Merge pull request #33 from cedwards/master

May 2019 update: HardenedBSD, tzdata, NS
2019-05-22 21:59:01 -06:00 · 2019-05-22 21:50:29 -06:00 · 2019-03-11 17:54:41 -06:00 · 2019-03-11 17:51:32 -06:00 · 2019-02-04 21:32:21 -07:00 · 2019-02-04 21:31:34 -07:00
24 changed files with 175 additions and 151 deletions
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 BSD 3-Clause License
-Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
--- a/README.md
+++ b/README.md
@@ -6,22 +6,29 @@ easily create and manage FreeBSD jail.
 Installation
 ------------
-Bastille is not (yet) in the official ports tree, but I have built and verified
+Bastille is available in the official ports tree.
 binary packages.
 To install using one of the BETA binary packages, copy the URL for the latest
 release here (TXZ file): https://github.com/bastillebsd/bastille/releases
 Then, install via `pkg`. 
 Example:
 ```shell
 pkg add https://github.com/BastilleBSD/bastille/releases/download/0.3.20181130/bastille-0.3.20181130_2.txz
 ```
 BETA binary packages are signed. These can be verified with this pubkey:
 ```
 pkg install bastille
 ```
 Development builds are available on the `pkg.bastillebsd.org` package server.
 To subscribe to this repo, use the following two configuration additions.
 Note: The BastilleBSD pkg server will usually be ahead of FreeBSD latest.
 ```
 ## /usr/local/etc/pkg/repos/BastilleBSD.conf
 BastilleBSD: {
  url: "https://pkg.bastillebsd.org/pkg/${ABI}",
  signature_type: "pubkey",
  pubkey: "/usr/local/etc/ssl/poudriere.pub",
  enabled: yes
 }
 ```
 ```
 ## /usr/local/etc/ssl/poudriere.pub
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq28OLDhJ12JmsKKcJpnn
 pCW3fFYBNI1BtdvTvFx57ZXvQ2qecBvnR9+XWi83hKS9ALTKZI6CLC2uTv1fIsZl
@@ -68,10 +75,7 @@ Use "bastille command -h|--help" for more information about a command.
 ## 0.3-beta
 This document outlines the basic usage of the Bastille jail management
-framework. This release, obviously, is beta quality. I make no guarantees of
+framework. This release is still considered beta.
 quality, and if it screws up your system... Sorry, bro. 
 With all that said, here's how to use this tool in its current beta state...
 ## Network Requirements
@@ -101,7 +105,7 @@ set block-policy drop
 scrub in on $ext_if all fragment reassemble
 set skip on lo
-nat on $ext_if from !($ext_if) -> ($ext_if:0)
+nat on $ext_if from lo1:network to any -> ($ext_if)
 ## rdr example
 ## rdr pass inet proto tcp from any to any port {80, 443} -> 10.88.9.45
@@ -149,9 +153,9 @@ This step only needs to be done once in order to prepare the host.
 bastille bootstrap
 ------------------
-The first step is to "bootstrap" a release. Current supported release is
+The first step is to "bootstrap" a release. Current supported releases are
-11.2-RELEASE, but you can bootstrap anything in the ftp.FreeBSD.org RELEASES
+11.2-RELEASE and 12.0-RELEASE, but you can bootstrap anything in the
-directory. 
+ftp.FreeBSD.org RELEASES directory.
 Note: your mileage may vary with unsupported releases and releases newer than
 the host system likely will NOT work at all.
@@ -160,17 +164,17 @@ To `bootstrap` a release, run the bootstrap sub-command with the
 release version as the argument.
 ```shell
 ishmael ~ # bastille bootstrap 11.2-RELEASE
 ishmael ~ # bastille bootstrap 12.0-RELEASE
 ishmael ~ # bastille bootstrap 11.2-RELEASE
 ```
 This command will ensure the required directory structures are in place and
 download the requested release. For each requested release, `bootstrap` will
-download the base.txz and lib32.txz. These are both verified (sha256 via
+download the base.txz. These are verified (sha256 via MANIFEST file) before
-MANIFEST file) before they are extracted for use.
