evolix/evobackup
22
0
Fork 1
Code Issues 28 Pull requests 5 Releases 20 Activity

Refactoring of logging and notification

Browse source 
* Use logger command, no longer write directly to logfile
* Loglevel can be set in bkctld.conf
* Remove mail notification, cronjob do it when stdout/stderr
This commit is contained in:
Victor LABORIE 2018-03-26 17:53:00 +02:00
parent d430740383
commit 8680b742dd
3 changed files with 125 additions and 186 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

294
bkctld
View file

@ -28,15 +28,55 @@ usage(){
echo "" echo ""
} }
## logging functions
debug() {
msg="${1:-$(cat /dev/stdin)}"
if [ "${LOGLEVEL}" -ge 7 ]; then
echo "${msg}"
logger -t bkctld -p daemon.debug "${msg}"
fi
}
info() {
msg="${1:-$(cat /dev/stdin)}"
if [ "${LOGLEVEL}" -ge 6 ]; then
tty -s && echo "${msg}"
logger -t bkctld -p daemon.info "${msg}"
fi
}
notice() {
msg="${1:-$(cat /dev/stdin)}"
tty -s && echo "${msg}"
[ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "${msg}"
}
warning() {
msg="${1:-$(cat /dev/stdin)}"
tty -s && echo "WARNING : ${msg}" >&2
if [ "${LOGLEVEL}" -ge 4 ]; then
tty -s || echo "WARNING : ${msg}" >&2
logger -t bkctld -p daemon.warning "${msg}"
fi
}
error() {
msg="${1:-$(cat /dev/stdin)}"
tty -s && echo "ERROR : ${msg}" >&2
if [ "${LOGLEVEL}" -ge 5 ]; then
tty -s || echo "ERROR : ${msg}" >&2
logger -t bkctld -p daemon.error "${msg}"
fi
exit 1
}
## check functions ## check functions
check_jail() { check_jail() {
jail=$1 jail="${1}"
if [ -d ${JAILDIR}/${jail} ]; then [ -d "${JAILDIR}/${jail}" ] && return 0
exit 0 return 1
else
exit 1
fi
} }
check_jail_on() { check_jail_on() {
@ -49,9 +89,9 @@ check_jail_on() {
if [ "$return" -eq 1 ]; then if [ "$return" -eq 1 ]; then
rm -f ${JAILDIR}/${jail}/${SSHD_PID} rm -f ${JAILDIR}/${jail}/${SSHD_PID}
grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy ${JAILDIR}/${jail}/proc/ grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy ${JAILDIR}/${jail}/proc/
grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive ${JAILDIR}/${jail}/dev grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive ${JAILDIR}/${jail}/dev
fi fi
exit "$return" return "$return"
} }
## get functions : get info on jail ## get functions : get info on jail
@ -106,13 +146,9 @@ set_port() {
set_key() { set_key() {
jail=$1 jail=$1
keyfile=$2 keyfile=$2
if [ -e $keyfile ]; then [ -e "${keyfile}" ] || error "Keyfile $keyfile dosen't exist !"
cat $keyfile > ${JAILDIR}/${jail}/${AUTHORIZED_KEYS} cat $keyfile > ${JAILDIR}/${jail}/${AUTHORIZED_KEYS}
chmod 600 ${JAILDIR}/${jail}/${AUTHORIZED_KEYS} chmod 600 ${JAILDIR}/${jail}/${AUTHORIZED_KEYS}
else
echo "Keyfile $keyfile dosen't exist !" >&2
exit 1
fi
} }
set_ip() { set_ip() {
@ -164,7 +200,7 @@ mk_jail() {
[ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc" [ -f "${LOCALTPLDIR}/sshrc" ] && group="${LOCALTPLDIR}/sshrc"
umask 077 umask 077
echo "1 - Creating the chroot" info "1 - Creating the chroot"
cd "${JAILDIR}/${jail}" cd "${JAILDIR}/${jail}"
rm -rf bin lib lib64 run usr var/run etc/ssh/*key rm -rf bin lib lib64 run usr var/run etc/ssh/*key
mkdir -p dev proc mkdir -p dev proc
@ -177,7 +213,7 @@ mk_jail() {
ln -st var ../run ln -st var ../run
touch var/log/lastlog var/log/wtmp run/utmp touch var/log/lastlog var/log/wtmp run/utmp
echo "2 - Copying essential files" info "2 - Copying essential files"
[ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh [ -f /etc/ssh/ssh_host_rsa_key ] && cp /etc/ssh/ssh_host_rsa_key etc/ssh
[ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh [ -f /etc/ssh/ssh_host_ecdsa_key ] && cp /etc/ssh/ssh_host_ecdsa_key etc/ssh
[ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh [ -f /etc/ssh/ssh_host_ed25519_key ] && cp /etc/ssh/ssh_host_ed25519_key etc/ssh
@ -186,7 +222,7 @@ mk_jail() {
cp "$group" etc cp "$group" etc
cp "$sshrc" etc/ssh cp "$sshrc" etc/ssh
echo "3 - Copying binaries" info "3 - Copying binaries"
cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64 cp -f /lib/ld-linux.so.2 lib 2>/dev/null || cp -f /lib64/ld-linux-x86-64.so.2 lib64
cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu cp /lib/x86_64-linux-gnu/libnss* lib/x86_64-linux-gnu
@ -206,12 +242,8 @@ sub_init() {
inctpl="${TPLDIR}/inc.tpl" inctpl="${TPLDIR}/inc.tpl"
[ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config" [ -f "${LOCALTPLDIR}/sshd_config" ] && sshd_config="${LOCALTPLDIR}/sshd_config"
[ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl" [ -f "${LOCALTPLDIR}/inc.tpl" ] && inctpl="${LOCALTPLDIR}/inc.tpl"
if ( check_jail $jail ); then check_jail $jail && error "${jail} : trying to create existant jail"
echo "Jail $jail already exist ! Use '$0 update $jail' for update it" >&2
exit 1
fi
echo "Create jail $jail :"
rootdir=$(dirname "$JAILDIR") rootdir=$(dirname "$JAILDIR")
rootdir_inode=$(stat --format=%i "$rootdir") rootdir_inode=$(stat --format=%i "$rootdir")
jaildir_inode=$(stat --format=%i $JAILDIR) jaildir_inode=$(stat --format=%i $JAILDIR)
@ -221,77 +253,58 @@ sub_init() {
mkdir -p ${JAILDIR}/${jail} mkdir -p ${JAILDIR}/${jail}
fi fi
mk_jail $jail mk_jail $jail
echo "4 - Copie default sshd_config" info "4 - Copie default sshd_config"
install -m 0640 $sshd_config ${JAILDIR}/$jail/${SSHD_CONFIG} install -m 0640 $sshd_config ${JAILDIR}/$jail/${SSHD_CONFIG}
echo "5 - Set usable sshd port" info "5 - Set usable sshd port"
set_port $jail auto set_port $jail auto
echo "6 - Copie default inc configuration" info "6 - Copie default inc configuration"
install -m 0640 $inctpl ${CONFDIR}/$jail install -m 0640 $inctpl ${CONFDIR}/$jail
notice "${jail} : created jail"
} }
sub_update() { sub_update() {
jail=$1 jail=$1
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : trying to update inexistant jail"
echo "Jail $jail doesn't exist ! Use '$0 init $jail' for create it !" >&2 check_jail_on $jail && sub_stop $jail
exit 1
fi
status=$(check_jail_on $jail)
if ( $status ); then
log stop $jail
fi
echo "Update jail $jail :"
mk_jail $jail mk_jail $jail
if ( $status ); then notice "${jail} : updated jail"
log start $jail
fi
} }
sub_remove() { sub_remove() {
jail=$1 jail=$1
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : trying to remove inexistant jail"
echo "Jail $jail doesn't exist !" >&2
exit 1
fi
if ( check_jail_on $jail ); then check_jail_on $jail && sub_stop $jail
log stop $jail
fi
echo "Delete jail $jail"
rm -f ${CONFDIR}/${jail} rm -f ${CONFDIR}/${jail}
jail_inode=$(stat --format=%i ${JAILDIR}/${jail}) jail_inode=$(stat --format=%i ${JAILDIR}/${jail})
if [ "$jail_inode" -eq 256 ]; then if [ "$jail_inode" -eq 256 ]; then
$BTRFS subvolume delete ${JAILDIR}/${jail} $BTRFS subvolume delete ${JAILDIR}/${jail} | debug
else else
rm -rf ${JAILDIR}/${jail} rm -rf ${JAILDIR}/${jail} | debug
fi fi
if [ -d ${INCDIR}/${jail} ]; then if [ -d ${INCDIR}/${jail} ]; then
incs=$(ls ${INCDIR}/${jail}) incs=$(ls ${INCDIR}/${jail})
for inc in $incs; do for inc in $incs; do
inc_inode=$(stat --format=%i ${INCDIR}/${jail}/$inc) inc_inode=$(stat --format=%i ${INCDIR}/${jail}/$inc)
if [ "$inc_inode" -eq 256 ]; then if [ "$inc_inode" -eq 256 ]; then
$BTRFS subvolume delete ${INCDIR}/${jail}/${inc} $BTRFS subvolume delete ${INCDIR}/${jail}/${inc} | debug
else else
echo "You need to purge ${INCDIR}/${jail}/$inc manually !" >&2 warning "You need to purge ${INCDIR}/${jail}/$inc manually !"
