Skip to content

Instantly share code, notes, and snippets.

@kunst1080

kunst1080/create_jail.sh

Last active August 29, 2015 14:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kunst1080/3a2303bc90e4c849c347 to your computer and use it in GitHub Desktop.
Save kunst1080/3a2303bc90e4c849c347 to your computer and use it in GitHub Desktop.
Download ZIP
Create FreeBSD Jail with qjail(8), using user flavor and inital script.
Raw
create_jail.sh
#!/bin/sh
USAGE(){
cat <<++EOS >&2
USAGE:`basename $0` jail_name ip_address user_flavor [ -y root_password default_user default_user_password ]
++EOS
}
# const
PREFIX=/usr/jails
NIC=em1
# ---------- PREPARING ----------
# parse input
if [ "_$3" = "_" ] ; then
USAGE
exit 9
fi
jail_name=$1
ip_address=$2
user_flavor=$3
if [ "_$4" = "_-y" ] ; then
if [ "_$7" = "_" ] ; then
USAGE
exit 9
fi
is_silent=$4
root_password=$5
default_user=$6
default_user_password=$7
else
is_silent=""
echo -n "Input root password: "
read root_password
echo -n "Input default username: "
read default_user
echo -n "Input default user password: "
read default_user_password
fi
# check input
if [ "$user_flavor" != "NONE" ] ; then
if [ ! -d "$user_flavor" ] ; then
echo "not existing or not directory: ${user_flavor}"
exit 9
fi
fi
if qjail list | awk '{print $5}' | grep -x -q "${jail_name}" ; then
echo "existing jail_name: ${jail_name}"
exit 9
fi
if qjail list | awk '{print $4}' | grep -x -q "${ip_address}" ; then
echo "existing ip_address: ${ip_address}"
exit 9
fi
cat <<++EOS
I will create a Jail with the following.
jail_name :${jail_name}
ip_address :${ip_address}
user_flavor :${user_flavor}
root_password :${root_password}
default_user :${default_user}
default_user_password:${default_user_password}
++EOS
if [ "${is_silent}" != "-y" ] ; then
echo -n 'create? [y/n]: '
read YN
if [ "$YN" != "y" -a "$YN" != "yes" ]; then
exit 9
fi
fi
# ---------- MAIN ----------
echo
echo "--- SETUP START ---"
echo "Creating a Jail"
qjail create -n $NIC -4 $ip_address $jail_name
qjail config -k $jail_name
echo
echo "Modifiying global settings"
echo " /etc/ssh/sshd_config"
cp -p ${PREFIX}/${jail_name}/etc/ssh/sshd_config ${PREFIX}/${jail_name}/etc/ssh/sshd_config.org
cat ${PREFIX}/${jail_name}/etc/ssh/sshd_config.org \
| sed "s/^#Port 22/Port 22/g" \
| sed "s/^#ListenAddress 0.0.0.0/ListenAddress ${ip_address}/g" \
| sed "s/^#Protocol 2/Protocol 2/g" \
| sed "s/^#PermitRootLogin no/PermitRootLogin no/g" \
| sed "s/^#RSAAuthentication yes/RSAAuthentication yes/g" \
| sed "s/^#PubkeyAuthentication yes/PubkeyAuthentication yes/g" \
| sed "s/^#PasswordAuthentication no/PasswordAuthentication no/g" \
| sed "s/^#PermitEmptyPasswords no/PermitEmptyPasswords no/g" \
| sed "s/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/g" \
| sed "s/^#UseDNS yes/UseDNS no/g" \
> ${PREFIX}/${jail_name}/etc/ssh/sshd_config
echo " /etc/rc.conf"
cp -p ${PREFIX}/${jail_name}/etc/rc.conf ${PREFIX}/${jail_name}/etc/rc.conf.org
cat <<++EOS >> ${PREFIX}/${jail_name}/etc/rc.conf
sshd_enable="YES"
++EOS
echo
echo "Starting Jail"
qjail start $jail_name
echo
echo "Setuping users"
echo " setuping root password"
jexec $jail_name sh -c "echo ${root_password} | pw usermod -n root -h 0"
echo " setuping default_user"
jexec $jail_name sh -c "echo ${default_user_password} | pw useradd -n ${default_user} -G wheel -m -h 0"
# apply user_flavor
if [ "$user_flavor" != "NONE" ]; then
echo
echo "Applying user_flavor"
cp -vR ${user_flavor}/* ${PREFIX}/${jail_name}/
jexec $jail_name sh -c "chown -R ${default_user}:${default_user} /home/${default_user}/"
fi
# run scripts
if [ -x ${user_flavor}/rc.root ] ; then
echo
echo "Running /rc.root"
jexec $jail_name /rc.root
fi
if [ -x ${user_flavor}/rc.user ] ; then
echo
echo "Running /rc.user"
jexec -U ${default_user} $jail_name /rc.user
fi
echo
echo "--- SETUP END ---"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment