refactor init and update subcommands
This commit is contained in:
parent
e9e8a790ba
commit
77d0681d14
|
@ -7,30 +7,25 @@
|
|||
# shellcheck source=./config
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||
|
||||
jail="${1:-}"
|
||||
if [ ! -n "${jail}" ]; then
|
||||
jail_name="${1:-}"
|
||||
if [ -z "${jail_name}" ]; then
|
||||
"${LIBDIR}/bkctld-help" && exit 1
|
||||
fi
|
||||
[ -d "${JAILDIR}/${jail}" ] && error "${jail} : trying to create existant jail"
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
mkdir -p "${CONFDIR}" "${JAILDIR}"
|
||||
sshd_config="${TPLDIR}/sshd_config"
|
||||
inctpl="${TPLDIR}/inc.tpl"
|
||||
[ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
|
||||
[ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
|
||||
test -d "${jail_path}" && error "${jail_name} : jail already exists."
|
||||
|
||||
rootdir=$(dirname "${JAILDIR}")
|
||||
rootdir_inode=$(stat --format=%i "${rootdir}")
|
||||
jaildir_inode=$(stat --format=%i "${JAILDIR}")
|
||||
if [ "${rootdir_inode}" -eq 256 ] || [ "${jaildir_inode}" -eq 256 ]; then
|
||||
/bin/btrfs subvolume create "${JAILDIR}/${jail}"
|
||||
# Create config and jails directory
|
||||
mkdir --parents "${CONFDIR}" "${JAILDIR}"
|
||||
|
||||
|
||||
if is_btrfs "$(dirname "${JAILDIR}")" || is_btrfs "${JAILDIR}"; then
|
||||
/bin/btrfs subvolume create "${jail_path}"
|
||||
else
|
||||
mkdir -p "${JAILDIR}/${jail}"
|
||||
mkdir --parents "${jail_path}"
|
||||
fi
|
||||
. "${LIBDIR}/mkjail"
|
||||
info "4 - Copie default sshd_config"
|
||||
install -m 0640 "${sshd_config}" "${JAILDIR}/${jail}/${SSHD_CONFIG}"
|
||||
info "5 - Copie default inc configuration"
|
||||
install -m 0640 "${inctpl}" "${CONFDIR}/${jail}"
|
||||
"${LIBDIR}/bkctld-port" "${jail}" auto
|
||||
notice "${jail} : created jail"
|
||||
|
||||
setup_jail_chroot "${jail_name}"
|
||||
setup_jail_config "${jail_name}"
|
||||
|
||||
notice "${jail_name} : jail has been created"
|
||||
|
|
|
@ -7,12 +7,16 @@
|
|||
# shellcheck source=./config
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||
|
||||
jail="${1:-}"
|
||||
if [ ! -n "${jail}" ]; then
|
||||
jail_name="${1:-}"
|
||||
if [ ! -n "${jail_name}" ]; then
|
||||
"${LIBDIR}/bkctld-help" && exit 1
|
||||
fi
|
||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : trying to update inexistant jail"
|
||||
"${LIBDIR}/bkctld-is-on" "${jail}" && "${LIBDIR}/bkctld-stop" "${jail}"
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
. "${LIBDIR}/mkjail"
|
||||
notice "${jail} : updated jail"
|
||||
[ -d "${jail_path}" ] || error "${jail_name} : trying to update inexistant jail"
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||
|
||||
setup_jail_chroot "${jail_name}"
|
||||
|
||||
notice "${jail_name} : jail has been updated."
|
||||
|
|
81
lib/config
81
lib/config
|
@ -10,10 +10,10 @@ BACKUP_DISK="${BACKUP_DISK:-}"
|
|||
JAILDIR="${JAILDIR:-/backup/jails}"
|
||||
INCDIR="${INCDIR:-/backup/incs}"
|
||||
TPLDIR="${TPLDIR:-/usr/share/bkctld}"
|
||||
LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
|
||||
LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"
|
||||
INDEX_DIR="${INDEX_DIR:-/backup/index}"
|
||||
IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
|
||||
LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
|
||||
SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
|
||||
SSHD_CONFIG="${SSHD_CONFIG:-/etc/ssh/sshd_config}"
|
||||
AUTHORIZED_KEYS="${AUTHORIZED_KEYS:-/root/.ssh/authorized_keys}"
|
||||
|
@ -139,3 +139,82 @@ jail_check_policy_file() {
|
|||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
setup_jail_chroot() {
|
||||
jail_name=$1
|
||||
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
passwd="${TPLDIR}/passwd"
|
||||
shadow="${TPLDIR}/shadow"
|
||||
group="${TPLDIR}/group"
|
||||
sshrc="${TPLDIR}/sshrc"
|
||||
[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
|
||||
[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
|
||||
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
||||
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
|
||||
|
||||
cd "${jail_path}" || error "Failed to change directory to ${jail_path}."
