Xigmanas/xigmanas-bastille-extension
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Compare commits

base: Xigmanas:test
Branches Tags
Xigmanas:master
Xigmanas:test
..
compare: Xigmanas:master
Branches Tags
Xigmanas:master
Xigmanas:test

99 Commits
test ... master

Author SHA1 Message Date
Matthias Berner
239445a29d Please provide the file changes (diffs) for me to generate a commit message. 2026-02-22 10:26:29 +01:00
Matthias Berner
ae70375f08 Merge branch 'Mirrors-master' 2026-02-22 09:17:41 +01:00
JRGTH
0125f86531 UI cosmetic changes and fixes, thanks to rucko24 
Dashboard cosmetic changes and fixes, thanks to rucko24.
 2026-02-17 18:27:25 -04:00
JRGTH
37718822dc Merge pull request #23 from rucko24/fix/columns-width 
Columns width, cosmetic changes and fixes
 2026-02-17 18:23:15 -04:00
rubn
bccf8c219a Merge branch 'fix/check-box' into fix/columns-width 
# Conflicts:
#	gui/bastille_manager_gui.php
 2026-02-17 18:24:14 +01:00
rubn
6a3474a768 🚧 spinner and column fix 2026-02-17 18:17:48 +01:00
tschettervictor
49f7ecf848 Show install steps in readme 2026-02-17 08:04:38 -07:00
rubn
0924c28f25 🚧 disable description field 2026-02-16 23:38:38 +01:00
rubn
9ebfeab85c 🚧 added fetch, persist width 2026-02-16 23:06:39 +01:00
JRGTH
5ed42b2965 Cosmetic changes, adjust options row position 2026-02-16 01:35:08 -04:00
JRGTH
d8ba1dd8fe Add resizable columns and auto-refresh option, thanks to rucko24 
Ref: 0297db028d
 2026-02-16 01:28:54 -04:00
JRGTH
0297db028d Merge pull request #22 from rucko24/feature/auto-refresh 
Feature/auto-refresh
Enhancements
 2026-02-16 01:16:46 -04:00
rubn
49dd1b78a1 🚧 fix refresh table, only with bastille_show_refresh_button 2026-02-16 04:34:28 +01:00
rubn
9e7d9680e1 🚧 show refresh button 2026-02-16 03:24:56 +01:00
rubn
acac7ae4fa 🚧 resize column 2026-02-16 02:59:41 +01:00
JRGTH
ff22169030 Code fixes and improvements, thanks to rucko24 
a3e9af6935
 2026-02-15 19:42:18 -04:00
JRGTH
a3e9af6935 Merge pull request #21 from rucko24/feature/fix-comment-in-maintenance-tab 
🐛 remove { and add comment
 2026-02-15 19:38:07 -04:00
rubn
3521facb84 🚧 Persist auto-refresh interval setting 2026-02-15 22:16:04 +01:00
rubn
2e67d7252f Enhance manager auto-refresh with interval control and selection persistence 
This update improves the auto-refresh functionality on the Bastille manager page. It introduces a dropdown menu allowing users to select the refresh interval or disable it. Additionally, jail selections are now preserved across automatic refreshes, and action buttons are updated accordingly.
 2026-02-15 21:52:30 +01:00
rubn
5b430f81c8 added .gitignore 2026-02-15 21:07:16 +01:00
rubn
20829a86c6 Merge branch 'master' into feature/auto-refresh 2026-02-15 21:05:43 +01:00
rubn
3fb2556946 🚧 autorefresh 2026-02-15 21:05:28 +01:00
rubn
9df9713ba7 🚧 remove { and add comment 2026-02-15 20:45:34 +01:00
JRGTH
b267ad2740 Performance and code improvements, thanks to rucko24 2026-02-15 13:32:25 -04:00
JRGTH
5ec9960848 Merge pull request #20 from rucko24/feature/bastille-manager-performance 
Feature/bastille-manager-performance
 2026-02-15 13:24:27 -04:00
rubn
ae6fcb9892 updated bastille_manager-lib.inc 2026-02-15 03:47:46 +01:00
rubn
126beefd6f bastille_manager_gui.php 2026-02-15 03:31:37 +01:00
JRGTH
d818e9a96c Check/update bastille config parameters on runtime 2026-02-05 23:59:40 -04:00
JRGTH
9c8043a71f Code improvements/fixes and dashboard cosmetic changes 2026-01-21 14:02:01 -04:00
JRGTH
17da884cb2 Minor cosmetic/wording changes 2025-12-25 03:20:47 -04:00
JRGTH
2610a95a70 Add auto/live export modes, add ZST compression. 
This update adds auto and live export modes, also adds support for the fast lossless ZSTD compression algorithm.
 2025-12-25 02:39:22 -04:00
tschettervictor
759d1d061d Update version 2025-12-24 15:19:03 -07:00
tschettervictor
df2d5a8f86 1.2.29 2025-12-24 15:18:51 -07:00
tschettervictor
8005ac109f —-safe > —-auto for backups 2025-12-24 15:15:45 -07:00
JRGTH
0f42237da9 Minor cosmetic/wording changes 2025-11-23 09:44:17 -04:00
JRGTH
5de394ffa8 Minor cosmetic/wording changes 2025-11-19 02:21:15 -04:00
JRGTH
2e7c30a48b Minor cosmetic/wording changes 2025-11-19 01:55:22 -04:00
JRGTH
cac84dc249 Add 'etcupdate' command, update bundled files 
Add `etcupdate` missing command, update bundled files.
 2025-11-17 09:05:09 -04:00
JRGTH
862582e066 Minor code changes/improvements 2025-11-02 05:11:40 -04:00
JRGTH
419b5dbb8a Check/update bastille config parameters on runtime 2025-11-02 04:55:19 -04:00
JRGTH
4831551b4f Make sure minor changes are always applied 2025-11-02 04:30:09 -04:00
JRGTH
7452d2a08e Check/update bastille config parameters on runtime 2025-10-28 15:00:59 -04:00
JRGTH
3deb377aae Allow install in zroot platform with optional zfs dataset 
Allow extension installations in zroot platform with optional zfs user dataset
 2025-10-23 15:46:41 -04:00
JRGTH
05e89da69d Fix typo in tarballs and cleanup, thanks to Lux 2025-10-21 10:05:03 -04:00
JRGTH
7e325df51b Update bastille_manager_tarballs.php 2025-10-18 14:17:43 -04:00
JRGTH
901983378c Fix typo in tarballs download page, thanks to Lux 2025-10-18 13:52:29 -04:00
JRGTH
307999ab54 Update README.md 2025-10-16 19:52:32 -04:00
JRGTH
0e3ceeee70 Check if bastille_zfs_enable is actually set to NO 
Check if bastille_zfs_enable is actually set to NO before zfs disable
 2025-10-13 07:33:21 -04:00
JRGTH
9c10025dfd Disable zfs warnings if bastille_zfs_enable = NO 
Disable zfs activation warnings if bastille_zfs_enable is set to NO
 2025-10-13 06:14:09 -04:00
JRGTH
fcfe6b47b4 Minor code changes/improvements 2025-10-05 02:54:23 -04:00
JRGTH
4b0745ce64 Make sure bastille-prefix ends with bastille 2025-10-05 02:26:29 -04:00
JRGTH
fb036a29da Fallback for custom bastille prefix name 
Fallback for custom bastille prefix name, for example capitalized "Bastille" prefix.
 2025-10-05 01:06:40 -04:00
JRGTH
3e8e2305ae Minor code improvements, clean stale pkg on error 
Minor code improvements, clean stale pkg files on error.
 2025-09-28 04:21:28 -04:00
JRGTH
c6d769e4d5 Add all bastille Linux flavors bootstrap options 2025-09-28 03:56:14 -04:00
JRGTH
d60abe962d Minor code improvements and cleanup 2025-09-23 14:42:53 -04:00
JRGTH
3a24390b0d Add Debian keyring and minor code changes 2025-09-23 11:12:05 -04:00
JRGTH
9a6ef9031e Code cleanup, remove unnecessary statement 2025-09-17 07:56:11 -04:00
JRGTH
21eaa96e26 Minor cosmetic/wording changes. 2025-09-17 03:41:57 -04:00
JRGTH
ba81b6943b Code changes, symlink files in embedded platforms 
Code changes, symlink bundled files in embedded platforms, set file permissions.
 2025-09-17 03:37:11 -04:00
JRGTH
4664d71f31 Mount unionfs for pkg while fetching debootstrap 
Mount unionfs for pkg while fetching `debootstrap` packages
 2025-09-16 08:21:56 -04:00
JRGTH
7362708895 Fix for missing variable, thanks to tga 
Fix for missing variable affecting embedded platforms, thanks to @tga.
 2025-09-15 20:14:46 -04:00
JRGTH
d70bc5a15b Added post upgrade function for convenience, cleanup 
Added post upgrade function for convenience, cleanup obsolete code.
 2025-09-14 08:03:36 -04:00
JRGTH
50e465f5e2 always execute extension script after upgrade 
Always execute extension script after upgrade from WebGUI, code changes.
 2025-09-14 05:30:35 -04:00
JRGTH
8a98bc7f2b Fix extension script missing statement preventing for new installs 
Fix extension script missing statement preventing for new installs.
 2025-09-13 12:11:30 -04:00
JRGTH
746c591409 Set executable property 2025-09-13 06:10:46 -04:00
JRGTH
65585053cf Re-add Linux jails, WebGUI fixes and improvements 
Re-add Linux jail feature, overall WebGUI fixes and improvements.
 2025-09-13 06:00:28 -04:00
JRGTH
c041aa4711 Handle osrelease parameter update in bastille-init 2025-09-08 02:19:30 -04:00
JRGTH
98cf9d85f0 Re-add release change and code improvements 2025-09-08 01:52:27 -04:00
JRGTH
9c3b8634a7 Fix typo 2025-09-08 00:28:16 -04:00
JRGTH
1970b3539b Code update and improvements 
Code update and improvements, update jail config/util WebGUI pages and bastille-init.
 2025-09-08 00:23:52 -04:00
JRGTH
fb04fe048e Disable linux_compat due incompatibility/missing depends 
This feature is temporarily disabled due incompatibility/missing dependencies with later XigmaNAS releases.
 2025-09-07 02:35:28 -04:00
JRGTH
8a2e33b3b4 Disable basic interface to comply with bastille new syntax 2025-09-06 00:31:46 -04:00
JRGTH
ed3fc8b716 Add action to set priority value from utilities 2025-09-05 23:42:52 -04:00
JRGTH
71ca5390d2 Cosmetic changes and improvements 2025-09-05 21:52:05 -04:00
JRGTH
ae9c3b62e5 Display jail IP using bastille list buil-in command 2025-09-05 17:13:11 -04:00
JRGTH
afa76f6a9c Update for recent bastille boot settings changes 2025-09-04 23:51:29 -04:00
JRGTH
74428e54e1 Fix bastille version display under maintenance tab 2025-09-04 14:15:46 -04:00
tschettervictor
985d5adf39 Merge pull request #17 from tschettervictor/master 
Finish adding support for 14.3
 2025-09-04 10:50:19 -04:00
tschettervictor
77ca01e49d Merge branch 'JRGTH:master' into master 2025-09-04 10:49:35 -04:00
tschettervictor
5f71d8cd0b Finish adding support for 14.3 2025-09-04 08:48:14 -06:00
JRGTH
46ad53b13b Merge pull request #16 from tschettervictor/master 
support version 14.3
 2025-09-03 18:25:44 -04:00
tschettervictor
3e2b6b42b1 update version 2025-09-03 13:15:08 -06:00
tschettervictor
f602f97ba4 Merge branch 'master' of https://github.com/tschettervictor/xigmanas-bastille-extension 2025-09-03 12:48:22 -06:00
tschettervictor
14a2e28f96 add support for 14.3 
This allows using update and upgrade commands using 14.3
 2025-09-03 12:46:42 -06:00
JRGTH
5897927d1b Merge pull request #15 from tschettervictor/patch-1 
destroy: implement necessary -y option to autoconfirm
 2025-08-12 05:14:26 -04:00
tschettervictor
b751cfce07 destroy: implement necessary -y option to autoconfirm 2025-08-09 20:30:10 -06:00
tschettervictor
34e4902919 Use -y on destroy jail 2025-06-04 08:28:27 -06:00
JRGTH
b9d8e6930b Merge pull request #13 from tschettervictor/patch-3 
Add 3 necessary variables for ext to work
 2025-05-08 05:17:07 -04:00
tschettervictor
c5d15f9c83 Add 3 necessary variables for ext to work 
These are three new options that have recently been added to Bastille, one of which is required to keep using this extension (bastille_network_vnet_type)
 2025-05-07 22:00:36 -06:00
JRGTH
daae72c605 Add support for 14.2 release 2024-12-25 03:12:10 -04:00
JRGTH
8afb09bc81 Code fixes/improvements thanks to tschettervictor 2024-12-25 02:49:29 -04:00
JRGTH
0aa965dfc7 Merge pull request #9 from tschettervictor/patch-2 
BATSILLE fix to BASTILLE
 2024-12-25 02:43:11 -04:00
tschettervictor
fd7918073e BATSILLE fix to BASTILLE 2024-12-24 16:17:02 -07:00
JRGTH
c86dcdedd6 Merge pull request #8 from tschettervictor/patch-1 
Update README.md typo
 2024-12-11 22:14:45 -04:00
tschettervictor
f83944ae52 Update README.md typo 2024-12-08 13:29:43 -07:00
JRGTH
44fcec9fdb Merge pull request #7 from tschettervictor/patch-1 
Update bastille-init - correct typos
 2024-12-07 22:32:42 -04:00
tschettervictor
e81b3b14aa Update bastille-init - correct typos 2024-12-07 10:34:00 -07:00
matthiasberner
56da8cfdf4 bastille-init aktualisiert 2024-10-31 22:18:45 +01:00
matthiasberner
044e88701a .gitea/workflows/major-release-num.yaml gelöscht 2024-10-11 08:03:15 +02:00
46 changed files with 13821 additions and 982 deletions
Expand all files Collapse all files

21
.gitea/workflows/major-release-num.yaml
View File

@@ -1,21 +0,0 @@
name: Move Major Release Tag
on:
release:
types: [created]
jobs:
movetag:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Get major version num and update tag
run: |
VERSION=${GITEA_REF#refs/tags/}
MAJOR=${VERSION%%.*}
git config --global user.name 'Matthias Berner'
git config --global user.email 'matthiasberner@git.familie-berner.de'
git tag -fa ${MAJOR} -m "Update major version tag"
git push origin ${MAJOR} --force

8
.gitignore vendored Normal file
View File

@@ -0,0 +1,8 @@
.idea
/mock/
/bin/
/releases/
/jails/
/router.php
/debug_vars.php
/conf/bastille_config

57
CHANGELOG
View File

@@ -1,8 +1,61 @@
======================
======================
= Extension Bastille =
======================
Version Description
1.4.04......Dashboard cosmetic changes and fixes, thanks to rucko24.
1.4.03......Cosmetic changes, adjust options row position.
1.4.02......Add resizable columns and auto-refresh option, thanks to rucko24.
1.4.01......Code fixes and improvements, thanks to rucko24.
1.4.00......Performance and code improvements, thanks to rucko24.
1.3.01......Check/update bastille config parameters on runtime.
1.3.00......Code improvements/fixes and dashboard cosmetic changes.
1.2.31......Minor cosmetic/wording changes.
1.2.30......Add auto and live export modes, add ZST compression support.
1.2.29......Fix jail backup.
1.2.28......Minor cosmetic/wording changes.
1.2.27......Minor cosmetic/wording changes.
1.2.26......Minor cosmetic/wording changes.
1.2.25......Add 'etcupdate' missing command, update bundled files.
1.2.24......Minor code changes/improvements.
1.2.23......Check/update bastille config parameters on runtime.
1.2.22......Make sure minor changes are always applied.
1.2.21......Check/update bastille config parameters on runtime.
1.2.20......Allow install in zroot platform with optional zfs dataset.
1.2.19......Fix typo in tarballs page and cleanup, thanks to Lux.
1.2.18......Fix typo in tarballs download page, thanks to Lux.
1.2.17......Check if bastille_zfs_enable is actually set to NO before zfs disable.
1.2.16......Disable zfs activation warnings if bastille_zfs_enable is set to NO.
1.2.15......Minor code changes/improvements.
1.2.14......Make sure bastille-prefix ends with bastille.
1.2.13... ..Fallback for custom bastille prefix name.
1.2.12......Minor code improvements, clean stale pkg files on error.
1.2.11......Add all bastille Linux flavors bootstrap options.
1.2.10......Minor code improvements and cleanup.
1.2.09......Add Debian keyring and minor code changes.
1.2.08......Code cleanup, remove unnecessary statement.
1.2.07......Minor cosmetic/wording changes.
1.2.06......Code changes, symlink bundled files in embedded platforms.
1.2.05......Mount unionfs for pkg while fetching debootstrap packages.
1.2.04......Fix for missing variable affecting embedded platforms, thanks to tga.
1.2.03......Added post upgrade function for convenience, cleanup obsolete code.
1.2.02......Always execute extension script after upgrade from WebGUI, code changes.
1.2.01......Fix extension script missing statement preventing for new installs.
1.2.00......Re-add Linux jail feature, WebGUI fixes and overall improvements.
1.1.53......Code changes, handle osrelease parameter update in bastille-init.
1.1.52......Re-add Thin jail release change and code improvements.
1.1.51......Code update/improvements, update jail config/util pages and bastille-init.
1.1.50......Disable linux_compat due incompatibility with later releases.
1.1.49......Disable basic interface to comply with bastille new syntax.
1.1.48......Add action to set priority value from utilities.
1.1.47......Cosmetic changes and improvements.
1.1.46......Display jail IP using bastille list buil-in command.
1.1.45......Code update for recent bastille boot settings changes.
1.1.44......Fix bastille version display under maintenance tab.
1.1.43......Update: Finish adding support for 14.3 release.
1.1.42......Update: Add support for 14.3 release + add -a option for destroy.
1.1.41......Update: Add support for 14.2 release.
1.1.40......Code fixes/improvements thanks to tschettervictor.
1.1.39......Update release list on bastille_manager_add.php.
1.1.38......Update release list, added new Debian/Ubuntu distros.
1.1.37......Workaround to copy host resolv.conf to jail path.
@@ -115,7 +168,7 @@ Version Description
1.0.30......Ability to convert thin jail to thick jail.
1.0.29......Added Chinese (Simplified) translation, thanks to lijinbiao.
1.0.28......Improve fstab utility error handling.
1.0.27......Improved fstab utility, don't allow blank fields.
1.0.27......Improved fstab utility, don't allow blank fields.
1.0.26......Improved jail IP search during import.
1.0.25......Add foreign jail import support, improved fstab utility.
1.0.24......Improved Thick container upgrade process.

2
LICENSE
View File

@@ -1,5 +1,5 @@
---------------------------------------------------------
Copyright (c) 2019, José Rivera
Copyright (c) 2019-2026, Jose Rivera
All rights reserved.
Redistribution and use in source and binary forms, with or without

12
README.md
View File

@@ -1,9 +1,17 @@
**Description:**
This is the XigmaNAS Bastille Extension for quickly create and manage FreeBSD Jails/Containers.
This is the XigmaNAS Bastille Extension to create and manage FreeBSD Jails/Containers.
**Install**
```
mkdir -p /mnt/tank/extensions/bastille
cd /mnt/tank/extensions/bastille
fetch --no-verify-peer https://raw.githubusercontent.com/JRGTH/xigmanas-bastille-extension/master/bastille-init && chmod +x bastille-init && ./bastille-init && echo "=> Done!"
```
**Credits:**
Christer Edwards (cedwards) Bastille, J.M. Rivera (JRGTH) XigmaNAS Add-on.
Christer Edwards (cedwards) Bastille, J.M. Rivera (JRGTH) Bastille and XigmaNAS Add-on.
Additional information on Bastille: <a href="http://bastillebsd.org/">http://bastillebsd.org/</a>

873
bastille-init Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

13
conf/bastille.conf.ext
View File

@@ -1,5 +1,6 @@
bastille_prefix="/usr/local/bastille"
bastille_backupsdir="${bastille_prefix}/backups"
bastille_migratedir="${bastille_prefix}/migrate"
bastille_cachedir="${bastille_prefix}/cache"
bastille_jailsdir="${bastille_prefix}/jails"
bastille_releasesdir="${bastille_prefix}/releases"
@@ -8,12 +9,12 @@ bastille_logsdir="${bastille_prefix}/logs"
bastille_pf_conf="${bastille_prefix}/pf.conf"
bastille_sharedir="/usr/local/share/bastille"
bastille_bootstrap_archives="base"
bastille_pkgbase_packages="base-jail"
bastille_tzdata="etc/UTC"
bastille_resolv_conf="/etc/resolv.conf"
bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/"
bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/"
bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/"
bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/"
bastille_zfs_enable=""
bastille_zfs_zpool=""
bastille_zfs_prefix="bastille"
@@ -22,15 +23,23 @@ bastille_compress_xz_options="-0 -v"
bastille_decompress_xz_options="-c -d -v"
bastille_compress_gz_options="-1 -v"
bastille_decompress_gz_options="-k -d -c -v"
bastille_compress_zst_options="-3 -v"
bastille_decompress_zst_options="-k -d -c -v"
bastille_network_vnet_type="if_bridge"
bastille_network_loopback=""
bastille_network_pf_ext_if="ext_if"
bastille_network_pf_table="jails"
bastille_network_shared=""
bastille_network_gateway=""
bastille_network_gateway6=""
bastille_network_gateway6=""
bastille_template_base="default/base"
bastille_template_empty=""
bastille_template_thick="default/thick"
bastille_template_clone="default/clone"
bastille_template_thin="default/thin"
bastille_template_vnet="default/vnet"
bastille_template_vlan="default/vlan"
bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor"
bastille_monitor_cron="*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1"
bastille_monitor_logfile="${bastille_logsdir}/monitor.log"
bastille_monitor_healthchecks=""

3547
conf/system/freebsd-update/14.2/freebsd-update Executable file
View File

File diff suppressed because it is too large Load Diff

78
conf/system/freebsd-update/14.2/freebsd-update.conf Normal file
View File

@@ -0,0 +1,78 @@
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
# Create a new boot environment when installing patches
# CreateBootEnv yes

3588
conf/system/freebsd-update/14.3/freebsd-update Executable file
View File

File diff suppressed because it is too large Load Diff

78
conf/system/freebsd-update/14.3/freebsd-update.conf Normal file
View File

@@ -0,0 +1,78 @@
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world kernel
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
# Create a new boot environment when installing patches
# CreateBootEnv yes

BIN
conf/system/include/14.2/ar Executable file
View File

Binary file not shown.

BIN
conf/system/include/14.2/diff3 Executable file
View File

Binary file not shown.

