Merge branch 'master' into debian
This commit is contained in:
commit
59e67661c1
|
@ -18,6 +18,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
## [2.3.0] - 2020-04-20
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
* Rewrite log messages and format
|
||||||
|
|
||||||
## [2.2.2] - 2020-04-19
|
## [2.2.2] - 2020-04-19
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
|
@ -18,6 +18,7 @@ iptables_input_accept() {
|
||||||
jail_name="${1}"
|
jail_name="${1}"
|
||||||
port="${2}"
|
port="${2}"
|
||||||
ip="${3}"
|
ip="${3}"
|
||||||
|
debug "Accept \`${ip}:${port}' for jail \`${jail_name}'"
|
||||||
|
|
||||||
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}"
|
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail_name}"
|
||||||
}
|
}
|
||||||
|
@ -34,7 +35,7 @@ if [ -n "${FIREWALL_RULES}" ]; then
|
||||||
# Restart the firewall
|
# Restart the firewall
|
||||||
[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
|
[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
|
||||||
fi
|
fi
|
||||||
notice "${jail_name}: firewall rules have been updated."
|
notice "Firewall updated for jail \`${jail_name}'"
|
||||||
else
|
else
|
||||||
warning "${jail_name}: skipping firewall update, FIREWALL_RULES variable is empty."
|
notice "Skip jail \`${jail_name}' : FIREWALL_RULES variable is empty."
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -40,7 +40,12 @@ create_inc_ext4() {
|
||||||
|
|
||||||
inc_name=$(date +"%Y-%m-%d-%H")
|
inc_name=$(date +"%Y-%m-%d-%H")
|
||||||
|
|
||||||
for jail_name in $(jails_list); do
|
jails_list=$(jails_list)
|
||||||
|
jails_total=$(echo $jails_list | wc -w)
|
||||||
|
jails_count=0
|
||||||
|
|
||||||
|
for jail_name in ${jails_list}; do
|
||||||
|
jails_count=$((jails_count+1))
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
incs_policy_file=$(current_jail_incs_policy_file ${jail_name})
|
incs_policy_file=$(current_jail_incs_policy_file ${jail_name})
|
||||||
|
@ -49,7 +54,8 @@ for jail_name in $(jails_list); do
|
||||||
if [ -n "${incs_policy_file}" ]; then
|
if [ -n "${incs_policy_file}" ]; then
|
||||||
# If no incs directory is found, we don't create incs
|
# If no incs directory is found, we don't create incs
|
||||||
if [ ! -d "${inc_path}" ]; then
|
if [ ! -d "${inc_path}" ]; then
|
||||||
start=$(current_time)
|
info "Progress: jail ${jails_count} out of ${jails_total}"
|
||||||
|
notice "Create inc \`${inc_name}' for jail \`${jail_name}' : start"
|
||||||
|
|
||||||
if is_btrfs "${jail_path}"; then
|
if is_btrfs "${jail_path}"; then
|
||||||
create_inc_btrfs "${jail_name}" "${inc_name}"
|
create_inc_btrfs "${jail_name}" "${inc_name}"
|
||||||
|
@ -57,12 +63,11 @@ for jail_name in $(jails_list); do
|
||||||
create_inc_ext4 "${jail_name}" "${inc_name}"
|
create_inc_ext4 "${jail_name}" "${inc_name}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
notice "Create inc \`${inc_name}' for jail \`${jail_name}' : finish"
|
||||||
notice "${jail_name}: \`${inc_name}' has been created [${start}/${end}]"
|
|
||||||
else
|
else
|
||||||
warning "${jail_name}: skipping \`${inc_name}', it already exists."
|
warning "Skip inc \`${inc_name}' for jail \`${jail_name}' : it already exists."