+they are extracted for use.
 Downloaded artifacts are stored in the `cache` directory. "bootstrapped"
-releases are stored in `releases/version`.
+releases are stored in `releases/$RELEASE`.
 The bootstrap subcommand is generally only used once to prepare the system. The
 only other use case for the bootstrap command is when a new FreeBSD version is
@@ -183,7 +187,7 @@ command.
 bastille create
 ---------------
 Bastille create uses any available bootstrapped release to create a lightweight
-jailized system. To create a jail simply provide a name, release and
+jailed system. To create a jail simply provide a name, release and
 a private (rfc1918) IP address.
 - name
@@ -191,15 +195,14 @@ a private (rfc1918) IP address.
 - ip
 ```shell
-ishmael ~ # bastille create folsom 11.2-RELEASE 10.8.62.1
+ishmael ~ # bastille create folsom 12.0-RELEASE 10.8.62.1
-RELEASE: 11.2-RELEASE.
+RELEASE: 12.0-RELEASE.
 NAME: folsom.
 IP: 10.8.62.1.
 ```
-This command will create a 11.2-RELEASE jail assigning the 10.8.62.1 ip address
+This command will create a 12.0-RELEASE jail assigning the 10.8.62.1 ip address
 to the new system.
 I recommend using private (rfc1918) ip address ranges for your jails.
@@ -373,11 +376,11 @@ ishmael ~ # bastille pkg ALL upgrade
 Targeting all jails.
 [bastion]:
-Updating iniquity.io repository catalogue...
+Updating pkg.bastillebsd.org repository catalogue...
 [bastion] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
 [bastion] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
 Processing entries: 100%
-iniquity.io repository update completed. 493 packages processed.
+pkg.bastillebsd.org repository update completed. 493 packages processed.
 All repositories are up to date.
 Checking for upgrades (1 candidates): 100%
 Processing candidates (1 candidates): 100%
@@ -385,11 +388,11 @@ Checking integrity... done (0 conflicting)
 Your packages are up to date.
 [unbound0]:
-Updating iniquity.io repository catalogue...
+Updating pkg.bastillebsd.org repository catalogue...
 [unbound0] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
 [unbound0] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
 Processing entries: 100%
-iniquity.io repository update completed. 493 packages processed.
+pkg.bastillebsd.org repository update completed. 493 packages processed.
 All repositories are up to date.
 Checking for upgrades (0 candidates): 100%
 Processing candidates (0 candidates): 100%
@@ -397,11 +400,11 @@ Checking integrity... done (0 conflicting)
 Your packages are up to date.
 [unbound1]:
-Updating iniquity.io repository catalogue...
+Updating pkg.bastillebsd.org repository catalogue...
 [unbound1] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
 [unbound1] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
 Processing entries: 100%
-iniquity.io repository update completed. 493 packages processed.
+pkg.bastillebsd.org repository update completed. 493 packages processed.
 All repositories are up to date.
 Checking for upgrades (0 candidates): 100%
 Processing candidates (0 candidates): 100%
@@ -409,11 +412,11 @@ Checking integrity... done (0 conflicting)
 Your packages are up to date.
 [squid]:
-Updating iniquity.io repository catalogue...
+Updating pkg.bastillebsd.org repository catalogue...
 [squid] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
 [squid] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
 Processing entries: 100%
-iniquity.io repository update completed. 493 packages processed.
+pkg.bastillebsd.org repository update completed. 493 packages processed.
 All repositories are up to date.
 Checking for upgrades (0 candidates): 100%
 Processing candidates (0 candidates): 100%
@@ -421,11 +424,11 @@ Checking integrity... done (0 conflicting)
 Your packages are up to date.
 [nginx]:
-Updating iniquity.io repository catalogue...