fi fi
done done
rmdir --ignore-fail-on-non-empty ${INCDIR}/${jail} rmdir --ignore-fail-on-non-empty ${INCDIR}/${jail} | debug
fi fi
set_firewall $jail set_firewall $jail
notice "${jail} : deleted jail"
} }
sub_start() { sub_start() {
jail=$1 jail=$1
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : trying to start inexistant jail"
echo "Jail $jail doesn't exist ! Create it with '$0 init $jail'" >&2 check_jail_on $jail && error "${jail} : trying to start already running jail"
exit 1
fi
if ( check_jail_on $jail ); then
echo "Jail $jail already running !" >&2
exit 1
fi
echo "Start jail $jail"
cd "${JAILDIR}/${jail}" cd "${JAILDIR}/${jail}"
grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc grep -q "${JAILDIR}/${jail}/proc" /proc/mounts || mount -t proc "proc-${jail}" proc
grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev grep -q "${JAILDIR}/${jail}/dev" /proc/mounts || mount -nt tmpfs "dev-${jail}" dev
@ -312,51 +325,39 @@ sub_start() {
mkdir -p dev/shm mkdir -p dev/shm
grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts grep -q "${JAILDIR}/${jail}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm grep -q "${JAILDIR}/${jail}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog chroot "${JAILDIR}/${jail}" /usr/sbin/sshd -E /var/log/authlog || error "${jail} : error on starting sshd"
pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
notice "${jail} was started [${pid}]"
} }
sub_stop() { sub_stop() {
jail=$1 jail=$1
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : trying to stop inexistant jail"
echo "Jail $jail doesn't exist !" >&2 check_jail_on $jail || error "${jail} : trying to stop not running jail"
exit 1
fi
if ! ( check_jail_on $jail ); then
echo "Jail $jail doesnt't run !" >&2
exit 1
fi
echo "Stop jail $jail"
pid=$(cat ${JAILDIR}/${jail}/${SSHD_PID}) pid=$(cat ${JAILDIR}/${jail}/${SSHD_PID})
for conn in $(ps --ppid $pid -o pid=); do for conn in $(ps --ppid $pid -o pid=); do
kill $conn kill $conn
done done
kill $pid kill $pid && notice "${jail} was stopped [${pid}]"
umount --lazy --recursive ${JAILDIR}/${jail}/dev umount --lazy --recursive ${JAILDIR}/${jail}/dev
umount --lazy ${JAILDIR}/${jail}/proc/ umount --lazy ${JAILDIR}/${jail}/proc/
} }
sub_reload() { sub_reload() {
jail=$1 jail=$1
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : trying to reload inexistant jail"
echo "Jail $jail doesn't exist !" >&2 check_jail_on $jail || error "${jail} : trying to reload not running jail"
exit 1
fi
if ! ( check_jail_on $jail ); then
echo "Jail $jail doesnt't run !" >&2
exit 1
fi
echo "Reload jail $jail" pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}")
pkill -HUP -F ${JAILDIR}/${jail}/${SSHD_PID}
pkill -HUP "${pid}"
notice "${jail} was reloaded [${pid}]"
} }
sub_status() { sub_status() {
jail=$1 jail=$1
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : inexistant jail ! Use '$0 status' for list all"
echo "Jail $jail doesn't exist ! Use '$0 status' for list all" >&2
exit 1
fi
inc=$(get_inc $jail) inc=$(get_inc $jail)
if ( check_jail_on $jail ); then if ( check_jail_on $jail ); then
@ -373,46 +374,37 @@ sub_params() {
jail=$1 jail=$1
params=$2 params=$2
option=$3 option=$3
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : inexistant jail'"
echo "Jail $jail doesn't exist ! Create it with '$0 init $jail'" >&2
exit 1
fi
if [ -z "${option}" ]; then if [ -z "${option}" ]; then
get_${params} $jail get_${params} $jail
else else
set_${params} $jail $option set_${params} $jail $option
echo "Update $jail : $params = $option" notice "${jail} : update $params => $option"
fi fi
} }
sub_sync() { sub_sync() {
jail=$1 jail=$1
if ! ( check_jail $jail ); then check_jail $jail || error "${jail} : trying to sync inexistant jail"
echo "Jail $jail doesn't exist !" >&2
exit 1 [ -n "${NODE}" ] || error "Sync need config of \$NODE in /etc/default/bkctld !"