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
notice "${jail_name}: skipping \`${inc_name}', incs policy not found."
|
notice "Skip jail \`${jail_name}' : incs policy is missing"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
|
@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" && error "${jail_name}: jail already exists."
|
test -d "${jail_path}" && error "Skip jail \`${jail_name}' : it already exists"
|
||||||
|
|
||||||
# Create config and jails directory
|
# Create config and jails directory
|
||||||
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
||||||
|
@ -28,4 +28,4 @@ fi
|
||||||
setup_jail_chroot "${jail_name}"
|
setup_jail_chroot "${jail_name}"
|
||||||
setup_jail_config "${jail_name}"
|
setup_jail_config "${jail_name}"
|
||||||
|
|
||||||
notice "${jail_name}: jail has been created"
|
notice "Create jail \`${jail_name}' : OK"
|
||||||
|
|
|
@ -15,7 +15,7 @@ if [ ! -n "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
||||||
|
|
||||||
|
@ -40,9 +40,9 @@ else
|
||||||
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
|
||||||
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
|
||||||
else
|
else
|
||||||
error "${jail_name}: No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
error "No \`AllowUsers' directive found in \`${jail_sshd_config}'"
|
||||||
fi
|
fi
|
||||||
notice "${jail_name}: IP whitelist updated with \`${ip}'"
|
notice "Update IP whitelist with \`${ip}' for jail \`${jail_name}' : OK"
|
||||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -14,7 +14,7 @@ if [ -z "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
jail_pid_file="${jail_path}/${SSHD_PID}"
|
jail_pid_file="${jail_path}/${SSHD_PID}"
|
||||||
|
|
||||||
|
|
|
@ -15,15 +15,15 @@ if [ ! -n "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
if [ -z "${keyfile}" ]; then
|
if [ -z "${keyfile}" ]; then
|
||||||
if [ -f "${jail_path}/${AUTHORIZED_KEYS}" ]; then
|
if [ -f "${jail_path}/${AUTHORIZED_KEYS}" ]; then
|
||||||
cat "${jail_path}/${AUTHORIZED_KEYS}"
|
cat "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
test -r "${keyfile}" || error "${jail_name}: SSH key \`${keyfile}' is missing or is not readable."
|
test -r "${keyfile}" || error "SSH key \`${keyfile}' for jail \`${jail_name}' is missing or is not readable."
|
||||||
cat "${keyfile}" > "${jail_path}/${AUTHORIZED_KEYS}"
|
cat "${keyfile}" > "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
chmod 600 "${jail_path}/${AUTHORIZED_KEYS}"
|
chmod 600 "${jail_path}/${AUTHORIZED_KEYS}"
|
||||||
notice "${jail_name}: SSH key has been updated with \`${keyfile}'"
|
notice "Update SSH key \`${keyfile}' for jail \`${jail_name}' : OK"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -15,7 +15,7 @@ if [ ! -n "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ else
|
||||||
fi
|
fi
|
||||||
sed -i "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
sed -i "s/^Port .*/Port ${port}/" "${jail_sshd_config}"
|
||||||
|
|
||||||
notice "${jail_name}: port has been updated to \`${port}'"
|
notice "Update SSH port \`${port}' for jail \`${jail_name}' : OK"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
|
|
|
@ -13,10 +13,14 @@ if [ -z "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
||||||
|
|
||||||
pid=$(cat "${jail_path}/${SSHD_PID}")
|
pid=$(cat "${jail_path}/${SSHD_PID}")
|
||||||
|
|
||||||
kill -HUP "${pid}" && notice "${jail_name}: jail has been reloaded [${pid}]"
|
if kill -HUP "${pid}"; then
|
||||||
|
notice "Reload jail \`${jail_name}' : OK [${pid}]"
|
||||||
|
else
|
||||||
|
error "Reload jail \`${jail_name}' : failed [${pid}]"
|
||||||
|
fi
|
||||||
|
|
|
@ -14,7 +14,7 @@ fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
incs_path=$(incs_path "${jail_name}")
|
incs_path=$(incs_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||||
|
|
||||||
|
@ -33,10 +33,10 @@ if [ -d "${incs_path}" ]; then
|
||||||
if [ "${inc_inode}" -eq 256 ]; then
|
if [ "${inc_inode}" -eq 256 ]; then
|
||||||
/bin/btrfs subvolume delete "${incs_path}/${inc}" | debug
|
/bin/btrfs subvolume delete "${incs_path}/${inc}" | debug
|
||||||
else
|
else
|
||||||
warning "You need to purge ${incs_path}/${inc} manually !"