+Updating pkg.bastillebsd.org repository catalogue...
 [nginx] Fetching meta.txz: 100%    560 B   0.6kB/s    00:01
 [nginx] Fetching packagesite.txz: 100%  118 KiB 121.3kB/s    00:01
 Processing entries: 100%
-iniquity.io repository update completed. 493 packages processed.
+pkg.bastillebsd.org repository update completed. 493 packages processed.
 All repositories are up to date.
 Checking for upgrades (1 candidates): 100%
 Processing candidates (1 candidates): 100%
@@ -477,7 +480,7 @@ Bastille supports a templating system allowing you to apply files, pkgs and
 execute commands inside the jail automatically.
 Currently supported template hooks are: `PRE`, `CONFIG`, `PKG`, `SYSRC`, `CMD`.
-Planned template hooks include: `FSTAB`, `PF`
+Planned template hooks include: `FSTAB`, `PF`, `LOG`
 Templates are created in `${bastille_prefix}/templates` and can leverage any of
 the template hooks. Simply create a new directory named after the template. eg;
@@ -498,12 +501,18 @@ echo "etc root usr" > /usr/local/bastille/templates/base/CONFIG
 Template hooks are executed in specific order and require specific syntax to
 work as expected. This table outlines those requirements:
-| HOOK    | format           | example                              |
+| SUPPORTED | format           | example                                                        |
-|---------|------------------|--------------------------------------|
+|-----------|------------------|----------------------------------------------------------------|
-| PRE/CMD | /bin/sh command  | /usr/bin/chsh -s /usr/local/bin/zsh  |
+| PRE/CMD   | /bin/sh command  | /usr/bin/chsh -s /usr/local/bin/zsh                            |
-| CONFIG  | path             | etc root usr                         |
+| CONFIG    | path             | etc root usr                                                   |
-| PKG     | port/pkg name(s) | vim-console zsh git-lite tree htop   |
+| PKG       | port/pkg name(s) | vim-console zsh git-lite tree htop                             |
-| SYSRC   | sysrc command(s) | nginx_enable=YES                     |
+| SYSRC     | sysrc command(s) | nginx_enable=YES                                               |
 | PLANNED | format           | example                                                        |
 |---------|------------------|----------------------------------------------------------------|
 | PF      | pf rdr entry     | rdr pass inet proto tcp from any to any port 80 -> 10.17.89.80 |
 | LOG     | path             | /var/log/nginx/access.log                                      |
 | FSTAB   | fstab syntax     | /path/on/host /path/in/jail nullfs ro 0 0                      |
 Note: SYSRC requires NO quotes or that quotes (`"`) be escaped. ie; `\"`)
@@ -531,6 +540,7 @@ The above example "etc usr" will include anything under "etc" and "usr" inside
 the template. You do not need to list individual files. Just include the
 top-level directory name.
 Applying Templates
 ------------------
@@ -623,6 +633,7 @@ At this point you are logged in to the jail and have full shell access.
 The system is yours to use and/or abuse as you like. Any changes made inside
 the jail are limited to the jail. 
 bastille cp
 -----------
 Note: this sub-command may need a little work. 
