From 0961165d36d9779196377d22ceaa57e0ffd12ebd Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:21:28 -0600 Subject: [PATCH 01/20] add support for static mac address for jails This commit will generate a static MAC address for each jail, based on the name of the jail. It will use the first half (xx:xx:xx) of the host MAC to avoid network clashes, and generate a random HEX string from the hashed name of the jail. It will then add that random 5 character HEX string in MAC format, and add an "a" and "b" for the host and jail respectively. This way a jail can retain it's MAC ID even if it is deleted and reinstalled, as long as the same name is retained. --- usr/local/share/bastille/common.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 1295799a..e2fd8f22 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -94,6 +94,9 @@ generate_vnet_jail_netblock() { local uniq_epair="bastille0" local uniq_epair_bridge="0" fi + # generate static MAC for jail using host prefix (first half of host MAC) + local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" + local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF @@ -103,6 +106,8 @@ generate_vnet_jail_netblock() { exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}"; + exec.prestart += "ifconfig e${uniq_epair_bridge}a_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}a"; + exec.prestart += "ifconfig e${uniq_epair_bridge}b_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}b"; exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; EOF From 2560b436022eeb37b4472ee34819b7a0b1fc15fa Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:32:52 -0600 Subject: [PATCH 02/20] support for -V option also --- usr/local/share/bastille/common.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index e2fd8f22..e8234d24 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -118,6 +118,8 @@ EOF vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; + exec.prestart += "ifconfig e0a_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}a"; + exec.prestart += "ifconfig e0b_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}b"; exec.poststop += "jib destroy ${uniq_epair}"; EOF fi From cc75f454b44ff180686a0349592ce1f1cea5c4ce Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:35:01 -0600 Subject: [PATCH 03/20] spacing edit --- usr/local/share/bastille/common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index e8234d24..28764a8a 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -96,7 +96,7 @@ generate_vnet_jail_netblock() { fi # generate static MAC for jail using host prefix (first half of host MAC) local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF From a9c1bae0ca2534bd3138af318901171154fac20b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 08:47:46 -0600 Subject: [PATCH 04/20] beginning work to allow cloned jail with new static MAC feature Current implementation allows for cloning jails that were created using a static MAC. Also removed some unnecessary sed strings. These were simplified. --- usr/local/share/bastille/clone.sh | 39 ++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 1ebea6c4..9f68277e 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,12 +86,12 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" - sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" - sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" - sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" - sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" + #sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" + #sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" + #sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" + #sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + #sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi @@ -110,13 +110,25 @@ update_jailconf_vnet() { for _num in $(seq 0 "${num_range}"); do if [ -n "${jail_list}" ]; then if ! grep -q "e0b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then - uniq_epair="bastille${_num}" - # Update the exec.* with uniq_epair when cloning jails. - sed -i '' "s|vnet.interface = e0b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair}|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille[0-9].*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" - break + if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then + local uniq_epair="bastille${_num}" + local uniq_epair_bridge="${_num}" + local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" + local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + # Update the exec.* with uniq_epair when cloning jails. + #sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + #sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" + # for bridged jails + sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|\"e\([0-9]\{1,\}\)|\"e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s| e\([0-9]\{1,\}\)| e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s| epair\([0-9]\{1,\}\)| epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s|.*a_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}a_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}a\";|" "${JAIL_CONFIG}" + sed -i '' "s|.