417
conf/system/include/14.2/jib Executable file
View File

@@ -0,0 +1,417 @@
#!/bin/sh
#-
# Copyright (c) 2016 Devin Teske
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
############################################################ IDENT(1)
#
# $Title: if_bridge(4) management script for vnet jails $
#
############################################################ INFORMATION
#
# Use this tool with jail.conf(5) (or rc.conf(5) ``legacy'' configuration) to
# manage `vnet' interfaces for jails. Designed to automate the creation of vnet
# interface(s) during jail `prestart' and destroy said interface(s) during jail
# `poststop'.
#
# In jail.conf(5) format:
#
# ### BEGIN EXCERPT ###
#
# xxx {
# host.hostname = "xxx.yyy";
# path = "/vm/xxx";
#
# #
# # NB: Below 2-lines required
# # NB: The number of eNb_xxx interfaces should match the number of
# # arguments given to `jib addm xxx' in exec.prestart value.
# #
# vnet;
# vnet.interface = e0b_xxx, e1b_xxx, ...;
#
# exec.clean;
# exec.system_user = "root";
# exec.jail_user = "root";
#
# #
# # NB: Below 2-lines required
# # NB: The number of arguments after `jib addm xxx' should match
# # the number of eNb_xxx arguments in vnet.interface value.
# #
# exec.prestart += "jib addm xxx em0 em1 ...";
# exec.poststop += "jib destroy xxx";
#
# # Standard recipe
# exec.start += "/bin/sh /etc/rc";
# exec.stop = "/bin/sh /etc/rc.shutdown jail";
# exec.consolelog = "/var/log/jail_xxx_console.log";
# mount.devfs;
#
# # Optional (default off)
# #allow.mount;
# #allow.set_hostname = 1;
# #allow.sysvipc = 1;
# #devfs_ruleset = "11"; # rule to unhide bpf for DHCP
# }
#
# ### END EXCERPT ###
#
# In rc.conf(5) ``legacy'' format (used when /etc/jail.conf does not exist):
#
# ### BEGIN EXCERPT ###
#
# jail_enable="YES"
# jail_list="xxx"
#
# #
# # Global presets for all jails
# #
# jail_devfs_enable="YES" # mount devfs
#
# #
# # Global options (default off)
# #
# #jail_mount_enable="YES" # mount /etc/fstab.{name}
# #jail_set_hostname_allow="YES" # Allow hostname to change
# #jail_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
#
# # xxx
# jail_xxx_hostname="xxx.shxd.cx" # hostname
# jail_xxx_rootdir="/vm/xxx" # root directory
# jail_xxx_vnet_interfaces="e0b_xxx e1bxxx ..." # vnet interface(s)
# jail_xxx_exec_prestart0="jib addm xxx em0 em1 ..." # bridge interface(s)
# jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
# #jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
# #jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
#
# ### END EXCERPT ###
#
# Note that the legacy rc.conf(5) format is converted to
# /var/run/jail.{name}.conf by /etc/rc.d/jail if jail.conf(5) is missing.
#
# ASIDE: dhclient(8) inside a vnet jail...
#
# To allow dhclient(8) to work inside a vnet jail, make sure the following
# appears in /etc/devfs.rules (which should be created if it doesn't exist):
#
# [devfsrules_jail=11]
# add include $devfsrules_hide_all
# add include $devfsrules_unhide_basic
# add include $devfsrules_unhide_login
# add path 'bpf*' unhide
#
# And set ether devfs.ruleset="11" (jail.conf(5)) or
# jail_{name}_devfs_ruleset="11" (rc.conf(5)).
#
# NB: While this tool can't create every type of desirable topology, it should
# handle most setups, minus some which considered exotic or purpose-built.
#
############################################################ GLOBALS
pgm="${0##*/}" # Program basename
#
# Global exit status
#
SUCCESS=0
FAILURE=1
############################################################ FUNCTIONS
usage()
{
local action usage descr
exec >&2
echo "Usage: $pgm action [arguments]"
echo "Actions:"
for action in \
addm \
show \
show1 \
destroy \
; do
eval usage=\"\$jib_${action}_usage\"
[ "$usage" ] || continue
eval descr=\"\$jib_${action}_descr\"
printf "\t%s\n\t\t%s\n" "$usage" "$descr"
done
exit $FAILURE
}
action_usage()
{
local usage descr action="$1"
eval usage=\"\$jib_${action}_usage\"
echo "Usage: $pgm $usage" >&2
eval descr=\"\$jib_${action}_descr\"
printf "\t%s\n" "$descr"
exit $FAILURE
}
derive_mac()
{
local OPTIND=1 OPTARG __flag
local __mac_num= __make_pair=
while getopts 2n: __flag; do
case "$__flag" in
2) __make_pair=1 ;;
n) __mac_num=${OPTARG%%[^0-9]*} ;;
esac
done
shift $(( $OPTIND - 1 ))
if [ ! "$__mac_num" ]; then
eval __mac_num=\${_${iface}_num:--1}
__mac_num=$(( $__mac_num + 1 ))
eval _${iface}_num=\$__mac_num
fi
local __iface="$1" __name="$2" __var_to_set="$3" __var_to_set_b="$4"
local __iface_devid __new_devid __num __new_devid_b
#
# Calculate MAC address derived from given iface.
#
# The formula I'm using is ``NP:SS:SS:II:II:II'' where:
# + N denotes 4 bits used as a counter to support branching
# each parent interface up to 15 times under the same jail
# name (see S below).
# + P denotes the special nibble whose value, if one of
# 2, 6, A, or E (but usually 2) denotes a privately
# administered MAC address (while remaining routable).
# + S denotes 16 bits, the sum(1) value of the jail name.
# + I denotes bits that are inherited from parent interface.
#
# The S bits are a CRC-16 checksum of NAME, allowing the jail
# to change link numbers in ng_bridge(4) without affecting the
# MAC address. Meanwhile, if...
# + the jail NAME changes (e.g., it was duplicated and given
# a new name with no other changes)
# + the underlying network interface changes
# + the jail is moved to another host
# the MAC address will be recalculated to a new, similarly
# unique value preventing conflict.
#
__iface_devid=$( ifconfig $__iface ether | awk '/ether/,$0=$2' )
# ??:??:??:II:II:II
__new_devid=${__iface_devid#??:??:??} # => :II:II:II
# => :SS:SS:II:II:II
__num=$( set -- `echo -n "$__name" | sum` && echo $1 )
__new_devid=$( printf :%02x:%02x \
$(( $__num >> 8 & 255 )) $(( $__num & 255 )) )$__new_devid
# => P:SS:SS:II:II:II
case "$__iface_devid" in
?2:*) __new_devid=a$__new_devid __new_devid_b=e$__new_devid ;;
?[Ee]:*) __new_devid=2$__new_devid __new_devid_b=6$__new_devid ;;
*) __new_devid=2$__new_devid __new_devid_b=e$__new_devid
esac
# => NP:SS:SS:II:II:II
__new_devid=$( printf %x $(( $__mac_num & 15 )) )$__new_devid
__new_devid_b=$( printf %x $(( $__mac_num & 15 )) )$__new_devid_b
#
# Return derivative MAC address(es)
#
if [ "$__make_pair" ]; then
if [ "$__var_to_set" -a "$__var_to_set_b" ]; then
eval $__var_to_set=\$__new_devid
eval $__var_to_set_b=\$__new_devid_b
else
echo $__new_devid $__new_devid_b
fi
else
if [ "$__var_to_set" ]; then
eval $__var_to_set=\$__new_devid
else
echo $__new_devid
fi
fi
}
mustberoot_to_continue()
{
if [ "$( id -u )" -ne 0 ]; then
echo "Must run as root!" >&2
exit $FAILURE
fi
}
jib_addm_usage="addm [-b BRIDGE_NAME] NAME [!]iface0 [[!]iface1 ...]"
jib_addm_descr="Creates e0b_NAME [e1b_NAME ...]"
jib_addm()
{
local OPTIND=1 OPTARG flag bridge=bridge
while getopts b: flag; do
case "$flag" in
b) bridge="${OPTARG:-bridge}" ;;
*) action_usage addm # NOTREACHED
esac
done
shift $(( $OPTIND - 1 ))
local name="$1"
[ "${name:-x}" = "${name#*[!0-9a-zA-Z_]}" -a $# -gt 1 ] ||
action_usage addm # NOTREACHED
shift 1 # name
mustberoot_to_continue
local iface eiface_devid_a eiface_devid_b
local new no_derive num quad i=0
for iface in $*; do
no_derive=
case "$iface" in
!*) iface=${iface#!} no_derive=1 ;;
esac
# Make sure the interface doesn't exist already
if ifconfig "e${i}a_$name" > /dev/null 2>&1; then
i=$(( $i + 1 ))
continue
fi
# Bring the interface up
ifconfig $iface up || return
# Make sure the interface has been bridged
if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then
new=$( ifconfig bridge create ) || return
ifconfig $new addm $iface || return
ifconfig $new name "$iface$bridge" || return
ifconfig "$iface$bridge" up || return
fi
# Create a new interface to the bridge
new=$( ifconfig epair create ) || return
ifconfig "$iface$bridge" addm $new || return
# Rename the new interface
ifconfig $new name "e${i}a_$name" || return
ifconfig ${new%a}b name "e${i}b_$name" || return
ifconfig "e${i}a_$name" up || return
ifconfig "e${i}b_$name" up || return
#
# Set the MAC address of the new interface using a sensible
# algorithm to prevent conflicts on the network.
#
eiface_devid_a= eiface_devid_b=
[ "$no_derive" ] || derive_mac -2 $iface "$name" \
eiface_devid_a eiface_devid_b
if [ "$eiface_devid_a" -a "$eiface_devid_b" ]; then
ifconfig "e${i}a_$name" ether $eiface_devid_a
ifconfig "e${i}b_$name" ether $eiface_devid_b
fi > /dev/null 2>&1
i=$(( $i + 1 ))
done # for iface
}
jib_show_usage="show"
jib_show_descr="List possible NAME values for \`show NAME'"
jib_show1_usage="show NAME"
jib_show1_descr="Lists e0b_NAME [e1b_NAME ...]"
jib_show2_usage="show [NAME]"
jib_show()
{
local OPTIND=1 OPTARG flag
while getopts "" flag; do
case "$flag" in
*) action_usage show2 # NOTREACHED
esac
done
shift $(( $OPTIND - 1 ))
if [ $# -eq 0 ]; then
ifconfig | awk '
/^[^:[:space:]]+:/ {
iface = $1
sub(/:.*/, "", iface)
next
}
$1 == "groups:" {
for (n = split($0, group); n > 1; n--) {
if (group[n] != "bridge") continue
print iface
next
}
}' |
xargs -rn1 ifconfig |
awk '$1 == "member:" &&
sub(/^e[[:digit:]]+a_/, "", $2), $0 = $2' |
sort -u
return
fi
ifconfig | awk -v name="$1" '
match($0, /^e[[:digit:]]+a_/) && sub(/:.*/, "") &&
substr($1, RSTART + RLENGTH) == name
' | sort
}
jib_destroy_usage="destroy NAME"
jib_destroy_descr="Destroy e0b_NAME [e1b_NAME ...]"
jib_destroy()
{
local OPTIND=1 OPTARG flag
while getopts "" flag; do
case "$flag" in
*) action_usage destroy # NOTREACHED
esac
done
shift $(( $OPTIND -1 ))
local name="$1"
[ "${name:-x}" = "${name#*[!0-9a-zA-Z_]}" -a $# -eq 1 ] ||
action_usage destroy # NOTREACHED
mustberoot_to_continue
jib_show "$name" | xargs -rn1 -I eiface ifconfig eiface destroy
}
############################################################ MAIN
#
# Command-line arguments
#
action="$1"
[ "$action" ] || usage # NOTREACHED
#
# Validate action argument
#
if [ "$BASH_VERSION" ]; then
type="$( type -t "jib_$action" )" || usage # NOTREACHED
else
type="$( type "jib_$action" 2> /dev/null )" || usage # NOTREACHED
fi
case "$type" in
*function)
shift 1 # action
eval "jib_$action" \"\$@\"
;;
*) usage # NOTREACHED
esac
################################################################################
# END
################################################################################

BIN
conf/system/include/14.2/makewhatis Executable file
View File

Binary file not shown.

708
conf/system/include/14.2/pf.os Normal file
View File

@@ -0,0 +1,708 @@
# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $
# passive OS fingerprinting
# -------------------------
#
# SYN signatures. Those signatures work for SYN packets only (duh!).
#
# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#
# This fingerprint database is adapted from Michal Zalewski's p0f passive
# operating system package. The last database sync was from a Nov 3 2003
# p0f.fp.
#
#
# Each line in this file specifies a single fingerprint. Please read the
# information below carefully before attempting to append any signatures
# reported as UNKNOWN to this file to avoid mistakes.
#
# We use the following set metrics for fingerprinting:
#
# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
# performance control (max. amount of data to be sent without ACK).
# Some systems use a fixed value for initial packets. On other
# systems, it is a multiple of MSS or MTU (MSS+40). In some rare
# cases, the value is just arbitrary.
#
# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
# value of nn is not fixed (unlikely), just copy the Snn or Tnn token
# literally. If you know this device has a simple stack and a fixed
# MTU, you can however multiply S value by MSS, or T value by MSS+40,
# and put it instead of Snn or Tnn.
#
# If WSS otherwise looks like a fixed value (for example a multiple
# of two), or if you can confirm the value is fixed, please quote
# it literally. If there's no apparent pattern in WSS chosen, you
# should consider wildcarding this value.
#
# - Overall packet size - a function of all IP and TCP options and bugs.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Initial TTL - We check the actual TTL of a received packet. It can't
# be higher than the initial TTL, and also shouldn't be dramatically
# lower (maximum distance is defined as 40 hops).
#
# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
# You need to determine the initial TTL. The best way to do it is to
# check the documentation for a remote system, or check its settings.
# A fairly good method is to simply round the observed TTL up to
# 32, 64, 128, or 255, but it should be noted that some obscure devices
# might not use round TTLs (in particular, some shoddy appliances use
# "original" initial TTL settings). If not sure, you can see how many
# hops you're away from the remote party with traceroute or mtr.
#
# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
# discovery. Others do not bother.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
# uses it to determine link type of the remote host.
#
# NEW SIGNATURE: Always wildcard this value, except for rare cases when
# you have an appliance with a fixed value, know the system supports only
# a very limited number of network interface types, or know the system
# is using a value it pulled out of nowhere. Specific unique MSS
# can be used to tell Google crawlbots from the rest of the population.
#
# - Window scaling (WSCALE) - this feature is used to scale WSS.
# It extends the size of a TCP/IP window to 32 bits. Some modern
# systems implement this feature.
#
# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
# to zero or other low value. There's usually no need to wildcard this
# parameter.
#
# - Timestamp - some systems that implement timestamps set them to
# zero in the initial SYN. This case is detected and handled appropriately.
#
# - Selective ACK permitted - a flag set by systems that implement
# selective ACK functionality.
#
# - The sequence of TCP all options (MSS, window scaling, selective ACK
# permitted, timestamp, NOP). Other than the options previously
# discussed, p0f also checks for timestamp option (a silly
# extension to broadcast your uptime ;-), NOP options (used for
# header padding) and sackOK option (selective ACK feature).
#
# NEW SIGNATURE: Copy the sequence literally.
#
# To wildcard any value (except for initial TTL or TCP options), replace
# it with '*'. You can also use a modulo operator to match any values
# that divide by nnn - '%nnn'.
#
# Fingerprint entry format:
#
# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
#
# wwww - window size (can be *, %nnn, Snn or Tnn). The special values
# "S" and "T" which are a multiple of MSS or a multiple of MTU
# respectively.
# ttt - initial TTL
# D - don't fragment bit (0 - not set, 1 - set)
# ss - overall SYN packet size
# OOO - option value and order specification (see below)
# OS - OS genre (Linux, Solaris, Windows)
# Version - OS Version (2.0.27 on x86, etc)
# Subtype - OS subtype or patchlevel (SP3, lo0)
# details - Generic OS details
#
# If OS genre starts with '*', p0f will not show distance, link type
# and timestamp data. It is useful for userland TCP/IP stacks of
# network scanners and so on, where many settings are randomized or
# bogus.
#
# If OS genre starts with @, it denotes an approximate hit for a group
# of operating systems (signature reporting still enabled in this case).
# Use this feature at the end of this file to catch cases for which
# you don't have a precise match, but can tell it's Windows or FreeBSD
# or whatnot by looking at, say, flag layout alone.
#
# Option block description is a list of comma or space separated
# options in the order they appear in the packet:
#
# N - NOP option
# Wnnn - window scaling option, value nnn (or * or %nnn)
# Mnnn - maximum segment size option, value nnn (or * or %nnn)
# S - selective ACK OK
# T - timestamp
# T0 - timestamp with a zero value
#
# To denote no TCP options, use a single '.'.
#
# Please report any additions to this file, or any inaccuracies or
# problems spotted, to the maintainers: lcamtuf@coredump.cx,
# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
# capture of the relevant SYN packet(s)
#
# A test and submission page is available at
# http://lcamtuf.coredump.cx/p0f-help/
#
#
# WARNING WARNING WARNING
# -----------------------
#
# Do not add a system X as OS Y just because NMAP says so. It is often
# the case that X is a NAT firewall. While nmap is talking to the
# device itself, p0f is fingerprinting the guy behind the firewall
# instead.
#
# When in doubt, use common sense, don't add something that looks like
# a completely different system as Linux or FreeBSD or LinkSys router.
# Check DNS name, establish a connection to the remote host and look
# at SYN+ACK - does it look similar?
#
# Some users tweak their TCP/IP settings - enable or disable RFC1323
# functionality, enable or disable timestamps or selective ACK,
# disable PMTU discovery, change MTU and so on. Always compare a new rule
# to other fingerprints for this system, and verify the system isn't
# "customized" before adding it. It is OK to add signature variants
# caused by a commonly used software (personal firewalls, security
# packages, etc), but it makes no sense to try to add every single
# possible /proc/sys/net/ipv4 tweak on Linux or so.
#
# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
# normalize packets. Signatures will not correspond to the originating
# system (and probably not quite to the firewall either).
#
# NOTE: Try to keep this file in some reasonable order, from most to
# least likely systems. This will speed up operation. Also keep most
# generic and broad rules near the end.
#
##########################
# Standard OS signatures #
##########################
# ----------------- AIX ---------------------
# AIX is first because its signatures are close to NetBSD, MacOS X and
# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
# This is a shoddy hack, though.
45046:64:0:44:M*: AIX:4.3::AIX 4.3
16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier
16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1
# ----------------- Linux -------------------
# S1:64:0:44:M*:A: Linux:1.2::Linux 1.2.x (XXX quirks support)
512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
# Endian snafu! Nelson says "ha-ha":
2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot)
S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer
S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7
S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
S4:64:1:60:M*,S,T,N,W5: Linux:2.6::Linux 2.6 (newer, 1)
S4:64:1:60:M*,S,T,N,W6: Linux:2.6::Linux 2.6 (newer, 2)
S4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 3)
T4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 4)
S10:64:1:60:M*,S,T,N,W4: Linux:3.0::Linux 3.0
S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4)
S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
S3:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4)
S4:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4)
S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer
S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
# Popular cluster config scripts disable timestamps and
# selective ACK:
S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster
# This needs to be investigated. On some systems, WSS
# is selected as a multiple of MTU instead of MSS. I got
# many submissions for this for many late versions of 2.4:
T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon)
# This happens only over loopback, but let's make folks happy:
32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local)
S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local)
# Opera visitors:
16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?)
32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?)
# Some fairly common mods:
S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps
S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
# ----------------- FreeBSD -----------------
16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
# XXX need quirks support
# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3)
# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323)
# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
# ----------------- NetBSD ------------------
16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3
65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera)
16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6
16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF)
65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF)
65535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF)
32768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization)
# ----------------- OpenBSD -----------------
16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9
16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)
16384:64:1:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1::OpenBSD 6.1
16384:64:0:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df)
# ----------------- DragonFly BSD -----------------
57344:64:1:60:M*,N,W0,N,N,T: DragonFly:1.0:A:DragonFly 1.0A
57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:1.2-1.12::DragonFly 1.2-1.12
5840:64:1:60:M*,S,T,N,W4: DragonFly:2.0-2.1::DragonFly 2.0-2.1
57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:2.2-2.3::DragonFly 2.2-2.3
57344:64:0:64:M*,N,W5,N,N,S,N,N,T: DragonFly:2.4-2.7::DragonFly 2.4-2.7
# ----------------- Solaris -----------------
S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323
S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8
S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7
S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7
S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1
S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9
S44:255:1:44:M*: Solaris:2.7::Solaris 7
4096:64:0:44:M1460: SunOS:4.1::SunOS 4.1.x
S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta)
32850:64:1:64:M*,N,N,T,N,W1,N,N,S: Solaris:10::Solaris 10 1203
# ----------------- IRIX --------------------
49152:64:0:44:M*: IRIX:6.4::IRIX 6.4
61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5
49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
49152:60:0:64:M*,N,W2,N,N,T,N,N,S: IRIX:6.5:IP27:IRIX 6.5 IP27
# ----------------- Tru64 -------------------
32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4)
32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0
8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
# ----------------- OpenVMS -----------------
6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
# ----------------- MacOS -------------------
# XXX Need EOL tcp opt support
# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic
# XXX some of these use EOL too
16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP)
32768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2
65535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4)
# ----------------- Windows -----------------
# Windows TCP/IP stack is a mess. For most recent XP, 2000 and
# even 98, the patchlevel, not the actual OS version, is more
# relevant to the signature. They share the same code, so it would
# seem. Luckily for us, almost all Windows 9x boxes have an
# awkward MSS of 536, which I use to tell one from another
# in most difficult cases.
8192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows)
S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95
8192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b
# There were so many tweaking tools and so many stack versions for
# Windows 98 it is no longer possible to tell them from each other
# without some very serious research. Until then, there's an insane
# number of signatures, for your amusement:
S44:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL)
8192:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL)
%8192:64:1:48:M536,N,N,S: Windows:98::Windows 98
%8192:128:1:48:M536,N,N,S: Windows:98::Windows 98
S4:64:1:48:M*,N,N,S: Windows:98::Windows 98
S6:64:1:48:M*,N,N,S: Windows:98::Windows 98
S12:64:1:48:M*,N,N,S: Windows:98::Windows 98
T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
32767:64:1:48:M*,N,N,S: Windows:98::Windows 98
37300:64:1:48:M*,N,N,S: Windows:98::Windows 98
46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323)
65535:64:1:44:M*: Windows:98:noSack:Windows 98 (no sack)
S16:128:1:48:M*,N,N,S: Windows:98::Windows 98
S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
S26:128:1:48:M*,N,N,S: Windows:98::Windows 98
T30:128:1:48:M*,N,N,S: Windows:98::Windows 98
32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98
60352:128:1:48:M*,N,N,S: Windows:98::Windows 98
60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98
# What's with 1414 on NT?
T31:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older)
# Windows XP and 2000. Most of the signatures that were
# either dubious or non-specific (no service pack data)
# were deleted and replaced with generics at the end.
65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
S20:128:1:48:M*,N,N,S: Windows:2000::Windows 2000/XP SP3
S20:128:1:48:M*,N,N,S: Windows:XP:SP3:Windows 2000/XP SP3
S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP 1
S45:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP 1
40320:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4
S6:128:1:48:M*,N,N,S: Windows:2000:SP2:Windows XP, 2000 SP2+
S6:128:1:48:M*,N,N,S: Windows:XP::Windows XP, 2000 SP2+
S12:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1
S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows Pro SP1, 2000 SP3
S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows Pro SP1, 2000 SP3
64512:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows SP1, 2000 SP3
64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP3
32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4
32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4
8192:128:1:52:M*,N,W2,N,N,S: Windows:Vista::Windows Vista/7
# Odds, ends, mods:
S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco
S52:128:1:48:M1260,N,N,S: Windows:XP:cisco:Windows XP/2000 via Cisco
65520:128:1:48:M*,N,N,S: Windows:XP::Windows XP bare-bone
16384:128:1:52:M536,N,W0,N,N,S: Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm?
2048:255:0:40:.: Windows:.NET::Windows .NET Enterprise Server
44620:64:0:48:M*,N,N,S: Windows:ME::Windows ME no SP (?)
S6:255:1:48:M536,N,N,S: Windows:95:winsock2:Windows 95 winsock 2
32768:32:1:52:M1460,N,W0,N,N,S: Windows:2003:AS:Windows 2003 AS
# No need to be more specific, it passes:
# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk
# there is an equiv similar generic sig w/o the quirk
# ----------------- HP/UX -------------------
32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20
32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0
32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11
32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11
# Whoa. Hardcore WSS.
0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
# ----------------- RiscOS ------------------
# We don't yet support the ?12 TCP option
#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36
12288:32:0:44:M536: RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10
# XXX quirk
# 4096:64:1:56:M1460,N,N,T:T: RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00
# ----------------- BSD/OS ------------------
# Once again, power of two WSS is also shared by MacOS X with DF set
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
# ---------------- NewtonOS -----------------
4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1
# ---------------- NeXTSTEP -----------------
S4:64:0:44:M1024: NeXTSTEP:3.3::NeXTSTEP 3.3
S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3
# ------------------ BeOS -------------------
1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1
12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x
# ------------------ OS/400 -----------------
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5
4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
# XXX quirk
# 28672:64:0:44:M1460:A:OS/390:?
# ------------------ ULTRIX -----------------
16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5
# ------------------- QNX -------------------
S16:64:0:44:M512: QNX:::QNX demodisk
# ------------------ Novell -----------------
16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0
6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11
6144:128:1:44:M1368: Novell:BorderManager::Novell BorderManager ?
6144:128:1:52:M*,W0,N,S,N,N: Novell:Netware:6:Novell Netware 6 SP3
# ----------------- SCO ------------------
S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1
S17:64:1:60:M1380,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3
S23:64:1:44:M1380: SCO:OpenServer:5.0:SCO OpenServer 5.0
# ------------------- DOS -------------------
2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
T2:255:0:44:M984: DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro)
# ------------------ OS/2 -------------------
S56:64:0:44:M512: OS/2:4::OS/2 4
28672:64:0:44:M1460: OS/2:4::OS/2 Warp 4.0
# ----------------- TOPS-20 -----------------
# Another hardcore MSS, one of the ACK leakers hunted down.
# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7
0:64:0:44:M1460: TOPS-20:7::TOPS-20 version 7
# ----------------- FreeMiNT ----------------
S44:255:0:44:M536: FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari)
# ------------------ AMIGA ------------------
# XXX TCP option 12
# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack
# ------------------ Plan9 ------------------
65535:255:0:48:M1460,W0,N: Plan9:4::Plan9 edition 4
# ----------------- AMIGAOS -----------------
16384:64:1:48:M1560,N,N,S: AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX
###########################################
# Appliance / embedded / other signatures #
###########################################
# ---------- Firewalls / routers ------------
S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1)
S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2)
4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x
# XXX TCP option 12
# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3
# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026
S4:64:1:60:W0,N,S,T,M1460: FortiNet:FortiGate:50:FortiNet FortiGate 50
8192:64:1:44:M1460: Eagle:::Eagle Secure Gateway
S52:128:1:48:M1260,N,N,N,N: LinkSys:WRV54G::LinkSys WRV54G VPN router
# ------- Switches and other stuff ----------
4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc
S8:255:0:44:M*: Cisco:12008::Cisco 12008
60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch
64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client
# ---------- Caches and whatnots ------------
S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache
32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x
16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:64:M1460,N,N,S,N,W*,N,N,T: NetApp:5.3-5.5::NetApp 5.3-5.5
65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow
8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1
20480:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:4.1::NetApp NetCache4.1
65535:64:0:60:M1460,N,W0,N,N,T: CacheFlow:4.1::CacheFlow CacheOS 4.1
8192:64:0:60:M1380,N,N,N,N,N,N,T: CacheFlow:1.1::CacheFlow CacheOS 1.1
S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine
27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based)
65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler
S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg
16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?)
65535:255:0:48:M*,N,N,S: Redline:::Redline T|X 2200
32696:128:0:40:M1460: Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine
# ----------- Embedded systems --------------
S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C
S5:255:0:44:M536: PalmOS:3::PalmOS 3/4
S5:255:0:44:M536: PalmOS:4::PalmOS 3/4
S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5
2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera)
S29:255:0:44:M536: PalmOS:5::PalmOS 5.0
16384:255:0:44:M1398: PalmOS:5.2:Clie:PalmOS 5.2 (Clie)
S14:255:0:44:M1350: PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo)
S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7
8192:255:0:44:M1460: SymbianOS:6048::Symbian OS 6048 (Nokia 7650?)
8192:255:0:44:M536: SymbianOS:9210::Symbian OS (Nokia 9210?)
S22:64:1:56:M1460,T,S: SymbianOS:P800::Symbian OS ? (SE P800?)
S36:64:1:56:M1360,T,S: SymbianOS:6600::Symbian OS 60xx (Nokia 6600?)
# Perhaps S4?
5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10
32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002
S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0
4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
T5:64:0:44:M536: Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027)
S22:64:1:44:M1460: Sony:PS2::Sony Playstation 2 (SOCOM?)
S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
3100:32:1:44:M1460: Windows:CE:2.0:Windows CE 2.0
####################
# Fancy signatures #
####################
1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1)
2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2)
3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3)
4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4)
# Requires quirks support
# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1)
# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2)
# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3)
# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4)
1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1)
2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2)
3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3)
4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4)
32767:64:0:40:.: *NAST:::NASTsyn scan
# Requires quirks support
# 12345:255:0:40:.:A:-p0f:sendsyn utility
#####################################
# Generic signatures - just in case #
#####################################
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W*,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W*,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+)
*:128:1:48:M536,N,N,S: @Windows:98::Windows 98
*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000
*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000

BIN
conf/system/include/14.2/pfctl Executable file
View File

Binary file not shown.