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -8,7 +8,7 @@ else:
 # -- Project information -----------------------------------------------------
 project = 'Bastille'
-copyright = '2018, Christer Edwards'
+copyright = '2018-2019, Christer Edwards'
 author = 'Christer Edwards'
 # The short X.Y version
--- a/usr/local/bin/bastille
+++ b/usr/local/bin/bastille
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -32,7 +32,7 @@
 . /usr/local/etc/bastille/bastille.conf
 ## version
-BASTILLE_VERSION="0.3.20190102"
+BASTILLE_VERSION="0.3.20190204"
 usage() {
    cat << EOF
@@ -88,16 +88,16 @@ esac
 # Filter out all non-commands
 case "${CMD}" in
 cmd|cp|create|destroy|list|pkg|restart|start|stop|sysrc|template|verify)
-	;;
+    ;;
 update|upgrade)
-	;;
+    ;;
 console|bootstrap|htop|top)
    ;;
 bootstrap|update|upgrade)
-	;;
+    ;;
 *)
-	usage
+usage
-	;;
+    ;;
 esac
 SCRIPTPATH="${bastille_sharedir}/${CMD}.sh"
--- a/usr/local/etc/bastille/bastille.conf
+++ b/usr/local/etc/bastille/bastille.conf
@@ -9,3 +9,9 @@ bastille_logsdir=${bastille_prefix}/logs
 bastille_releasesdir=${bastille_prefix}/releases
 bastille_templatesdir=${bastille_prefix}/templates
 bastille_sharedir=/usr/local/share/bastille
 bastille_bootstrap_archives="base"
 bastille_tzdata="America/Denver"
 bastille_nameserver1="1.1.1.1"
 bastille_nameserver2="1.0.0.1"
 bastille_nameserver3=""
 bastille_nameserver_options="options edns0 rotate"
--- a/usr/local/share/bastille/bootstrap.sh
+++ b/usr/local/share/bastille/bootstrap.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -58,28 +58,39 @@ bootstrap_release() {
        mkdir -p "${bastille_cachedir}/${RELEASE}"
    fi
-    ### create $bastille_base/release/$release directory
+    ## if release exists, quit
-    ### fetch $release/base.txz -o $bastille_base/cache/$release/base.txz
+    if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
-    ### fetch $release/lib32.txz -o $bastille_base/cache/$release/lib32.txz
+        echo -e "${COLOR_RED}Bootstrap appears complete.${COLOR_RESET}"
-    ### extract $release/base.txz to $bastille_base/release/$release
+        exit 1
-    ### extract $release/lib32.txz to $bastille_base/release/$release
+    fi
-    if [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then
+
    ## if existing ${CACHEDIR}/${RELEASE}/base.txz; extract
    if [ -f "${bastille_cachedir}/${RELEASE}/base.txz" ] && [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then
        mkdir -p "${bastille_releasesdir}/${RELEASE}"
-        sh ${bastille_sharedir}/freebsd_dist_fetch.sh -r ${RELEASE} base lib32
+        for _archive in ${bastille_bootstrap_archives}; do
-
+            echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}"
-        echo
+            /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz"
-        echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} base.txz.${COLOR_RESET}"
+        done
-        /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/base.txz"
+
-
+        echo -e "${COLOR_GREEN}Bootstrap successful.${COLOR_RESET}"
-        echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} lib32.txz.${COLOR_RESET}"
+        echo -e "${COLOR_GREEN}See 'bastille --help' for available commands.${COLOR_RESET}"
-        /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/lib32.txz"
+        echo
    fi
    ## if no existing ${CACHEDIR}/${RELEASE} download and extract
    if [ ! -f "${bastille_cachedir}/${RELEASE}/base.txz" ] && [ ! -d "${bastille_releasesdir}/${RELEASE}" ]; then
