evobackup}"`
			`BACKUP_DISK="${BACKUP_DISK:-}"`
			`JAILDIR="${JAILDIR:-/backup/jails}"`
			`INCDIR="${INCDIR:-/backup/incs}"`
			`TPLDIR="${TPLDIR:-/usr/share/bkctld}"`
refactor init and update subcommands 2020-04-02 00:30:48 +02:00			`LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"`
Split bkctld into multiples scripts 2019-01-04 13:51:05 +01:00			`INDEX_DIR="${INDEX_DIR:-/backup/index}"`
			`IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"`
			`SSHD_PID="${SSHD_PID:-/run/sshd.pid}"`
			`SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"`
			`AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"`
			`FIREWALL_RULES="${FIREWALL_RULES:-}"`
			`LOGLEVEL="${LOGLEVEL:-6}"`
			`CRITICAL="${CRITICAL:-48}"`
			`WARNING="${WARNING:-24}"`
			`DUC=$(command -v duc-nox\|\|command -v duc)`

Move logging functions into config 2019-01-07 16:57:12 +01:00			`debug() {`
			`msg="${1:-$(cat /dev/stdin)}"`
			`if [ "${LOGLEVEL}" -ge 7 ]; then`
			`echo "${msg}"`
			`logger -t bkctld -p daemon.debug "${msg}"`
			`fi`
			`}`

			`info() {`
			`msg="${1:-$(cat /dev/stdin)}"`
			`if [ "${LOGLEVEL}" -ge 6 ]; then`
			`tty -s && echo "${msg}"`
			`logger -t bkctld -p daemon.info "${msg}"`
			`fi`
			`}`

			`notice() {`
			`msg="${1:-$(cat /dev/stdin)}"`
			`tty -s && echo "${msg}"`
			`[ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"`
			`}`

			`warning() {`
			`msg="${1:-$(cat /dev/stdin)}"`
			`tty -s && echo "WARNING : ${msg}" >&2`
			`if [ "${LOGLEVEL}" -ge 4 ]; then`
			`tty -s \|\| echo "WARNING : ${msg}" >&2`
			`logger -t bkctld -p daemon.warning "${msg}"`
			`fi`
			`}`

			`error() {`
			`msg="${1:-$(cat /dev/stdin)}"`
			`tty -s && echo "ERROR : ${msg}" >&2`
			`if [ "${LOGLEVEL}" -ge 5 ]; then`
			`tty -s \|\| echo "ERROR : ${msg}" >&2`
			`logger -t bkctld -p daemon.error "${msg}"`
			`fi`
			`exit 1`
			`}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00
			`dry_run() {`
			`test "$DRY_RUN" = "1"`
			`}`

			`current_time() {`
			`date +"%H:%M:%S"`
			`}`

			`# Returns true if the given path is on a btrfs filesystem`
			`is_btrfs() {`
			`path=$1`

			`inode=$(stat --format=%i "${path}")`

			`test $inode -eq 256`
			`}`

			`# Returns the list of all jails`
			`jails_list() {`
			`# shellcheck disable=SC2091`
			`"${LIBDIR}/bkctld-list"`
			`}`
			`# Returns the list of all incs for a jail`
			`incs_list() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`# shellcheck disable=SC2091`
			`ls "$(incs_path "${jail_name}")/"`
			`}`
			`# Returns the complete path of a jail`
			`jail_path() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00
			`echo "${JAILDIR}/${jail_name}"`
			`}`
			`# Returns the path of incs for a jail`
			`incs_path() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00
			`echo "${INCDIR}/${jail_name}"`
			`}`
			`# Returns the path of a specific inc for a jail`
			`inc_path() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
			`inc_name=${2:?}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00
			`echo "${INCDIR}/${jail_name}/${inc_name}"`
			`}`
extract function for jail config directory 2020-04-02 18:39:15 +02:00			`jail_config_dir() {`
			`jail_name=${1:?}`

			`echo "${CONFDIR}/${jail_name}.d"`
			`}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`jail_incs_policy_file() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00
extract function for jail config directory 2020-04-02 18:39:15 +02:00			`jail_config_dir=$(jail_config_dir "${jail_name}")`

			`echo "${jail_config_dir}/incs_policy"`
extract functions for config files 2020-04-02 18:26:53 +02:00			`}`
			`current_jail_incs_policy_file() {`
			`jail_name=${1:?}`

			`new_file="$(jail_incs_policy_file "${jail_name}")"`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`old_file="${CONFDIR}/${jail_name}"`

			`if [ -f "${new_file}" ]; then`
			`echo "${new_file}"`
			`elif [ -f "${old_file}" ]; then`
			`echo "${old_file}"`
			`else`
			`echo ""`
			`fi`
			`}`
			`jail_check_policy_file() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00
extract function for jail config directory 2020-04-02 18:39:15 +02:00			`jail_config_dir=$(jail_config_dir "${jail_name}")`

