Bastille was released in version 0.8. The tool automates and manages jails under FreeBSD, i.e. operating system and application containers. An instance of a FreeBSD jail provided with Bastille with the full range of commands of the base system only requires around 10 to 12 Mbytes of space on the data carrier.

Improved and dynamic templates The version jump brings some innovations and improvements . The Bastille templates now run completely natively. Each jail or container is automatically based on a self-explanatory template: base, empty, thick, thin and vnet. Another new feature is that the templates are dynamically, for example, using $ JAIL_NAME or $ JAIL_IP can be individually parameterized.

When updating from version 0.7 to 0.8, it should be noted that the syntax in the configuration files has changed slightly and users can save their existing templates via bastille template –convert … have to adapt. The templates can also be created individually or downloaded from the public GitLab directory.

FreeBSD 13 on board In addition to the current and older FreeBSD versions, Bastille 0.8 can also do the in FreeBSD under development 13 – provide CURRENT. As usual, it should be noted that the FreeBSD version of the host must not be older than the version of the jail. On 64 – bit hosts can be 32 – Create and start bit jails, the reverse is not possible.

With bastille config get | set users from version 0.8 can define individual values ​​in the configuration file (/ usr / local / bastille / jails //jail.conf) read out or set via scripts. A ALL as the jail name applies the action to all jails.

The software was developed by Christer Edwards, who was previously involved in SaltStack, which has now been taken over by VMware, and who was responsible for it as a maintainer. He took over parts of the security mechanisms for Bastille from the HubbleStack, which he also helped to design and on which SaltStack SecOps is based. Bastille is under the free BSD 3 Clause license, has no dependencies (25 KByte download via pkg install bastille ) and is for all supported platforms by amd 64, i 386, sparc 64, powerpc 64 up to aarch 64 (Raspberry Pi 3/4) available.

See also:

Configuration management: Open source tools for configuration management; iX 1 / 2021, S. 96. (fo)