BIN
conf/system/include/14.2/pfilctl Executable file
View File

Binary file not shown.

BIN
conf/system/include/14.2/pflogd Executable file
View File

Binary file not shown.

BIN
conf/system/include/14.2/setfib Executable file
View File

Binary file not shown.

BIN
conf/system/include/14.2/sum Executable file
View File

Binary file not shown.

BIN
conf/system/include/14.3/ar Normal file
View File

Binary file not shown.

BIN
conf/system/include/14.3/diff3 Normal file
View File

Binary file not shown.

1963
conf/system/include/14.3/etcupdate Normal file
View File

File diff suppressed because it is too large Load Diff

417
conf/system/include/14.3/jib Executable file
View File

@@ -0,0 +1,417 @@
#!/bin/sh
#-
# Copyright (c) 2016 Devin Teske
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
#
############################################################ IDENT(1)
#
# $Title: if_bridge(4) management script for vnet jails $
#
############################################################ INFORMATION
#
# Use this tool with jail.conf(5) (or rc.conf(5) ``legacy'' configuration) to
# manage `vnet' interfaces for jails. Designed to automate the creation of vnet
# interface(s) during jail `prestart' and destroy said interface(s) during jail
# `poststop'.
#
# In jail.conf(5) format:
#
# ### BEGIN EXCERPT ###
#
# xxx {
# host.hostname = "xxx.yyy";
# path = "/vm/xxx";
#
# #
# # NB: Below 2-lines required
# # NB: The number of eNb_xxx interfaces should match the number of
# # arguments given to `jib addm xxx' in exec.prestart value.
# #
# vnet;
# vnet.interface = e0b_xxx, e1b_xxx, ...;
#
# exec.clean;
# exec.system_user = "root";
# exec.jail_user = "root";
#
# #
# # NB: Below 2-lines required
# # NB: The number of arguments after `jib addm xxx' should match
# # the number of eNb_xxx arguments in vnet.interface value.
# #
# exec.prestart += "jib addm xxx em0 em1 ...";
# exec.poststop += "jib destroy xxx";
#
# # Standard recipe
# exec.start += "/bin/sh /etc/rc";
# exec.stop = "/bin/sh /etc/rc.shutdown jail";
# exec.consolelog = "/var/log/jail_xxx_console.log";
# mount.devfs;
#
# # Optional (default off)
# #allow.mount;
# #allow.set_hostname = 1;
# #allow.sysvipc = 1;
# #devfs_ruleset = "11"; # rule to unhide bpf for DHCP
# }
#
# ### END EXCERPT ###
#
# In rc.conf(5) ``legacy'' format (used when /etc/jail.conf does not exist):
#
# ### BEGIN EXCERPT ###
#
# jail_enable="YES"
# jail_list="xxx"
#
# #
# # Global presets for all jails
# #
# jail_devfs_enable="YES" # mount devfs
#
# #
# # Global options (default off)
# #
# #jail_mount_enable="YES" # mount /etc/fstab.{name}
# #jail_set_hostname_allow="YES" # Allow hostname to change
# #jail_sysvipc_allow="YES" # Allow SysV Interprocess Comm.
#
# # xxx
# jail_xxx_hostname="xxx.shxd.cx" # hostname
# jail_xxx_rootdir="/vm/xxx" # root directory
# jail_xxx_vnet_interfaces="e0b_xxx e1bxxx ..." # vnet interface(s)
# jail_xxx_exec_prestart0="jib addm xxx em0 em1 ..." # bridge interface(s)
# jail_xxx_exec_poststop0="jib destroy xxx" # destroy interface(s)
# #jail_xxx_mount_enable="YES" # mount /etc/fstab.xxx
# #jail_xxx_devfs_ruleset="11" # rule to unhide bpf for DHCP
#
# ### END EXCERPT ###
#
# Note that the legacy rc.conf(5) format is converted to
# /var/run/jail.{name}.conf by /etc/rc.d/jail if jail.conf(5) is missing.
#
# ASIDE: dhclient(8) inside a vnet jail...
#
# To allow dhclient(8) to work inside a vnet jail, make sure the following
# appears in /etc/devfs.rules (which should be created if it doesn't exist):
#
# [devfsrules_jail=11]
# add include $devfsrules_hide_all
# add include $devfsrules_unhide_basic
# add include $devfsrules_unhide_login
# add path 'bpf*' unhide
#
# And set ether devfs.ruleset="11" (jail.conf(5)) or
# jail_{name}_devfs_ruleset="11" (rc.conf(5)).
#
# NB: While this tool can't create every type of desirable topology, it should
# handle most setups, minus some which considered exotic or purpose-built.
#
############################################################ GLOBALS
pgm="${0##*/}" # Program basename
#
# Global exit status
#
SUCCESS=0
FAILURE=1
############################################################ FUNCTIONS
usage()
{
local action usage descr
exec >&2
echo "Usage: $pgm action [arguments]"
echo "Actions:"
for action in \
addm \
show \
show1 \
destroy \
; do
eval usage=\"\$jib_${action}_usage\"
[ "$usage" ] || continue
eval descr=\"\$jib_${action}_descr\"
printf "\t%s\n\t\t%s\n" "$usage" "$descr"
done
exit $FAILURE
}
action_usage()
{
local usage descr action="$1"
eval usage=\"\$jib_${action}_usage\"
echo "Usage: $pgm $usage" >&2
eval descr=\"\$jib_${action}_descr\"
printf "\t%s\n" "$descr"
exit $FAILURE
}
derive_mac()
{
local OPTIND=1 OPTARG __flag
local __mac_num= __make_pair=
while getopts 2n: __flag; do
case "$__flag" in
2) __make_pair=1 ;;
n) __mac_num=${OPTARG%%[^0-9]*} ;;
esac
done
shift $(( $OPTIND - 1 ))
if [ ! "$__mac_num" ]; then
eval __mac_num=\${_${iface}_num:--1}
__mac_num=$(( $__mac_num + 1 ))
eval _${iface}_num=\$__mac_num
fi
local __iface="$1" __name="$2" __var_to_set="$3" __var_to_set_b="$4"
local __iface_devid __new_devid __num __new_devid_b
#
# Calculate MAC address derived from given iface.
#
# The formula I'm using is ``NP:SS:SS:II:II:II'' where:
# + N denotes 4 bits used as a counter to support branching
# each parent interface up to 15 times under the same jail
# name (see S below).
# + P denotes the special nibble whose value, if one of
# 2, 6, A, or E (but usually 2) denotes a privately
# administered MAC address (while remaining routable).
# + S denotes 16 bits, the sum(1) value of the jail name.
# + I denotes bits that are inherited from parent interface.
#
# The S bits are a CRC-16 checksum of NAME, allowing the jail
# to change link numbers in ng_bridge(4) without affecting the
# MAC address. Meanwhile, if...
# + the jail NAME changes (e.g., it was duplicated and given
# a new name with no other changes)
# + the underlying network interface changes
# + the jail is moved to another host
# the MAC address will be recalculated to a new, similarly
# unique value preventing conflict.
#
__iface_devid=$( ifconfig $__iface ether | awk '/ether/,$0=$2' )
# ??:??:??:II:II:II
__new_devid=${__iface_devid#??:??:??} # => :II:II:II
# => :SS:SS:II:II:II
__num=$( set -- `echo -n "$__name" | sum` && echo $1 )
__new_devid=$( printf :%02x:%02x \
$(( $__num >> 8 & 255 )) $(( $__num & 255 )) )$__new_devid
# => P:SS:SS:II:II:II
case "$__iface_devid" in
?2:*) __new_devid=a$__new_devid __new_devid_b=e$__new_devid ;;
?[Ee]:*) __new_devid=2$__new_devid __new_devid_b=6$__new_devid ;;
*) __new_devid=2$__new_devid __new_devid_b=e$__new_devid
esac
# => NP:SS:SS:II:II:II
__new_devid=$( printf %x $(( $__mac_num & 15 )) )$__new_devid
__new_devid_b=$( printf %x $(( $__mac_num & 15 )) )$__new_devid_b
#
# Return derivative MAC address(es)
#
if [ "$__make_pair" ]; then
if [ "$__var_to_set" -a "$__var_to_set_b" ]; then
eval $__var_to_set=\$__new_devid
eval $__var_to_set_b=\$__new_devid_b
else
echo $__new_devid $__new_devid_b
fi
else
if [ "$__var_to_set" ]; then
eval $__var_to_set=\$__new_devid
else
echo $__new_devid
fi
fi
}
mustberoot_to_continue()
{
if [ "$( id -u )" -ne 0 ]; then
echo "Must run as root!" >&2
exit $FAILURE
fi
}
jib_addm_usage="addm [-b BRIDGE_NAME] NAME [!]iface0 [[!]iface1 ...]"
jib_addm_descr="Creates e0b_NAME [e1b_NAME ...]"
jib_addm()
{
local OPTIND=1 OPTARG flag bridge=bridge
while getopts b: flag; do
case "$flag" in
b) bridge="${OPTARG:-bridge}" ;;
*) action_usage addm # NOTREACHED
esac
done
shift $(( $OPTIND - 1 ))
local name="$1"
[ "${name:-x}" = "${name#*[!0-9a-zA-Z_]}" -a $# -gt 1 ] ||
action_usage addm # NOTREACHED
shift 1 # name
mustberoot_to_continue
local iface eiface_devid_a eiface_devid_b
local new no_derive num quad i=0
for iface in $*; do
no_derive=
case "$iface" in
!*) iface=${iface#!} no_derive=1 ;;
esac
# Make sure the interface doesn't exist already
if ifconfig "e${i}a_$name" > /dev/null 2>&1; then
i=$(( $i + 1 ))
continue
fi
# Bring the interface up
ifconfig $iface up || return
# Make sure the interface has been bridged
if ! ifconfig "$iface$bridge" > /dev/null 2>&1; then
new=$( ifconfig bridge create ) || return
ifconfig $new addm $iface || return
ifconfig $new name "$iface$bridge" || return
ifconfig "$iface$bridge" up || return
fi
# Create a new interface to the bridge
new=$( ifconfig epair create ) || return
ifconfig "$iface$bridge" addm $new || return
# Rename the new interface
ifconfig $new name "e${i}a_$name" || return
ifconfig ${new%a}b name "e${i}b_$name" || return
ifconfig "e${i}a_$name" up || return
ifconfig "e${i}b_$name" up || return
#
# Set the MAC address of the new interface using a sensible
# algorithm to prevent conflicts on the network.
#
eiface_devid_a= eiface_devid_b=
[ "$no_derive" ] || derive_mac -2 $iface "$name" \
eiface_devid_a eiface_devid_b
if [ "$eiface_devid_a" -a "$eiface_devid_b" ]; then
ifconfig "e${i}a_$name" ether $eiface_devid_a
ifconfig "e${i}b_$name" ether $eiface_devid_b
fi > /dev/null 2>&1
i=$(( $i + 1 ))
done # for iface
}
jib_show_usage="show"
jib_show_descr="List possible NAME values for \`show NAME'"
jib_show1_usage="show NAME"
jib_show1_descr="Lists e0b_NAME [e1b_NAME ...]"
jib_show2_usage="show [NAME]"
jib_show()
{
local OPTIND=1 OPTARG flag
while getopts "" flag; do
case "$flag" in
*) action_usage show2 # NOTREACHED
esac
done
shift $(( $OPTIND - 1 ))
if [ $# -eq 0 ]; then
ifconfig | awk '
/^[^:[:space:]]+:/ {
iface = $1
sub(/:.*/, "", iface)
next
}
$1 == "groups:" {
for (n = split($0, group); n > 1; n--) {
if (group[n] != "bridge") continue
print iface
next
}
}' |
xargs -rn1 ifconfig |
awk '$1 == "member:" &&
sub(/^e[[:digit:]]+a_/, "", $2), $0 = $2' |
sort -u
return
fi
ifconfig | awk -v name="$1" '
match($0, /^e[[:digit:]]+a_/) && sub(/:.*/, "") &&
substr($1, RSTART + RLENGTH) == name
' | sort
}
jib_destroy_usage="destroy NAME"
jib_destroy_descr="Destroy e0b_NAME [e1b_NAME ...]"
jib_destroy()
{
local OPTIND=1 OPTARG flag
while getopts "" flag; do
case "$flag" in
*) action_usage destroy # NOTREACHED
esac
done
shift $(( $OPTIND -1 ))
local name="$1"
[ "${name:-x}" = "${name#*[!0-9a-zA-Z_]}" -a $# -eq 1 ] ||
action_usage destroy # NOTREACHED
mustberoot_to_continue
jib_show "$name" | xargs -rn1 -I eiface ifconfig eiface destroy
}
############################################################ MAIN
#
# Command-line arguments
#
action="$1"
[ "$action" ] || usage # NOTREACHED
#
# Validate action argument
#
if [ "$BASH_VERSION" ]; then
type="$( type -t "jib_$action" )" || usage # NOTREACHED
else
type="$( type "jib_$action" 2> /dev/null )" || usage # NOTREACHED
fi
case "$type" in
*function)
shift 1 # action
eval "jib_$action" \"\$@\"
;;
*) usage # NOTREACHED
esac
################################################################################
# END
################################################################################

BIN
conf/system/include/14.3/makewhatis Normal file
View File

Binary file not shown.

708
conf/system/include/14.3/pf.os Normal file
View File

@@ -0,0 +1,708 @@
# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $
# passive OS fingerprinting
# -------------------------
#
# SYN signatures. Those signatures work for SYN packets only (duh!).
#
# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#
# This fingerprint database is adapted from Michal Zalewski's p0f passive
# operating system package. The last database sync was from a Nov 3 2003
# p0f.fp.
#
#
# Each line in this file specifies a single fingerprint. Please read the
# information below carefully before attempting to append any signatures
# reported as UNKNOWN to this file to avoid mistakes.
#
# We use the following set metrics for fingerprinting:
#
# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
# performance control (max. amount of data to be sent without ACK).
# Some systems use a fixed value for initial packets. On other
# systems, it is a multiple of MSS or MTU (MSS+40). In some rare
# cases, the value is just arbitrary.
#
# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
# value of nn is not fixed (unlikely), just copy the Snn or Tnn token
# literally. If you know this device has a simple stack and a fixed
# MTU, you can however multiply S value by MSS, or T value by MSS+40,
# and put it instead of Snn or Tnn.
#
# If WSS otherwise looks like a fixed value (for example a multiple
# of two), or if you can confirm the value is fixed, please quote
# it literally. If there's no apparent pattern in WSS chosen, you
# should consider wildcarding this value.
#
# - Overall packet size - a function of all IP and TCP options and bugs.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Initial TTL - We check the actual TTL of a received packet. It can't
# be higher than the initial TTL, and also shouldn't be dramatically
# lower (maximum distance is defined as 40 hops).
#
# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
# You need to determine the initial TTL. The best way to do it is to
# check the documentation for a remote system, or check its settings.
# A fairly good method is to simply round the observed TTL up to
# 32, 64, 128, or 255, but it should be noted that some obscure devices
# might not use round TTLs (in particular, some shoddy appliances use
# "original" initial TTL settings). If not sure, you can see how many
# hops you're away from the remote party with traceroute or mtr.
#
# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
# discovery. Others do not bother.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
# uses it to determine link type of the remote host.
#
# NEW SIGNATURE: Always wildcard this value, except for rare cases when
# you have an appliance with a fixed value, know the system supports only
# a very limited number of network interface types, or know the system
# is using a value it pulled out of nowhere. Specific unique MSS
# can be used to tell Google crawlbots from the rest of the population.
#
# - Window scaling (WSCALE) - this feature is used to scale WSS.
# It extends the size of a TCP/IP window to 32 bits. Some modern
# systems implement this feature.
#
# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
# to zero or other low value. There's usually no need to wildcard this
# parameter.
#
# - Timestamp - some systems that implement timestamps set them to
# zero in the initial SYN. This case is detected and handled appropriately.
#
# - Selective ACK permitted - a flag set by systems that implement
# selective ACK functionality.
#
# - The sequence of TCP all options (MSS, window scaling, selective ACK
# permitted, timestamp, NOP). Other than the options previously
# discussed, p0f also checks for timestamp option (a silly
# extension to broadcast your uptime ;-), NOP options (used for
# header padding) and sackOK option (selective ACK feature).
#
# NEW SIGNATURE: Copy the sequence literally.
#
# To wildcard any value (except for initial TTL or TCP options), replace
# it with '*'. You can also use a modulo operator to match any values
# that divide by nnn - '%nnn'.
#
# Fingerprint entry format:
#
# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
#
# wwww - window size (can be *, %nnn, Snn or Tnn). The special values
# "S" and "T" which are a multiple of MSS or a multiple of MTU
# respectively.
# ttt - initial TTL
# D - don't fragment bit (0 - not set, 1 - set)
# ss - overall SYN packet size
# OOO - option value and order specification (see below)
# OS - OS genre (Linux, Solaris, Windows)
# Version - OS Version (2.0.27 on x86, etc)
# Subtype - OS subtype or patchlevel (SP3, lo0)
# details - Generic OS details
#
# If OS genre starts with '*', p0f will not show distance, link type
# and timestamp data. It is useful for userland TCP/IP stacks of
# network scanners and so on, where many settings are randomized or
# bogus.
#
# If OS genre starts with @, it denotes an approximate hit for a group
# of operating systems (signature reporting still enabled in this case).
# Use this feature at the end of this file to catch cases for which
# you don't have a precise match, but can tell it's Windows or FreeBSD
# or whatnot by looking at, say, flag layout alone.
#
# Option block description is a list of comma or space separated
# options in the order they appear in the packet:
#
# N - NOP option
# Wnnn - window scaling option, value nnn (or * or %nnn)
# Mnnn - maximum segment size option, value nnn (or * or %nnn)
# S - selective ACK OK
# T - timestamp
# T0 - timestamp with a zero value
#
# To denote no TCP options, use a single '.'.
#
# Please report any additions to this file, or any inaccuracies or
# problems spotted, to the maintainers: lcamtuf@coredump.cx,
# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
# capture of the relevant SYN packet(s)
#
# A test and submission page is available at
# http://lcamtuf.coredump.cx/p0f-help/
#
#
# WARNING WARNING WARNING
# -----------------------
#
# Do not add a system X as OS Y just because NMAP says so. It is often
# the case that X is a NAT firewall. While nmap is talking to the
# device itself, p0f is fingerprinting the guy behind the firewall
# instead.
#
# When in doubt, use common sense, don't add something that looks like
# a completely different system as Linux or FreeBSD or LinkSys router.
# Check DNS name, establish a connection to the remote host and look
# at SYN+ACK - does it look similar?
#
# Some users tweak their TCP/IP settings - enable or disable RFC1323
# functionality, enable or disable timestamps or selective ACK,
# disable PMTU discovery, change MTU and so on. Always compare a new rule
# to other fingerprints for this system, and verify the system isn't
# "customized" before adding it. It is OK to add signature variants
# caused by a commonly used software (personal firewalls, security
# packages, etc), but it makes no sense to try to add every single
# possible /proc/sys/net/ipv4 tweak on Linux or so.
#
# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
# normalize packets. Signatures will not correspond to the originating
# system (and probably not quite to the firewall either).
#
# NOTE: Try to keep this file in some reasonable order, from most to
# least likely systems. This will speed up operation. Also keep most
# generic and broad rules near the end.
#
##########################
# Standard OS signatures #
##########################
# ----------------- AIX ---------------------
# AIX is first because its signatures are close to NetBSD, MacOS X and
# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
# This is a shoddy hack, though.
45046:64:0:44:M*: AIX:4.3::AIX 4.3
16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier
16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1
# ----------------- Linux -------------------
# S1:64:0:44:M*:A: Linux:1.2::Linux 1.2.x (XXX quirks support)
512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
# Endian snafu! Nelson says "ha-ha":
2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot)
S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer
S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7
S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
S4:64:1:60:M*,S,T,N,W5: Linux:2.6::Linux 2.6 (newer, 1)
S4:64:1:60:M*,S,T,N,W6: Linux:2.6::Linux 2.6 (newer, 2)
S4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 3)
T4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 4)
S10:64:1:60:M*,S,T,N,W4: Linux:3.0::Linux 3.0
S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4)
S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
S3:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4)
S4:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4)
S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer
S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
# Popular cluster config scripts disable timestamps and
# selective ACK:
S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster
# This needs to be investigated. On some systems, WSS
# is selected as a multiple of MTU instead of MSS. I got
# many submissions for this for many late versions of 2.4:
T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon)
# This happens only over loopback, but let's make folks happy:
32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local)
S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local)
# Opera visitors:
16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?)
32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?)
# Some fairly common mods:
S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps
S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
# ----------------- FreeBSD -----------------
16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
# XXX need quirks support
# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3)
# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323)
# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
# ----------------- NetBSD ------------------
16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3
65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera)
16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6
16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF)
65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF)
65535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF)
32768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization)
# ----------------- OpenBSD -----------------
16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9
16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)
16384:64:1:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1::OpenBSD 6.1
16384:64:0:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df)
# ----------------- DragonFly BSD -----------------
57344:64:1:60:M*,N,W0,N,N,T: DragonFly:1.0:A:DragonFly 1.0A
57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:1.2-1.12::DragonFly 1.2-1.12
5840:64:1:60:M*,S,T,N,W4: DragonFly:2.0-2.1::DragonFly 2.0-2.1
57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:2.2-2.3::DragonFly 2.2-2.3
57344:64:0:64:M*,N,W5,N,N,S,N,N,T: DragonFly:2.4-2.7::DragonFly 2.4-2.7
# ----------------- Solaris -----------------
S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323
S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8
S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7
S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7
S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1
S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9
S44:255:1:44:M*: Solaris:2.7::Solaris 7
4096:64:0:44:M1460: SunOS:4.1::SunOS 4.1.x
S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta)
32850:64:1:64:M*,N,N,T,N,W1,N,N,S: Solaris:10::Solaris 10 1203
# ----------------- IRIX --------------------
49152:64:0:44:M*: IRIX:6.4::IRIX 6.4
61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5
49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
49152:60:0:64:M*,N,W2,N,N,T,N,N,S: IRIX:6.5:IP27:IRIX 6.5 IP27
# ----------------- Tru64 -------------------
32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4)
32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0
8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
# ----------------- OpenVMS -----------------
6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
# ----------------- MacOS -------------------
# XXX Need EOL tcp opt support
# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic
# XXX some of these use EOL too
16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP)
32768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2
65535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4)
# ----------------- Windows -----------------
# Windows TCP/IP stack is a mess. For most recent XP, 2000 and
# even 98, the patchlevel, not the actual OS version, is more
# relevant to the signature. They share the same code, so it would
# seem. Luckily for us, almost all Windows 9x boxes have an
# awkward MSS of 536, which I use to tell one from another
# in most difficult cases.
8192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows)
S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95
8192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b
# There were so many tweaking tools and so many stack versions for
# Windows 98 it is no longer possible to tell them from each other
# without some very serious research. Until then, there's an insane
# number of signatures, for your amusement:
S44:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL)
8192:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL)
%8192:64:1:48:M536,N,N,S: Windows:98::Windows 98
%8192:128:1:48:M536,N,N,S: Windows:98::Windows 98
S4:64:1:48:M*,N,N,S: Windows:98::Windows 98
S6:64:1:48:M*,N,N,S: Windows:98::Windows 98
S12:64:1:48:M*,N,N,S: Windows:98::Windows 98
T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
32767:64:1:48:M*,N,N,S: Windows:98::Windows 98
37300:64:1:48:M*,N,N,S: Windows:98::Windows 98
46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323)
65535:64:1:44:M*: Windows:98:noSack:Windows 98 (no sack)
S16:128:1:48:M*,N,N,S: Windows:98::Windows 98
S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
S26:128:1:48:M*,N,N,S: Windows:98::Windows 98
T30:128:1:48:M*,N,N,S: Windows:98::Windows 98
32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98
60352:128:1:48:M*,N,N,S: Windows:98::Windows 98
60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98
# What's with 1414 on NT?
T31:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older)
# Windows XP and 2000. Most of the signatures that were
# either dubious or non-specific (no service pack data)
# were deleted and replaced with generics at the end.
65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
S20:128:1:48:M*,N,N,S: Windows:2000::Windows 2000/XP SP3
S20:128:1:48:M*,N,N,S: Windows:XP:SP3:Windows 2000/XP SP3
S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP 1
S45:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP 1
40320:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4
S6:128:1:48:M*,N,N,S: Windows:2000:SP2:Windows XP, 2000 SP2+
S6:128:1:48:M*,N,N,S: Windows:XP::Windows XP, 2000 SP2+
S12:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1
S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows Pro SP1, 2000 SP3
S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows Pro SP1, 2000 SP3
64512:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows SP1, 2000 SP3
64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP3
32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4
32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4
8192:128:1:52:M*,N,W2,N,N,S: Windows:Vista::Windows Vista/7
# Odds, ends, mods:
S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco
S52:128:1:48:M1260,N,N,S: Windows:XP:cisco:Windows XP/2000 via Cisco
65520:128:1:48:M*,N,N,S: Windows:XP::Windows XP bare-bone
16384:128:1:52:M536,N,W0,N,N,S: Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm?
2048:255:0:40:.: Windows:.NET::Windows .NET Enterprise Server
44620:64:0:48:M*,N,N,S: Windows:ME::Windows ME no SP (?)
S6:255:1:48:M536,N,N,S: Windows:95:winsock2:Windows 95 winsock 2
32768:32:1:52:M1460,N,W0,N,N,S: Windows:2003:AS:Windows 2003 AS
# No need to be more specific, it passes:
# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk
# there is an equiv similar generic sig w/o the quirk
# ----------------- HP/UX -------------------
32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20
32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0
32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11
32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11
# Whoa. Hardcore WSS.
0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
# ----------------- RiscOS ------------------
# We don't yet support the ?12 TCP option
#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36
12288:32:0:44:M536: RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10
# XXX quirk
# 4096:64:1:56:M1460,N,N,T:T: RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00
# ----------------- BSD/OS ------------------
# Once again, power of two WSS is also shared by MacOS X with DF set
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
# ---------------- NewtonOS -----------------
4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1
# ---------------- NeXTSTEP -----------------
S4:64:0:44:M1024: NeXTSTEP:3.3::NeXTSTEP 3.3
S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3
# ------------------ BeOS -------------------
1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1
12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x
# ------------------ OS/400 -----------------
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5
4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
# XXX quirk
# 28672:64:0:44:M1460:A:OS/390:?
# ------------------ ULTRIX -----------------
16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5
# ------------------- QNX -------------------
S16:64:0:44:M512: QNX:::QNX demodisk
# ------------------ Novell -----------------
16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0
6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11
6144:128:1:44:M1368: Novell:BorderManager::Novell BorderManager ?
6144:128:1:52:M*,W0,N,S,N,N: Novell:Netware:6:Novell Netware 6 SP3
# ----------------- SCO ------------------
S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1
S17:64:1:60:M1380,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3
S23:64:1:44:M1380: SCO:OpenServer:5.0:SCO OpenServer 5.0
# ------------------- DOS -------------------
2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
T2:255:0:44:M984: DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro)
# ------------------ OS/2 -------------------
S56:64:0:44:M512: OS/2:4::OS/2 4
28672:64:0:44:M1460: OS/2:4::OS/2 Warp 4.0
# ----------------- TOPS-20 -----------------
# Another hardcore MSS, one of the ACK leakers hunted down.
# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7
0:64:0:44:M1460: TOPS-20:7::TOPS-20 version 7
# ----------------- FreeMiNT ----------------
S44:255:0:44:M536: FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari)
# ------------------ AMIGA ------------------
# XXX TCP option 12
# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack
# ------------------ Plan9 ------------------
65535:255:0:48:M1460,W0,N: Plan9:4::Plan9 edition 4
# ----------------- AMIGAOS -----------------
16384:64:1:48:M1560,N,N,S: AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX
###########################################
# Appliance / embedded / other signatures #
###########################################
# ---------- Firewalls / routers ------------
S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1)
S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2)
4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x
# XXX TCP option 12
# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3
# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026
S4:64:1:60:W0,N,S,T,M1460: FortiNet:FortiGate:50:FortiNet FortiGate 50
8192:64:1:44:M1460: Eagle:::Eagle Secure Gateway
S52:128:1:48:M1260,N,N,N,N: LinkSys:WRV54G::LinkSys WRV54G VPN router
# ------- Switches and other stuff ----------
4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc
S8:255:0:44:M*: Cisco:12008::Cisco 12008
60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch
64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client
# ---------- Caches and whatnots ------------
S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache
32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x
16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:64:M1460,N,N,S,N,W*,N,N,T: NetApp:5.3-5.5::NetApp 5.3-5.5
65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow
8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1
20480:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:4.1::NetApp NetCache4.1
65535:64:0:60:M1460,N,W0,N,N,T: CacheFlow:4.1::CacheFlow CacheOS 4.1
8192:64:0:60:M1380,N,N,N,N,N,N,T: CacheFlow:1.1::CacheFlow CacheOS 1.1
S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine
27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based)
65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler
S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg
16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?)
65535:255:0:48:M*,N,N,S: Redline:::Redline T|X 2200
32696:128:0:40:M1460: Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine
# ----------- Embedded systems --------------
S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C
S5:255:0:44:M536: PalmOS:3::PalmOS 3/4
S5:255:0:44:M536: PalmOS:4::PalmOS 3/4
S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5
2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera)
S29:255:0:44:M536: PalmOS:5::PalmOS 5.0
16384:255:0:44:M1398: PalmOS:5.2:Clie:PalmOS 5.2 (Clie)
S14:255:0:44:M1350: PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo)
S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7
8192:255:0:44:M1460: SymbianOS:6048::Symbian OS 6048 (Nokia 7650?)
8192:255:0:44:M536: SymbianOS:9210::Symbian OS (Nokia 9210?)
S22:64:1:56:M1460,T,S: SymbianOS:P800::Symbian OS ? (SE P800?)
S36:64:1:56:M1360,T,S: SymbianOS:6600::Symbian OS 60xx (Nokia 6600?)
# Perhaps S4?
5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10
32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002
S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0
4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
T5:64:0:44:M536: Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027)
S22:64:1:44:M1460: Sony:PS2::Sony Playstation 2 (SOCOM?)
S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
3100:32:1:44:M1460: Windows:CE:2.0:Windows CE 2.0
####################
# Fancy signatures #
####################
1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1)
2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2)
3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3)
4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4)
# Requires quirks support
# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1)
# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2)
# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3)
# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4)
1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1)
2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2)
3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3)
4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4)
32767:64:0:40:.: *NAST:::NASTsyn scan
# Requires quirks support
# 12345:255:0:40:.:A:-p0f:sendsyn utility
#####################################
# Generic signatures - just in case #
#####################################
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W*,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W*,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+)
*:128:1:48:M536,N,N,S: @Windows:98::Windows 98
*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000
*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000