        mkdir -p "${bastille_releasesdir}/${RELEASE}"
 	fetch ${UPSTREAM_URL}/base.txz -o ${bastille_cachedir}/${RELEASE}/base.txz
        echo
        for _archive in ${bastille_bootstrap_archives}; do
            echo -e "${COLOR_GREEN}Extracting FreeBSD ${RELEASE} ${_archive}.txz.${COLOR_RESET}"
            /usr/bin/tar -C "${bastille_releasesdir}/${RELEASE}" -xf "${bastille_cachedir}/${RELEASE}/${_archive}.txz"
        done
        echo -e "${COLOR_GREEN}Bootstrap successful.${COLOR_RESET}"
        echo -e "${COLOR_GREEN}See 'bastille --help' for available commands.${COLOR_RESET}"
        echo
    else
        echo -e "${COLOR_RED}Bootstrap appears complete.${COLOR_RESET}"
        exit 1
    fi
 }
@@ -162,24 +173,29 @@ bootstrap_template() {
 #Usage: bastille bootstrap [release|template].${COLOR_RESET}"
 HW_MACHINE=$(sysctl hw.machine | awk '{ print $2 }')
 HW_MACHINE_ARCH=$(sysctl hw.machine_arch | awk '{ print $2 }')
 # Filter sane release names
 case "${1}" in
 10.1-RELEASE|10.2-RELEASE|10.3-RELEASE|10.4-RELEASE)
    RELEASE="${1}"
    bootstrap_release
    echo -e "${COLOR_RED}WARNING: FreeBSD 10.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
    ;;
 11.0-RELEASE|11.1-RELEASE)
    RELEASE="${1}"
    bootstrap_release
    echo -e "${COLOR_RED}WARNING: FreeBSD 11.0-RELEASE HAS PASSED ITS END-OF-LIFE DATE.${COLOR_RESET}"
    ;;
 11.2-RELEASE)
    RELEASE="${1}"
    UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/11.2-RELEASE/"
    bootstrap_release
    ;;
 12.0-RELEASE)
    RELEASE="${1}"
    UPSTREAM_URL="http://ftp.freebsd.org/pub/FreeBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/12.0-RELEASE/"
    bootstrap_release
    ;;
 11-stable-LAST)
    RELEASE="${1}"
    UPSTREAM_URL="https://installer.hardenedbsd.org/pub/HardenedBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-11-stable-LAST/"
    bootstrap_release
    ;;
 12-stable-LAST)
    RELEASE="${1}"
    UPSTREAM_URL="https://installer.hardenedbsd.org/pub/HardenedBSD/releases/${HW_MACHINE}/${HW_MACHINE_ARCH}/hardenedbsd-12-stable-LAST/"
    bootstrap_release
    ;;
 http?://github.com/*/*)
--- a/usr/local/share/bastille/cmd.sh
+++ b/usr/local/share/bastille/cmd.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/console.sh
+++ b/usr/local/share/bastille/console.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/cp.sh
+++ b/usr/local/share/bastille/cp.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -65,7 +65,7 @@ create_jail() {
    bastille_jail_fstab="${bastille_jailsdir}/${NAME}/fstab"  ## file
    bastille_jail_conf="${bastille_jailsdir}/${NAME}/jail.conf"  ## file
    bastille_jail_log="${bastille_logsdir}/${NAME}_console.log"  ## file
-    bastille_jail_rc_conf="${bastille_jailsdir}/${NAME}/root/etc/rc.conf.local" ## file
+    bastille_jail_rc_conf="${bastille_jailsdir}/${NAME}/root/etc/rc.conf" ## file
    bastille_jail_resolv_conf="${bastille_jailsdir}/${NAME}/root/etc/resolv.conf" ## file
    if [ ! -d "${bastille_jail_base}" ]; then
@@ -124,22 +124,30 @@ create_jail() {
    cp -a "${bastille_releasesdir}/${RELEASE}/usr/obj" "${bastille_jail_path}"
    if [ "${RELEASE}" == "11.2-RELEASE" ]; then cp -a "${bastille_releasesdir}/${RELEASE}/usr/tests" "${bastille_jail_path}"; fi
-    ## rc.conf.local
+    ## rc.conf
    ##  + syslogd_flags="-ss"
    ##  + sendmail_none="NONE"
    ##  + cron_flags="-J 60" ## cedwards 20181118
    ## resolv.conf
    if [ ! -f "${bastille_jail_rc_conf}" ]; then
-        echo -e "syslogd_flags=\"-ss\"\nsendmail_enable=\"NONE\"" > ${bastille_jail_rc_conf}
+        touch "${bastille_jail_rc_conf}"
-	echo -e "cron_flags=\"-J 60\"" >> ${bastille_jail_rc_conf}
+        /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" syslogd_flags=-ss
        /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" sendmail_enable=NONE
        /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" cron_flags='-J 60'
        echo
    fi
    ## resolv.conf
    ##  + default nameservers configurable; 1 required, 3 optional ## cedwards 20190522
    ##  + nameserver options supported
    if [ ! -f "${bastille_jail_resolv_conf}" ]; then
-        echo -e "nameserver 1.1.1.1\nnameserver 1.0.0.1\noptions edns0 rotate" > ${bastille_jail_resolv_conf}
+        [ ! -z "${bastille_nameserver1}" ] && echo -e "nameserver ${bastille_nameserver1}" >> ${bastille_jail_resolv_conf}
        [ ! -z "${bastille_nameserver2}" ] && echo -e "nameserver ${bastille_nameserver2}" >> ${bastille_jail_resolv_conf}
        [ ! -z "${bastille_nameserver3}" ] && echo -e "nameserver ${bastille_nameserver3}" >> ${bastille_jail_resolv_conf}
        [ ! -z "${bastille_nameserver_options}" ] && echo -e "${bastille_nameserver_options}" >> ${bastille_jail_resolv_conf}
    fi
-    ## TZ: UTC
+    ## TZ: configurable (default: etc/UTC)
-    ln -s /usr/share/zoneinfo/Etc/UTC etc/localtime
+    ln -s /usr/share/zoneinfo/${bastille_tzdata} etc/localtime
 }
 # Handle special-case commands first.
@@ -159,50 +167,17 @@ IP="$3"
 ## verify release
 case "${RELEASE}" in
 10.1-RELEASE)
    RELEASE="10.1-RELEASE"
 	;;
 10.2-RELEASE)
    RELEASE="10.2-RELEASE"
 	;;
 10.3-RELEASE)
    RELEASE="10.3-RELEASE"
 	;;
 10.4-RELEASE)
    RELEASE="10.4-RELEASE"
    ;;
 11.0-RELEASE)
    RELEASE="11.0-RELEASE"
    ;;
 11.1-RELEASE)
    RELEASE="11.1-RELEASE"
    ;;
 11.2-RELEASE)
    RELEASE="11.2-RELEASE"
    ;;
 12.0-RELEASE)
    RELEASE="12.0-RELEASE"
    ;;
-12.0-BETA1)
+11-stable-LAST)
-    RELEASE="12.0-BETA1"
+    RELEASE="11-stable-LAST"
    ;;
-12.0-BETA2)
+12-stable-LAST)
-    RELEASE="12.0-BETA2"
+    RELEASE="12-stable-LAST"
    ;;
 12.0-BETA3)
    RELEASE="12.0-BETA3"
    ;;
 12.0-BETA4)
    RELEASE="12.0-BETA4"
    ;;
 12.0-RC1)
    RELEASE="12.0-RC1"
    ;;
 12.0-RC2)
    RELEASE="12.0-RC2"
    ;;
 12.0-RC3)
    RELEASE="12.0-RC3"
    ;;
 *)
    echo -e "${COLOR_RED}Unknown Release.${COLOR_RESET}"
--- a/usr/local/share/bastille/destroy.sh
+++ b/usr/local/share/bastille/destroy.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -55,8 +55,9 @@ destroy_jail() {
        echo -e "${COLOR_GREEN}Deleting Jail: ${NAME}.${COLOR_RESET}"
        chflags -R noschg ${bastille_jail_base}
        rm -rf ${bastille_jail_base}
-        echo -e "${COLOR_GREEN}Note: jail console logs not destroyed.${COLOR_RESET}"
+        mv ${bastille_jail_log} ${bastille_jail_log}-$(date +%F)
-	echo -e "${COLOR_GREEN}${bastille_jail_log}${COLOR_RESET}"
+        echo -e "${COLOR_GREEN}Note: jail console logs archived.${COLOR_RESET}"
        echo -e "${COLOR_GREEN}${bastille_jail_log}-$(date +%F)${COLOR_RESET}"
        echo
    fi
 }
--- a/usr/local/share/bastille/htop.sh
+++ b/usr/local/share/bastille/htop.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/list.sh
+++ b/usr/local/share/bastille/list.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/pkg.sh
+++ b/usr/local/share/bastille/pkg.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/restart.sh
+++ b/usr/local/share/bastille/restart.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/service.sh