|
||||
umask 077
|
||||
|
||||
info "1 - Creating the chroot"
|
||||
rm -rf bin lib lib64 run usr var/run etc/ssh/*key
|
||||
mkdir -p ./dev
|
||||
mkdir -p ./proc
|
||||
mkdir -p ./usr/bin
|
||||
mkdir -p ./usr/sbin
|
||||
mkdir -p ./usr/lib ./usr/lib/x86_64-linux-gnu ./usr/lib/openssh ./usr/lib64
|
||||
mkdir -p ./etc/ssh
|
||||
mkdir -p ./var/log
|
||||
mkdir -p ./run/sshd
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p ./root/.ssh --mode 0700
|
||||
# shellcheck disable=SC2174
|
||||
mkdir -p ./var/backup --mode 0700
|
||||
ln -s ./usr/bin ./bin
|
||||
ln -s ./usr/lib ./lib
|
||||
ln -s ./usr/lib64 ./lib64
|
||||
ln -s --target-directory=./var ../run
|
||||
touch ./var/log/lastlog ./var/log/wtmp ./run/utmp
|
||||
|
||||
info "2 - Copying essential files"
|
||||
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key ./etc/ssh
|
||||
[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key ./etc/ssh
|
||||
[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key ./etc/ssh
|
||||
touch "./${AUTHORIZED_KEYS}"
|
||||
chmod 600 "./${AUTHORIZED_KEYS}"
|
||||
cp "${passwd}" ./etc
|
||||
cp "${shadow}" ./etc
|
||||
cp "${group}" ./etc
|
||||
cp "${sshrc}" ./etc/ssh
|
||||
|
||||
info "3 - Copying binaries"
|
||||
cp -f /lib/ld-linux.so.2 ./lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 ./lib64
|
||||
cp /lib/x86_64-linux-gnu/libnss* ./lib/x86_64-linux-gnu
|
||||
|
||||
for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
|
||||
cp -f "${dbin}" "./${dbin}";
|
||||
for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
|
||||
cp -p "${lib}" "./${lib}"
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
setup_jail_config() {
|
||||
jail_name=$1
|
||||
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
sshd_config="${TPLDIR}/sshd_config"
|
||||
test -f "${LOCALTPLDIR}/sshd_config" && sshd_config="${LOCALTPLDIR}/sshd_config"
|
||||
|
||||
info "4 - Copie default sshd_config"
|
||||
install -m 0640 "${sshd_config}" "${jail_path}/${SSHD_CONFIG}"
|
||||
|
||||
inctpl="${TPLDIR}/inc.tpl"
|
||||
test -f "${LOCALTPLDIR}/inc.tpl" && inctpl="${LOCALTPLDIR}/inc.tpl"
|
||||
|
||||
info "5 - Copie default inc configuration"
|
||||
install -m 0640 "${inctpl}" "${jail_path}"
|
||||
"${LIBDIR}/bkctld-port" "${jail_name}" auto
|
||||
}
|
||||
|
|
44
lib/mkjail
44
lib/mkjail
|
@ -1,44 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
passwd="${TPLDIR}/passwd"
|
||||
shadow="${TPLDIR}/shadow"
|
||||
group="${TPLDIR}/group"
|
||||
sshrc="${TPLDIR}/sshrc"
|
||||
[ -f "${LOCALTPLDIR}/passwd" ] && passwd="${LOCALTPLDIR}/passwd"
|
||||
[ -f "${LOCALTPLDIR}/shadow" ] && shadow="${LOCALTPLDIR}/shadow"
|
||||
[ -f "${LOCALTPLDIR}/group" ] && group="${LOCALTPLDIR}/group"
|
||||
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
|
||||
umask 077
|
||||
|
||||
info "1 - Creating the chroot"
|
||||
cd "${JAILDIR}/${jail}"
|
||||
rm -rf bin lib lib64 run usr var/run etc/ssh/*key
|
||||
mkdir -p dev proc
|
||||
mkdir -p usr/bin usr/sbin usr/lib usr/lib/x86_64-linux-gnu usr/lib/openssh usr/lib64
|
||||
mkdir -p etc/ssh var/log run/sshd
|
||||
mkdir -p root/.ssh var/backup -m 0700
|
||||
ln -s usr/bin bin
|
||||
ln -s usr/lib lib
|
||||
ln -s usr/lib64 lib64
|
||||
ln -st var ../run
|
||||
touch var/log/lastlog var/log/wtmp run/utmp
|
||||
|
||||
info "2 - Copying essential files"
|
||||
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
|
||||
[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
|
||||
[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
|
||||
cp "${passwd}" etc
|
||||
cp "${shadow}" etc
|
||||
cp "${group}" etc
|
||||
cp "${sshrc}" etc/ssh
|
||||
|
||||
info "3 - Copying binaries"
|
||||
cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
|
||||
cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
|
||||
|
||||
for dbin in /bin/sh /bin/ls /bin/mkdir /bin/cat /bin/rm /bin/sed /usr/bin/rsync /usr/bin/lastlog /usr/bin/touch /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
|
||||
cp -f "${dbin}" "${JAILDIR}/${jail}/${dbin}";
|
||||
for lib in $(ldd "${dbin}" | grep -Eo "/.*so.[0-9\.]+"); do
|
||||
cp -p "${lib}" "${JAILDIR}/${jail}/${lib}"
|
||||
done
|
||||
done
|
Loading…
Reference in a new issue