code clarification
This commit is contained in:
parent
092b204be2
commit
b141daca29
|
@ -18,22 +18,23 @@ jail_path=$(jail_path "${jail_name}")
|
||||||
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
if [ -z "${ip}" ]; then
|
if [ -z "${ip}" ]; then
|
||||||
|
# parse IP addresses from AllowUsers directives in sshd config
|
||||||
grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do
|
grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do
|
||||||
echo "${allow}" | cut -d'@' -f2
|
echo "${allow}" | cut -d'@' -f2
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
|
||||||
ips="0.0.0.0/0"
|
new_ips="0.0.0.0/0"
|
||||||
else
|
else
|
||||||
ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
|
existing_ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
|
||||||
ips=$(echo "${ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
|
new_ips=$(echo "${existing_ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
|
||||||
fi
|
fi
|
||||||
allow="AllowUsers"
|
allow_users="AllowUsers"
|
||||||
for ip in $ips; do
|
for ip in ${new_ips}; do
|
||||||
allow="${allow} root@${ip}"
|
allow_users="${allow_users} root@${ip}"
|
||||||
done
|
done
|
||||||
sed -i "s~^AllowUsers .*~${allow}~" "${jail_path}/${SSHD_CONFIG}"
|
sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_path}/${SSHD_CONFIG}"
|
||||||
notice "${jail_name}: update ip => ${ip}"
|
notice "${jail_name}: IP whitelist updated to ${ip}"
|
||||||
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
"${LIBDIR}/bkctld-reload" "${jail_name}"
|
||||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -17,6 +17,8 @@ test -d "${jail_path}" || error "${jail_name}: jail is missing."
|
||||||
|
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && exit 0
|
||||||
|
|
||||||
|
# Prepare the chroot
|
||||||
|
(
|
||||||
cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}."
|
cd "${jail_path}" || error "${jail_name}: failed to change directory to ${jail_path}."
|
||||||
|
|
||||||
grep -q "${jail_path}/proc" /proc/mounts || mount -t proc "proc-${jail_name}" proc
|
grep -q "${jail_path}/proc" /proc/mounts || mount -t proc "proc-${jail_name}" proc
|
||||||
|
@ -38,10 +40,13 @@ mkdir -p dev/pts
|
||||||
mkdir -p dev/shm
|
mkdir -p dev/shm
|
||||||
grep -q "${jail_path}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
|
grep -q "${jail_path}/dev/pts" /proc/mounts || mount -t devpts -o gid=4,mode=620 none dev/pts
|
||||||
grep -q "${jail_path}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
|
grep -q "${jail_path}/dev/shm" /proc/mounts || mount -t tmpfs none dev/shm
|
||||||
|
)
|
||||||
|
|
||||||
|
# Start SSH in the chroot
|
||||||
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start sshd"
|
chroot "${jail_path}" /usr/sbin/sshd -E /var/log/authlog || error "${jail_name}: failed to start sshd"
|
||||||
pidfile="${jail_path}/${SSHD_PID}"
|
pidfile="${jail_path}/${SSHD_PID}"
|
||||||
|
|
||||||
|
# Wait for SSH to be up
|
||||||
for try in $(seq 1 10); do
|
for try in $(seq 1 10); do
|
||||||
test -f "${pidfile}" || sleep 0.3
|
test -f "${pidfile}" || sleep 0.3
|
||||||
done
|
done
|
||||||
|
|
|
@ -7,20 +7,23 @@
|
||||||
# shellcheck source=./includes
|
# shellcheck source=./includes
|
||||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||||
|
|
||||||
jail="${1:?}"
|
jail_name="${1:?}"
|
||||||
if [ ! -n "${jail}" ]; then
|
if [ ! -n "${jail_name}" ]; then
|
||||||
"${LIBDIR}/bkctld-help" && exit 1
|
"${LIBDIR}/bkctld-help" && exit 1
|
||||||
fi
|
fi
|
||||||
[ -d "${JAILDIR}/${jail}" ] || error "${jail} : inexistant jail ! Use '$0 status' for list all"
|
[ -d "${JAILDIR}/${jail_name}" ] || error "${jail_name} : jail is missing.\nUse '$0 status [all]' to get the status of all jails."
|
||||||
|
|
||||||
inc="0"
|
incs_policy="0"
|
||||||
if [ -f "${CONFDIR}/${jail}" ]; then
|
if [ -f "${CONFDIR}/${jail_name}" ]; then
|
||||||
day=$(grep -c "day" "${CONFDIR}/${jail}")
|
days=$(grep -c "day" "${CONFDIR}/${jail_name}")
|
||||||
month=$(grep -c "month" "${CONFDIR}/${jail}")
|
months=$(grep -c "month" "${CONFDIR}/${jail_name}")
|
||||||
inc="${day}/${month}"
|
incs_policy="${days}/${months}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
status="OFF"
|
status="OFF"
|
||||||
"${LIBDIR}/bkctld-is-on" "${jail}" && status="ON "
|
"${LIBDIR}/bkctld-is-on" "${jail_name}" && status="ON "
|
||||||
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
|
||||||
ip=$("${LIBDIR}/bkctld-ip" "${jail}"|xargs|tr -s ' ' ',')
|
port=$("${LIBDIR}/bkctld-port" "${jail_name}")
|
||||||
echo "${jail} ${status} ${port} ${inc} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
|
ip=$("${LIBDIR}/bkctld-ip" "${jail_name}" | xargs | tr -s ' ' ',')
|
||||||
|
|
||||||
|
echo "${jail_name} ${status} ${port} ${incs_policy} ${ip}" | awk '{ printf("%- 30s %- 10s %- 10s %- 10s %- 40s\n", $1, $2, $3, $4, $5); }'
|
||||||
|
|
Loading…
Reference in a new issue