BIN
conf/system/include/14.3/pfctl Normal file
View File

Binary file not shown.

BIN
conf/system/include/14.3/pfilctl Normal file
View File

Binary file not shown.

BIN
conf/system/include/14.3/pflogd Normal file
View File

Binary file not shown.

BIN
conf/system/include/14.3/setfib Normal file
View File

Binary file not shown.

BIN
conf/system/include/14.3/sum Normal file
View File

Binary file not shown.

BIN
conf/system/include/14.3/zstd Normal file
View File

Binary file not shown.

303
gui/bastille_manager-lib.inc Executable file → Normal file
View File

@@ -2,7 +2,7 @@
/*
bastille_manager-lib.inc
Copyright (c) 2019-2020 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -30,22 +30,34 @@
SUCH DAMAGE.
*/
require_once 'super_fun.inc';
require_once 'globals.inc';
require_once 'array.inc';
require_once 'system.inc';
// Initialize some variables.
// TODO: Some infos can be gathered with-
// internal PHP functions rather than external shell commands.
// ===== OPTIMIZATION: Cache Configuration =====
define('JAIL_INFO_CACHE_TIME', 5); // seconds
define('JAIL_INFO_CACHE_FILE', '/tmp/bastille_jail_info_cache.json');
// =============================================
//$rootfolder = dirname($config['rc']['postinit']['cmd'][$i]);
// Initialize some variables.
$prdname = "bastille";
$application = "Bastille Manager";
$restore_name = "restore";
$confdir = "/var/etc/bastille_conf";
$cwdir = exec("/usr/bin/grep 'INSTALL_DIR=' $confdir/conf/bastille_config | /usr/bin/cut -d'\"' -f2");
$rootfolder = $cwdir;
// Check for configuration file
$conf_file = "$confdir/conf/bastille_config";
if (!file_exists($conf_file) && file_exists(__DIR__ . "/../conf/bastille_config")) {
$conf_file = __DIR__ . "/../conf/bastille_config";
}
$cwdir = exec("/usr/bin/grep 'INSTALL_DIR=' $conf_file | /usr/bin/cut -d'\"' -f2");
if (!empty($cwdir)) {
$rootfolder = $cwdir;
}
$configfile = "$rootfolder/conf/bastille_config";
$configfile_bastille = "$rootfolder/bastille-dist/usr/local/etc/bastille/bastille.conf";
$versionfile = "$rootfolder/version";
@@ -53,56 +65,60 @@ $versionfile = "$rootfolder/version";
$date = date('D M d h:i:s Y', time()); // Equivalent date replacement for the previous strftime function.
$logfile = "$rootfolder/log/bastille_ext.log";
$logevent = "$rootfolder/log/bastille_last_event.log";
$backup_path = exec("/usr/bin/grep 'BACKUP_DIR=' $configfile | /usr/bin/cut -d'\"' -f2");
// Reuse $conf_file if it's our local one, otherwise use the standard greed
$grep_config = file_exists($configfile) ? $configfile : $conf_file;
$backup_path = exec("/usr/bin/grep 'BACKUP_DIR=' $grep_config | /usr/bin/cut -d'\"' -f2");
$bastille_config = "$rootfolder/conf/bastille_config";
$config_path = exec("/usr/bin/grep 'BASTILLE_CONFIG=' $configfile | /usr/bin/cut -d'\"' -f2");
$config_path = exec("/usr/bin/grep 'BASTILLE_CONFIG=' $grep_config | /usr/bin/cut -d'\"' -f2");
$default_distfiles = exec("/usr/bin/grep 'bastille_bootstrap_archives=' $config_path | /usr/bin/cut -d'\"' -f2");
$jail_dir = "{$rootfolder}/jails";
$image_dir = "ext/bastille/images";
$reldir = "{$rootfolder}/releases";
$backup_path_bastille = exec("/usr/sbin/sysrc -f $rootfolder/bastille-dist/usr/local/etc/bastille/bastille.conf -qn bastille_backupsdir");
$zfs_support = exec("/usr/bin/grep 'ZFS_SUPPORT=' $configfile | /usr/bin/cut -d'\"' -f2");
$zfs_activated = exec("/usr/bin/grep 'ZFS_ACTIVATED=' $configfile | /usr/bin/cut -d'\"' -f2");
$tarballversion = "/usr/local/bin/bastille";
$zfs_support = exec("/usr/bin/grep 'ZFS_SUPPORT=' $grep_config | /usr/bin/cut -d'\"' -f2");
$zfs_activated = exec("/usr/bin/grep 'ZFS_ACTIVATED=' $grep_config | /usr/bin/cut -d'\"' -f2");
if (!isset($tarballversion)) $tarballversion = "/usr/local/bin/bastille";
$bastille_version_min = exec("grep 'BASTILLE_VERSION=' $tarballversion | cut -d '\"' -f2 | tr -d '.'");
$host_version = exec("/bin/cat /etc/prd.version | tr -d '.'");
$linux_compat_support = exec("/usr/bin/grep 'LINUX_COMPAT_SUPPORT=' $configfile | /usr/bin/cut -d'\"' -f2");
$linux_compat_support = exec("/usr/bin/grep 'LINUX_COMPAT_SUPPORT=' $grep_config | /usr/bin/cut -d'\"' -f2");
$jail_settings = "settings.conf";
// Ensure the root directory is configured.
if ($rootfolder == "")
if ($rootfolder == ""):
$input_errors[] = gtext("Extension installed with fault");
else {
else:
// Initialize locales.
$textdomain = "/usr/local/share/locale";
$textdomain_bastille = "/usr/local/share/locale-bastille";
if (!is_link($textdomain_bastille)) { mwexec("ln -s {$rootfolder}/locale-bastille {$textdomain_bastille}", true); }
if (!is_link($textdomain_bastille)):
mwexec("ln -s {$rootfolder}/locale-bastille {$textdomain_bastille}", true);
endif;
bindtextdomain("xigmanas", $textdomain_bastille);
}
endif;
if (is_file("{$rootfolder}/postinit")) unlink("{$rootfolder}/postinit");
// Check releases dir.
function is_dir_empty($reldir) {
if (!is_readable($reldir)) return NULL;
if (!is_readable($reldir)) return NULL;
return (count(scandir($reldir)) == 2);
}
// Get bastille version
function get_version_bastille() {
global $tarballversion, $prdname;
if (is_file("{$tarballversion}")) {
//exec("/bin/cat {$tarballversion}", $result);
exec("/usr/bin/grep 'BASTILLE_VERSION=' {$tarballversion} | cut -d'\"' -f2", $result);
if (is_file("{$tarballversion}")):
exec("/usr/bin/grep 'BASTILLE_VERSION=' {$tarballversion} | cut -d'=' -f2", $result);
return ($result[0] ?? '');
}
else {
else:
exec("/usr/local/bin/{$prdname} version | awk 'NR==1'", $result);
return ($result[0] ?? '');
}
endif;
}
// Initial install banner
function initial_install_banner() {
// Never display this if bastille is already bootstraped/activated.
global $rootfolder;
global $zfs_activated;
$is_activated = "";
@@ -122,7 +138,7 @@ function initial_install_banner() {
return $is_bootstrapped = "YES";
break;
endif;
endforeach;
endforeach;
endif;
}
@@ -144,7 +160,7 @@ function get_state_zfs() {
function get_all_release_list() {
global $rootfolder;
global $g;
exec("/bin/echo; /bin/ls {$rootfolder}/releases 2>/dev/null | /usr/bin/tr -s ' ' '\n'",$relinfo);
exec("/bin/echo; /bin/ls {$rootfolder}/releases | /usr/bin/tr -s ' ' '\n'",$relinfo);
array_shift($relinfo);
$rellist = [];
foreach($relinfo as $rel):
@@ -189,102 +205,179 @@ foreach($a_interface as $k_interface => $ifinfo):
$l_interfaces[$k_interface] = $k_interface;
endforeach;
// Get jail infos.
// ===== CACHE FUNCTIONS =====
function is_cache_valid() {
if (!file_exists(JAIL_INFO_CACHE_FILE)) {
return false;
}
$cache_age = time() - filemtime(JAIL_INFO_CACHE_FILE);
return $cache_age < JAIL_INFO_CACHE_TIME;
}
function get_cached_jail_info() {
if (!is_cache_valid()) {
return null;
}
$cache_data = @file_get_contents(JAIL_INFO_CACHE_FILE);
if ($cache_data === false) {
return null;
}
return json_decode($cache_data, true);
}
function save_jail_info_cache($data) {
@file_put_contents(JAIL_INFO_CACHE_FILE, json_encode($data));
}
function invalidate_jail_cache() {
@unlink(JAIL_INFO_CACHE_FILE);
}
// ===== OPTIMIZED: Get jail infos =====
// Get jail infos - OPTIMIZED VERSION
function get_jail_infos() {
global $img_path;
global $image_dir;
global $configfile;
global $jail_dir;
// Try cache first
$cached = get_cached_jail_info();
if ($cached !== null) {
return $cached;
}
$result = [];
if(is_dir($jail_dir)):
$cmd = '/usr/local/bin/bastille list jail 2>&1';
else:
$cmd = ":";
endif;
mwexec2($cmd,$rawdata);
foreach($rawdata as $line):
$a = preg_split('/\t/',$line);
if (!is_dir($jail_dir)) {
return $result;
}
// OPTIMIZATION: Get bastille list ONCE and parse all jails
// Format: JID Name Boot Prio State Type IP_Address Published_Ports Release Tags
$cmd = '/usr/local/bin/bastille list 2>&1';
mwexec2($cmd, $rawdata);
// Build a lookup table from bastille list output
$jail_data_map = [];
$header_skipped = false;
foreach ($rawdata as $line) {
// Skip header line
if (!$header_skipped) {
$header_skipped = true;
continue;
}
// Parse fields: JID Name Boot Prio State Type IP Ports Release Tags
$fields = preg_split('/\s+/', trim($line), 10);
if (count($fields) >= 6) {
$name = $fields[1];
$jail_data_map[$name] = [
'jid' => $fields[0],
'boot' => $fields[2],
'prio' => $fields[3],
'state' => $fields[4],
'type' => $fields[5],
'ip' => $fields[6] ?? '-',
'ports' => $fields[7] ?? '-',
'release' => $fields[8] ?? '-',
'tags' => $fields[9] ?? '-'
];
}
}
// Now process each jail from bastille list jail (for jail names)
$cmd = '/usr/local/bin/bastille list jail 2>&1';
mwexec2($cmd, $jail_names);
foreach ($jail_names as $line) {
$a = preg_split('/\t/', $line);
$r = [];
$name = $a[0];
if(preg_match('/(.*)/', $name, $m)):
$r['name'] = $m[1];
else:
$r['name'] = '-';
endif;
$r['jailname'] = $r['name'];
// Set the JID on the running jails.
$item = $r['jailname'];
$r['id'] = exec("/usr/sbin/jls | /usr/bin/awk '/{$item}\ /{print $1}'");
if (!$r['id']):
$r['id'] = "-";
endif;
// Set the IPv4 on the running jails.
//$r['ip'] = exec("/usr/sbin/jls | /usr/bin/grep {$item} | /usr/bin/awk '{print $2}'");
$r['ip'] = exec("/usr/bin/grep -w 'ip4.addr' {$jail_dir}/{$item}/jail.conf | /usr/bin/awk '{print $3}' | /usr/bin/tr -d ';'");
if (!$r['ip']):
$r['ip'] = exec("/usr/bin/grep -w 'ip6.addr' {$jail_dir}/{$item}/jail.conf | /usr/bin/awk '{print $3}' | /usr/bin/tr -d ';'");
endif;
// Try to get ip from vnet config.
if(!$r['ip']):
$r['ip'] = exec("/usr/local/bin/bastille cmd {$item} cat /etc/rc.conf | /usr/bin/grep 'ifconfig_vnet0=' | cut -d'\"' -f2 | sed 's/inet //'");
endif;
if (!$r['ip']):
$r['ip'] = "-";
endif;
// Display release.
$r['rel'] = exec("/usr/sbin/jexec {$item} freebsd-version 2>/dev/null");
if (!$r['rel']):
$r['rel'] = exec("/usr/sbin/jexec {$item} uname -o 2>/dev/null");
elseif (!$r['rel']):
$r['rel'] = "-";
endif;
// Display interfaces.
$r['nic'] = exec("/usr/bin/grep -wE 'interface.*=.*;|vnet.interface.*=.*;' {$jail_dir}/{$item}/jail.conf | /usr/bin/awk '{print $3}' | /usr/bin/tr -d ';'");
if (!$r['nic']):
$r['nic'] = "-";
endif;
// Display path.
$r['path'] = exec("/usr/bin/grep -w 'path' {$jail_dir}/{$item}/jail.conf | /usr/bin/awk '{print $3}' | /usr/bin/tr -d ';'");
if (!$r['path']):
$r['path'] = "-";
endif;
// Display auto-start settings.
$jail_autostart = exec("/usr/bin/grep -w {$item}_AUTO_START $configfile | cut -d'=' -f2 | tr -d '\"'");
if ($jail_autostart == 'YES') {
$r['boot'] = $img_path['ena'];
} elseif ($jail_autostart == 'NO') {
$r['boot'] = $img_path['dis'];
if (preg_match('/(.*)/', $name, $m)) {
$r['name'] = $m[1];
} else {
$r['boot'] = $img_path['dis'];
$r['name'] = '-';
}
// Display running status icons.
$jail_running = exec("/usr/sbin/jls name | /usr/bin/awk '/^{$item}\$/'");
if ($jail_running):
$r['jailname'] = $r['name'];
$item = $r['jailname'];
// Get data from our lookup table instead of executing bastille list again
if (isset($jail_data_map[$item])) {
$jail_data = $jail_data_map[$item];
$r['id'] = $jail_data['jid'];
$r['boot'] = $jail_data['boot'];
$r['prio'] = $jail_data['prio'];
$r['state'] = $jail_data['state'];
$r['type'] = $jail_data['type'];
$r['ip'] = $jail_data['ip'];
$r['ports'] = $jail_data['ports'];
$r['rel'] = $jail_data['release'];
$r['tags'] = $jail_data['tags'];
} else {
// Fallback if jail not in bastille list output
$r['id'] = '-';
$r['boot'] = '-';
$r['prio'] = '-';
$r['state'] = '-';
$r['type'] = '-';
$r['ip'] = '-';
$r['ports'] = '-';
$r['rel'] = '-';
$r['tags'] = '-';
}
// Get description
// $r['description'] = exec("/usr/local/bin/bastille config {$item} get description");
// if (!$r['description']) $r['description'] = "-";
// Set defaults for empty values
if (!$r['id']) $r['id'] = "-";
if (!$r['boot']) $r['boot'] = "-";
if (!$r['prio']) $r['prio'] = "-";
if (!$r['state']) $r['state'] = "-";
if (!$r['type']) $r['type'] = "-";
if (!$r['ip']) $r['ip'] = "-";
if (!$r['ports']) $r['ports'] = "-";
if (!$r['rel']) $r['rel'] = "-";
if (!$r['tags']) $r['tags'] = "-";
// Display running status icons
if ($r['state'] == "Up") {
$r['stat'] = $img_path['ena'];
else:
} else {
$r['stat'] = $img_path['dis'];
endif;
// Display custom template icons if available.
}
// Display custom template icons if available
$template_icon = "{$jail_dir}/{$item}/plugin_icon.png";
if(file_exists($template_icon)):
if(!file_exists("{$image_dir}/{$item}_icon.png")):
copy("$template_icon", "{$image_dir}/{$item}_icon.png");
endif;
if (file_exists($template_icon)) {
if (!file_exists("{$image_dir}/{$item}_icon.png")) {
@copy("$template_icon", "{$image_dir}/{$item}_icon.png");
}
$r['logo'] = "{$image_dir}/{$item}_icon.png";
else:
$template_icon = exec("/usr/bin/grep linsysfs {$jail_dir}/{$item}/fstab");
if($template_icon):
// Display standard Linux icon.
} else {
$template_icon = exec("/usr/bin/grep linsysfs {$jail_dir}/{$item}/fstab 2>/dev/null");
if ($template_icon) {
// Display standard Linux icon
$r['logo'] = "{$image_dir}/linux_icon.png";
else:
// Display standard FreeBSD icon.
} else {
// Display standard FreeBSD icon
$r['logo'] = "{$image_dir}/bsd_icon.png";
endif;
endif;
}
}
$result[] = $r;
endforeach;
}
// Save to cache
save_jail_info_cache($result);
return $result;
}
?>
?>