*b_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}b_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}b\";|" "${JAIL_CONFIG}" + break + fi fi fi done @@ -208,3 +220,4 @@ else fi clone_jail + From ee21616e810ecf136988bd18e0ad302cb3543b13 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 09:05:49 -0600 Subject: [PATCH 05/20] Uncomment for non-VNET jails --- usr/local/share/bastille/clone.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 9f68277e..621ecbd9 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,12 +86,12 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - #sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" - #sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" - #sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" - #sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" - #sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" + sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" + sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" + sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" + sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi @@ -114,14 +114,14 @@ update_jailconf_vnet() { local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" - # Update the exec.* with uniq_epair when cloning jails. - #sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - #sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" - # for bridged jails - sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" + local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + # Update the exec.* with uniq_epair when cloning jails. + sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" + # for bridged VNET jails + sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|\"e\([0-9]\{1,\}\)|\"e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s| e\([0-9]\{1,\}\)| e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s| epair\([0-9]\{1,\}\)| epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" From 5fab649266e7994ba9996ae82d2befa6df622226 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 09:15:52 -0600 Subject: [PATCH 06/20] Add see command to rename bridges interface --- usr/local/share/bastille/clone.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 621ecbd9..de9cb9e2 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -135,7 +135,8 @@ update_jailconf_vnet() { # Rename interface to new uniq_epair sed -i '' "s|ifconfig_e0b_bastille.*_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}" - + sed -i '' "s|ifconfig_e.*b.*_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}" + # If 0.0.0.0 set DHCP, else set static IP address if [ "${IP}" == "0.0.0.0" ]; then sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP" From ca66263ee21e9369c45b9a7f28f1aa15fb096112 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 11:30:09 -0600 Subject: [PATCH 07/20] support cloning of bridged VNET jails + static MAC jails - fixed cloning of VNET bridged jails - added support for regenerating static MAC on cloned jails - simplified some sed commands to edit cloned jail.conf file Tested with bridged VNET, VNET, and loopback jails --- usr/local/share/bastille/clone.sh | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index de9cb9e2..58061e97 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,11 +86,7 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" - sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" - sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" - sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi @@ -116,17 +112,13 @@ update_jailconf_vnet() { local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" # Update the exec.* with uniq_epair when cloning jails. - sed -i '' "s|vnet.interface = e[0-9]b_bastille.*;|vnet.interface = e0b_${uniq_epair};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"jib addm bastille[0-9]|exec.prestart += \"jib addm ${uniq_epair};|" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e[0-9]a_bastille[0-9] description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|exec.poststop += \"jib destroy bastille[0-9]\";|exec.poststop += \"jib destroy ${uniq_epair}\";|" "${JAIL_CONFIG}" - # for bridged VNET jails - sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" - sed -i '' "s|\"e\([0-9]\{1,\}\)|\"e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s| e\([0-9]\{1,\}\)| e${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s| epair\([0-9]\{1,\}\)| epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|.*a_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}a_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}a\";|" "${JAIL_CONFIG}" - sed -i '' "s|.*b_.*ether.*|exec.prestart += \"ifconfig e${uniq_epair_bridge}b_${NEWNAME} ether ${host_mac_prefix}:${jail_mac_suffix}b\";|" "${JAIL_CONFIG}" + # for VNET jails + sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" + sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${host_mac_prefix}:${jail_mac_suffix}a|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${host_mac_prefix}:${jail_mac_suffix}b|" "${JAIL_CONFIG}" break fi fi @@ -135,7 +127,7 @@ update_jailconf_vnet() { # Rename interface to new uniq_epair sed -i '' "s|ifconfig_e0b_bastille.