#!/bin/sh usage() { cat < [options] Subcommands: init Init jail update |all Update jail or all remove |all Remove jail or all start |all Start jail or all stop |all Stop jail or all reload |all Reload jail or all restart |all Restart jail or all sync |all Sync jail or all to another node status [] Print status of (default all jail) key [] Set or get ssh pubic key of port [|auto] Set or get ssh port of ip [|all] Set or get allowed(s) ip(s) of inc Make incremental inc of all jails rm Remove old incremtal inc of all jails check Run check on jails (NRPE output) stats Make and display stats on jails (size, lastconn) EOF exit 1 } check_jail() { jail="${1}" [ -d "${JAILDIR}/${jail}" ] && return 0 return 1 } check_jail_on() { jail="${1}" return=1 if [ -f "${JAILDIR}/${jail}/${SSHD_PID}" ]; then pid=$(cat "${JAILDIR}/${jail}/${SSHD_PID}") ps -p "${pid}" > /dev/null && return=0 fi if [ "${return}" -eq 1 ]; then rm -f "${JAILDIR}/${jail}/${SSHD_PID}" grep -q "${JAILDIR}/${jail}/proc" /proc/mounts && umount --lazy "${JAILDIR}/${jail}/proc/" grep -q "${JAILDIR}/${jail}/dev" /proc/mounts && umount --lazy --recursive "${JAILDIR}/${jail}/dev" fi return "${return}" } get_inc() { jail="${1}" inc="0" if [ -f "${CONFDIR}/${jail}" ]; then day=$(grep -c "day" "${CONFDIR}/${jail}") month=$(grep -c "month" "${CONFDIR}/${jail}") inc="${day}/${month}" fi echo "${inc}" } set_firewall() { jail="${1}" if [ -n "${FIREWALL_RULES}" ]; then if [ -f "${FIREWALL_RULES}" ]; then sed -i "/#${jail}$/d" "${FIREWALL_RULES}" fi if ( check_jail "${jail}" ); then port=$("${LIBDIR}/bkctld-port" "${jail}") for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}" done if [ -f /etc/init.d/minifirewall ]; then /etc/init.d/minifirewall restart >/dev/null fi fi fi }