531
gui/bastille_manager_add.php
View File

@@ -2,8 +2,8 @@
/*
bastille_manager_add.php
Copyright (c) 2019 José Rivera (joserprg@gmail.com).
All rights reserved.
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Portions of XigmaNAS® (https://www.xigmanas.com).
Copyright (c) 2018 XigmaNAS® <info@xigmanas.com>.
@@ -14,13 +14,13 @@
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the developer nor the names of contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE DEVELOPER ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -42,106 +42,121 @@ require_once("bastille_manager-lib.inc");
$pgtitle = array(gtext("Extensions"), "Bastille", "Create");
$pconfig = [];
$errormsg = "";
if(!(isset($pconfig['jailname']))):
if (!(isset($pconfig['jailname']))):
$pconfig['jailname'] = 'jail1';
endif;
if(!(isset($pconfig['ipaddress']))):
if (!(isset($pconfig['ipaddress']))):
$pconfig['ipaddress'] = '';
endif;
if(!get_all_release_list()):
if (!get_all_release_list()):
$errormsg = gtext('No base releases extracted yet.')
. ' '
. '<a href="' . 'bastille_manager_tarballs.php' . '">'
. gtext('Please download a base release first.')
. '</a>';
$prerequisites_ok = false;
. ' '
. '<a href="' . 'bastille_manager_tarballs.php' . '">'
. gtext('Please download a base release first.')
. '</a>';
$prerequisites_ok = false;
endif;
if($_POST):
$zfs_status = get_state_zfs();
if ($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
if ($_POST):
global $jail_dir;
global $configfile;
unset($input_errors);
$pconfig = $_POST;
if(isset($_POST['Cancel']) && $_POST['Cancel']):
if (isset($_POST['Cancel']) && $_POST['Cancel']):
header('Location: bastille_manager_gui.php');
exit;
endif;
if(isset($_POST['Create']) && $_POST['Create']):
$jname = $pconfig['jailname'];
$ipaddr = $pconfig['ipaddress'];
$release = $pconfig['release'];
$resolv_conf = "{$jail_dir}/{$jname}/root/etc/resolv.conf";
$resolv_host = "/var/etc/resolv.conf";
$options = "";
if ($_POST['interface'] == 'Config'):
$interface = "";
if (isset($_POST['Create']) && $_POST['Create']):
$zfs_status = get_state_zfs();
if ($zfs_status == "Invalid ZFS configuration"):
// Abort jail creation if invalid ZFS configuration.
$input_errors[] = gtext("Cannot create jail with an invalid ZFS configuration.");
else:
$interface = $pconfig['interface'];
endif;
if($release == 'Ubuntu_1804'):
$release = "ubuntu-bionic";
elseif($release == 'Ubuntu_2004'):
$release = "ubuntu-focal";
elseif($release == 'Ubuntu_2204'):
$release = "ubuntu-jammy";
elseif($release == 'Debian9'):
$release = "debian-stretch";
elseif($release == 'Debian10'):
$release = "debian-buster";
elseif($release == 'Debian12'):
$release = "debian-bookworm";
endif;
if(isset($_POST['thickjail']) && isset($_POST['vnetjail'])):
$options = "-T -V";
elseif(isset($_POST['thickjail']) && isset($_POST['bridgejail'])):
$options = "-T -B";
elseif(isset($_POST['thickjail'])):
$options = "-T";
elseif(isset($_POST['vnetjail'])):
$options = "-V";
elseif(isset($_POST['bridgejail'])):
$options = "-B";
elseif(isset($_POST['linuxjail'])):
$options = "-L";
endif;
if(isset($_POST['emptyjail'])):
// Just create an empty container with minimal jail.conf.
$cmd = ("/usr/local/bin/bastille create -E {$jname}");
else:
if (isset($_POST['nowstart'])):
$cmd = ("/usr/local/bin/bastille create {$options} {$jname} {$release} {$ipaddr} {$interface} && /usr/local/bin/bastille start {$jname}");
$jname = $pconfig['jailname'];
$ipaddr = $pconfig['ipaddress'];
$release = $pconfig['release'];
$resolv_conf = "{$jail_dir}/{$jname}/root/etc/resolv.conf";
$resolv_host = "/var/etc/resolv.conf";
$options = "";
if ($_POST['interface'] == 'Config'):
$interface = "";
else:
$cmd = ("/usr/local/bin/bastille create {$options} {$jname} {$release} {$ipaddr} {$interface}");
$interface = $pconfig['interface'];
endif;
endif;
if ($_POST['Create']):
if(get_all_release_list()):
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
if (isset($_POST['autostart'])):
exec("/usr/sbin/sysrc -f {$configfile} {$jname}_AUTO_START=\"YES\"");
endif;
if(is_link($resolv_conf)):
if(unlink($resolv_conf)):
//exec("/usr/local/bin/bastille cp $jname $resolv_host etc");
copy($resolv_host, $resolv_conf);
endif;
endif;
//$savemsg .= gtext("Boot Environment created and activated successfully.");
header('Location: bastille_manager_gui.php');
exit;
if ($release == 'Ubuntu_1804'):
$release = "ubuntu-bionic";
elseif ($release == 'Ubuntu_2004'):
$release = "ubuntu-focal";
elseif ($release == 'Ubuntu_2204'):
$release = "ubuntu-jammy";
elseif ($release == 'Debian9'):
$release = "debian-stretch";
elseif ($release == 'Debian10'):
$release = "debian-buster";
elseif ($release == 'Debian12'):
$release = "debian-bookworm";
endif;
if (isset($_POST['thickjail']) && isset($_POST['vnetjail'])):
$options = "-T -V";
elseif (isset($_POST['thickjail']) && isset($_POST['bridgejail'])):
$options = "-T -B";
elseif (isset($_POST['thickjail'])):
$options = "-T";
elseif (isset($_POST['vnetjail'])):
$options = "-V";
elseif (isset($_POST['bridgejail'])):
$options = "-B";
elseif (isset($_POST['linuxjail'])):
$options = "-L";
endif;
if (isset($_POST['emptyjail'])):
// Just create an empty container with minimal jail.conf.
$cmd = ("/usr/local/bin/bastille create -E {$jname}");
else:
if (isset($_POST['autostart'])):
$cmd = ("/usr/local/bin/bastille create {$options} {$jname} {$release} {$ipaddr} {$interface}");
else:
$errormsg .= gtext("Failed to create container.");
$cmd = ("/usr/local/bin/bastille create --no-boot {$options} {$jname} {$release} {$ipaddr} {$interface}");
endif;
else:
$errormsg .= gtext(" <<< Failed to create container.");
endif;
if ($_POST['Create']):
if (get_all_release_list()):
unset($output, $retval);
mwexec2($cmd, $output, $retval);
if ($retval == 0):
//if (isset($_POST['autostart'])):
// exec("/usr/sbin/sysrc -f {$configfile} {$jname}_AUTO_START=\"YES\"");
//endif;
if (is_link($resolv_conf)):
if (unlink($resolv_conf)):
//exec("/usr/local/bin/bastille cp $jname $resolv_host etc");
copy($resolv_host, $resolv_conf);
endif;
endif;
header('Location: bastille_manager_gui.php');
exit;
else:
$errormsg .= gtext("Failed to create container.");
endif;
else:
$errormsg .= gtext(" <<< Failed to create container.");
endif;
endif;
endif;
endif;
endif;
@@ -149,196 +164,204 @@ endif;
include 'fbegin.inc';
?>
<script type="text/javascript">
//<![CDATA[
$(window).on("load",function() {
$("#iform").submit(function() { spinner(); });
$(".spin").click(function() { spinner(); });
});
function emptyjail_change() {
switch(document.iform.emptyjail.checked) {
case false:
showElementById('ipaddress_tr','show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr','hide');
showElementById('interface_tr', 'hide');
showElementById('release_tr', 'hide');
showElementById('thickjail_tr', 'hide');
showElementById('vnetjail_tr', 'hide');
showElementById('bridgejail_tr', 'hide');
showElementById('nowstart_tr', 'hide');
showElementById('autostart_tr', 'hide');
showElementById('linuxjail_tr', 'hide');
break;
//<![CDATA[
$(window).on("load", function () {
$("#iform").submit(function () { spinner(); });
$(".spin").click(function () { spinner(); });
});
function emptyjail_change() {
switch (document.iform.emptyjail.checked) {
case false:
showElementById('ipaddress_tr', 'show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
//showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr', 'hide');
showElementById('interface_tr', 'hide');
showElementById('release_tr', 'hide');
showElementById('thickjail_tr', 'hide');
showElementById('vnetjail_tr', 'hide');
showElementById('bridgejail_tr', 'hide');
//showElementById('nowstart_tr', 'hide');
showElementById('autostart_tr', 'hide');
showElementById('linuxjail_tr', 'hide');
break;
}
}
}
function linuxjail_change() {
switch(document.iform.linuxjail.checked) {
case false:
showElementById('ipaddress_tr','show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
showElementById('emptyjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr','show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'hide');
showElementById('vnetjail_tr', 'hide');
showElementById('bridgejail_tr', 'hide');
showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('emptyjail_tr', 'hide');
break;
function linuxjail_change() {
switch (document.iform.linuxjail.checked) {
case false:
showElementById('ipaddress_tr', 'show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
//showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
showElementById('emptyjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr', 'show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'hide');
showElementById('vnetjail_tr', 'hide');
showElementById('bridgejail_tr', 'hide');
//showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('emptyjail_tr', 'hide');
break;
}
}
}
function vnetjail_change() {
switch(document.iform.vnetjail.checked) {
case false:
showElementById('ipaddress_tr','show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr','show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'hide');
showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
function vnetjail_change() {
switch (document.iform.vnetjail.checked) {
case false:
showElementById('ipaddress_tr', 'show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
//showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr', 'show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'hide');
//showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
}
}
}
function bridgejail_change() {
switch(document.iform.bridgejail.checked) {
case false:
showElementById('ipaddress_tr','show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr','show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'hide');
showElementById('bridgejail_tr', 'show');
showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
function bridgejail_change() {
switch (document.iform.bridgejail.checked) {
case false:
showElementById('ipaddress_tr', 'show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'show');
showElementById('bridgejail_tr', 'show');
//showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
case true:
showElementById('ipaddress_tr', 'show');
showElementById('interface_tr', 'show');
showElementById('release_tr', 'show');
showElementById('thickjail_tr', 'show');
showElementById('vnetjail_tr', 'hide');
showElementById('bridgejail_tr', 'show');
//showElementById('nowstart_tr', 'show');
showElementById('autostart_tr', 'show');
showElementById('linuxjail_tr', 'show');
break;
}
}
}
//]]>
//]]>
</script>
<?php
$document = new co_DOMDocument();
$document->
add_area_tabnav()->
push()->
add_tabnav_upper()->
ins_tabnav_record('bastille_manager_gui.php',gettext('Containers'),gettext('Reload page'),true)->
ins_tabnav_record('bastille_manager_info.php',gettext('Information'),gettext('Reload page'),true)->
ins_tabnav_record('bastille_manager_maintenance.php',gettext('Maintenance'),gettext('Reload page'),true);
push()->
add_tabnav_upper()->
ins_tabnav_record('bastille_manager_gui.php', gettext('Containers'), gettext('Reload page'), true)->
ins_tabnav_record('bastille_manager_info.php', gettext('Information'), gettext('Reload page'), true)->
ins_tabnav_record('bastille_manager_maintenance.php', gettext('Maintenance'), gettext('Reload page'), true);
$document->render();
?>
<form action="bastille_manager_add.php" method="post" name="iform" id="iform"><table id="area_data"><tbody><tr><td id="area_data_frame">
<?php
if(!empty($errormsg)):
print_error_box($errormsg);
endif;
if(!empty($savemsg)):
print_info_box($savemsg);
endif;
if(!empty($input_errors)):
print_input_errors($input_errors);
endif;
if(file_exists($d_sysrebootreqd_path)):
print_info_box(get_std_save_message(0));
endif;
?>
<table class="area_data_settings">
<colgroup>
<col class="area_data_settings_col_tag">
<col class="area_data_settings_col_data">
</colgroup>
<thead>
<?php
html_titleline2(gettext('Create new Container'));
?>
</thead>
<form action="bastille_manager_add.php" method="post" name="iform" id="iform">
<table id="area_data">
<tbody>
<?php
html_inputbox2('jailname',gettext('Friendly name'),$pconfig['jailname'],'',true,20);
html_inputbox2('ipaddress',gettext('IP Address'),$pconfig['ipaddress'],'',true,20);
$a_action = $l_interfaces;
$b_action = $l_release;
html_combobox2('interface',gettext('Network interface'),!empty($pconfig['interface']),$a_action,'',true,false);
html_combobox2('release',gettext('Base release'),!empty($pconfig['release']),$b_action,'',true,false);
if($bastille_version_min > "0700000000"):
html_checkbox2('thickjail',gettext('Create a thick container'),!empty($pconfig['thickjail']) ? true : false,gettext('These containers consume more space, but are self contained.'),'',false);
if($host_version > "12100"):
html_checkbox2('vnetjail',gettext('Enable VNET(VIMAGE)'),!empty($pconfig['vnetjail']) ? true : false,gettext('VNET-enabled containers are attached to a virtual bridge interface for connectivity(Only supported on 13.x and above).'),'',false,false,'vnetjail_change()');
html_checkbox2('bridgejail',gettext('Enable Bridge VNET(VIMAGE)'),!empty($pconfig['bridgejail']) ? true : false,gettext('Bridge VNET-enabled containers are attached to a specified, already existing external bridge(Only supported on 13.x and above).'),'',false,false,'bridgejail_change()');
endif;
html_checkbox2('emptyjail',gettext('Create an empty container'),!empty($pconfig['emptyjail']) ? true : false,gettext('This are ideal for custom builds, experimenting with unsupported RELEASES or Linux jails.'),'',false,false,'emptyjail_change()');
if($linux_compat_support == "YES"):
html_checkbox2('linuxjail',gettext('Create a Linux container'),!empty($pconfig['linuxjail']) ? true : false,gettext('This will create a Linux container, this is highly experimental and for testing purposes.'),'',false,false,'linuxjail_change()');
endif;
endif;
html_checkbox2('nowstart',gettext('Start after creation'),!empty($pconfig['nowstart']) ? true : false,gettext('Start the container after creation(May be overridden by later bastille releases).'),'',false);
html_checkbox2('autostart',gettext('Auto start on boot'),!empty($pconfig['autostart']) ? true : false,gettext('Automatically start the container at boot time.'),'',false);
?>
<tr>
<td id="area_data_frame">
<?php
if (!empty($errormsg)):
print_error_box($errormsg);
endif;
if (!empty($savemsg)):
print_info_box($savemsg);
endif;
if (!empty($input_errors)):
print_input_errors($input_errors);
endif;
if (file_exists($d_sysrebootreqd_path)):
print_info_box(get_std_save_message(0));
endif;
?>
<table class="area_data_settings">
<colgroup>
<col class="area_data_settings_col_tag">
<col class="area_data_settings_col_data">
</colgroup>
<thead>
<?php
html_titleline2(gettext('Create new Container'), 2);
?>
</thead>
<tbody>
<?php
html_inputbox2('jailname', gettext('Friendly name'), $pconfig['jailname'], '', true, 20);
html_inputbox2('ipaddress', gettext('IP Address'), $pconfig['ipaddress'], '', true, 20);
$a_action = $l_interfaces;
$b_action = $l_release;
html_combobox2('interface', gettext('Network interface'), !empty($pconfig['interface']), $a_action, '', true, false);
html_combobox2('release', gettext('Base release'), !empty($pconfig['release']), $b_action, '', true, false);
if ($bastille_version_min > "0700000000"):
html_checkbox2('thickjail', gettext('Create a thick container'), !empty($pconfig['thickjail']) ? true : false, gettext('These containers consume more space, but are self contained and fully independent.'), '', false);
if ($host_version > "12100"):
html_checkbox2('vnetjail', gettext('Enable VNET(VIMAGE)'), !empty($pconfig['vnetjail']) ? true : false, gettext('VNET-enabled containers are attached to a virtual bridge interface for connectivity(Only supported on 13.x and above).'), '', false, false, 'vnetjail_change()');
html_checkbox2('bridgejail', gettext('Enable Bridge VNET(VIMAGE)'), !empty($pconfig['bridgejail']) ? true : false, gettext('Bridge VNET-enabled containers are attached to a specified, already existing external bridge(Only supported on 13.x and above).'), '', false, false, 'bridgejail_change()');
endif;
html_checkbox2('emptyjail', gettext('Create an empty container'), !empty($pconfig['emptyjail']) ? true : false, gettext('This are ideal for custom builds, experimenting with unsupported RELEASES or Linux jails.'), '', false, false, 'emptyjail_change()');
if ($linux_compat_support == "YES"):
html_checkbox2('linuxjail', gettext('Create a Linux container'), !empty($pconfig['linuxjail']) ? true : false, gettext('This will create a Linux container, this is highly experimental and for testing purposes.'), '', false, false, 'linuxjail_change()');
endif;
endif;
//html_checkbox2('nowstart',gettext('Start after creation'),!empty($pconfig['nowstart']) ? true : false,gettext('Start the container after creation(May be overridden by later bastille releases).'),'',false);
html_checkbox2('autostart', gettext('Auto start on boot'), !empty($pconfig['autostart']) ? true : false, gettext('Automatically start the container at boot time.'), '', false);
?>
</tbody>
</table>
<div id="submit">
<input name="Create" type="submit" class="formbtn" value="<?= gtext('Create'); ?>" />
<input name="Cancel" type="submit" class="formbtn" value="<?= gtext('Cancel'); ?>" />
</div>
<?php
include 'formend.inc';
?>
</td>
</tr>
</tbody>
</table>
<div id="submit">
<input name="Create" type="submit" class="formbtn" value="<?=gtext('Create');?>"/>
<input name="Cancel" type="submit" class="formbtn" value="<?=gtext('Cancel');?>" />
</div>
<?php
include 'formend.inc';
?>
</td></tr></tbody></table></form>
</form>
<script type="text/javascript">
<!--
emptyjail_change();
linuxjail_change();
//-->
<!--
emptyjail_change();
linuxjail_change();
//-->
</script>
<?php
include 'fend.inc';
?>
?>

14
gui/bastille_manager_config.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_config.php
Copyright (c) 2019 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Copyright (c) 2018 Andreas Schmidhuber
@@ -64,6 +64,12 @@ if(!initial_install_banner()):
$prerequisites_ok = false;
endif;
$zfs_status = get_state_zfs();
if($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
function htmlInput($name, $title, $value="", $size=80) {
$result = "<input name='{$name}' size='{$size}' title='{$title}' placeholder='{$title}' value='{$value}' />";
return $result;
@@ -135,7 +141,7 @@ if ($_POST) {
if (isset($_POST['saveParam']) && $_POST['saveParam']) { // saveParam s/n/v
$buttonTag = explode("#", $_POST['saveParam']); // buttonTag[0] = section, buttonTag[1] = paramName
$hashTag = str_replace(["[", "]", ".", "#"], "", $buttonTag[0]); // create destination to jump to after post
$hashTag = str_replace(["[", "]", ".", "#"], "", $buttonTag[0]); // create destination to jump to after post
$nameTag = str_replace(["[", "]", ".", "#"], "", $_POST['saveParam']); // nameTag = <input title='$nameTag + addParam' ... />
$configArray[$buttonTag[0]][$buttonTag[1]] = $_POST[$nameTag]; // save param to section
#$savemsg .= "saveParam s/n/v: ".$_POST['saveParam']." ".$nameTag." ".$_POST[$nameTag];
@@ -165,10 +171,10 @@ bindtextdomain("xigmanas", $textdomain_bastille);
echo "<tr><td colspan='2' style='padding-left:0px; padding-right:0px;'>";
if (!empty($input_errors)) print_input_errors($input_errors);
if (!empty($savemsg)) print_info_box($savemsg);
echo "</td></tr>";
echo "</td></tr>";
// loop through configuration
$firstSection = true; // prevent first html_separator in loop
if (is_array($configArray) && !empty($configArray))
if (is_array($configArray) && !empty($configArray))
foreach($configArray as $key => $line) { // traverse array, key = section
$nameTag = str_replace(["[", "]", "."], "", $key); // create tag for post jump address and config changes
if (is_array($line)) {

6
gui/bastille_manager_editor.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_editor.php
Copyright (c) 2019 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Portions of XigmaNAS® (https://www.xigmanas.com).
@@ -60,7 +60,7 @@ if(isset($_POST['submit'])) {
} else {
$savemsg = sprintf('%s %s', gtext('File not found'), $savetopath);
$content = '';
$savetopath = '';
$savetopath = '';
}
}
break;
@@ -128,7 +128,7 @@ $(window).on("load", function() {
<button name="submit" type="submit" class="formbtn" id="Edit" value="edit"><?=gtext('Edit');?></button>
<button name="submit" type="submit" class="formbtn" id="Save" value="save"><?=gtext('Save');?></button>
<button name="submit" type="submit" class="formbtn" id="Return" value="bastille"><?=gtext('Return to Bastille');?></button>
<hr noshade="noshade" />
<hr noshade="noshade" />
</td>
</tr>
<?php