fi
if [ -z "${NODE}" ]; then
echo "You must define \$NODE in /etc/default/bkctld !" >&2
exit 1
fi
jail=$1 jail=$1
ssh $NODE bkctld init $jail >/dev/null ssh $NODE bkctld init $jail | debug
rsync -a ${JAILDIR}/${jail}/ ${NODE}:${JAILDIR}/${jail}/ --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/* rsync -a ${JAILDIR}/${jail}/ ${NODE}:${JAILDIR}/${jail}/ --exclude proc/* --exclude sys/* --exclude dev/* --exclude run --exclude var/backup/*
rsync -a ${CONFDIR}/$jail ${NODE}:${CONFDIR}/$jail rsync -a ${CONFDIR}/$jail ${NODE}:${CONFDIR}/$jail
if ( check_jail_on $jail ); then if ( check_jail_on $jail ); then
ssh $NODE bkctld start $jail >/dev/null ssh $NODE bkctld start $jail | debug
fi fi
if [ -n "${FIREWALL_RULES}" ]; then if [ -n "${FIREWALL_RULES}" ]; then
rsync -a ${FIREWALL_RULES} ${NODE}:${FIREWALL_RULES} rsync -a ${FIREWALL_RULES} ${NODE}:${FIREWALL_RULES}
ssh $NODE /etc/init.d/minifirewall restart >/dev/null ssh $NODE /etc/init.d/minifirewall restart | debug
fi fi
} }
sub_inc() { sub_inc() {
date=$(date +"%Y-%m-%d-%H") date=$(date +"%Y-%m-%d-%H")
incs_logs=""
jails=$(ls $JAILDIR) jails=$(ls $JAILDIR)
for jail in $jails; do for jail in $jails; do
inc="${INCDIR}/${jail}/${date}" inc="${INCDIR}/${jail}/${date}"
@ -421,23 +413,16 @@ sub_inc() {
start=$(date +"%H:%M:%S") start=$(date +"%H:%M:%S")
jail_inode=$(stat --format=%i ${JAILDIR}/${jail}) jail_inode=$(stat --format=%i ${JAILDIR}/${jail})
if [ "$jail_inode" -eq 256 ]; then if [ "$jail_inode" -eq 256 ]; then
$BTRFS subvolume snapshot -r ${JAILDIR}/${jail} $inc > /dev/null $BTRFS subvolume snapshot -r ${JAILDIR}/${jail} $inc | debug
else else
cp -alx ${JAILDIR}/${jail}/ $inc cp -alx ${JAILDIR}/${jail}/ $inc | debug
fi fi
end=$(date +"%H:%M:%S") end=$(date +"%H:%M:%S")
inc_log="Create $date inc of $jail (Start at $start / End at $end)" notice "${jail} : made $date inc [$start/$end]"
echo "${inc_log}"
incs_logs="${incs_logs} ${inc_log}"
else else
echo "Inc $date of $jail already exist !" >&2 warning "${jail} : trying to made already existant inc"
fi fi
done done
if [ -n "${NOTIF_MAIL}" ]; then
if [ -n "${incs_logs}" ]; then
echo "${incs_logs}" | mail -s "[info] EvoBackup - create incs" $NOTIF_MAIL
fi
fi
} }
sub_rm() { sub_rm() {
@ -448,15 +433,10 @@ sub_rm() {
pid=$(cat $pidfile) pid=$(cat $pidfile)
ps -u $pid >/dev/null ps -u $pid >/dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo "$0 rm always run (PID $pid) !" >&2
kill -9 $pid kill -9 $pid
rm $pidfile warning "$0 rm always run (PID $pid), killed by $$ !"
