• Stars
    star
    130
  • Rank 277,575 (Top 6 %)
  • Language
    Shell
  • License
    BSD 3-Clause "New...
  • Created about 2 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple and easy-to-use tool for creating portable jails.


AppJail

AppJail is an open-source BSD-3 licensed framework entirely written in sh(1) and C to create isolated, portable and easy to deploy environments using FreeBSD jails that behaves like an application.

Its goals are to simplify life for sysadmins and developers by providing a unified interface that automates the jail workflow by combining the base FreeBSD tools.

AppJail offers simple ways to do complex things.

Features

  • Easy to use.
  • Parallel startup (Healthcheckers, Jails & NAT).
  • UFS and ZFS support.
  • RACCT/RCTL support.
  • NAT support.
  • Port expose - network port forwarding into jail.
  • IPv4 and IPv6 support.
  • DHCP and SLAAC support.
  • Virtual networks - A jail can be on several virtual networks at the same time.
  • Bridge support.
  • VNET support
  • Deploy your applications much easier using Makejail!
  • Netgraph support.
  • LinuxJails support.
  • Supports thin and thick jails.
  • TinyJails - Experimental feature to create a very stripped down jail that is very useful to distribute.
  • Startup order control - Using priorities and the boot flag makes management much easier.
  • Jail dependency support.
  • Initscripts - Make your jails interactive!
  • Backup your jails using tarballs or raw images (ZFS only) with a single command.
  • Modular structure - each command is a unique file that has its own responsability in AppJail. This makes AppJail maintenance much easier.
  • Table interface - many commands have a table-like interface, which is very familiar to many sysadmin tools.
  • No databases - each configuration is separated in each entity (networks, jails, etc.) which makes maintenance much easier.
  • Healthcheckers - Monitor your jails and make sure they are healthy!
  • Images - Your jail in a single file!
  • DEVFS support - Dynamic device management!
  • ...

Documentation

AppJail Documentation

Comparing AppJail

How does AppJail compare to other FreeBSD jail frameworks?

Support

Need help using AppJail?

Design decisions

Characters Allowed:

  • Jail Name, Network Name, Custom Stage and Volume Name: Although jail names can use any character (except .), AppJail does not use any possible character. Valid regex is ^[a-zA-Z0-9_][a-zA-Z0-9_-]*$.
  • Interface Name: For interface names, the regex is ^[a-zA-Z0-9_][a-zA-Z0-9_.]*$.
  • JNG: For jng, the regex is ^[a-zA-Z_]+[a-zA-Z0-9_]*$ and for its links the regex is ^[0-9a-zA-Z_]+$.

AppJail tries to not modify the host:

Such as making changes to rc.conf(5), sysctl.conf(5), the firewall configuration file, etc. It is preferable that the user is aware of such changes, this simplifies a lot.

AppJail tries not to be interactive

AppJail tries not to play with jails created not by itself

AppJail tries not to automate everything:

Instead of using one command to do a lot of work, it is preferable to combine small commands. A perfect example is appjail makejail which leaves the responsability to the main commands.

AppJail is not focused on building software:

There are very interesting projects like poudriere or synth that can also create a custom repository. Use that custom repository in a jail created by AppJail to install your ports.