*_name|ifconfig_e0b_${uniq_epair}_name|" "${bastille_jail_rc_conf}" - sed -i '' "s|ifconfig_e.*b.*_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}" + sed -i '' "s|ifconfig_e.*b_${TARGET}_name|ifconfig_e${uniq_epair_bridge}b_${NEWNAME}_name|" "${bastille_jail_rc_conf}" # If 0.0.0.0 set DHCP, else set static IP address if [ "${IP}" == "0.0.0.0" ]; then @@ -221,4 +213,3 @@ else fi clone_jail - From 55203b2298e379a36f6417274b0792b4fe00d9db Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 9 Oct 2024 11:31:54 -0600 Subject: [PATCH 08/20] add support for static MAC on VNET jails - support static MAC on bridged and VNET jails - remove quotes around vnet.interface --- usr/local/share/bastille/common.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 28764a8a..b1df86f9 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -94,14 +94,13 @@ generate_vnet_jail_netblock() { local uniq_epair="bastille0" local uniq_epair_bridge="0" fi - # generate static MAC for jail using host prefix (first half of host MAC) - local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" + local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF vnet; - vnet.interface = "e${uniq_epair_bridge}b_${jail_name}"; + vnet.interface = e${uniq_epair_bridge}b_${jail_name}; exec.prestart += "ifconfig epair${uniq_epair_bridge} create"; exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; @@ -117,9 +116,9 @@ EOF vnet; vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; - exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; exec.prestart += "ifconfig e0a_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}a"; exec.prestart += "ifconfig e0b_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}b"; + exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; exec.poststop += "jib destroy ${uniq_epair}"; EOF fi From 0a1e9df9480235c40f3eb51e4f015583457ca5fb Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 4 Dec 2024 08:18:03 -0700 Subject: [PATCH 09/20] Update clone.sh - revert jail config edit This reverts some changes the the "update_jailconf" function. The reason behind this revert is that if a jail somehow has the same name as a directory, then the previous commit would have changed the directory name as well, which would break stuff. The current code avoids all that and only replaces the necessary jail name value. --- usr/local/share/bastille/clone.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 58061e97..556d9274 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -86,7 +86,12 @@ update_jailconf() { JAIL_CONFIG="${bastille_jailsdir}/${NEWNAME}/jail.conf" if [ -f "${JAIL_CONFIG}" ]; then if ! grep -qw "path = ${bastille_jailsdir}/${NEWNAME}/root;" "${JAIL_CONFIG}"; then - sed -i '' "s|${TARGET}|${NEWNAME}|g" "${JAIL_CONFIG}" + sed -i '' "s|host.hostname = ${TARGET};|host.hostname = ${NEWNAME};|" "${JAIL_CONFIG}" + sed -i '' "s|exec.consolelog = .*;|exec.consolelog = ${bastille_logsdir}/${NEWNAME}_console.log;|" "${JAIL_CONFIG}" + sed -i '' "s|path = .*;|path = ${bastille_jailsdir}/${NEWNAME}/root;|" "${JAIL_CONFIG}" + sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" + sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" + sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi From 9a157f2fc8ff7913cc377bd49ca4feeddab7d60e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 4 Dec 2024 08:18:53 -0700 Subject: [PATCH 10/20] Update clone.sh - remove duplicate line --- usr/local/share/bastille/clone.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 556d9274..e31308d1 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -92,7 +92,6 @@ update_jailconf() { sed -i '' "s|mount.fstab = .*;|mount.fstab = ${bastille_jailsdir}/${NEWNAME}/fstab;|" "${JAIL_CONFIG}" sed -i '' "s|${TARGET} {|${NEWNAME} {|" "${JAIL_CONFIG}" sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" - sed -i '' "s|${IPX_ADDR} = .*;|${IPX_ADDR} = ${IP};|" "${JAIL_CONFIG}" fi fi From 203af6c8ade7556e6298bc2c6d63925d4b4348b7 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 6 Dec 2024 11:39:10 -0700 Subject: [PATCH 11/20] Update common.sh - move generation of static mac to main functions --- usr/local/share/bastille/common.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index b1df86f9..55e54206 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -70,6 +70,14 @@ warn() { echo -e "${COLOR_YELLOW}$*${COLOR_RESET}" } +generate_static_mac() { + local jail_name="${1}" + local external_interface="${2}" + local macaddr_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" + local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + macaddr="${macaddr_prefix}:${macaddr_suffix}" +} + generate_vnet_jail_netblock() { local jail_name="$1" local use_unique_bridge="$2" From e055c87d0f07d5a22ac192abd317967db9f59e02 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 6 Dec 2024 11:42:50 -0700 Subject: [PATCH 12/20] Update common.sh - clean up static mac code --- usr/local/share/bastille/common.