+++ b/usr/local/share/bastille/service.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/start.sh
+++ b/usr/local/share/bastille/start.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -57,6 +57,5 @@ fi
 for _jail in ${JAILS}; do
    echo -e "${COLOR_GREEN}[${_jail}]:${COLOR_RESET}"
    jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r ${_jail}
    pfctl -f /etc/pf.conf
    echo
 done
--- a/usr/local/share/bastille/sysrc.sh
+++ b/usr/local/share/bastille/sysrc.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/template.sh
+++ b/usr/local/share/bastille/template.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/top.sh
+++ b/usr/local/share/bastille/top.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
--- a/usr/local/share/bastille/update.sh
+++ b/usr/local/share/bastille/update.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -49,6 +49,11 @@ fi
 RELEASE=$1
 if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
    echo -e "${COLOR_RED}Not yet supported on HardenedBSD.${COLOR_RESET}"
    exit 1
 fi
 if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" fetch install --currently-running ${RELEASE}
 else
--- a/usr/local/share/bastille/upgrade.sh
+++ b/usr/local/share/bastille/upgrade.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -50,6 +50,12 @@ fi
 RELEASE=$1
 NEWRELEASE=$2
 if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
    echo -e "${COLOR_RED}Not yet supported on HardenedBSD.${COLOR_RESET}"
    exit 1
 fi
 if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" -r ${NEWRELEASE} upgrade
 else
--- a/usr/local/share/bastille/verify.sh
+++ b/usr/local/share/bastille/verify.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 # 
-# Copyright (c) 2018, Christer Edwards <christer.edwards@gmail.com>
+# Copyright (c) 2018-2019, Christer Edwards <christer.edwards@gmail.com>
 # All rights reserved.
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -49,6 +49,11 @@ fi
 RELEASE=$1
 if [ ! -z "$(freebsd-version | grep -i HBSD)" ]; then
    echo -e "${COLOR_RED}Not yet supported on HardenedBSD.${COLOR_RESET}"
    exit 1
 fi
 if [ -d "${bastille_releasesdir}/${RELEASE}" ]; then
    freebsd-update -b "${bastille_releasesdir}/${RELEASE}" IDS
 else
Author	SHA1	Message	Date
Christer Edwards	e5ae4d0743	Merge pull request #33 from cedwards/master May 2019 update: HardenedBSD, tzdata, NS	2019-05-22 21:59:01 -06:00
Christer Edwards	c9ebc886fd	May 2019 update: HardenedBSD, tzdata, NS - closes #32: support HardenedBSD - adds support for defined nameservers in new jails (up to three) - adds support for defined nameserver options (eg; options edns0 rotate) - adds support for defined tzdata in new jails (eg; America/Denver, etc/UTC) - adds support for dynamic hw.machine/hw.machine_arch downloads - new jails now output default rc.conf settings (sysrc) at creation - no longer use freebsd_dist_fetch.sh; replaced with simpler fetch	2019-05-22 21:50:29 -06:00
Christer Edwards	cccf4ff31f	Merge pull request #31 from cedwards/master updated README.md	2019-03-11 17:54:41 -06:00
Christer Edwards	6f1da4b265	updated README.md to include ports tree support	2019-03-11 17:51:32 -06:00
Christer Edwards	57bd13c9ce	Merge pull request #29 from cedwards/master update copyright; fixes #28	2019-02-04 21:32:21 -07:00
Christer Edwards	957465dfa4	update bootstrap to support configurable archives	2019-02-04 21:31:34 -07:00
Christer Edwards	e2b4f84cfe	update copyright; fixes #28	2019-02-04 21:08:00 -07:00