|
warning "You need to purge \`${incs_path}/${inc}' manually"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
rmdir --ignore-fail-on-non-empty "${incs_path}" | debug
|
rmdir --ignore-fail-on-non-empty "${incs_path}" | debug
|
||||||
fi
|
fi
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
notice "${jail_name}: jail has been deleted."
|
notice "Delete jail \`${jail_name}' : OK"
|
||||||
|
|
|
@ -15,7 +15,7 @@ if [ -z "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-start" "${jail_name}"
|
"${LIBDIR}/bkctld-start" "${jail_name}"
|
||||||
|
|
|
@ -90,33 +90,43 @@ trap "rm -f ${lock_file}; cleanup_tmp;" 0
|
||||||
kill_or_clean_lockfile "${lock_file}"
|
kill_or_clean_lockfile "${lock_file}"
|
||||||
new_lock_file "${lock_file}"
|
new_lock_file "${lock_file}"
|
||||||
|
|
||||||
for jail_name in $(jails_list); do
|
jails_list=$(jails_list)
|
||||||
|
jails_total=$(echo $jails_list | wc -w)
|
||||||
|
jails_count=0
|
||||||
|
|
||||||
|
for jail_name in ${jails_list}; do
|
||||||
|
jails_count=$((jails_count+1))
|
||||||
incs_policy_file=$(current_jail_incs_policy_file ${jail_name})
|
incs_policy_file=$(current_jail_incs_policy_file ${jail_name})
|
||||||
# If no incs policy is found, we don't remove incs
|
# If no incs policy is found, we don't remove incs
|
||||||
if [ -n "${incs_policy_file}" ]; then
|
if [ -n "${incs_policy_file}" ]; then
|
||||||
# shellcheck disable=SC2046
|
# shellcheck disable=SC2046
|
||||||
|
|
||||||
incs_to_delete=$(incs_to_delete "${jail_name}" "${incs_policy_file}")
|
incs_to_delete=$(incs_to_delete "${jail_name}" "${incs_policy_file}")
|
||||||
|
incs_total=$(echo ${incs_to_delete} | wc -w)
|
||||||
|
incs_count=0
|
||||||
|
|
||||||
if [ -n "${incs_to_delete}" ]; then
|
if [ -n "${incs_to_delete}" ]; then
|
||||||
debug "${jail_name}: incs to be deleted : $(echo "${incs_to_delete}" | tr '\n', ',' | sed 's/,$//')."
|
debug "Incs to be deleted for \`${jail_name}' : $(echo "${incs_to_delete}" | tr '\n', ',' | sed 's/,$//')."
|
||||||
for inc_name in ${incs_to_delete}; do
|
for inc_name in ${incs_to_delete}; do
|
||||||
start=$(current_time)
|
incs_count=$((incs_count+1))
|
||||||
|
info "Progress: jail ${jails_count} out of ${jails_total} - inc ${incs_count} out of ${incs_total}"
|
||||||
|
notice "Delete inc \`${inc_name}' for jail \`${jail_name}' : start"
|
||||||
|
|
||||||
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
inc_path=$(inc_path "${jail_name}" "${inc_name}")
|
||||||
|
|
||||||
if is_btrfs "${inc_path}"; then
|
if is_btrfs "${inc_path}"; then
|
||||||
delete_inc_btrfs "${jail_name}" "${inc_name}"
|
delete_inc_btrfs "${jail_name}" "${inc_name}"
|
||||||
else
|
else
|
||||||
delete_inc_ext4 "${jail_name}" "${inc_name}"
|
delete_inc_ext4 "${jail_name}" "${inc_name}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
end=$(current_time)
|
notice "Delete inc \`${inc_name}' for jail \`${jail_name}' : finish"
|
||||||
notice "${jail_name}: inc \`${inc_name}' has been deleted [${start}/${end}]"
|
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
notice "${jail_name}: no inc to be deleted."