if [ -n "${NOTIF_MAIL}" ]; then
echo "$0 rm $pid was killed by $$ !" | mail -s "[warn] EvoBackup - purge incs interrupted" $NOTIF_MAIL
fi
else
rm $pidfile
fi fi
rm $pidfile
fi fi
echo $$ > $pidfile echo $$ > $pidfile
rms_logs="" rms_logs=""
@ -474,59 +454,36 @@ sub_rm() {
start=$(date +"%H:%M:%S") start=$(date +"%H:%M:%S")
inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}") inc_inode=$(stat --format=%i "${INCDIR}/${jail}/${j}")
if [ "$inc_inode" -eq 256 ]; then if [ "$inc_inode" -eq 256 ]; then
$BTRFS subvolume delete "${INCDIR}/${jail}/${j}" >/dev/null $BTRFS subvolume delete "${INCDIR}/${jail}/${j}" | debug
else else
cd "${INCDIR}/$jail" cd "${INCDIR}/$jail"
rsync -a --delete "$empty/" "$j/" rsync -a --delete "$empty/" "$j/"
rmdir "$j" rmdir "$j"
fi fi
end=$(date +"%H:%M:%S") end=$(date +"%H:%M:%S")
rm_log="Delete $j inc of $jail (Start at $start / End at $end)" notice "${jail} : deleted $j inc [$start/$end]"
echo "${rm_log}"
rms_logs="${rms_logs} ${rm_log}"
done done
fi fi
done done
rmdir $empty rmdir $empty
rm $pidfile rm $pidfile
if [ -n "${NOTIF_MAIL}" ]; then
if [ -n "${rms_logs}" ]; then
echo "${rms_logs}" | mail -s "[info] EvoBackup - purge incs" $NOTIF_MAIL
fi
fi
}
## log function
log() {
subcommand=$1
logfile="${LOG_DIR}/bkctld.log"
shift
tty -s
if [ $? -eq 0 ]; then
sub_${subcommand} "$@" 2>&1 | tee -a $logfile
else
sub_${subcommand} "$@" >> $logfile 2>&1
fi
} }
## main function : check usage and valid params ## main function : check usage and valid params
main() { main() {
if [ "$(id -u)" -ne 0 ]; then [ "$(id -u)" -ne 0 ] && error "You need to be root to run $0 !"
echo "Error, you need to be root to run $0 !" >&2
exit 1
fi
[ -f /etc/default/bkctld ] && . /etc/default/bkctld [ -f /etc/default/bkctld ] && . /etc/default/bkctld
[ -z "${CONFDIR}" ] && CONFDIR='/etc/evobackup' [ -z "${CONFDIR}" ] && CONFDIR='/etc/evobackup'
[ -z "${JAILDIR}" ] && JAILDIR='/backup/jails' [ -z "${JAILDIR}" ] && JAILDIR='/backup/jails'
[ -z "${INCDIR}" ] && INCDIR='/backup/incs' [ -z "${INCDIR}" ] && INCDIR='/backup/incs'
[ -z "${TPLDIR}" ] && TPLDIR='/usr/share/bkctld' [ -z "${TPLDIR}" ] && TPLDIR='/usr/share/bkctld'
[ -z "${LOCALTPLDIR}" ] && LOCALTPLDIR='/usr/local/share/bkctld' [ -z "${LOCALTPLDIR}" ] && LOCALTPLDIR='/usr/local/share/bkctld'
[ -z "${LOG_DIR}" ] && LOG_DIR='/var/log'
[ -z "${SSHD_PID}" ] && SSHD_PID='/run/sshd.pid' [ -z "${SSHD_PID}" ] && SSHD_PID='/run/sshd.pid'
[ -z "${SSHD_CONFIG}" ] && SSHD_CONFIG='/etc/ssh/sshd_config' [ -z "${SSHD_CONFIG}" ] && SSHD_CONFIG='/etc/ssh/sshd_config'
[ -z "${AUTHORIZED_KEYS}" ] && AUTHORIZED_KEYS='/root/.ssh/authorized_keys' [ -z "${AUTHORIZED_KEYS}" ] && AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
[ -z "${LOGLEVEL}" ] && LOGLEVEL=6
BTRFS=$(which btrfs) BTRFS=$(which btrfs)
mkdir -p $CONFDIR $JAILDIR $INCDIR mkdir -p $CONFDIR $JAILDIR $INCDIR
subcommand=$1 subcommand=$1
@ -537,18 +494,18 @@ main() {
usage usage
;; ;;
"inc" | "rm") "inc" | "rm")
log $subcommand "sub_${subcommand}"
;; ;;
"init") "init")
if [ -n "${jail}" ]; then if [ -n "${jail}" ]; then
log $subcommand $jail "sub_${subcommand}" $jail
else else
usage usage
fi fi
;; ;;
"key" | "port" | "ip") "key" | "port" | "ip")