TODO

  • Add support for ipfw and ipfilter.
  • Although Makejails can be retrieved anywhere by the methods described in INCLUDE, a centralized repository to easily retrieve generic Makejails is useful. This can be done on Github or Gitlab. (See https://github.com/AppJail-makejails).
  • Create Makejails for applications. It is a difficult job to do alone, but with many people it is feasible. (Done using the centralized repository, of course this is in progress anyway).
  • rc scripts to start resource limitation rules, nat for jails and to expose ports. appjail quick and appjail-config do this job, but it can be useful to spend less time starting/stopping jails.
  • Implement a supervisor. (Done using a similar way to supervise jails and their services named Healthcheckers).
  • Add option to appjail config to check if the parameters of a template are valid for jail(8). (Done with the new tool, appjail-config)
  • Implement all jail(8) parameters in appjail quick.
  • The jng script is useful, but AppJail must create the Netgraph nodes in the same way as bridges and epairs.
  • Man pages (WIP):
    • appjail(1)
    • appjail-ajspec(5)
    • appjail-apply(1)
    • appjail-checkOld(1)
    • appjail-cmd(1)
    • appjail-cpuset(1)
    • appjail-conf(5)
    • appjail-config(1)
    • appjail-deleteOld(1)
    • appjail-devfs(1)
    • appjail-disable(1)
    • appjail-dns(8)
    • appjail-enable(1)
    • appjail-enabled(1)
    • appjail-etcupdate(1)
    • appjail-expose(1)
    • appjail-fetch(1)
    • appjail-fstab(1)
    • appjail-healthcheck(1)
    • appjail-help(1)
    • appjail-image(1)
    • appjail-jail(1)
    • appjail-limits(1)
    • appjail-login(1)
    • appjail-logs(1)
    • appjail-makejail(1)
    • appjail-makejail(5)
    • appjail-nat(1):
    • appjail-network(1)
    • appjail-pkg(1)
    • appjail-quick(1)
    • appjail-restart(1)
    • appjail-rstop(1)
    • appjail-run(1)
    • appjail-service(1)
    • appjail-start(1)
    • appjail-startup(1)
    • appjail-status(1)
    • appjail-stop(1)
    • appjail-sysrc(1)
    • appjail-template(5)
    • appjail-tutorial(7)
    • appjail-update(1)
    • appjail-upgrade(1)
    • appjail-usage(1)
    • appjail-user(8)
    • appjail-volume(1)
    • appjail-version(1)
    • appjail-zfs(1)

Contributing

If you have found a bug, have an idea or need help, use the issue tracker. Of course, PRs are welcome.

More Repositories

1

rwwwshell

rwwwshell: Getting a reverse shell with Mr. Robot ;)
Perl
28
star
2

director

Define and run multi-jail environments with AppJail
Python
13
star
3

BreadBad

Geolocalizacion IP desde la consola con un script de python llamado BreadBad
Python
11
star
4

LittleJet

Create, deploy, manage and scale FreeBSD jails anywhere
Shell
10
star
5

Winp

Winp: Crea tu botnet desde tu casa
Python
9
star
6

Rifap

Una herramienta para mostrar la informacion importante de un numero telefonico aceptando hasta 232 paises
Python
6
star
7

OS-NOTES

Notas de sistemas operativos
5
star
8

reverse-shell-sdc

Shell reversa usando el protocolo sdc
Python
4
star
9

mediafire2links

Obt茅n los enlaces de descarga, ya sea de un 煤nico archivo o una carpeta entera.
Python
3
star
10

Dense

Dense: Simple Geolocalizador IP por medio de una interfaz WEB
HTML
3
star
11

Shalom

Algoritmo de cifrado
Python
3
star
12

seth

Seth es una peque帽a herramienta para recopilar informaci贸n de puntos de acceso a nuestro alrededor
C
3
star
13

unk

Simplemente una API modular usando tornado
Python
2
star
14

Spactra

Un sencillo programa para el control de Gnu/Linux usando SMS
C
2
star
15

Erica

Este es un peque帽o programa para encontrar contrase帽as mediante hashes MD5.
Python
2
star
16

convex

Convex: Usa un proxy en tu aplicaci贸n hecha en python
Python
2
star
17

Lucrecia

Python
2
star
18

tftool

tftool: It is an educational program to transfer files trying to be as minimalist as possible.
C
2
star
19

sdc

Un protocolo de comunicaci贸n en la capa aplicaci贸n para la comunicaci贸n entre sockets de forma segura
Python
2
star
20

reproduce

AppJail image builder.
Shell
2
star
21

chat-sdc

Una aplicaci贸n de chateo usando el protocolo SDC de ejemplo
Python
1
star
22

DtxdF

1
star
23

noeh

Un generador de puertas traseras en formato PHP para la interaccion de la terminal local del servidor por medio de python
Python
1
star
24

floppy

Enviar correos electr贸nicos a trav茅s de tu script nunca fue tan f谩cil
Python
1
star
25

CLIConfig

Una librer铆a y una utilidad de l铆nea de comandos para leer e interactuar con los archivos de configuraci贸n.CONF
C
1
star
26

Miindeath

Mindeath (Minimalist death): Es una shell inversa que trata de ser lo m谩s b谩sica posible
Python
1
star
27

combo

combo es una peque帽a herramienta para cifrar y descifrar archivos usando el algoritmo de Shalom
Python
1
star
28

sopelPlugins

Plugins para sopel
Python
1
star
29

AppJail.setup

POSIX shell script to easily configure AppJail interactively.
Shell
1
star
30

AppJail.docs

Official AppJail documentation.
1
star