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh index 55e54206..89d3a962 100644 --- a/usr/local/share/bastille/common.sh +++ b/usr/local/share/bastille/common.sh @@ -82,6 +82,7 @@ generate_vnet_jail_netblock() { local jail_name="$1" local use_unique_bridge="$2" local external_interface="$3" + generate_static_mac "${jail_name}" "${external_interface}" ## determine number of containers + 1 ## iterate num and grep all jail configs ## define uniq_epair @@ -102,8 +103,6 @@ generate_vnet_jail_netblock() { local uniq_epair="bastille0" local uniq_epair_bridge="0" fi - local host_mac_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)" - local jail_mac_suffix="$(echo -n ${jail_name} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" if [ -n "${use_unique_bridge}" ]; then ## generate bridge config cat <<-EOF @@ -113,8 +112,8 @@ generate_vnet_jail_netblock() { exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a"; exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}"; exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}"; - exec.prestart += "ifconfig e${uniq_epair_bridge}a_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}a"; - exec.prestart += "ifconfig e${uniq_epair_bridge}b_${jail_name} ether ${host_mac_prefix}:${jail_mac_suffix}b"; + exec.prestart += "ifconfig e${uniq_epair_bridge}a_${jail_name} ether ${macaddr}a"; + exec.prestart += "ifconfig e${uniq_epair_bridge}b_${jail_name} ether ${macaddr}b"; exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}"; exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy"; EOF @@ -124,8 +123,8 @@ EOF vnet; vnet.interface = e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${external_interface}"; - exec.prestart += "ifconfig e0a_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}a"; - exec.prestart += "ifconfig e0b_${uniq_epair} ether ${host_mac_prefix}:${jail_mac_suffix}b"; + exec.prestart += "ifconfig e0a_${uniq_epair} ether ${macaddr}a"; + exec.prestart += "ifconfig e0b_${uniq_epair} ether ${macaddr}b"; exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\""; exec.poststop += "jib destroy ${uniq_epair}"; EOF From 6a3d675e5fd59802496351a8eeb99a883ec14584 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 6 Dec 2024 12:18:17 -0700 Subject: [PATCH 13/20] Update clone.sh - final commit for static mac cleanup --- usr/local/share/bastille/clone.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index e31308d1..e8b0cab3 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -113,16 +113,19 @@ update_jailconf_vnet() { if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" - local host_mac_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local jail_mac_suffix="$(echo -n ${NEWNAME} | sha256 | tr -d '\n' | awk '{print substr($0,length($0)-5,2) ":" substr($0,length($0)-3,2) ":" substr($0,length($0)-1,1)}')" + # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix + # we also do not use the main generate_static_mac function here + local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" + local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr="${macaddr_prefix}:${macaddr_suffix}" # Update the exec.* with uniq_epair when cloning jails. # for VNET jails sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${host_mac_prefix}:${jail_mac_suffix}a|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${host_mac_prefix}:${jail_mac_suffix}b|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break fi fi From b12719372cbec232c2707d5b78ed2451cac765df Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 16 Dec 2024 09:50:01 -0700 Subject: [PATCH 14/20] typo --- usr/local/share/bastille/clone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index cfd8a5e5..3d1e2d3d 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille clone [TARGET] [NEW_NAME] [IPADRESS]" + error_exit "Usage: bastille clone [TARGET] [NEW_NAME] [IPADDRESS]" } # Handle special-case commands first From 3f0a43046e11110854dee4729dc664f757110b68 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 19 Dec 2024 18:45:55 -0700 Subject: [PATCH 15/20] Update clone.sh --- usr/local/share/bastille/clone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 3d1e2d3d..b8cbbae5 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -117,7 +117,7 @@ update_jailconf_vnet() { # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix # we also do not use the main generate_static_mac function here local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${jail_name} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" local macaddr="${macaddr_prefix}:${macaddr_suffix}" # Update the exec.* with uniq_epair when cloning jails. # for VNET jails From 54e886f6825d192aabc30ee8d0b1e9ac7a1684a5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 07:23:06 -0700 Subject: [PATCH 16/20] missing sed command to add new description --- usr/local/share/bastille/clone.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index b8cbbae5..69f0c400 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -125,6 +125,7 @@ update_jailconf_vnet() { sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break From 6b4a897f62639a22e65687b14537afb815776bb0 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 08:51:46 -0700 Subject: [PATCH 17/20] Spacing --- usr/local/share/bastille/clone.