|
notice "Skip jail \`${jail_name}' : no inc to delete"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
notice "${jail_name}: skipping jail because incs policy is missing."
|
notice "Skip jail \`${jail_name}' : incs policy is missing"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
mount_jail_fs "${jail_name}"
|
mount_jail_fs "${jail_name}"
|
||||||
|
|
||||||
# Start SSH in the chroot
|
# Start SSH in the chroot
|
||||||
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start SSH."
|
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "Failed to start SSH for jail \`${jail_name}'"
|
||||||
pidfile="${jail_path}/${SSHD_PID}"
|
pidfile="${jail_path}/${SSHD_PID}"
|
||||||
|
|
||||||
# Wait for SSH to be up
|
# Wait for SSH to be up
|
||||||
|
@ -37,7 +37,7 @@ for try in $(seq 1 10); do
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ -n "${pid}" ]; then
|
if [ -n "${pid}" ]; then
|
||||||
notice "${jail_name}: jail has been started [${pid}]"
|
notice "Start jail \`${jail_name}' : PID \`${pid}'"
|
||||||
else
|
else
|
||||||
error "${jail_name}: failed to fetch SSH pid within 3 sec."
|
error "Failed to fetch SSH PID for jail \`${jail_name}' within 3 seconds"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -13,7 +13,7 @@ if [ -z "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" || exit 0
|
||||||
|
|
||||||
|
@ -22,10 +22,10 @@ pid=$(cat "${jail_path}/${SSHD_PID}")
|
||||||
pkill --parent "${pid}"
|
pkill --parent "${pid}"
|
||||||
|
|
||||||
if kill "${pid}"; then
|
if kill "${pid}"; then
|
||||||
notice "${jail_name}: jail has been stopped [${pid}]"
|
notice "Stop jail \`${jail_name}' : OK [${pid}]"
|
||||||
|
|
||||||
umount --lazy --recursive "${jail_path}/dev"
|
umount --lazy --recursive "${jail_path}/dev"
|
||||||
umount --lazy "${jail_path}/proc/"
|
umount --lazy "${jail_path}/proc/"
|
||||||
else
|
else
|
||||||
error "${jail_name}: failed to stop jail [${pid}]"
|
error "Stop jail \`${jail_name}' : failed [${pid}]"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -14,7 +14,7 @@ fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
jail_config_dir=$(jail_config_dir "${jail_name}")
|
jail_config_dir=$(jail_config_dir "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
|
[ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
|
||||||
|
|
||||||
|
|
|
@ -13,10 +13,10 @@ if [ ! -n "${jail_name}" ]; then
|
||||||
fi
|
fi
|
||||||
jail_path=$(jail_path "${jail_name}")
|
jail_path=$(jail_path "${jail_name}")
|
||||||
|
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail not found"
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||||
|
|
||||||
setup_jail_chroot "${jail_name}"
|
setup_jail_chroot "${jail_name}"
|
||||||
|
|
||||||
notice "${jail_name}: jail has been updated."
