Merge pull request #204 from cedwards/0_6_hotfix

start/stop hotfix and version bump

AUTHORS.md

@@ -5,32 +5,31 @@
 Christer Edwards [christer.edwards@gmail.com]
 
 ## Contributors (code)
-
-Barry McCormick  
-Brian Downs  
-Dave Cottlehuber  
-Giacomo Olgeni  
-JP Mens  
-Jose Rivera  
-Lars E.  
-Paul C.  
-Sven R.  
+- Barry McCormick
+- Brian Downs
+- Dave Cottlehuber
+- Giacomo Olgeni
+- JP Mens
+- Jose Rivera
+- Lars E.
+- Paul C.
+- Sven R.
 
 ### Special thanks
 Software doesn't happen in a vacuum. Thank you to the following people who may
 not be found in the commit history but have influenced Bastille's development
 in some way.
 
-Carlos Meza  
-Casandra Woodcox  
-Clint Savage  
-G. Clifford Williams  
-Jack Thomasson  
-Jun C Park  
-Justin Desilets  
-Larry Raab  
-Nate Taylor  
-Peter Czanik  
-Ryan Simpkins  
-Tim Gelter  
-Trevor Sharpe  
+- Carlos Meza
+- Casandra Woodcox
+- Clint Savage
+- G. Clifford Williams
+- Jack Thomasson
+- Jun C Park
+- Justin Desilets
+- Larry Raab
+- Nate Taylor
+- Peter Czanik
+- Ryan Simpkins
+- Tim Gelter
+- Trevor Sharpe

CODE-OF-CONDUCT.md

@@ -71,4 +71,3 @@ This Code of Conduct is adapted from the [Contributor Covenant][homepage], versi
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 
 [homepage]: https://www.contributor-covenant.org
-

docs/chapters/jail-config.rst

@@ -206,4 +206,3 @@ cases.
   3     Network secure mode - same as highly secure mode, plus IP packet
         filter rules (see ipfw(8), ipfirewall(4) and pfctl(8)) cannot be
         changed and dummynet(4) or pf(4) configuration cannot be adjusted.
-

docs/chapters/subcommands/rdr.rst

@@ -24,5 +24,3 @@ sepcify the interface they run on in rc.conf (or other config files)
     rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
     # bastille rdr dev1 clear
     nat cleared
-
-

docs/chapters/subcommands/upgrade.rst

@@ -8,4 +8,3 @@ workflow this can be similar to a `bootstrap`.
 .. code-block:: shell
 
   ishmael ~ # bastille upgrade 11.2-RELEASE 12.0-RELEASE
-

docs/chapters/template.rst

@@ -143,4 +143,3 @@ directory names in the `bastille/templates` directory.
   Executing final command(s).
   chsh: user information updated
   Template Complete.
-

usr/local/bin/bastille

@@ -69,7 +69,7 @@ bastille_perms_check
 . /usr/local/etc/bastille/bastille.conf
 
 ## version
-BASTILLE_VERSION="0.6.20200412"
+BASTILLE_VERSION="0.6.20200414"
 
 usage() {
     cat << EOF

usr/local/etc/bastille/bastille.conf.sample

@@ -18,7 +18,7 @@ bastille_sharedir=/usr/local/share/bastille                           ## default
 bastille_bootstrap_archives="base"                                    ## default: "base"
 
 ## default timezone
-bastille_tzdata="etc/UTC"                                             ## default: "etc/UTC"
+bastille_tzdata="Etc/UTC"                                             ## default: "Etc/UTC"
 
 ## default jail resolv.conf
 bastille_resolv_conf="/etc/resolv.conf"                               ## default: "/etc/resolv.conf"

usr/local/share/bastille/create.sh

@@ -331,13 +331,13 @@ create_jail() {
             ## if 0.0.0.0 set DHCP
             ## else set static address
             if [ "${IP}" == "0.0.0.0" ]; then
-                /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="DHCP"
+                /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="SYNCDHCP"
             else
                 /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" ifconfig_vnet0="inet ${IP}"
                 if [ -n "${bastille_network_gateway}" ]; then
                     /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" defaultrouter="${bastille_network_gateway}"
                 else
-                    /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" defaultrouter="$(route show default | awk '/gateway/ {print $2}')"
+                    /usr/sbin/sysrc -f "${bastille_jail_rc_conf}" defaultrouter="$(netstat -rn | awk '/default/ {print $2}')"
                 fi
             fi
 
@@ -355,7 +355,7 @@ create_jail() {
         cp -L "${bastille_resolv_conf}" "${bastille_jail_resolv_conf}"
     fi
 
-    ## TZ: configurable (default: etc/UTC)
+    ## TZ: configurable (default: Etc/UTC)
     ln -s "/usr/share/zoneinfo/${bastille_tzdata}" etc/localtime
 }
 

usr/local/share/bastille/start.sh

@@ -89,7 +89,7 @@ for _jail in ${JAILS}; do
         fi
 
         ## add ip4.addr to firewall table:jails
-        if [ ! -z "${bastille_network_loopback}" ]; then
+        if grep "interface = ${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
             pfctl -q -t jails -T add "$(jls -j "${_jail}" ip4.addr)"
         fi
     fi

usr/local/share/bastille/stop.sh

@@ -67,7 +67,7 @@ for _jail in ${JAILS}; do
     ## test if running
     if [ "$(jls name | awk "/^${_jail}$/")" ]; then
         ## remove ip4.addr from firewall table:jails
-        if [ -n "${bastille_network_loopback}" ]; then
+        if grep "interface = ${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
             pfctl -q -t jails -T delete "$(jls -j "${_jail}" ip4.addr)"
         fi
 

usr/local/share/bastille/template.sh

@@ -266,7 +266,7 @@ for _jail in ${JAILS}; do
     if [ -s "${bastille_template}/SERVICE" ]; then
         echo -e "${COLOR_GREEN}[${_jail}]:SERVICE -- START${COLOR_RESET}"
         while read _service; do
-            jexec -l "${_jail}" /usr/sbin/service "${_service}" || exit 1
+            jexec -l "${_jail}" /usr/sbin/service ${_service} || exit 1
         done < "${bastille_template}/SERVICE"
         echo -e "${COLOR_GREEN}[${_jail}]:SERVICE -- END${COLOR_RESET}"
         echo