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 69f0c400..d1171ddd 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -114,18 +114,18 @@ update_jailconf_vnet() { if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" - # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix + # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix # we also do not use the main generate_static_mac function here local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" local macaddr="${macaddr_prefix}:${macaddr_suffix}" - # Update the exec.* with uniq_epair when cloning jails. + # Update the exec.* with uniq_epair when cloning jails. # for VNET jails sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break From 76983fa48c94e6fc031dc43aef2de648edfece79 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 20 Dec 2024 08:53:56 -0700 Subject: [PATCH 18/20] spacing --- usr/local/share/bastille/clone.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index d1171ddd..acdddae6 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -32,7 +32,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - error_exit "Usage: bastille clone [TARGET] [NEW_NAME] [IPADDRESS]" + error_exit "Usage: bastille clone TARGET NEW_NAME IPADDRESS" } # Handle special-case commands first @@ -114,18 +114,18 @@ update_jailconf_vnet() { if ! grep -q "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then local uniq_epair="bastille${_num}" local uniq_epair_bridge="${_num}" - # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix + # since we don't have access to the external_interface variable, we cat the jail.conf file to retrieve the mac prefix # we also do not use the main generate_static_mac function here local macaddr_prefix="$(cat ${JAIL_CONFIG} | grep -m 1 ether | grep -oE '([0-9a-f]{2}(:[0-9a-f]{2}){5})' | awk -F: '{print $1":"$2":"$3}')" - local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" + local macaddr_suffix="$(echo -n ${NEWNAME} | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')" local macaddr="${macaddr_prefix}:${macaddr_suffix}" - # Update the exec.* with uniq_epair when cloning jails. + # Update the exec.* with uniq_epair when cloning jails. # for VNET jails sed -i '' "s|bastille\([0-9]\{1,\}\)|${uniq_epair}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)a_${NEWNAME}|e${uniq_epair_bridge}a_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" - sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" + sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" break From 0dd2fae1c14e706a2f72bb9137d65a926af67939 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Wed, 25 Dec 2024 21:35:14 -0700 Subject: [PATCH 19/20] bugfix for hashed name ending with b --- usr/local/share/bastille/clone.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index acdddae6..6e0365e9 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -126,8 +126,8 @@ update_jailconf_vnet() { sed -i '' "s|e\([0-9]\{1,\}\)b_${NEWNAME}|e${uniq_epair_bridge}b_${NEWNAME}|g" "${JAIL_CONFIG}" sed -i '' "s|epair\([0-9]\{1,\}\)|epair${uniq_epair_bridge}|g" "${JAIL_CONFIG}" sed -i '' "s|exec.prestart += \"ifconfig e0a_bastille\([0-9]\{1,\}\).*description.*|exec.prestart += \"ifconfig e0a_${uniq_epair} description \\\\\"vnet host interface for Bastille jail ${NEWNAME}\\\\\"\";|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*a|ether ${macaddr}a|" "${JAIL_CONFIG}" - sed -i '' "s|ether.*:.*:.*:.*:.*:.*b|ether ${macaddr}b|" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*a |ether ${macaddr}a |" "${JAIL_CONFIG}" + sed -i '' "s|ether.*:.*:.*:.*:.*:.*b |ether ${macaddr}b |" "${JAIL_CONFIG}" break fi fi From a6e4902d263321040097693a892ab72aea1d1725 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 26 Dec 2024 08:40:27 -0700 Subject: [PATCH 20/20] Merge changes from previous PR --- usr/local/share/bastille/clone.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh index 6e0365e9..f26f460a 100644 --- a/usr/local/share/bastille/clone.sh +++ b/usr/local/share/bastille/clone.sh @@ -150,15 +150,6 @@ update_fstab() { # Update fstab to use the new name FSTAB_CONFIG="${bastille_jailsdir}/${NEWNAME}/fstab" if [ -f "${FSTAB_CONFIG}" ]; then - FSTAB_RELEASE=$(grep -owE '([1-9]{2,2})\.[0-9](-RELEASE|-RELEASE-i386|-RC[1-9]|-BETA[1-9]|-CURRENT)|([0-9]{1,2}(-stable-build-[0-9]{1,3}|-stable-LAST))|(current-build)-([0-9]{1,3})|(current-BUILD-LATEST)|([0-9]{1,2}-stable-BUILD-LATEST)' "${FSTAB_CONFIG}" | uniq) - FSTAB_CURRENT=$(grep -w ".*/releases/.*/jails/${TARGET}/root/.bastille" "${FSTAB_CONFIG}") - FSTAB_NEWCONF="${bastille_releasesdir}/${FSTAB_RELEASE} ${bastille_jailsdir}/${NEWNAME}/root/.bastille nullfs ro 0 0" - if [ -n "${FSTAB_CURRENT}" ] && [ -n "${FSTAB_NEWCONF}" ]; then - # If both variables are set, update as needed - if ! grep -qw "${bastille_releasesdir}/${FSTAB_RELEASE}.*${bastille_jailsdir}/${NEWNAME}/root/.bastille" "${FSTAB_CONFIG}"; then - sed -i '' "s|${FSTAB_CURRENT}|${FSTAB_NEWCONF}|" "${FSTAB_CONFIG}" - fi - fi # Update additional fstab paths with new jail path sed -i '' "s|${bastille_jailsdir}/${TARGET}/root/|${bastille_jailsdir}/${NEWNAME}/root/|" "${FSTAB_CONFIG}" fi