			`echo "${jail_config_dir}/check_policy"`
extract functions for config files 2020-04-02 18:26:53 +02:00			`}`
			`current_jail_check_policy_file() {`
			`jail_name=${1:?}`

extract function for jail config directory 2020-04-02 18:39:15 +02:00			`new_file="$(jail_check_policy_file "${jail_name}")"`
refactor check, inc, rm subcommands function extractions variables extractions comments 2020-04-01 18:39:56 +02:00			`# old_file="${JAILDIR}/${jail_name}/etc/bkctld-check"`

			`if [ -f "${new_file}" ]; then`
			`echo "${new_file}"`
			`# elif [ -f "${old_file}" ]; then`
			`# echo "${old_file}"`
			`else`
			`echo ""`
			`fi`
			`}`
refactor init and update subcommands 2020-04-02 00:30:48 +02:00
			`setup_jail_chroot() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
refactor init and update subcommands 2020-04-02 00:30:48 +02:00
			`jail_path=$(jail_path "${jail_name}")`

			`passwd="${TPLDIR}/passwd"`
			`shadow="${TPLDIR}/shadow"`
			`group="${TPLDIR}/group"`
			`sshrc="${TPLDIR}/sshrc"`
			`[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"`
			`[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"`
			`[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"`
			`[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"`

use new conventions 2020-04-02 01:07:12 +02:00			`cd "${jail_path}" \|\| error "${jail_name}: failed to change directory to ${jail_path}."`
refactor init and update subcommands 2020-04-02 00:30:48 +02:00			`umask 077`

			`info "1 - Creating the chroot"`
			`rm -rf bin lib lib64 run usr var/run etc/ssh/*key`
			`mkdir -p ./dev`
			`mkdir -p ./proc`
			`mkdir -p ./usr/bin`
			`mkdir -p ./usr/sbin`
			`mkdir -p ./usr/lib ./usr/lib/x86_64-linux-gnu ./usr/lib/openssh ./usr/lib64`
			`mkdir -p ./etc/ssh`
			`mkdir -p ./var/log`
			`mkdir -p ./run/sshd`
			`# shellcheck disable=SC2174`
			`mkdir -p ./root/.ssh --mode 0700`
			`# shellcheck disable=SC2174`
			`mkdir -p ./var/backup --mode 0700`
			`ln -s ./usr/bin ./bin`
			`ln -s ./usr/lib ./lib`
			`ln -s ./usr/lib64 ./lib64`
			`ln -s --target-directory=./var ../run`
			`touch ./var/log/lastlog ./var/log/wtmp ./run/utmp`

			`info "2 - Copying essential files"`
			`[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh`
			`[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh`
			`[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh`
			`touch "./${AUTHORIZED_KEYS}"`
			`chmod 600 "./${AUTHORIZED_KEYS}"`
			`cp "${passwd}" ./etc`
			`cp "${shadow}" ./etc`
			`cp "${group}" ./etc`
			`cp "${sshrc}" ./etc/ssh`

			`info "3 - Copying binaries"`
			`cp -f /lib/ld-linux.so.2 ./lib 2>/dev/null \|\| cp -f /lib64/ld-linux-x86-64.so.2 ./lib64`
			`cp /lib/x86_64-linux-gnu/libnss* ./lib/x86_64-linux-gnu`

			`for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do`
			`cp -f "${dbin}" "./${dbin}";`
			`for lib in $(ldd "${dbin}" \| grep -Eo "/.*so.[0-9\.]+"); do`
			`cp -p "${lib}" "./${lib}"`
			`done`
			`done`
			`}`

			`setup_jail_config() {`
Raise error if missing arguments in functions 2020-04-02 18:27:54 +02:00			`jail_name=${1:?}`
refactor init and update subcommands 2020-04-02 00:30:48 +02:00
			`jail_path=$(jail_path "${jail_name}")`

			`sshd_config="${TPLDIR}/sshd_config"`
			`test -f "${LOCALTPLDIR}/sshd_config" && sshd_config="${LOCALTPLDIR}/sshd_config"`

			`info "4 - Copie default sshd_config"`
			`install -m 0640 "${sshd_config}" "${jail_path}/${SSHD_CONFIG}"`

			`inctpl="${TPLDIR}/inc.tpl"`
			`test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl"`

			`info "5 - Copie default inc configuration"`
fix incs policy on jail init 2020-04-02 18:28:41 +02:00			`jail_incs_policy_file=$(jail_incs_policy_file "${jail_name}")`
			`mkdir --parents "$(dirname "${jail_incs_policy_file}")"`
			`install -m 0640 "${inctpl}" "${jail_incs_policy_file}"`
refactor init and update subcommands 2020-04-02 00:30:48 +02:00			`"${LIBDIR}/bkctld-port" "${jail_name}" auto`
			`}`