|
notice "Update jail \`${jail_name}' : OK"
|
||||||
|
|
30
lib/includes
30
lib/includes
|
@ -23,43 +23,49 @@ CRITICAL="${CRITICAL:-48}"
|
||||||
WARNING="${WARNING:-24}"
|
WARNING="${WARNING:-24}"
|
||||||
DUC=$(command -v duc-nox || command -v duc)
|
DUC=$(command -v duc-nox || command -v duc)
|
||||||
|
|
||||||
|
log_date() {
|
||||||
|
echo "[$(date +%Y-%m-%d %H:%M:%s)]"
|
||||||
|
}
|
||||||
|
process_name() {
|
||||||
|
basename $0
|
||||||
|
}
|
||||||
debug() {
|
debug() {
|
||||||
msg="${1:-$(cat /dev/stdin)}"
|
msg="${1:-$(cat /dev/stdin)}"
|
||||||
if [ "${LOGLEVEL}" -ge 7 ]; then
|
if [ "${LOGLEVEL}" -ge 7 ]; then
|
||||||
echo "${msg}"
|
echo "$(log_date) DEBUG $(process_name) ${msg}"
|
||||||
logger -t bkctld -p daemon.debug "${msg}"
|
logger -t bkctld -p daemon.debug "$(process_name) ${msg}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
info() {
|
info() {
|
||||||
msg="${1:-$(cat /dev/stdin)}"
|
msg="${1:-$(cat /dev/stdin)}"
|
||||||
if [ "${LOGLEVEL}" -ge 6 ]; then
|
if [ "${LOGLEVEL}" -ge 6 ]; then
|
||||||
tty -s && echo "${msg}"
|
tty -s && echo "$(log_date) INFO $(process_name)${msg}"
|
||||||
logger -t bkctld -p daemon.info "${msg}"
|
logger -t bkctld -p daemon.info "$(process_name) ${msg}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
notice() {
|
notice() {
|
||||||
msg="${1:-$(cat /dev/stdin)}"
|
msg="${1:-$(cat /dev/stdin)}"
|
||||||
tty -s && echo "${msg}"
|
tty -s && echo "$(log_date) NOTICE $(process_name) ${msg}"
|
||||||
[ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
|
[ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "$(process_name) ${msg}"
|
||||||
}
|
}
|
||||||
|
|
||||||
warning() {
|
warning() {
|
||||||
msg="${1:-$(cat /dev/stdin)}"
|
msg="${1:-$(cat /dev/stdin)}"
|
||||||
tty -s && echo "WARNING: ${msg}" >&2
|
tty -s && echo "$(log_date) WARNING $(process_name) ${msg}" >&2
|
||||||
if [ "${LOGLEVEL}" -ge 4 ]; then
|
if [ "${LOGLEVEL}" -ge 4 ]; then
|
||||||
tty -s || echo "WARNING: ${msg}" >&2
|
tty -s || echo "$(log_date) WARNING $(process_name) ${msg}" >&2
|
||||||
logger -t bkctld -p daemon.warning "${msg}"
|
logger -t bkctld -p daemon.warning "$(process_name) ${msg}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
error() {
|
error() {
|
||||||
msg="${1:-$(cat /dev/stdin)}"
|
msg="${1:-$(cat /dev/stdin)}"
|
||||||
tty -s && echo "ERROR: ${msg}" >&2
|
tty -s && echo "$(log_date) ERROR $(process_name) ${msg}" >&2
|
||||||
if [ "${LOGLEVEL}" -ge 5 ]; then
|
if [ "${LOGLEVEL}" -ge 5 ]; then
|
||||||
tty -s || echo "ERROR: ${msg}" >&2
|
tty -s || echo "$(log_date) ERROR $(process_name) ${msg}" >&2
|
||||||
logger -t bkctld -p daemon.error "${msg}"
|
logger -t bkctld -p daemon.error "$(process_name) ${msg}"
|
||||||
fi
|
fi
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,18 +52,6 @@ load test_helper
|
||||||
assert_failure
|
assert_failure
|
||||||
}
|
}
|
||||||
|
|
||||||
@test "No inc creation with LOCK" {
|
|
||||||
run rm -rf "${INCSPATH}"
|
|
||||||
assert_success
|
|
||||||
|
|
||||||
touch "/run/lock/bkctld/inc-${JAILNAME}-${INC_NAME}.lock"
|
|
||||||
|
|
||||||
/usr/lib/bkctld/bkctld-inc
|
|
||||||
|
|
||||||
run test -d "${INCSPATH}/${INC_NAME}"
|
|
||||||
assert_failure
|
|
||||||
}
|
|
||||||
|
|
||||||
@test "Recent inc is kept after 'rm'" {
|
@test "Recent inc is kept after 'rm'" {
|
||||||
# Setup simple incs policy
|
# Setup simple incs policy
|
||||||
echo "+%Y-%m-%d.-0day" > "${CONFDIR}/${JAILNAME}.d/incs_policy"
|
echo "+%Y-%m-%d.-0day" > "${CONFDIR}/${JAILNAME}.d/incs_policy"
|
||||||
|
|
Loading…
Reference in a new issue