Merge branch 'master' into debian
This commit is contained in:
commit
5e4718da08
20
bkctld
20
bkctld
|
@ -170,12 +170,13 @@ mk_jail() {
|
||||||
cd "${JAILDIR}/${jail}"
|
cd "${JAILDIR}/${jail}"
|
||||||
mkdir -p dev proc
|
mkdir -p dev proc
|
||||||
mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
|
mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
|
||||||
mkdir -p etc/ssh var/log var/run/sshd
|
mkdir -p etc/ssh var/log run/sshd
|
||||||
mkdir -p root/.ssh var/backup -m 0700
|
mkdir -p root/.ssh var/backup -m 0700
|
||||||
ln -s usr/bin bin
|
ln -s usr/bin bin
|
||||||
ln -s usr/lib lib
|
ln -s usr/lib lib
|
||||||
ln -s usr/lib64 lib64
|
ln -s usr/lib64 lib64
|
||||||
touch var/log/lastlog var/log/wtmp var/run/utmp
|
ln -s run var/run
|
||||||
|
touch var/log/lastlog var/log/wtmp run/utmp
|
||||||
|
|
||||||
echo "2 - Copying essential files"
|
echo "2 - Copying essential files"
|
||||||
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
|
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
|
||||||
|
@ -215,7 +216,7 @@ sub_init() {
|
||||||
rootdir_inode=$(stat --format=%i "$rootdir")
|
rootdir_inode=$(stat --format=%i "$rootdir")
|
||||||
jaildir_inode=$(stat --format=%i $JAILDIR)
|
jaildir_inode=$(stat --format=%i $JAILDIR)
|
||||||
if [ "$rootdir_inode" -eq 256 ] || [ "$jaildir_inode" -eq 256 ]; then
|
if [ "$rootdir_inode" -eq 256 ] || [ "$jaildir_inode" -eq 256 ]; then
|
||||||
/sbin/btrfs subvolume create ${JAILDIR}/${jail}
|
$BTRFS subvolume create ${JAILDIR}/${jail}
|
||||||
else
|
else
|
||||||
mkdir -p ${JAILDIR}/${jail}
|
mkdir -p ${JAILDIR}/${jail}
|
||||||
fi
|
fi
|
||||||
|
@ -260,7 +261,7 @@ sub_remove() {
|
||||||
rm -f ${CONFDIR}/${jail}
|
rm -f ${CONFDIR}/${jail}
|
||||||
jail_inode=$(stat --format=%i ${JAILDIR}/${jail})
|
jail_inode=$(stat --format=%i ${JAILDIR}/${jail})
|
||||||
if [ "$jail_inode" -eq 256 ]; then
|
if [ "$jail_inode" -eq 256 ]; then
|
||||||
/sbin/btrfs subvolume delete ${JAILDIR}/${jail}
|
$BTRFS subvolume delete ${JAILDIR}/${jail}
|
||||||
else
|
else
|
||||||
rm -rf ${JAILDIR}/${jail}
|
rm -rf ${JAILDIR}/${jail}
|
||||||
fi
|
fi
|
||||||
|
@ -269,7 +270,7 @@ sub_remove() {
|
||||||
for inc in $incs; do
|
for inc in $incs; do
|
||||||
inc_inode=$(stat --format=%i ${INCDIR}/${jail}/$inc)
|
inc_inode=$(stat --format=%i ${INCDIR}/${jail}/$inc)
|
||||||
if [ "$inc_inode" -eq 256 ]; then
|
if [ "$inc_inode" -eq 256 ]; then
|
||||||
/sbin/btrfs subvolume delete ${INCDIR}/${jail}/${inc}
|
$BTRFS subvolume delete ${INCDIR}/${jail}/${inc}
|
||||||
else
|
else
|
||||||
echo "You need to purge ${INCDIR}/${jail}/$inc manually !" >&2
|
echo "You need to purge ${INCDIR}/${jail}/$inc manually !" >&2
|
||||||
fi
|
fi
|
||||||
|
@ -398,7 +399,7 @@ sub_sync() {
|
||||||
fi
|
fi
|
||||||
jail=$1
|
jail=$1
|
||||||
ssh $NODE bkctld init $jail >/dev/null
|
ssh $NODE bkctld init $jail >/dev/null
|
||||||
rsync -a ${JAILDIR}/${jail}/ ${NODE}:${JAILDIR}/${jail}/ --exclude proc/* --exclude sys/* --exclude dev/* --exclude var/run/*.pid --exclude var/backup/*
