diff --git a/LICENCE b/LICENSE similarity index 100% rename from LICENCE rename to LICENSE diff --git a/bkctld b/bkctld index b0b2003..aed29ad 100755 --- a/bkctld +++ b/bkctld @@ -170,12 +170,13 @@ mk_jail() { cd "${JAILDIR}/${jail}" mkdir -p dev proc mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64 - mkdir -p etc/ssh var/log var/run/sshd + mkdir -p etc/ssh var/log run/sshd mkdir -p root/.ssh var/backup -m 0700 ln -s usr/bin bin ln -s usr/lib lib ln -s usr/lib64 lib64 - touch var/log/lastlog var/log/wtmp var/run/utmp + ln -s run var/run + touch var/log/lastlog var/log/wtmp run/utmp echo "2 - Copying essential files" [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh @@ -215,7 +216,7 @@ sub_init() { rootdir_inode=$(stat --format=%i "$rootdir") jaildir_inode=$(stat --format=%i $JAILDIR) if [ "$rootdir_inode" -eq 256 ] || [ "$jaildir_inode" -eq 256 ]; then - /sbin/btrfs subvolume create ${JAILDIR}/${jail} + $BTRFS subvolume create ${JAILDIR}/${jail} else mkdir -p ${JAILDIR}/${jail} fi @@ -260,7 +261,7 @@ sub_remove() { rm -f ${CONFDIR}/${jail} jail_inode=$(stat --format=%i ${JAILDIR}/${jail}) if [ "$jail_inode" -eq 256 ]; then - /sbin/btrfs subvolume delete ${JAILDIR}/${jail} + $BTRFS subvolume delete ${JAILDIR}/${jail} else rm -rf ${JAILDIR}/${jail} fi @@ -269,7 +270,7 @@ sub_remove() { for inc in $incs; do inc_inode=$(stat --format=%i ${INCDIR}/${jail}/$inc) if [ "$inc_inode" -eq 256 ]; then - /sbin/btrfs subvolume delete ${INCDIR}/${jail}/${inc} + $BTRFS subvolume delete ${INCDIR}/${jail}/${inc} else echo "You need to purge ${INCDIR}/${jail}/$inc manually !" >&2 fi @@ -398,7 +399,7 @@ sub_sync() { fi jail=$1 ssh $NODE bkctld init $jail >/dev/null - rsync -a ${JAILDIR}/${jail}/ ${NODE}:${JAILDIR}/${jail}/ --exclude proc/* --exclude sys/* --exclude dev/* --exclude var/run/*.pid --exclude var/backup/* + rsync -a ${JAILDIR}/${jail}/ ${NODE}:${JAILDIR}/${jail}/ --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/* rsync -a ${CONFDIR}/$jail ${NODE}:${CONFDIR}/$jail if ( check_jail_on $jail ); then ssh $NODE bkctld start $jail >/dev/null @@ -420,7 +421,7 @@ sub_inc() { start=$(date +"%H:%M:%S") jail_inode=$(stat --format=%i ${JAILDIR}/${jail}) if [ "$jail_inode" -eq 256 ]; then - /sbin/btrfs subvolume snapshot -r ${JAILDIR}/${jail} $inc > /dev/null + $BTRFS subvolume snapshot -r ${JAILDIR}/${jail} $inc > /dev/null else cp -alx ${JAILDIR}/${jail}/ $inc fi @@ -473,7 +474,7 @@ sub_rm() { start=$(date +"%H:%M:%S") inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}") if [ "$inc_inode" -eq 256 ]; then - /sbin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" >/dev/null + $BTRFS subvolume delete "${INCDIR}/${jail}/${j}" >/dev/null else cd "${INCDIR}/$jail" rsync -a --delete "$empty/" "$j/" @@ -523,9 +524,10 @@ main() { [ -z "${TPLDIR}" ] && TPLDIR='/usr/share/bkctld' [ -z "${LOCALTPLDIR}" ] && LOCALTPLDIR='/usr/local/share/bkctld' [ -z "${LOG_DIR}" ] && LOG_DIR='/var/log' - [ -z "${SSHD_PID}" ] && SSHD_PID='/var/run/sshd.pid' + [ -z "${SSHD_PID}" ] && SSHD_PID='/run/sshd.pid' [ -z "${SSHD_CONFIG}" ] && SSHD_CONFIG='/etc/ssh/sshd_config' [ -z "${AUTHORIZED_KEYS}" ] && AUTHORIZED_KEYS='/root/.ssh/authorized_keys' + BTRFS=$(which btrfs) mkdir -p $CONFDIR $JAILDIR $INCDIR subcommand=$1 jail=$2 diff --git a/tpl/sshd_config b/tpl/sshd_config index 61e7211..b2bc432 100644 --- a/tpl/sshd_config +++ b/tpl/sshd_config @@ -2,7 +2,8 @@ Port 2222 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600