688
gui/bastille_manager_gui.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_gui.php
Copyright (c) 2019-2020 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Portions of XigmaNAS® (https://www.xigmanas.com).
@@ -39,6 +39,106 @@ require_once 'auth.inc';
require_once 'guiconfig.inc';
require_once 'bastille_manager-lib.inc';
$img_path = [
'add' => 'images/add.png',
'mod' => 'images/edit.png',
'del' => 'images/delete.png',
'loc' => 'images/locked.png',
'unl' => 'images/unlocked.png',
'mai' => 'images/maintain.png',
'inf' => 'images/info.png',
'ena' => 'images/status_enabled.png',
'dis' => 'images/status_disabled.png',
'mup' => 'images/up.png',
'mdn' => 'images/down.png'
];
// --- START AUTO-REFRESH LOGIC ---
if (isset($_GET['action']) && $_GET['action'] === 'refresh_table') {
error_reporting(0);
ini_set('display_errors', 0);
ob_start();
// Fetch fresh data
$jls_list = [];
if (function_exists('get_jail_infos')) {
$jls_list = get_jail_infos();
}
// Return JSON
ob_clean();
header('Content-Type: application/json');
header('Cache-Control: no-cache');
echo json_encode(['success' => true, 'jails' => $jls_list ?: []]);
exit;
}
// --- END AUTO-REFRESH LOGIC ---
function mwexec_parallel($commands) {
$processes = [];
$results = [];
foreach ($commands as $key => $command) {
$descriptors = [
0 => ['pipe', 'r'], // stdin
1 => ['pipe', 'w'], // stdout
2 => ['pipe', 'w'] // stderr
];
$process = proc_open($command, $descriptors, $pipes);
if (is_resource($process)) {
stream_set_blocking($pipes[1], false);
stream_set_blocking($pipes[2], false);
$processes[$key] = [
'process' => $process,
'pipes' => $pipes,
'command' => $command
];
}
}
$timeout = 30;
$start_time = time();
foreach ($processes as $key => $proc) {
$elapsed = time() - $start_time;
if ($elapsed < $timeout) {
$stdout = stream_get_contents($proc['pipes'][1]);
$stderr = stream_get_contents($proc['pipes'][2]);
fclose($proc['pipes'][0]);
fclose($proc['pipes'][1]);
fclose($proc['pipes'][2]);
$return_code = proc_close($proc['process']);
$results[$key] = [
'return_code' => $return_code,
'stdout' => $stdout,
'stderr' => $stderr
];
} else {
proc_terminate($proc['process']);
proc_close($proc['process']);
$results[$key] = [
'return_code' => -1,
'stdout' => '',
'stderr' => 'Command timeout'
];
}
}
return $results;
}
function mwexec_background($command) {
$command = $command . ' > /dev/null 2>&1 &';
exec($command);
}
$sphere_scriptname = basename(__FILE__);
$sphere_scriptname_child = 'bastille_manager_util.php';
$sphere_header = 'Location: '.$sphere_scriptname;
@@ -53,24 +153,13 @@ $gt_record_mod = gtext('Utilities');
$gt_selection_start = gtext('Start Selected');
$gt_selection_stop = gtext('Stop Selected');
$gt_selection_restart = gtext('Restart Selected');
$gt_selection_autoboot = gtext('Auto-boot Selected');
$gt_record_conf = gtext('Jail Configuration');
$gt_record_inf = gtext('Information');
$gt_selection_start_confirm = gtext('Do you really want to start selected jail(s)?');
$gt_selection_stop_confirm = gtext('Do you want to stop the selected jail(s)?');
$gt_selection_restart_confirm = gtext('Do you want to restart the selected jail(s)?');
$img_path = [
'add' => 'images/add.png',
'mod' => 'images/edit.png',
'del' => 'images/delete.png',
'loc' => 'images/locked.png',
'unl' => 'images/unlocked.png',
'mai' => 'images/maintain.png',
'inf' => 'images/info.png',
'ena' => 'images/status_enabled.png',
'dis' => 'images/status_disabled.png',
'mup' => 'images/up.png',
'mdn' => 'images/down.png'
];
$gt_selection_autoboot_confirm = gtext('Do you want to set auto-boot on selected jail(s)?');
$jls_list = get_jail_infos();
$sphere_array = $jls_list;
@@ -90,6 +179,12 @@ if(!initial_install_banner()):
$prerequisites_ok = false;
endif;
$zfs_status = get_state_zfs();
if($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
if($_POST):
if(isset($_POST['apply']) && $_POST['apply']):
$ret = array('output' => [], 'retval' => 0);
@@ -108,106 +203,511 @@ if($_POST):
if(isset($_POST['start_selected_jail']) && $_POST['start_selected_jail']):
$checkbox_member_array = isset($_POST[$checkbox_member_name]) ? $_POST[$checkbox_member_name] : [];
$commands = [];
foreach($checkbox_member_array as $checkbox_member_record):
if(false !== ($index = array_search_ex($checkbox_member_record, $sphere_array, 'jailname'))):
if(!isset($sphere_array[$index]['protected'])):
$cmd = ("/usr/local/bin/bastille start {$checkbox_member_record}");
$return_val = mwexec($cmd);
if($return_val == 0):
//$savemsg .= gtext("Jail(s) started successfully.");
header($sphere_header);
else:
$errormsg .= gtext("Failed to start jail(s).");
endif;
$commands[] = "/usr/local/bin/bastille start {$checkbox_member_record}";
endif;
endif;
endforeach;
if (!empty($commands)):
$results = mwexec_parallel($commands);
$success_count = 0;
$fail_count = 0;
foreach ($results as $result):
if ($result['return_code'] == 0):
$success_count++;
else:
$fail_count++;
endif;
endforeach;
if (function_exists('invalidate_jail_cache')) {
invalidate_jail_cache();
}
if ($fail_count > 0):
$errormsg = sprintf(gtext("Started %d jail(s), failed %d jail(s)."), $success_count, $fail_count);
else:
$savemsg = sprintf(gtext("%d jail(s) started successfully."), $success_count);
endif;
header($sphere_header);
endif;
endif;
if(isset($_POST['stop_selected_jail']) && $_POST['stop_selected_jail']):
$checkbox_member_array = isset($_POST[$checkbox_member_name]) ? $_POST[$checkbox_member_name] : [];
$commands = [];
foreach($checkbox_member_array as $checkbox_member_record):
if(false !== ($index = array_search_ex($checkbox_member_record, $sphere_array, 'jailname'))):
if(!isset($sphere_array[$index]['protected'])):
$cmd = ("/usr/local/bin/bastille stop {$checkbox_member_record}");
$return_val = mwexec($cmd);
if($return_val == 0):
//$savemsg .= gtext("Jail(s) stopped successfully.");
header($sphere_header);
else:
$errormsg .= gtext("Failed to stop jail(s).");
endif;
$commands[] = "/usr/local/bin/bastille stop {$checkbox_member_record}";
endif;
endif;
endforeach;
if (!empty($commands)):
$results = mwexec_parallel($commands);
$success_count = 0;
$fail_count = 0;
foreach ($results as $result):
if ($result['return_code'] == 0):
$success_count++;
else:
$fail_count++;
endif;
endforeach;
if (function_exists('invalidate_jail_cache')) {
invalidate_jail_cache();
}
if ($fail_count > 0):
$errormsg = sprintf(gtext("Stopped %d jail(s), failed %d jail(s)."), $success_count, $fail_count);
else:
$savemsg = sprintf(gtext("%d jail(s) stopped successfully."), $success_count);
endif;
header($sphere_header);
endif;
endif;
if(isset($_POST['restart_selected_jail']) && $_POST['restart_selected_jail']):
$checkbox_member_array = isset($_POST[$checkbox_member_name]) ? $_POST[$checkbox_member_name] : [];
$commands = [];
foreach($checkbox_member_array as $checkbox_member_record):
if(false !== ($index = array_search_ex($checkbox_member_record, $sphere_array, 'jailname'))):
if(!isset($sphere_array[$index]['protected'])):
$cmd = ("/usr/local/bin/bastille restart {$checkbox_member_record}");
$return_val = mwexec($cmd);
if($return_val == 0):
//$savemsg .= gtext("Jail(s) restarted successfully.");
header($sphere_header);
else:
$errormsg .= gtext("Failed to restart jail(s).");
endif;
$commands[] = "/usr/local/bin/bastille restart {$checkbox_member_record}";
endif;
endif;
endforeach;
if (!empty($commands)):
$results = mwexec_parallel($commands);
$success_count = 0;
$fail_count = 0;
foreach ($results as $result):
if ($result['return_code'] == 0):
$success_count++;
else:
$fail_count++;
endif;
endforeach;
if (function_exists('invalidate_jail_cache')) {
invalidate_jail_cache();
}
if ($fail_count > 0):
$errormsg = sprintf(gtext("Restarted %d jail(s), failed %d jail(s)."), $success_count, $fail_count);
else:
$savemsg = sprintf(gtext("%d jail(s) restarted successfully."), $success_count);
endif;
header($sphere_header);
endif;
endif;
if(isset($_POST['autoboot_selected_jail']) && $_POST['autoboot_selected_jail']):
$checkbox_member_array = isset($_POST[$checkbox_member_name]) ? $_POST[$checkbox_member_name] : [];
$commands = [];
foreach($checkbox_member_array as $checkbox_member_record):
if(false !== ($index = array_search_ex($checkbox_member_record, $sphere_array, 'jailname'))):
if(!isset($sphere_array[$index]['protected'])):
$commands[] = "/usr/local/bin/bastille config {$checkbox_member_record} set boot on";
endif;
endif;
endforeach;
if (!empty($commands)):
$results = mwexec_parallel($commands);
$success_count = 0;
$fail_count = 0;
foreach ($results as $result):
if ($result['return_code'] == 0):
$success_count++;
else:
$fail_count++;
endif;
endforeach;
if (function_exists('invalidate_jail_cache')) {
invalidate_jail_cache();
}
if ($fail_count > 0):
$errormsg = sprintf(gtext("Set autoboot on %d jail(s), failed %d jail(s)."), $success_count, $fail_count);
else:
$savemsg = sprintf(gtext("Autoboot set on %d jail(s) successfully."), $success_count);
endif;
header($sphere_header);
endif;
endif;
endif;
$pgtitle = [gtext("Extensions"), gtext('Bastille')];
$pgtitle = [gtext("Extensions"), gtext('Bastille'), gtext('Manager')];
include 'fbegin.inc';
?>
<style>
#refresh-spinner {
display: inline-block;
position: absolute;
width: 10px;
height: 10px;
border: 2px solid #ccc;
border-top-color: #007bff;
border-radius: 50%;
animation: spin 1s linear infinite;
margin-right: 5px;
right: 115px;
margin-top: 2px;
}
@keyframes spin {
to { transform: rotate(360deg); }
}
.area_data_selection tbody td img {
vertical-align: middle;
}
.lcelc {
text-align: center;
vertical-align: middle;
}
#refresh-now {
appearance: none;
font-family: inherit;
font-size: inherit;
font-weight: bold;
color: var(--txc-input-rw);
background-color: var(--bgc-area-data);
border: 1px solid var(--boc-button);
border-radius: var(--bor);
padding: 0.125rem 0.375rem;
cursor: pointer;
}
#refresh-now:hover {
filter: brightness(150%);
}
/* --- SIMPLE RESIZE STYLES --- */
table.area_data_selection {
table-layout: fixed;
border-collapse: collapse;
}
table.area_data_selection th {
position: relative;
padding: 5px 8px;
white-space: nowrap;
overflow: hidden;
text-overflow: ellipsis;
}
/* The visible handle */
.resizer {
position: absolute;
top: 0;
right: 0;
width: 6px;
height: 100%;
cursor: col-resize;
z-index: 100;
user-select: none;
touch-action: none;
}
.resizer:hover, .resizing {
background-color: #007bff; /* Azul */
opacity: 1;
}
</style>
<script type="text/javascript">
//<![CDATA[
$(window).on("load", function() {
// Init action buttons
$("#start_selected_jail").click(function () {
stopAutoRefresh(); // Pause for safety
return confirm('<?=$gt_selection_start_confirm;?>');
});
$("#stop_selected_jail").click(function () {
stopAutoRefresh();
return confirm('<?=$gt_selection_stop_confirm;?>');
});
$("#restart_selected_jail").click(function () {
stopAutoRefresh();
return confirm('<?=$gt_selection_restart_confirm;?>');
});
$("#autoboot_selected_jail").click(function () {
stopAutoRefresh();
return confirm('<?=$gt_selection_autoboot_confirm;?>');
});
// Disable action buttons.
disableactionbuttons(true);
// Init member checkboxes
$("input[name='<?=$checkbox_member_name;?>[]']").click(function() {
controlactionbuttons(this, '<?=$checkbox_member_name;?>[]');
});
// Init spinner onsubmit()
$("#iform").submit(function() { spinner(); });
$(".spin").click(function() { spinner(); });
// Attempt to load the previously saved interval
var savedInterval = localStorage.getItem('bastille_refresh_interval');
if (savedInterval !== null) {
$("#refresh-interval").val(savedInterval);
autoRefresh.interval = parseInt(savedInterval);
}
// --- REFRESH INIT
if (localStorage.getItem('bastille_show_refresh_button') === 'true') {
$("#refresh-controls").show();
startAutoRefresh();
}
$("#refresh-now").click(function() {
updateJailTable();
});
// save interval value in local storage
$("#refresh-interval").change(function() {
var val = parseInt($(this).val());
localStorage.setItem('bastille_refresh_interval', val);
stopAutoRefresh();
if (val > 0) {
autoRefresh.interval = val;
startAutoRefresh();
}
});
initSimpleResize();
$(document).on('click', "input[name='<?=$checkbox_member_name;?>[]']", function() {
controlactionbuttons(this, '<?=$checkbox_member_name;?>[]');
});
});
function disableactionbuttons(ab_disable) {
$("#start_selected_jail").prop("disabled", ab_disable);
$("#stop_selected_jail").prop("disabled", ab_disable);
$("#restart_selected_jail").prop("disabled", ab_disable);
$("#autoboot_selected_jail").prop("disabled", ab_disable);
}
function controlactionbuttons(ego, triggerbyname) {
var a_trigger = document.getElementsByName(triggerbyname);
var n_trigger = a_trigger.length;
var ab_disable = true;
var i = 0;
for (; i < n_trigger; i++) {
if (a_trigger[i].type == 'checkbox') {
if (a_trigger[i].checked) {
ab_disable = false;
break;
}
}
}
disableactionbuttons(ab_disable);
// Use jQuery selector to count checked checkboxes directly
var $checkedCheckboxes = $("input[name='" + triggerbyname + "']:checked");
var ab_disable = ($checkedCheckboxes.length === 0); // If no checkboxes are checked, disable buttons
disableactionbuttons(ab_disable);
}
// --- AUTO-REFRESH JS ---
var autoRefresh = {
enabled: true,
interval: 30000,
timerId: null,
lastUpdate: Date.now(),
isUpdating: false,
selectedJails: []
};
function updateJailTable() {
if (autoRefresh.isUpdating) return;
autoRefresh.isUpdating = true;
// Activar spinner
$("#refresh-spinner").show();
// Backup of checked checkboxes for persistence
autoRefresh.selectedJails = [];
$("input[name='<?=$checkbox_member_name;?>[]']:checked").each(function() {
autoRefresh.selectedJails.push($(this).val());
});
fetch('bastille_manager_gui.php?action=refresh_table')
.then(response => response.json())
.then(data => {
if (data.success) {
var tbody = $(".area_data_selection tbody");
tbody.empty();
data.jails.forEach(function(jail) {
var row = $('<tr>');
var checkCell = $('<td class="lcelc">');
var cb = $('<input type="checkbox">')
.attr('name', '<?=$checkbox_member_name;?>[]')
.attr('value', jail.jailname)
.attr('id', jail.jailname)
.prop('checked', autoRefresh.selectedJails.includes(jail.jailname));
checkCell.append(cb);
row.append(checkCell);
// 2. Data Columns
row.append($('<td class="lcell">').text(jail.id || '-'));
row.append($('<td class="lcell">').text(jail.name || '-'));
// Description Column
// row.append($('<td class="lcell">').text(jail.description || '-'));
row.append($('<td class="lcell">').text(jail.boot || '-'));
row.append($('<td class="lcell">').text(jail.prio || '-'));
row.append($('<td class="lcell">').text(jail.state || '-'));
row.append($('<td class="lcell">').text(jail.type || '-'));
row.append($('<td class="lcell">').text(jail.ip || '-'));
row.append($('<td class="lcell">').text(jail.ports || '-'));
row.append($('<td class="lcell">').text(jail.rel || '-'));
row.append($('<td class="lcell">').text(jail.tags || '-'));
var statImg = (jail.state === "Up") ? '<?=$img_path['ena'];?>' : '<?=$img_path['dis'];?>';
row.append($('<td class="lcell">').append($('<img>').attr('src', statImg)));
row.append($('<td class="lcell">').append($('<img>').attr('src', jail.logo)));
var tools = $('<td class="lcebld">').html('<table class="area_data_selection_toolbox"><tbody><tr>' +
'<td><a href="<?=$sphere_scriptname_child;?>?jailname=' + encodeURIComponent(jail.jailname) + '"><img src="<?=$img_path['mai'];?>" class="spin oneemhigh"></a></td>' +
'<td><a href="bastille_manager_jconf.php?jailname=' + encodeURIComponent(jail.jailname) + '"><img src="<?=$g_img['mod'];?>"></a></td>' +
'<td><a href="bastille_manager_info.php?uuid=' + encodeURIComponent(jail.jailname) + '"><img src="<?=$g_img['inf'];?>"></a></td>' +
'</tr></tbody></table>');
row.append(tools);
tbody.append(row);
});
autoRefresh.lastUpdate = Date.now();
// Restore button state
controlactionbuttons(null, '<?=$checkbox_member_name;?>[]');
// Reapply saved column widths after updating the table
applySavedColumnWidths();
}
})
.catch(error => {
console.error('Error fetching jail data: ', error);
})
.finally(() => {
autoRefresh.isUpdating = false;
$("#refresh-spinner").hide();
});
}
function startAutoRefresh() {
if (autoRefresh.interval > 0) {
autoRefresh.timerId = setInterval(updateJailTable, autoRefresh.interval);
}
}
function stopAutoRefresh() {
if (autoRefresh.timerId) clearInterval(autoRefresh.timerId);
}
// --- STABLE REDIMENSIONING FUNCTION (without %) ---
function initSimpleResize() {
var $table = $("table.area_data_selection");
var $cols = $table.find('colgroup col');
var $headers = $table.find('thead th');
// 1. Apply saved widths at the beginning
applySavedColumnWidths();
// 2. ADD HANDLES
$headers.each(function(i) {
if (i >= $headers.length - 1) return; // Ignore the last column
var $resizer = $('<div class="resizer"></div>');
$(this).append($resizer);
});
// 3. DRAG LOGIC
var isResizing = false;
var startX = 0;
var $currentCol = null;
var startWidth = 0;
$table.on('mousedown', '.resizer', function(e) {
e.preventDefault(); e.stopPropagation();
stopAutoRefresh();
// Convert all columns to fixed pixels when starting to drag
$cols.each(function() {
var w = $(this).width();
$(this).css('width', w + 'px');
});
var idx = $(this).parent().index();
$currentCol = $cols.eq(idx);
isResizing = true;
startX = e.pageX;
startWidth = $currentCol.width();
$(this).addClass('resizing');
$(document).on('mousemove.rsz', function(e) {
if (!isResizing) return;
var diff = e.pageX - startX;
var newW = startWidth + diff;
if (newW > 30) {
$currentCol.css('width', newW + 'px');
}
});
$(document).on('mouseup.rsz', function() {
if (!isResizing) {
return;
}
isResizing = false;
$('.resizer').removeClass('resizing');
$(document).off('mousemove.rsz mouseup.rsz');
// Save widths after resizing
saveColumnWidths();
setTimeout(function() {
// Only resume if enabled
if (localStorage.getItem('bastille_show_refresh_button') === 'true') {
startAutoRefresh();
}
}, 500);
});
});
}
function saveColumnWidths() {
var widths = {};
var $cols = $("table.area_data_selection colgroup col");
$cols.each(function(index) {
// We save the width in pixels.
widths[index] = $(this).css('width');
});
localStorage.setItem('bastille_col_widths', JSON.stringify(widths));
}
function applySavedColumnWidths() {
var saved = localStorage.getItem('bastille_col_widths');
if (saved) {
try {
var widths = JSON.parse(saved);
var $cols = $("table.area_data_selection colgroup col");
$cols.each(function(index) {
if (widths[index]) {
$(this).css('width', widths[index]);
}
});
} catch (e) {
console.error("Error parsing saved column widths", e);
}
}
}
//]]>
</script>
@@ -250,36 +750,57 @@ $document->render();
<tbody>
<?php
?>
</tbody>
</table>
<table class="area_data_selection">
</tbody>
</table>
<div id="refresh-controls" style="text-align: right; display: none; position: relative;">
<span id="refresh-spinner" style="display: none;"></span>
<button type="button" id="refresh-now" class="formbtn">Refresh</button>
<select id="refresh-interval" class="formfld">
<option value="5000">5s</option>
<option value="10000">10s</option>
<option value="30000" selected>30s</option>
<option value="60000">60s</option>
<option value="0">Manual</option>
</select>
</div>
<table class="area_data_selection" style="width: 100%; table-layout: fixed; border-collapse: collapse;">
<colgroup>
<col style="width:5%">
<col style="width:5%">
<col style="width:2%">
<col style="width:3%">
<col style="width:10%">
<!-- <col style="width:10%"> Description -->
<col style="width:4%">
<col style="width:4%">
<col style="width:4%">
<col style="width:4%">
<col style="width:12%">
<col style="width:12%">
<col style="width:7%">
<col style="width:10%">
<col style="width:4%">
<col style="width:4%">
<col style="width:10%">
<col style="width:10%">
<col style="width:25%">
<col style="width:5%">
<col style="width:5%">
<col style="width:5%">
<col style="width:5%">
</colgroup>
<thead>
<?php
html_separator2();
html_titleline2(gettext('Overview'), 11);
html_titleline2(gettext('Overview'), 14);
?>
<tr>
<th class="lhelc"><?=gtext('Select');?></th>
<th class="lhell"><?=gtext('JID');?></th>
<th class="lhell"><?=gtext('IP Address');?></th>
<th class="lhell"><?=gtext('Name');?></th>
<th class="lhell"><?=gtext('Release');?></th>
<th class="lhell"><?=gtext('Interface');?></th>
<th class="lhell"><?=gtext('Path');?></th>
<!-- <th class="lhell"><?=gtext('Description');?></th> -->
<th class="lhell"><?=gtext('Boot');?></th>
<th class="lhell"><?=gtext('Prio');?></th>
<th class="lhell"><?=gtext('State');?></th>
<th class="lhell"><?=gtext('Type');?></th>
<th class="lhell"><?=gtext('IP Address');?></th>
<th class="lhell"><?=gtext('Published Ports');?></th>
<th class="lhell"><?=gtext('Release');?></th>
<th class="lhell"><?=gtext('Tags');?></th>
<th class="lhell"><?=gtext('Active');?></th>
<th class="lhell"><?=gtext('Template');?></th>
<th class="lhebl"><?=gtext('Toolbox');?></th>
@@ -308,12 +829,16 @@ $document->render();
?>
</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['id']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['ip']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['name']);?>&nbsp;</td>
<!-- <td class="lcell"><?=htmlspecialchars($sphere_record['description']);?>&nbsp;</td> -->
<td class="lcell"><?=htmlspecialchars($sphere_record['boot']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['prio']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['state']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['type']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['ip']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['ports']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['rel']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['nic']);?>&nbsp;</td>
<td class="lcell"><?=htmlspecialchars($sphere_record['path']);?>&nbsp;</td>
<td class="lcell"><img src="<?=$sphere_record['boot'];?>"></td>
<td class="lcell"><?=htmlspecialchars($sphere_record['tags']);?>&nbsp;</td>
<td class="lcell"><img src="<?=$sphere_record['stat'];?>"></td>
<td class="lcell"><img src="<?=$sphere_record['logo'];?>"></td>
<td class="lcebld">
@@ -336,6 +861,7 @@ $document->render();
endif;
endif;
?>
</td>
<td>
<a href="bastille_manager_jconf.php?jailname=<?=urlencode($sphere_record['jailname']);?>"><img src="<?=$g_img['mod'];?>" title="<?=$gt_record_conf?>" alt="<?=$gt_record_conf?>"/></a>
</td>
@@ -351,7 +877,7 @@ $document->render();
</tbody>
<tfoot>
<tr>
<td class="lcenl" colspan="10"></td>
<td class="lcenl" colspan="13"></td>
<td class="lceadd">
<a href="bastille_manager_add.php"><img src="<?=$img_path['add'];?>" title="<?=$gt_record_add;?>" border="0" alt="<?=$gt_record_add;?>" class="spin oneemhigh"/></a>
</td>
@@ -362,10 +888,12 @@ $document->render();
<input name="start_selected_jail" id="start_selected_jail" type="submit" class="formbtn" value="<?=$gt_selection_start;?>"/>
<input name="stop_selected_jail" id="stop_selected_jail" type="submit" class="formbtn" value="<?=$gt_selection_stop;?>"/>
<input name="restart_selected_jail" id="restart_selected_jail" type="submit" class="formbtn" value="<?=$gt_selection_restart;?>"/>
<input name="autoboot_selected_jail" id="autoboot_selected_jail" type="submit" class="formbtn" value="<?=$gt_selection_autoboot;?>"/>
</div>
<?php
include 'formend.inc';
include 'formend.inc';
?>
</td></tr></tbody></table></form>
<?php
include 'fend.inc';
?>

10
gui/bastille_manager_info.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_info.php
Copyright (c) 2019 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Portions of XigmaNAS® (https://www.xigmanas.com).
@@ -39,6 +39,12 @@ require_once 'auth.inc';
require_once 'guiconfig.inc';
require_once("bastille_manager-lib.inc");
$zfs_status = get_state_zfs();
if($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
function jls_get_jail_list(string $entity_name = NULL) {
if(isset($entity_name)):
$cmd = "/usr/sbin/jls -v -j $entity_name 2>&1";
@@ -141,7 +147,7 @@ $document->render();
</tr>
<tbody>
</table>
<tbody>
<tbody>
</td></tr></tbody></table>
<?php
include 'fend.inc';

209
gui/bastille_manager_jconf.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_jconf.inc
Copyright (c) 2020 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -34,6 +34,12 @@ require_once 'auth.inc';
require_once 'guiconfig.inc';
require_once("bastille_manager-lib.inc");
$zfs_status = get_state_zfs();
if($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
if (isset($_GET['uuid']))
$uuid = $_GET['uuid'];
if (isset($_POST['uuid']))
@@ -62,10 +68,11 @@ endif;
$pgtitle = [gtext('Extensions'),gtext('Bastille'),gtext('Configuration'), $container];
$jail_config = "$jail_dir/$container/jail.conf";
$item = $pconfig['jailname'];
// Get some jail system settings.
$is_vnet = exec("/usr/bin/grep '.*vnet;' $jail_config");
$pconfig['autostart'] = exec("/usr/bin/grep -w '{$container}_AUTO_START=\"YES\"' $bastille_config");
$pconfig['autostart'] = exec("/usr/bin/grep -w 'boot=\"on\"' {$jail_dir}/{$item}/{$jail_settings}");
// Get some jail config parameters.
// This could be done with a nice php preg loop in the future.
@@ -73,22 +80,28 @@ $pconfig['jname'] = "$container";
$pconfig['hostname'] = exec("/usr/bin/grep '.*host.hostname.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['ipv4'] = exec("/usr/bin/grep '.*ip4.addr.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['ipv6'] = exec("/usr/bin/grep '.*ip6.addr.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['interface'] = exec("/usr/bin/grep '.*interface.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
//$pconfig['interface'] = exec("/usr/bin/grep '.*interface.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['securelevel'] = exec("/usr/bin/grep '.*securelevel.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['devfs_ruleset'] = exec("/usr/bin/grep '.*devfs_ruleset.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['enforce_statfs'] = exec("/usr/bin/grep '.*enforce_statfs.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['osrelease'] = exec("/usr/local/bin/bastille config {$item} get osrelease | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['vnet_interface'] = exec("/usr/bin/grep '.*vnet.interface.*=' $jail_config | cut -d '=' -f2 | tr -d ' ;'");
$pconfig['boot_prio'] = exec("/usr/local/bin/bastille config {$item} get priority");
// $pconfig['description'] = exec("/usr/local/bin/bastille config {$item} get description");
// Set the jail config default parameters.
$jail_name_def = $pconfig['jname'];
$jail_hostname_def = $pconfig['hostname'];
$jail_ipv4_def = $pconfig['ipv4'];
$jail_ipv6_def = $pconfig['ipv6'];
$jail_interface_def = $pconfig['interface'];
//$jail_interface_def = $pconfig['interface'];
$jail_securelevel_def = $pconfig['securelevel'];
$jail_devfs_ruleset_def = $pconfig['devfs_ruleset'];
$jail_enforce_statfs_def = $pconfig['enforce_statfs'];
$jail_osrelease_def = $pconfig['osrelease'];
$jail_vnet_interface_def = $pconfig['vnet_interface'];
$jail_boot_prio_def = $pconfig['boot_prio'];
// $jail_description_def = $pconfig['description'];
// Check if is a Linux jail.
$is_linux_jail = exec("/usr/bin/grep linsysfs {$jail_dir}/{$jail_name_def}/fstab");
@@ -124,33 +137,59 @@ if ($_POST):
$input_errors[] = gtext("A valid hostname must be specified, it can't be left blank.");
endif;
if(isset($_POST['ipv4'])):
if(!preg_match('/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$/', $pconfig['ipv4'])):
$input_errors[] = gtext("A valid IPv4 address must be specified.");
endif;
endif;
// Disable this IP validation check since bastille jail.conf syntax has changed recently.
//if(isset($_POST['ipv4'])):
// if(!preg_match('/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))?$/', $pconfig['ipv4'])):
// $input_errors[] = gtext("A valid IPv4 address must be specified.");
// endif;
//endif;
if(isset($_POST['ipv6'])):
if(!preg_match('/^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))/', $pconfig['ipv6'])):
$input_errors[] = gtext("A valid IPv6 address must be specified.");
endif;
endif;
// Disable this IP validation check since bastille jail.conf syntax has changed recently.
//if(isset($_POST['ipv6'])):
// if(!preg_match('/^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))/', $pconfig['ipv6'])):
// $input_errors[] = gtext("A valid IPv6 address must be specified.");
// endif;
//endif;
if(isset($_POST['securelevel'])):
if(!preg_match('/^[0-3]$/', $pconfig['securelevel'])):
$input_errors[] = gtext("A valid number must be specified for securelevel, between 0-3.");
if(!is_numeric($pconfig['securelevel'])):
$input_errors[] = gtext("This parameter must be a number.");
else:
if(!preg_match('/^[0-3]$/', $pconfig['securelevel'])):
$input_errors[] = gtext("A valid number must be specified for securelevel, between 0-3.");
endif;
endif;
endif;
if(isset($_POST['devfs_ruleset'])):
if(!preg_match('/^([0-9]{1,3})$/', $pconfig['devfs_ruleset'])):
$input_errors[] = gtext("A valid number must be specified for devfs_ruleset.");
if(!is_numeric($pconfig['devfs_ruleset'])):
$input_errors[] = gtext("This parameter must be a number.");
else:
if(!preg_match('/^([0-9]{1,3})$/', $pconfig['devfs_ruleset'])):
$input_errors[] = gtext("A valid number must be specified for devfs_ruleset.");
endif;
endif;
endif;
if(isset($_POST['enforce_statfs'])):
if(!preg_match('/^[0-2]$/', $pconfig['enforce_statfs'])):
$input_errors[] = gtext("A valid number must be specified for enforce_statfs, between 0-2.");
if(!is_numeric($pconfig['enforce_statfs'])):
$input_errors[] = gtext("This parameter must be a number.");
else:
if(!preg_match('/^[0-2]$/', $pconfig['enforce_statfs'])):
$input_errors[] = gtext("A valid number must be specified for enforce_statfs, between 0-2.");
endif;
endif;
endif;
if(isset($_POST['osrelease'])):
if(!is_string($pconfig['osrelease'])):
$input_errors[] = gtext("This parameter must be a string.");
endif;
endif;
if(isset($_POST['boot_prio'])):
if(!is_numeric($pconfig['boot_prio'])):
$input_errors[] = gtext("This parameter must be a number.");
endif;
endif;
@@ -175,9 +214,9 @@ if ($_POST):
if(isset($pconfig['ipv6'])):
$jail_ipv6 = $pconfig['ipv6'];
endif;
if(isset($pconfig['interface'])):
$jail_interface = $pconfig['interface'];
endif;
//if(isset($pconfig['interface'])):
// $jail_interface = $pconfig['interface'];
//endif;
if(isset($pconfig['securelevel'])):
$jail_securelevel = $pconfig['securelevel'];
endif;
@@ -187,11 +226,21 @@ if ($_POST):
if(isset($pconfig['enforce_statfs'])):
$jail_enforce_statfs = $pconfig['enforce_statfs'];
endif;
if(isset($pconfig['osrelease'])):
$jail_osrelease = $pconfig['osrelease'];
endif;
if(isset($pconfig['vnet_interface'])):
$jail_vnet_interface = $pconfig['vnet_interface'];
endif;
if(isset($pconfig['boot_prio'])):
$jail_boot_prio = $pconfig['boot_prio'];
endif;
if(isset($pconfig['description'])):
$jail_description = $pconfig['description'];
endif;
// Check if the config has changed for each parameter.
// Check if the config has changed for each parameters.
// This jails wide changes requires the jail to be already stopped.
// This could be done with a nice foreach loop in the future.
if($jail_name_def !== $jail_name):
$is_changed = "1";
@@ -205,9 +254,9 @@ if ($_POST):
if(isset($_POST['ipv6']) && ($jail_ipv6_def !== $jail_ipv6)):
$is_changed = "1";
endif;
if(isset($_POST['interface']) && ($jail_interface_def !== $jail_interface)):
$is_changed = "1";
endif;
//if(isset($_POST['interface']) && ($jail_interface_def !== $jail_interface)):
// $is_changed = "1";
//endif;
// Don't check "securelevel" if Linux jail.
if(!$is_linux_jail):
if($jail_securelevel_def !== $jail_securelevel):
@@ -232,8 +281,9 @@ if ($_POST):
// Skip jail running check.
$retval = "1";
endif;
if($retval == 0):
$input_errors[] = gtext("This jail is running, please stop it before making jail.conf changes.");
$input_errors[] = gtext("This jail is running, please stop it before making jail.conf wide changes.");
else:
if (isset($_POST['hostname']) && $_POST['hostname']):
if($jail_hostname_def !== $jail_hostname):
@@ -249,7 +299,7 @@ if ($_POST):
if (isset($_POST['ipv4']) && $_POST['ipv4']):
if($jail_ipv4_def !== $jail_ipv4):
$cmd = "/usr/bin/sed -i '' 's|.*ip4.addr.*=.*;| ip4.addr = $jail_ipv4;|' $jail_config";
$cmd = "/usr/bin/sed -i '' 's/.*ip4.addr.*=.*;/ ip4.addr = $jail_ipv4;/' $jail_config";
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("IPv4 changed successfully.");
@@ -261,7 +311,7 @@ if ($_POST):
if (isset($_POST['ipv6']) && $_POST['ipv6']):
if($jail_ipv6_def !== $jail_ipv6):
$cmd = "/usr/bin/sed -i '' 's|.*ip6.addr.*=.*;| ip6.addr = $jail_ipv6;|' $jail_config";
$cmd = "/usr/bin/sed -i '' 's/.*ip6.addr.*=.*;/ ip6.addr = $jail_ipv6;/' $jail_config";
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("IPv6 changed successfully.");
@@ -271,19 +321,19 @@ if ($_POST):
endif;
endif;
if (isset($_POST['interface']) && $_POST['interface']):
if($jail_interface_def !== $jail_interface):
if ($_POST['interface'] !== 'Config'):
$cmd = "/usr/bin/sed -i '' 's|.*interface.*=.*;| interface = $jail_interface;|' $jail_config";
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("Interface changed successfully.");
else:
$input_errors[] = gtext("Failed to save interface.");
endif;
endif;
endif;
endif;
//if (isset($_POST['interface']) && $_POST['interface']):
// if($jail_interface_def !== $jail_interface):
// if ($_POST['interface'] !== 'Config'):
// $cmd = "/usr/bin/sed -i '' 's|.*interface.*=.*;| interface = $jail_interface;|' $jail_config";
// unset($output,$retval);mwexec2($cmd,$output,$retval);
// if($retval == 0):
// //$savemsg .= gtext("Interface changed successfully.");
// else:
// $input_errors[] = gtext("Failed to save interface.");
// endif;
// endif;
// endif;
//endif;
if (isset($_POST['vnet_interface']) && $_POST['vnet_interface']):
if($jail_vnet_interface_def !== $jail_vnet_interface):
@@ -335,12 +385,25 @@ if ($_POST):
endif;
endif;
if (isset($_POST['autostart']) && $_POST['autostart']):
if($jail_name_def !== $jail_name):
// Remove obsolete variable.
exec("/usr/sbin/sysrc -f $configfile -x {$jail_name_def}_AUTO_START");
if (isset($_POST['osrelease']) || $_POST['osrelease']):
if($jail_osrelease_def !== $jail_osrelease):
$cmd = "/usr/local/bin/bastille config {$item} set osrelease $jail_osrelease";
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("Osrelease changed successfully.");
else:
$input_errors[] = gtext("Failed to save osrelease.");
endif;
endif;
$cmd = ("/usr/sbin/sysrc -f $configfile {$jail_name}_AUTO_START=\"YES\"");
endif;
if (isset($_POST['autostart']) && $_POST['autostart']):
//if($jail_name_def !== $jail_name):
// // Remove obsolete variable.
// exec("/usr/sbin/sysrc -f $configfile -x {$jail_name_def}_AUTO_START");
//endif;
//$cmd = ("/usr/sbin/sysrc -f $configfile {$jail_name}_AUTO_START=\"YES\"");
$cmd = ("/usr/sbin/sysrc -f {$jail_dir}/{$item}/{$jail_settings} boot=\"on\"");
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("Autostart changed successfully.");
@@ -348,12 +411,13 @@ if ($_POST):
$input_errors[] = gtext("Failed to enable autostart.");
endif;
else:
if($jail_name_def !== $jail_name):
// Remove obsolete variable.
exec("/usr/sbin/sysrc -f $configfile -x {$jail_name_def}_AUTO_START");
endif;
if(exec("/usr/sbin/sysrc -f $configfile -qn {$jail_name}_AUTO_START")):
$cmd = ("/usr/sbin/sysrc -f $configfile -x {$jail_name}_AUTO_START");
//if($jail_name_def !== $jail_name):
// // Remove obsolete variable.
// exec("/usr/sbin/sysrc -f $configfile -x {$jail_name_def}_AUTO_START");
//endif;
if(exec("/usr/sbin/sysrc -f {$jail_dir}/{$item}/{$jail_settings} -qn boot")):
//$cmd = ("/usr/sbin/sysrc -f $configfile -x {$jail_name}_AUTO_START");
$cmd = ("/usr/sbin/sysrc -f {$jail_dir}/{$item}/{$jail_settings} boot=\"off\"");
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("Autostart changed successfully.");
@@ -363,6 +427,30 @@ if ($_POST):
endif;
endif;
if (isset($_POST['boot_prio']) || $_POST['boot_prio']):
if($jail_boot_prio_def !== $jail_boot_prio):
$cmd = "/usr/local/bin/bastille config {$item} set priority $jail_boot_prio";
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("Priority changed successfully.");
else:
$input_errors[] = gtext("Failed to save priority .");
endif;
endif;
endif;
if (isset($_POST['description']) || $_POST['description']):
if($jail_description_def !== $jail_description):
$cmd = "/usr/local/bin/bastille config {$item} set description \"$jail_description\"";
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
//$savemsg .= gtext("Description changed successfully.");
else:
$input_errors[] = gtext("Failed to save description.");
endif;
endif;
endif;
if (isset($_POST['jname']) && $_POST['jname']):
if($jail_name_def !== $jail_name):
$cmd = "/usr/local/bin/bastille rename $jail_name_def $jail_name";
@@ -400,7 +488,6 @@ endif;
$a_action = $l_interfaces;
html_titleline2(gtext("Jail Configuration"));
html_inputbox("jname", gtext("Name"), $pconfig['jname'], gtext("Set the desired jail name, for example: jail_1. Warning: renaming a jail will also rename the directory/dataset."), true, 40);
html_inputbox("hostname", gtext("Hostname"), $pconfig['hostname'], gtext("Set the desired jail hostname, for example: jail.com, not to be confused with the jail name."), true, 40);
if ($jail_ipv4_def):
html_inputbox("ipv4", gtext("IPv4"), $pconfig['ipv4'], gtext("Set the desired jail IPv4 address, for example: 192.168.1.100, or 192.168.1.100/24."), true, 40);
@@ -408,24 +495,27 @@ endif;
if ($jail_ipv6_def):
html_inputbox("ipv6", gtext("IPv6"), $pconfig['ipv6'], gtext("Set the desired jail IPv4 address, for example: 2001:cdba::3257:9652, or 2001:cdba::3257:9652/64."), true, 40);
endif;
if (!$is_vnet):
html_combobox('interface', gtext('Interface'),$pconfig['interface'], $a_action, gtext("Set the network interface available from the dropdown menu, usually should not be changed unless replacing/renaming interface or moving jail from host."), true, false, 'action_change()');
endif;
//if (!$is_vnet):
// html_combobox('interface', gtext('Interface'),$pconfig['interface'], $a_action, gtext("Set the network interface available from the dropdown menu, usually should not be changed unless replacing/renaming interface or moving jail from host."), true, false, 'action_change()');
//endif;
if(!$is_linux_jail):
html_inputbox("securelevel", gtext("securelevel"), $pconfig['securelevel'], gtext("The value of the jail's kern.securelevel. A jail never has a lower securelevel than its parent system, but by setting this parameter it may have a higher one, default is 2."), false, 20);
endif;
html_inputbox("devfs_ruleset", gtext("devfs_ruleset"), $pconfig['devfs_ruleset'], gtext("The number of the devfs ruleset that is enforced for mounting devfs in this jail. A value of zero means no ruleset is enforced. default is 4, on VNET jails default is 13."), false, 20);
//if(!$is_linux_jail):
html_inputbox("enforce_statfs", gtext("enforce_statfs"), $pconfig['enforce_statfs'], gtext("This determines what information processes in a jail are able to get about mount points. Affects the behaviour of the following syscalls: statfs, fstatfs, getfsstat and fhstatfs, default is 2."), false, 20);
html_inputbox("osrelease", gtext("osrelease"), $pconfig['osrelease'], gtext("This sets the jail OS release, this parameter must be a string."), false, 20);
//endif;
if ($is_vnet):
html_inputbox("vnet_interface", gtext("VNET Interface"), $pconfig['vnet_interface'], gtext("Set the VNET interface manually, usually should not be changed unless renaming the interface or moving jail from host."), false, 20);
html_inputbox("vnet_interface", gtext("VNET Interface"), $pconfig['vnet_interface'], gtext("Set the VNET interface manually, usually should not be changed unless renaming the interface or moving jail from host, Note: manual edit of the jail rc.conf file may be required."), false, 20);
endif;
?>
<?php
html_separator2();
html_titleline2(gtext("Misc Configuration"));
html_checkbox2('autostart',gtext('Autoboot'),!empty($pconfig['autostart']) ? true : false,gtext('Autoboot this jail after system reboot.'),'',false);
html_inputbox("boot_prio", gtext("Priority"), $pconfig['boot_prio'], gtext("Set the priority value of the jail. Affects the boot order behaviour."), false, 20);
// html_inputbox("description", gtext("Description"), $pconfig['description'], gtext("Set a description for the jail."), false, 40);
//html_checkbox2('force_edit',gtext('Force edit'),!empty($pconfig['force_edit']) ? true : false,gtext('Automatically stop and start this jail if is already running.'),'',false);
?>
</table>
@@ -442,6 +532,7 @@ endif;
. gtext('For additional information about the jail configuration file, check the FreeBSD documentation')
. '</a>.';
html_remark("note", gtext('Note'), $helpinghand);
html_remark("note", gtext("Warning"), sprintf(gtext("Please be careful here as no input validation will be performed.")));
?>
</div>
<?php include 'formend.inc';?>