if [ -n "${jail}" ]; then if [ -n "${jail}" ]; then
log params $jail $subcommand $option sub_params $jail $subcommand $option
else else
usage usage
fi fi
@ -560,34 +517,26 @@ main() {
for jail in $jails; do for jail in $jails; do
case $subcommand in case $subcommand in
"start") "start")
if ! ( check_jail_on $jail ); then check_jail_on $jail || "sub_${subcommand}" $jail
log $subcommand $jail
fi
;; ;;
"stop" | "reload") "stop" | "reload")
if ( check_jail_on $jail ); then check_jail_on $jail && "sub_${subcommand}" $jail
log $subcommand $jail
fi
;; ;;
"restart") "restart")
if ( check_jail_on $jail ); then check_jail_on $jail && sub_stop $jail
log stop $jail sub_start $jail
fi
log start $jail
;; ;;
*) *)
log $subcommand $jail "sub_${subcommand}" $jail
;; ;;
esac esac
done done
else else
if [ "${subcommand}" != "restart" ]; then if [ "${subcommand}" != "restart" ]; then
log $subcommand $jail "sub_${subcommand}" $jail
else else
if ( check_jail_on $jail ); then check_jail_on $jail && sub_stop $jail
log stop $jail sub_start $jail
fi
log start $jail
fi fi
fi fi
else else
@ -598,16 +547,15 @@ main() {
if [ -z "${jail}" ]; then if [ -z "${jail}" ]; then
jails=$(ls $JAILDIR) jails=$(ls $JAILDIR)
for jail in $jails; do for jail in $jails; do
sub_$subcommand $jail "sub_${subcommand}" $jail
done done
else else
sub_$subcommand $jail "sub_${subcommand}" $jail
fi fi
;; ;;
*) *)
shift shift
echo "Error: '${subcommand}' is not a known subcommand." >&2 warning "'${subcommand}' is not a known subcommand." && usage
usage
exit 1 exit 1
;; ;;
esac esac

3
bkctld.conf
View file

@ -6,9 +6,8 @@
#INCDIR='/backup/incs' #INCDIR='/backup/incs'
#TPLDIR='/usr/share/bkctld' #TPLDIR='/usr/share/bkctld'
#LOCALTPLDIR='/usr/local/share/bkctld' #LOCALTPLDIR='/usr/local/share/bkctld'
#LOG_DIR='/var/log'
#SSHD_PID='/var/run/sshd.pid' #SSHD_PID='/var/run/sshd.pid'
#SSHD_CONFIG='/etc/ssh/sshd_config' #SSHD_CONFIG='/etc/ssh/sshd_config'
#AUTHORIZED_KEYS='/root/.ssh/authorized_keys' #AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
#FIREWALL_RULES='/etc/firewall.rc.jails' #FIREWALL_RULES='/etc/firewall.rc.jails'
#NOTIF_MAIL='test@example.com' #LOGLEVEL=6

14
docs/bkctld.8
View file

@ -138,26 +138,18 @@ Dir for surcharge jail templates.
default : /usr/local/share/bkctld default : /usr/local/share/bkctld
.RE .RE
.PP .PP
LOG_DIR LOGLEVEL
.RS 4 .RS 4
Emplacement of log directory. Define loglevel, based on syslog severity level
.RE .RE
.RS 4 .RS 4
default : /var/log default : 6
.RE .RE
.PP .PP
.SH OPTIONALS VARS .SH OPTIONALS VARS
Optionnals vars are no default value. No set them desactivate correspondant fonctionnality. Optionnals vars are no default value. No set them desactivate correspondant fonctionnality.
.RE .RE
.PP .PP
NOTIF_MAIL
.RS 4
Mail address were notification mail will be set.
.RE
.RS 4
Default : no mail notification
.RE
.PP
FIREWALL_RULES FIREWALL_RULES
.RS 4 .RS 4
Configuration file were firewall was configured to allow jail access. This file must be sourced by your firewall configuration tool. Configuration file were firewall was configured to allow jail access. This file must be sourced by your firewall configuration tool.