|
rsync -a ${JAILDIR}/${jail}/ ${NODE}:${JAILDIR}/${jail}/ --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
|
||||||
rsync -a ${CONFDIR}/$jail ${NODE}:${CONFDIR}/$jail
|
rsync -a ${CONFDIR}/$jail ${NODE}:${CONFDIR}/$jail
|
||||||
if ( check_jail_on $jail ); then
|
if ( check_jail_on $jail ); then
|
||||||
ssh $NODE bkctld start $jail >/dev/null
|
ssh $NODE bkctld start $jail >/dev/null
|
||||||
|
@ -420,7 +421,7 @@ sub_inc() {
|
||||||
start=$(date +"%H:%M:%S")
|
start=$(date +"%H:%M:%S")
|
||||||
jail_inode=$(stat --format=%i ${JAILDIR}/${jail})
|
jail_inode=$(stat --format=%i ${JAILDIR}/${jail})
|
||||||
if [ "$jail_inode" -eq 256 ]; then
|
if [ "$jail_inode" -eq 256 ]; then
|
||||||
/sbin/btrfs subvolume snapshot -r ${JAILDIR}/${jail} $inc > /dev/null
|
$BTRFS subvolume snapshot -r ${JAILDIR}/${jail} $inc > /dev/null
|
||||||
else
|
else
|
||||||
cp -alx ${JAILDIR}/${jail}/ $inc
|
cp -alx ${JAILDIR}/${jail}/ $inc
|
||||||
fi
|
fi
|
||||||
|
@ -473,7 +474,7 @@ sub_rm() {
|
||||||
start=$(date +"%H:%M:%S")
|
start=$(date +"%H:%M:%S")
|
||||||
inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
|
inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
|
||||||
if [ "$inc_inode" -eq 256 ]; then
|
if [ "$inc_inode" -eq 256 ]; then
|
||||||
/sbin/btrfs subvolume delete "${INCDIR}/${jail}/${j}" >/dev/null
|
$BTRFS subvolume delete "${INCDIR}/${jail}/${j}" >/dev/null
|
||||||
else
|
else
|
||||||
cd "${INCDIR}/$jail"
|
cd "${INCDIR}/$jail"
|
||||||
rsync -a --delete "$empty/" "$j/"
|
rsync -a --delete "$empty/" "$j/"
|
||||||
|
@ -523,9 +524,10 @@ main() {
|
||||||
[ -z "${TPLDIR}" ] && TPLDIR='/usr/share/bkctld'
|
[ -z "${TPLDIR}" ] && TPLDIR='/usr/share/bkctld'
|
||||||
[ -z "${LOCALTPLDIR}" ] && LOCALTPLDIR='/usr/local/share/bkctld'
|
[ -z "${LOCALTPLDIR}" ] && LOCALTPLDIR='/usr/local/share/bkctld'
|
||||||
[ -z "${LOG_DIR}" ] && LOG_DIR='/var/log'
|
[ -z "${LOG_DIR}" ] && LOG_DIR='/var/log'
|
||||||
[ -z "${SSHD_PID}" ] && SSHD_PID='/var/run/sshd.pid'
|
[ -z "${SSHD_PID}" ] && SSHD_PID='/run/sshd.pid'
|
||||||
[ -z "${SSHD_CONFIG}" ] && SSHD_CONFIG='/etc/ssh/sshd_config'
|
[ -z "${SSHD_CONFIG}" ] && SSHD_CONFIG='/etc/ssh/sshd_config'
|
||||||
[ -z "${AUTHORIZED_KEYS}" ] && AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
|
[ -z "${AUTHORIZED_KEYS}" ] && AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
|
||||||
|
BTRFS=$(which btrfs)
|
||||||
mkdir -p $CONFDIR $JAILDIR $INCDIR
|
mkdir -p $CONFDIR $JAILDIR $INCDIR
|
||||||
subcommand=$1
|
subcommand=$1
|
||||||
jail=$2
|
jail=$2
|
||||||
|
|
|
@ -2,7 +2,8 @@ Port 2222
|
||||||
Protocol 2
|
Protocol 2
|
||||||
|
|
||||||
HostKey /etc/ssh/ssh_host_rsa_key
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||||||
HostKey /etc/ssh/ssh_host_dsa_key
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
UsePrivilegeSeparation yes
|
UsePrivilegeSeparation yes
|
||||||
|
|
||||||
KeyRegenerationInterval 3600
|
KeyRegenerationInterval 3600
|
||||||
|
|
Loading…
Reference in a new issue