72
gui/bastille_manager_maintenance.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_maintenance.php
Copyright (c) 2019-2020 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Copyright (c) 2016 Andreas Schmidhuber
@@ -54,6 +54,12 @@ if(!initial_install_banner()):
$prerequisites_ok = false;
endif;
$zfs_status = get_state_zfs();
if($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
// For legacy product versions.
$legacy_check = mwexec("/bin/cat /etc/prd.version | cut -d'.' -f1 | /usr/bin/grep '10'", true);
if ($legacy_check == 0) {
@@ -82,8 +88,11 @@ if ($_POST) {
ob_start();
include("{$logevent}");
$ausgabe = ob_get_contents();
ob_end_clean();
ob_end_clean();
$savemsg .= str_replace("\n", "<br />", $ausgabe)."<br />";
// Silently execute bastille-init post upgrade for pending changes.
// This is to make sure that minor changes are always applied.
exec('bastille-init');
else:
$input_errors[] = gtext('An error has occurred during upgrade process.');
$cmd = sprintf('echo %s: %s An error has occurred during upgrade process. >> %s',$date,$application,$logfile);
@@ -100,7 +109,7 @@ if ($_POST) {
ob_start();
include("{$logevent}");
$ausgabe = ob_get_contents();
ob_end_clean();
ob_end_clean();
$savemsg .= str_replace("\n", "<br />", $ausgabe)."<br />";
else:
$input_errors[] = gtext('An error has occurred during core update process.');
@@ -116,12 +125,12 @@ if ($_POST) {
if (is_link($textdomain_bastille)) mwexec("rm -f {$textdomain_bastille}", true);
if (is_dir($confdir)) mwexec("rm -Rf {$confdir}", true);
mwexec("rm /usr/local/www/bastille_manager_gui.php && rm -R /usr/local/www/ext/bastille", true);
mwexec("{$rootfolder}/usr/local/sbin/bastille-init -t", true);
mwexec("{$rootfolder}/usr/local/sbin/bastille-init -t", true);
$uninstall_cmd = "echo 'y' | /usr/local/sbin/bastille-init -U";
mwexec($uninstall_cmd, true);
if (is_link("/usr/local/share/{$prdname}")) mwexec("rm /usr/local/share/{$prdname}", true);
if (is_link("/var/cache/pkg")) mwexec("rm /var/cache/pkg", true);
if (is_link("/var/db/pkg")) mwexec("rm /var/db/pkg && mkdir /var/db/pkg", true);
//if (is_link("/var/cache/pkg")) mwexec("rm /var/cache/pkg", true);
//if (is_link("/var/db/pkg")) mwexec("rm /var/db/pkg && mkdir /var/db/pkg", true);
// Remove start postinit cmd in later product versions.
if (is_array($config['rc']) && is_array($config['rc']['param'])) {
@@ -211,7 +220,7 @@ if ($_POST) {
ob_start();
include("{$logevent}");
$ausgabe = ob_get_contents();
ob_end_clean();
ob_end_clean();
$savemsg .= str_replace("\n", "<br />", $ausgabe)."<br />";
exec("/usr/sbin/sysrc -f {$configfile} ZFS_ACTIVATED=\"YES\"");
else:
@@ -237,8 +246,6 @@ if ($_POST) {
$savemsg .= gtext("ZFS activation option has been skipped.");
endif;
endif;
# Run bastille-init to update config.
exec("bastille-init");
}
if (isset($_POST['restore']) && $_POST['restore']) {
@@ -299,6 +306,23 @@ $(document).ready(function(){
$('#getinfo_bastille').html(data.bastille);
$('#getinfo_ext').html(data.ext);
});
// --- LOGICA DEL CHECKBOX REFRESH (LocalStorage) ---
var $chk = $("#show_refresh_button");
// 1. Leer estado inicial desde LocalStorage
var savedState = localStorage.getItem('bastille_show_refresh_button');
if (savedState === 'true') {
$chk.prop('checked', true);
} else {
$chk.prop('checked', false); // Por defecto deshabilitado
}
// 2. Guardar cambios al hacer click
$chk.change(function() {
var isChecked = $(this).is(':checked');
localStorage.setItem('bastille_show_refresh_button', isChecked);
});
});
//]]>
</script>
@@ -306,19 +330,16 @@ $(document).ready(function(){
<script src="js/spin.min.js"></script>
<!-- use: onsubmit="spinner()" within the form tag -->
<script type="text/javascript">
<!--
}
//-->
</script>
<form action="bastille_manager_maintenance.php" method="post" name="iform" id="iform" onsubmit="spinner()">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td class="tabnavtbl">
<ul id="tabnav">
<li class="tabinact"><a href="bastille_manager_gui.php"><span><?=gettext("Containers");?></span></a></li>
<ul id="tabnav">
<li class="tabinact"><a href="bastille_manager_gui.php"><span><?=gettext("Containers");?></span></a></li>
<li class="tabact"><a href="bastille_manager_info.php"><span><?=gettext("Information");?></span></a></li>
<li class="tabact"><a href="bastille_manager_maintenance.php"><span><?=gettext("Maintenance");?></span></a></li>
</ul>
</td></tr>
<li class="tabact"><a href="bastille_manager_maintenance.php"><span><?=gettext("Maintenance");?></span></a></li>
</ul>
</td></tr>
<tr><td class="tabnavtbl">
<ul id="tabnav2">
<li class="tabact"><a href="bastille_manager_config.php"><span><?=gettext("Bastille Configuration");?></span></a></li>
@@ -352,14 +373,20 @@ $(document).ready(function(){
html_checkbox2('zfs_activate',gtext('ZFS support activation'),'' ? true : false,gtext('Check this to activate ZFS support or leave unchecked to dismiss (requires ZFS support to be available/enabled), this is a one time option and this row will disappear after clicking Save button or page refresh.'),'',false);
endif;
?>
<?php html_filechooser("backup_path", gtext("Backup directory"), $backup_path, gtext("Directory to store containers backup archives, use as file chooser for restoring from file, importable formats: .GZ/TGZ/TXZ/XZ or RAW(no extension on the file name)."), $backup_path, true, 60);?>
<?php html_filechooser("backup_path", gtext("Backup directory"), $backup_path, gtext("Directory to store containers backup archives, use as file chooser for restoring from file, importable formats: .GZ/TGZ/TXZ/XZ/ZST/TZST or RAW(no extension on the file name)."), $backup_path, true, 60);?>
</table>
<div id="submit">
<input id="save" name="save" type="submit" class="formbtn" title="<?=gtext("Save settings");?>" value="<?=gtext("Save");?>"/>
<input name="upgrade" type="submit" class="formbtn" title="<?=gtext("Upgrade Extension and Bastille Core Packages");?>" value="<?=gtext("Upgrade");?>" />
<input name="update" type="submit" class="formbtn" title="<?=gtext("Update Bastille Core Package Only");?>" value="<?=gtext("Update");?>" />
<input name="update" type="submit" class="formbtn" title="<?=gtext("Apply Bastille Core latest Patches and Fixes");?>" value="<?=gtext("Update");?>" />
<input name="restore" type="submit" class="formbtn" title="<?=gtext("Restore a container");?>" value="<?=gtext("Restore");?>" />
</div>
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<?php html_separator();?>
<?php html_titleline(gtext("Refresh"));?>
<?php html_checkbox2('show_refresh_button',gtext('Show refresh button'),'' ? true : false,gtext('This will display a refresh button in the containers tab.'),'',false);?>
<?php html_separator();?>
</table>
<div id="remarks">
<?php html_remark("note", gtext("Info"), sprintf(gtext("For general information visit the following link(s):")));?>
<div id="enumeration"><ul><li><a href="http://bastillebsd.org/" target="_blank" ><?=gtext("Bastille helps you quickly create and manage FreeBSD Jails.")?></a></li></ul></div>
@@ -369,6 +396,7 @@ $(document).ready(function(){
<?php html_titleline(gtext("Uninstall"));?>
<?php html_checkbox2('delete_confirm',gtext('Uninstall confirm'),'' ? true : false,gtext('Check to confirm extension uninstall. Note: Jail related content will be preserved by default.'),'',false);?>
<?php html_separator();?>
<?php html_separator();?>
</table>
<div id="submit1">
<input name="uninstall" type="submit" class="formbtn" title="<?=gtext("Uninstall Extension");?>" value="<?=gtext("Uninstall");?>" onclick="return confirm('<?=gtext("Bastille Extension and packages will be completely removed, Bastille containers and child directories will not be touched, really to proceed?");?>')" />
@@ -378,8 +406,6 @@ $(document).ready(function(){
<?php include("formend.inc");?>
</form>
<script type="text/javascript">
<!--
enable_change(false);
//-->
<!--enable_change(false);-->
</script>
<?php include("fend.inc");?>
<?php include("fend.inc");?>

81
gui/bastille_manager_tarballs.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_tarballs.php
Copyright (c) 2019 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Portions of XigmaNAS® (https://www.xigmanas.com).
@@ -53,7 +53,7 @@ function get_rel_list() {
if (is_dir("{$rootfolder}/releases")):
$entries = preg_grep('/^[0-9]+\.[0-9]+\-RELEASE|(Debian[0-9]{1,2}$)|(Ubuntu_[0-9]{4}$)/', scandir("{$rootfolder}/releases"));
foreach($entries as $entry):
$a = preg_split('/\t/',$entry);
$a = preg_split('/\t/',$entry);
$r = [];
$name = $a[0];
if(preg_match('/^[0-9]+\.[0-9]+\-RELEASE|(Debian[0-9]{1,2}$)|(Ubuntu_[0-9]{4}$)/', $name, $m)):
@@ -67,53 +67,42 @@ function get_rel_list() {
endif;
return $result;
}
$zfs_status = get_state_zfs();
if($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
$rel_list = get_rel_list();
$sphere_array = $rel_list;
if ($linux_compat_support == "YES"):
$a_action = [
//'14.2-RELEASE' => gettext('14.2-RELEASE'),
'14.3-RELEASE' => gettext('14.3-RELEASE'),
'14.2-RELEASE' => gettext('14.2-RELEASE'),
'14.1-RELEASE' => gettext('14.1-RELEASE'),
'14.0-RELEASE' => gettext('14.0-RELEASE'),
'13.5-RELEASE' => gettext('13.5-RELEASE'),
'13.4-RELEASE' => gettext('13.4-RELEASE'),
'13.3-RELEASE' => gettext('13.3-RELEASE'),
'13.2-RELEASE' => gettext('13.2-RELEASE'),
'13.1-RELEASE' => gettext('13.1-RELEASE'),
'13.0-RELEASE' => gettext('13.0-RELEASE'),
'12.4-RELEASE' => gettext('12.4-RELEASE'),
'12.3-RELEASE' => gettext('12.3-RELEASE'),
'12.2-RELEASE' => gettext('12.2-RELEASE'),
'12.1-RELEASE' => gettext('12.1-RELEASE'),
'12.0-RELEASE' => gettext('12.0-RELEASE'),
'11.4-RELEASE' => gettext('11.4-RELEASE'),
'11.3-RELEASE' => gettext('11.3-RELEASE'),
'11.2-RELEASE' => gettext('11.2-RELEASE'),
'ubuntu-jammy' => gettext('Ubuntu-Jammy'),
'ubuntu-focal' => gettext('Ubuntu-Focal'),
'ubuntu-bionic' => gettext('Ubuntu-Bionic'),
'debian-bookworm' => gettext('Debian-Bookworm'),
'debian-bullseye' => gettext('Debian-Bullseye'),
'debian-buster' => gettext('Debian-Buster'),
//'debian-stretch' => gettext('Debian-Stretch'), -> Obsolete, removed from bastille boostrap.
// Linux base release bootstrap is allowed from command-line.
//'ubuntu-noble' => gettext('Ubuntu-noble'),
//'ubuntu-jammy' => gettext('Ubuntu-Jammy'),
//'ubuntu-focal' => gettext('Ubuntu-Focal'),
//'ubuntu-bionic' => gettext('Ubuntu-Bionic'),
//'debian-bookworm' => gettext('Debian-Bookworm'),
//'debian-bullseye' => gettext('Debian-Bullseye'),
//'debian-buster' => gettext('Debian-Buster'),
//'debian-stretch' => gettext('Debian-Stretch'),
];
else:
$a_action = [
//'14.2-RELEASE' => gettext('14.2-RELEASE'),
'14.3-RELEASE' => gettext('14.3-RELEASE'),
'14.2-RELEASE' => gettext('14.2-RELEASE'),
'14.1-RELEASE' => gettext('14.1-RELEASE'),
'14.0-RELEASE' => gettext('14.0-RELEASE'),
'13.5-RELEASE' => gettext('13.5-RELEASE'),
'13.4-RELEASE' => gettext('13.4-RELEASE'),
'13.3-RELEASE' => gettext('13.3-RELEASE'),
'13.2-RELEASE' => gettext('13.2-RELEASE'),
'13.1-RELEASE' => gettext('13.1-RELEASE'),
'13.0-RELEASE' => gettext('13.0-RELEASE'),
'12.4-RELEASE' => gettext('12.4-RELEASE'),
'12.3-RELEASE' => gettext('12.3-RELEASE'),
'12.2-RELEASE' => gettext('12.2-RELEASE'),
'12.1-RELEASE' => gettext('12.1-RELEASE'),
'12.0-RELEASE' => gettext('12.0-RELEASE'),
'11.4-RELEASE' => gettext('11.4-RELEASE'),
'11.3-RELEASE' => gettext('11.3-RELEASE'),
'11.2-RELEASE' => gettext('11.2-RELEASE'),
];
endif;
@@ -135,6 +124,7 @@ if($_POST):
$check_release = ("{$rootfolder}/releases/{$get_release}");
$cmd = sprintf('/bin/echo "Y" | /usr/local/bin/bastille bootstrap %1$s > %2$s',$get_release,$logevent);
$base_mandatory = "base";
$zfs_status = get_state_zfs();
//unset($lib32,$ports,$src);
if (isset($_POST['lib32'])):
@@ -148,12 +138,12 @@ if($_POST):
endif;
$opt_tarballs = "$lib32 $ports $src";
// FreeBSD base release check.
//if(file_exists($check_release)):
// $savemsg .= sprintf(gtext('%s base appears to be already extracted.'),$get_release);
//else:
// Download a FreeBSD base release.
if ($_POST['Download']):
// Download a FreeBSD base release.
if ($_POST['Download']):
if($zfs_status == "Invalid ZFS configuration"):
// Abort bootstrap if invalid ZFS configuration.
$input_errors[] = gtext("Cannot bootstrap with an invalid ZFS configuration.");
else:
$savemsg = "";
$errormsg = "";
if ($opt_tarballs):
@@ -177,8 +167,9 @@ if($_POST):
else:
$errormsg .= sprintf(gtext('%s Failed to download and/or extract release base.'),$get_release);
endif;
endif;
//endif;
endif;
endif;
if (isset($_POST['Destroy']) && $_POST['Destroy']):
@@ -212,7 +203,7 @@ if($_POST):
// Do not delete base releases with containers child.
if ($check_used):
$errormsg .= sprintf(gtext('%s base appears to have containers child.'),$get_release);
else:
else:
// Delete the FreeBSD base release/directory.
if ($_POST['Destroy']):
unset($output,$retval);mwexec2($cmd,$output,$retval);
@@ -222,7 +213,7 @@ if($_POST):
else:
$errormsg .= sprintf(gtext('%s failed to delete.'),$get_release);
endif;
endif;
endif;
endif;
endif;
endif;
@@ -284,7 +275,7 @@ $document->render();
<?php
if (is_dir($reldir)):
if (!is_dir_empty($reldir)):
html_titleline2(gettext('FreeBSD/Linux Base Release Installed'));
html_titleline2(gettext('FreeBSD/Linux Base Release Installed'));
endif;
foreach ($sphere_array as $sphere_record):
if (file_exists("{$reldir}/{$sphere_record['relname']}/root/.profile")):

158
gui/bastille_manager_util.php
View File

@@ -2,7 +2,7 @@
/*
bastille_manager_util.php
Copyright (c) 2019 José Rivera (joserprg@gmail.com).
Copyright (c) 2019-2026 José Rivera (joserprg@gmail.com).
All rights reserved.
Portions of XigmaNAS® (https://www.xigmanas.com).
@@ -39,6 +39,12 @@ require_once 'auth.inc';
require_once 'guiconfig.inc';
require_once("bastille_manager-lib.inc");
$zfs_status = get_state_zfs();
if($zfs_status == "Invalid ZFS configuration"):
// Warning if invalid ZFS configuration.
$input_errors[] = gtext("WARNING: Invalid ZFS configuration detected.");
endif;
if(isset($_GET['uuid'])):
$uuid = $_GET['uuid'];
endif;
@@ -115,9 +121,9 @@ if($_POST):
$bastille_version = get_version_bastille();
$bastille_version_min = "0920210714";
$bastille_version_format = str_replace(".", "", $bastille_version);
$bastille_bin_path = "/usr/local/bin";
$export_option = "";
$skip_safemode = "";
#$skip_safemode = "";
$skip_livemode = "";
if(isset($_POST['format'])):
$export_format = $_POST['format'];
@@ -133,44 +139,54 @@ if($_POST):
break;
case 'tgz':
$user_export_format = "--tgz";
$skip_safemode = "yes";
#$skip_safemode = "yes";
$skip_livemode = "yes";
break;
case 'txz':
$user_export_format = "--txz";
$skip_safemode = "yes";
#$skip_safemode = "yes";
$skip_livemode = "yes";
break;
case 'tzst':
$user_export_format = "--tzst";
#$skip_safemode = "yes";
$skip_livemode = "yes";
break;
case 'xz':
$user_export_format = "--xz";
break;
case 'zst':
$user_export_format = "--zst";
break;
endswitch;
if($pconfig['safemode']):
$export_option = "--auto";
endif;
if ($zfs_activated == "YES"):
if($pconfig['safemode']):
if(!$skip_safemode):
$export_option = "--safe";
if($pconfig['livemode']):
if(!$export_option):
$export_option = "--live";
endif;
endif;
endif;
if($bastille_version_format >= $bastille_version_min):
if ($zfs_activated == "YES"):
if ($pconfig['format'] == "default"):
$export_format = "--xz";
$cmd = ("$bastille_bin_path/bastille export $export_option $export_format '{$item}'");
$cmd = ("/usr/local/bin/bastille export $export_option $export_format '{$item}'");
else:
$cmd = ("$bastille_bin_path/bastille export $export_option $user_export_format '{$item}'");
$cmd = ("/usr/local/bin/bastille export $export_option $user_export_format '{$item}'");
endif;
else:
if ($pconfig['format'] == "default"):
$export_format = "--txz";
$cmd = ("$bastille_bin_path/bastille export $export_format '{$item}'");
$cmd = ("/usr/local/bin/bastille export $export_option $export_format '{$item}'");
else:
$cmd = ("$bastille_bin_path/bastille export $user_export_format '{$item}'");
$cmd = ("/usr/local/bin/bastille export $export_option $user_export_format '{$item}'");
endif;
endif;
else:
$cmd = ("$bastille_bin_path/bastille export '{$item}'");
endif;
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
@@ -225,9 +241,17 @@ if($_POST):
$current_release = exec("/usr/bin/grep '\-RELEASE' {$jail_dir}/{$item}/fstab | awk '{print $1}' | grep -o '[^/]*$'");
if ($_POST['update_base']):
$cmd = ("/usr/local/sbin/bastille-init update '{$current_release}'");
if ($_POST['update_base_force']):
$cmd = ("/usr/local/sbin/bastille-init update_force '{$current_release}'");
else:
$cmd = ("/usr/local/sbin/bastille-init update '{$current_release}'");
endif;
elseif ($_POST['update_jail']):
$cmd = ("/usr/local/sbin/bastille-init update '{$item}'");
if ($_POST['update_jail_force']):
$cmd = ("/usr/local/sbin/bastille-init update_force '{$item}'");
else:
$cmd = ("/usr/local/sbin/bastille-init update '{$item}'");
endif;
else:
$input_errors[] = sprintf(gtext("Failed to update container %s."),$item);
break;
@@ -236,7 +260,14 @@ if($_POST):
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
$update_release = exec("/usr/sbin/jexec -l {$item} freebsd-version");
$savemsg .= sprintf(gtext("Container release updated to %s successfully."),$update_release);
if (($_POST['update_jail_force']) || ($_POST['update_base_force'])):
$savemsg .= sprintf(gtext("Container release forcefully updated to %s successfully, a restart is required to apply pending changes."),$update_release);
else:
$savemsg .= sprintf(gtext("Container release updated to %s successfully, a restart is required to apply pending changes."),$update_release);
endif;
if ($_POST['update_base']):
exec("/usr/local/bin/bastille config {$item} set osrelease $update_release");
endif;
exec("echo '{$date}: {$application}: Container release updated to {$update_release} successfully for {$item}' >> {$logfile}");
//header('Location: bastille_manager_gui.php');
//exit;
@@ -284,7 +315,8 @@ if($_POST):
$container['jailname'] = $_POST['jailname'];
$confirm_name = $pconfig['confirmname'];
$item = $container['jailname'];
$cmd = ("/usr/sbin/sysrc -f {$configfile} {$item}_AUTO_START=\"YES\"");
//$cmd = ("/usr/sbin/sysrc -f {$configfile} {$item}_AUTO_START=\"YES\"");
$cmd = ("/usr/sbin/sysrc -f {$jail_dir}/{$item}/{$jail_settings} boot=\"on\"");
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
header('Location: bastille_manager_gui.php');
@@ -303,8 +335,9 @@ if($_POST):
$container['jailname'] = $_POST['jailname'];
$confirm_name = $pconfig['confirmname'];
$item = $container['jailname'];
if(exec("/usr/sbin/sysrc -f $configfile -qn {$item}_AUTO_START")):
$cmd = ("/usr/sbin/sysrc -f $configfile -x {$item}_AUTO_START");
if(exec("/usr/sbin/sysrc -f {$jail_dir}/{$item}/{$jail_settings} -qn boot")):
//$cmd = ("/usr/sbin/sysrc -f $configfile -x {$item}_AUTO_START");
$cmd = ("/usr/sbin/sysrc -f {$jail_dir}/{$item}/{$jail_settings} boot=\"off\"");
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
header('Location: bastille_manager_gui.php');
@@ -316,6 +349,31 @@ if($_POST):
endif;
break;
case 'priority':
// Input validation required
if(empty($input_errors)):
$container = [];
$container['uuid'] = $_POST['uuid'];
$container['jailname'] = $_POST['jailname'];
$set_priority = $pconfig['prioritynumber'];
$item = $container['jailname'];
if(exec("/usr/sbin/sysrc -f {$jail_dir}/{$item}/{$jail_settings} -qn priority")):
if (is_numeric($set_priority)):
$cmd = ("/usr/local/bin/bastille config {$item} set priority {$set_priority}");
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
header('Location: bastille_manager_gui.php');
exit;
else:
$input_errors[] = gtext("Failed to set priority.");
endif;
else:
$input_errors[] = gtext("Priority value must be a number.");
endif;
endif;
endif;
break;
case 'fstab':
// Input validation not required
if(empty($input_errors)):
@@ -376,7 +434,7 @@ if($_POST):
break;
case 'delete':
// Delete a contained
// Delete a container
if(empty($input_errors)):
$container = [];
$container['uuid'] = $_POST['uuid'];
@@ -390,9 +448,9 @@ if($_POST):
break;
else:
if (isset($_POST['nowstop'])):
$cmd = ("/usr/local/bin/bastille destroy -f {$item}");
$cmd = ("/usr/local/bin/bastille destroy -afy {$item}");
else:
$cmd = ("/usr/local/bin/bastille destroy {$item}");
$cmd = ("/usr/local/bin/bastille destroy -fy {$item}");
endif;
unset($output,$retval);mwexec2($cmd,$output,$retval);
if($retval == 0):
@@ -439,6 +497,8 @@ function action_change() {
showElementById('release_tr','hide');
showElementById('update_base_tr','hide');
showElementById('update_jail_tr','hide');
showElementById('update_base_force_tr', 'hide');
showElementById('update_jail_force_tr', 'hide');
showElementById('newname_tr', 'hide');
showElementById('newipaddr_tr', 'hide');
showElementById('clonestop_tr', 'hide');
@@ -447,15 +507,15 @@ function action_change() {
showElementById('backup_tr', 'hide');
showElementById('format_tr', 'hide');
showElementById('safemode_tr', 'hide');
//showElementById('dateadd_tr','hide');
showElementById('livemode_tr', 'hide');
showElementById('prioritynumber_tr','hide');
var action = document.iform.action.value;
switch (action) {
case "backup":
showElementById('confirmname_tr','hide');
showElementById('nowstop_tr','hide');
showElementById('backup_tr', 'show');
showElementById('format_tr', 'show');
showElementById('safemode_tr', 'show');
showElementById('livemode_tr', 'show');
break;
case "clone":
showElementById('newname_tr','show');
@@ -463,30 +523,25 @@ function action_change() {
showElementById('clonestop_tr','show');
break;
case "update":
showElementById('confirmname_tr','hide');
showElementById('nowstop_tr','hide');
showElementById('update_base_tr','show');
showElementById('update_jail_tr','show');
showElementById('update_base_force_tr', 'show');
showElementById('update_jail_force_tr', 'show');
break;
case "base":
showElementById('confirmname_tr','hide');
showElementById('nowstop_tr','hide');
showElementById('jail_release_tr', 'show');
showElementById('release_tr','show');
break;
case "autoboot":
showElementById('confirmname_tr','hide');
showElementById('nowstop_tr','hide');
showElementById('auto_boot_tr', 'show');
break;
case "noauto":
showElementById('confirmname_tr','hide');
showElementById('nowstop_tr','hide');
showElementById('no_autoboot_tr', 'show');
break;
case "priority":
showElementById('prioritynumber_tr','show');
break;
case "fstab":
showElementById('confirmname_tr','hide');
showElementById('nowstop_tr','hide');
showElementById('source_path_tr','show');
showElementById('target_path_tr','show');
showElementById('path_check_tr','show');
@@ -499,8 +554,6 @@ function action_change() {
showElementById('nowstop_tr','show');
break;
case "advanced":
showElementById('confirmname_tr','hide');
showElementById('nowstop_tr','hide');
showElementById('advanced_tr','show');
break;
default:
@@ -548,6 +601,7 @@ $document->render();
</thead>
<tbody>
<?php
$b_action = $l_release;
#$current_release = exec("/usr/sbin/jexec {$pconfig['jailname']} freebsd-version 2>/dev/null");
$current_release = "";
@@ -575,6 +629,7 @@ $document->render();
'base' => gettext('Release'),
'autoboot' => gettext('Autoboot'),
'noauto' => gettext('Noauto'),
'priority' => gettext('Priority'),
'fstab' => gettext('Fstab'),
'delete' => gettext('Destroy'),
'advanced' => gettext('Advanced'),
@@ -587,47 +642,56 @@ $document->render();
'raw' => gettext('RAW'),
'tgz' => gettext('TGZ'),
'txz' => gettext('TXZ'),
'tzst' => gettext('TZST'),
'xz' => gettext('XZ'),
'zst' => gettext('ZST'),
];
else:
$c_action = [
'default' => gettext('Default'),
'tgz' => gettext('TGZ'),
'txz' => gettext('TXZ'),
'tzst' => gettext('TZST'),
];
endif;
html_combobox2('action',gettext('Action'),!empty($pconfig['action']),$a_action,'',true,false,'action_change()');
html_combobox2('format',gettext('Archive format'),!empty($pconfig['format']),$c_action,'',true,false);
if ($zfs_activated == "YES"):
html_checkbox2('safemode',gettext('Safe ZFS export'),!empty($pconfig['safemode']) ? true : false,gettext('Safely stop and start a ZFS jail before the exporting process, this has no effect on .TGZ/TXZ since the jail should be stopped regardless.'),'',false);
html_checkbox2('safemode',gettext('Safe Jail export'),!empty($pconfig['safemode']) ? true : false,gettext('Safely stop and start the jail before the exporting process.'),'',false);
html_checkbox2('livemode',gettext('Live ZFS export'),!empty($pconfig['livemode']) ? true : false,gettext('Export a running ZFS jail, safe export overrides this option, this has no effect on .TGZ/TXZ/TZST since the jail should be stopped regardless.'),'',false);
else:
html_checkbox2('safemode',gettext('Safe Jail export'),!empty($pconfig['safemode']) ? true : false,gettext('Safely stop and start the jail before the exporting process.'),'',false);
endif;
html_inputbox2('confirmname',gettext('Enter name for confirmation'),!empty($pconfig['confirmname']),'',true,30);
html_inputbox2('prioritynumber',gettext('Enter priority value'),!empty($pconfig['prioritynumber']),'',true,30);
html_checkbox2('nowstop',gettext('Stop container'),!empty($pconfig['nowstop']) ? true : false,gettext('Stop the container if running before deletion.'),'',false);
html_inputbox2('newname',gettext('Enter a name for the new container'),!empty($pconfig['newname']),'',true,30);
html_inputbox2('newipaddr',gettext('Enter a IP address for the new container'),!empty($pconfig['newipaddr']),'',true,30);
html_checkbox2('clonestop',gettext('Stop container'),!empty($pconfig['clonestop']) ? true : false,gettext('Stop the container if running before cloning, mandatory on UFS filesystem.'),'',false);
html_filechooser("source_path",gtext("Source Data Directory"),!empty($pconfig['source_path']), gtext("Source data directory to be shared, full path here, if the path contain spaces they will be automatically escaped with the ASCII \"\\040\" octal code."), !empty($source_path), false, 60);
html_filechooser("target_path",gtext("Target Data Directory"),!empty($pconfig['target_path']), gtext("Target data directory to be mapped, full path to jail here, if the path contain spaces they will be automatically escaped with the ASCII \"\\040\" octal code."), !empty($target_path), false, 60);
html_checkbox2("path_check", gettext("Source/Target path check"),!empty($pconfig['path_check']) ? true : false, gettext("If this option is selected no examination of the source/target directory paths will be performed."), "<b><font color='red'>".gettext("Please use this option only if you know what you are doing here!")."</font></b>", false);
html_checkbox2('advanced',gettext('Advanced jail configuration Files'),!empty($pconfig['advanced']) ? true : false,gettext('I want to edit the jail files manually, Warning: It is recommended to stop the jail before config edit to prevent issues.'),'',true);
html_filechooser("target_path",gtext("Target Data Directory"),!empty($pconfig['target_path']), gtext("Target data directory to be mapped, full path to jail here, if the path contain spaces they will be automatically escaped with the ASCII \"\\040\" octal code."), !empty($target_path), false, 60);
html_checkbox2("path_check", gettext("Source/Target path check"),!empty($pconfig['path_check']) ? true : false, gettext("If this option is selected no examination of the source/target directory paths will be performed."), "<b><font color='red'>".gettext("Please use this option only if you know what you are doing here!")."</font></b>", false);
html_checkbox2('advanced',gettext('Advanced jail configuration Files'),!empty($pconfig['advanced']) ? true : false,gettext('I want to edit the jail files manually, Warning: It is recommended to stop the jail before editing the config to prevent issues.'),'',true);
html_checkbox2('readonly',gettext('Read-Only Mode'),!empty($pconfig['readonly']) ? true : false,gettext('Set target directory in Read-Only mode.'),'',true);
html_checkbox2('automount',gettext('Auto-mount Nullfs'),!empty($pconfig['automount']) ? true : false,gettext('Auto-mount the nullfs mountpoint if the container is already running.'),'',true);
html_checkbox2('createdir',gettext('Create Target Directory'),!empty($pconfig['createdir']) ? true : true,gettext('Create target directory if missing (recommended).'),'',true);
if ($is_thinjail):
html_checkbox2('update_base',gettext('Base update confirm'),!empty($pconfig['update_base']) ? true : false,gettext('This is a thin container, therefore the base release will be updated, this affects child containers.'),'',true);
//html_checkbox2('update_base',gettext('Base update confirm'),!empty($pconfig['update_base']) ? true : false,gettext('This is a thin container, therefore the base release will be updated, this affects child containers.'),'',true);
//html_checkbox2('update_base_force',gettext('Base update force confirm:'),!empty($pconfig['update_base']) ? true : false,gettext('This will perform a forced base update, this affects child containers.'),'',true);
html_text2('update_base',gettext('Container Update'),htmlspecialchars("This is a thin container, the host is missing some core components to manage updates on this containers, therefore this containers has to be manually upgraded from the command-line."));
else:
html_checkbox2('update_jail',gettext('Container update confirm:'),!empty($pconfig['update_jail']) ? true : false,gettext('This is a thick container, therefore the update will be performed within its root, current containers are not affected.'),'',true);
html_checkbox2('update_jail_force',gettext('Container update force confirm:'),!empty($pconfig['update_jail']) ? true : false,gettext('This will perform a forced jail update, current containers are not affected.'),'',true);
endif;
html_text2('jail_release',gettext('Current base release:'),htmlspecialchars($current_release));
html_text2('auto_boot',gettext('Enable container auto-startup'),htmlspecialchars("This will cause the container to automatically start each time the system restart."));
html_text2('no_autoboot',gettext('Disable container auto-startup'),htmlspecialchars("This will disable the container automatic startup."));
html_text2('backup',gettext('Export container'),htmlspecialchars("This will export a container to a compressed file/image, please execute `bastille export` for more info in regards exporting formats, Default is .XZ on ZFS setups or .TXZ otherwise, For faster compressed backups consider .GZ/.TGZ."));
html_text2('backup',gettext('Export container'),htmlspecialchars("This will export a container to a compressed file/image, please execute `bastille export` for more info in regards exporting formats, Default is .XZ on ZFS setups or .TXZ otherwise, For faster compressed backups consider .ZST/.TZST or .GZ/.TGZ"));
if ($disable_base_change == "no"):
html_combobox2('release',gettext('New base release'),!empty($pconfig['release']),$b_action,gettext("Warning: This will change current shared base to the selected base on the thin container only, the user is responsible for package updates and/or general incompatibilities issues, or use the command line for native upgrade."),true,false,);
endif;
//html_checkbox2('dateadd',gettext('Date'),!empty($pconfig['dateadd']) ? true : false,gettext('Append the date in the following format: ITEM-XXXX-XX-XX-XXXXXX.'),'',false);
?>
</tbody>
</table>

58
gui/css/bastille-header-refresh.css Normal file
View File

@@ -0,0 +1,58 @@
/* bastille_manager.css
Estilo NATIVO (Minimalista)
*/
#refresh-controls {
/* Fondo transparente y sin bordes para integrarse con el tema */
background: transparent;
border: none;
padding: 10px 0;
margin-bottom: 5px;
/* Alineación a la derecha */
display: flex;
justify-content: flex-end;
align-items: center;
gap: 15px;
/* Fuente estándar del sistema */
font-size: 13px;
color: inherit;
}
#refresh-status {
/* Color de texto por defecto del tema (negro/gris) */
color: inherit;
margin-right: 5px;
/* Coloca el texto a la izquierda de los botones */
order: -1;
}
/* Pequeño spinner azul discreto solo cuando actualiza */
#refresh-status.updating .refresh-spinner {
display: inline-block;
width: 10px;
height: 10px;
border: 2px solid #ccc;
border-top-color: #007bff;
border-radius: 50%;
animation: spin 1s linear infinite;
margin-right: 5px;
}
/* Animación del spinner */
@keyframes spin {
to { transform: rotate(360deg); }
}
/* Asegurar que los iconos de la tabla estén centrados verticalmente */
.area_data_selection tbody td img {
vertical-align: middle;
}
/* Centrado perfecto para los checkboxes */
.lcelc {
text-align: center;
vertical-align: middle;
}

181
unionfs.sh Executable file → Normal file
View File

@@ -10,7 +10,7 @@
# Debug script
#set -x
# Copyright (c) 2019-2024, José Rivera (joserprg@gmail.com).
# Copyright (c) 2019-2026, José Rivera (joserprg@gmail.com).
# All rights reserved.
# Redistribution and use in source and binary forms, with or without
@@ -51,20 +51,9 @@ error_notify() {
# Log/notify message on error and exit.
MSG="${*}"
logger -t "${SCRIPTNAME}" "${MSG}"
echo -e "${MSG}" >&2; exit 1
}
platform_check()
{
# Check for working platform.
if [ "${PRDPLATFORM}" = "x64-embedded" ]; then
pkg_symlink
else
if [ -d "/var/cache/pkg" ]; then
echo "Cleaning the pkg cache."
pkg clean -y -a
fi
fi
echo -e "${MSG}" >&2
posterror_exec
exit 1
}
load_kmods() {
@@ -79,7 +68,7 @@ load_kmods() {
# Skip already loaded known modules.
for _req_kmod in ${required_mods}; do
if ! sysrc -f /boot/loader.conf -qn ${_req_kmod}_load=YES | grep -q "YES"; then
if ! sysrc -f /boot/loader.conf -qc ${_req_kmod}_load=YES; then
sysrc -f /boot/loader.conf ${_req_kmod}_load=YES
fi
if ! kldstat -m ${_req_kmod} >/dev/null 2>&1; then
@@ -95,66 +84,95 @@ load_kmods() {
kldload -v ${_lin_kmod}
fi
done
if ! sysrc -qn linux_enable=YES | grep -q "YES"; then
if ! sysrc -qc linux_enable=YES; then
sysrc linux_enable=YES
fi
}
pkg_symlink() {
if ! sysrc -f ${CWDIR}${EXTCONF} -qn LINUX_COMPAT_SUPPORT | grep -q "YES"; then
echo "Creating pkg environment for embedded platforms."
unload_kmods() {
required_mods="fdescfs linprocfs linsysfs tmpfs"
linuxarc_mods="linux linux64"
if [ -d "/var/cache/pkg" ]; then
if [ ! -L "/var/cache/pkg" ]; then
rm -R /var/cache/pkg
mkdir -p ${CWDIR}/system/cache/pkg
ln -vFs ${CWDIR}/system/cache/pkg /var/cache/pkg
fi
else
mkdir -m 0755 -p /var/cache
mkdir -p ${CWDIR}/system/cache/pkg
ln -vFs ${CWDIR}/system/cache/pkg /var/cache/pkg
for _req_kmod in ${required_mods}; do
if sysrc -f /boot/loader.conf -qc ${_req_kmod}_load=YES; then
echo "Unset kernel module: ${_req_kmod}"
sysrc -f /boot/loader.conf -x ${_req_kmod}_load
fi
done
if [ -d "/var/db/pkg" ]; then
if [ ! -L "/var/db/pkg" ]; then
rm -R /var/db/pkg
mkdir -p ${CWDIR}/system/pkg/db
ln -vFs ${CWDIR}/system/pkg/db /var/db/pkg
fi
else
mkdir -p ${CWDIR}/system/pkg/db
ln -vFs ${CWDIR}/system/pkg/db /var/db/pkg
fi
if sysrc -qc linux_enable=YES; then
echo "Unset linux_enable"
sysrc -x linux_enable
fi
}
posterror_exec() {
# Commands to be executed post errors.
unionfs_disable
# Clean for stale pkg.
if [ -d "${CWDIR}/system/All" ]; then
rm -r ${CWDIR}/system/All
fi
}
unionfs_disable() {
# Check and disable uniofs mounts on error.
unionfs_pkgoff
unionfs_off
}
unionfs_pkgon() {
if ! df | grep -q "${CWDIR}/system/var/db/pkg"; then
echo "Enabling UnionFS for ${CWDIR}/system/var/db/pkg."
mount_unionfs -o avobe ${CWDIR}/system/var/db/pkg /var/db/pkg
fi
}
unionfs_pkgoff() {
if df | grep -q "${CWDIR}/system/var/db/pkg"; then
echo "Disabling UnionFS for ${CWDIR}/system/var/db/pkg."
umount -f /var/db/pkg
fi
}
fetch_cmd() {
PKG_LIST="debootstrap debian-keyring"
pkg fetch -y -d -o ${CWDIR}/system/ ${PKG_LIST}
}
fetch_pkg() {
if ! sysrc -f ${CWDIR}${EXTCONF} -qn LINUX_COMPAT_SUPPORT | grep -q "YES"; then
echo "Fetching required packages."
if [ ! -d "/var/db/pkg" ]; then
mkdir -p "/var/db/pkg"
fi
if [ ! -d "${CWDIR}/system/var/db/pkg" ]; then
mkdir -p ${CWDIR}/system/var/db/pkg
fi
# Skip existing packages/ports bundled with XigmaNAS.
#PKGLIST="#bash #ca_root_nss debootstrap #gettext-runtime glib gmp gnugrep gnugpg gnutls #indexinfo libassuan #libedit #libffi libgcrypt libgpg-error #libiconv libidn2 libksba libtasn1 libunistring libxml2 mpdecimal nettle npth p11-kit #pcre perl5 pinentry pinentry-curses #python38 #readline #sqlite3 tpm-emulator #trousers ubuntu-keyring wget"
PKGLIST="debootstrap glib gmp gnugrep gnupg gnutls libassuan libgcrypt libgpg-error libidn2 libksba libtasn1 libunistring libxml2 mpdecimal nettle npth p11-kit perl5 pinentry pinentry-curses tpm-emulator ubuntu-keyring wget"
trap "unionfs_pkgoff" 0 1 2 5 15
unionfs_pkgon
for pkg in ${PKGLIST}; do
pkg fetch -y "${pkg}" || error_notify "Error while fetching required [${pkg}] package, exiting."
done
echo "Fetching required packages."
# Fetch deboostrap and dependency packages.
fetch_cmd || echo "Cleaning addon stale pkg db and retry..."
rm -rf ${CWDIR}/system/var/db/pkg/*
fetch_cmd || error_notify "Error while fetching packages, exiting."
echo "Done."
extract_pkg
unionfs_pkgoff
extract_pkg
}
fetch_debootstrap() {
if ! sysrc -f ${CWDIR}${EXTCONF} -qc LINUX_COMPAT_SUPPORT=YES; then
fetch_pkg
fi
}
extract_pkg() {
echo "Extracting required packages."
if [ "${PRDPLATFORM}" = "x64-embedded" ]; then
FILELIST=$(find "${CWDIR}/system/cache/pkg" -type f)
LINKLIST=$(find "${CWDIR}/system/cache/pkg" -type l)
else
FILELIST=$(find "/var/cache/pkg" -type f)
LINKLIST=$(find "/var/cache/pkg" -type l)
fi
FILELIST=$(find "${CWDIR}/system/All" -type f)
for item in ${FILELIST}; do
if [ -f "${item}" ]; then
@@ -163,59 +181,68 @@ extract_pkg() {
fi
done
# Clean leftovers pkg symlinks
if [ "${PRDPLATFORM}" = "x64-embedded" ]; then
for item in ${LINKLIST}; do
if [ -L "${item}" ]; then
rm -rf ${item}
fi
done
else
echo "Cleaning the pkg cache."
pkg clean -y -a
if [ -d "${CWDIR}/system/All" ]; then
rm -r ${CWDIR}/system/All
fi
if [ ! -d "${CWDIR}/templates" ]; then
mkdir -p ${CWDIR}/templates
fi
if [ ! -d "${CWDIR}/system/var/run" ]; then
mkdir -p ${CWDIR}/system/var/run
fi
echo "Done."
}
unionfs_on() {
if ! df | grep -q "${CWDIR}/system/usr/local"; then
echo "Enabling UnionFS mount for ${CWDIR}/system/usr/local."
mount_unionfs -o below ${CWDIR}/system/usr/local /usr/local
echo "Enabling UnionFS for ${CWDIR}/system/usr/local."
mount_unionfs -o above ${CWDIR}/system/usr/local /usr/local
fi
if ! df | grep -q "${CWDIR}/system/var/run"; then
echo "Enabling UnionFS mount for ${CWDIR}/system/var/run."
mount_unionfs -o below ${CWDIR}/system/var/run /var/run
echo "Enabling UnionFS for ${CWDIR}/system/var/run."
mount_unionfs -o avobe ${CWDIR}/system/var/run /var/run
fi
}
unionfs_off() {
if df | grep -q "${CWDIR}/system/usr/local"; then
echo "Disabling UnionFS mounts for ${CWDIR}/system/usr/local."
echo "Disabling UnionFS for ${CWDIR}/system/usr/local."
umount -f /usr/local
fi
if df | grep -q "${CWDIR}/system/var/run"; then
echo "Disabling UnionFS mounts for ${CWDIR}/system/var/run."
echo "Disabling UnionFS for ${CWDIR}/system/var/run."
umount -f /var/run
fi
}
update_debootstrap() {
echo "Updating debootstrap..."
unionfs_off
fetch_pkg
}
case "${1}" in
fetch_pkg)
platform_check
fetch_pkg
fetch_debootstrap)
fetch_debootstrap
;;
load_kmods)
load_kmods
;;
unload_kmods)
unload_kmods
;;
unionfs_on)
unionfs_on
;;
unionfs_off)
unionfs_off
;;
update_debootstrap)
update_debootstrap
;;
esac

2
version
View File

@@ -1 +1 @@
1.1.39
1.4.04