random

- collection of un-sorted bollocks
git clone git://git.acid.vegas/random.git
Log | Files | Refs | Archive

mkchroot (5811B)

      1 #!/bin/sh
      2 # developed by acidvegas (https://acid.vegas/random)
      3 
      4 set -e
      5 
      6 CHROOT_BASE="/var/jail"
      7 
      8 display_help() {
      9 	echo "usage: mkchroot [option]"
     10 	echo -e "\nexample: mkchroot --create=acidvegas bash cp irssi ls mkdir mv rm screen wget"
     11 	echo -e "\noptions:"
     12 	echo "  -c, --create=USER   <cmds>  create a new chroot jail"
     13 	echo "  -d, --destroy=USER          destroy a chroot jail"
     14 	echo "  -l, --list                  list chroot jails"
     15 	echo "  -h, --help                  display this help and exit"
     16 }
     17 
     18 create_jail() {
     19 	[ $EUID -ne 0 ] && echo "insufficent privledges" && exit 1
     20 	if [ ${#1} -ne 2 ]; then
     21 		CHROOT_USER="${1#*=}"
     22 		CHROOT_CMDS="${@:2}"
     23 	else
     24 		CHROOT_USER=$2
     25 		CHROOT_CMDS="${@:3}"
     26 	fi
     27 	CHROOT_DIR="$CHROOT_BASE/$CHROOT_USER"
     28 	CHROOT_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 25 | head -n 1)"
     29 	[ -d $CHROOT_DIR ] && echo "chroot jail already exists for $CHROOT_USER at $CHROOT_DIR" && exit 1
     30 	echo "creating initial directory structure..."
     31 	mkdir -v $CHROOT_DIR
     32 	mkdir -pv $CHROOT_DIR/{dev,etc,home,proc,usr}
     33 	mkdir -v $CHROOT_DIR/dev/pts
     34 	mkdir -v $CHROOT_DIR/home/$CHROOT_USER
     35 	mkdir -v $CHROOT_DIR/usr/share
     36 	echo "making required devices nodes..."
     37 	mknod -m 666 $CHROOT_DIR/dev/null c 1 3
     38 	echo "created device node: $CHROOT_DIR/dev/null"
     39 	mknod -m 666 $CHROOT_DIR/dev/tty c 5 0
     40 	echo "created device node: $CHROOT_DIR/dev/tty"
     41 	mknod -m 666 $CHROOT_DIR/dev/random c 1 8
     42 	echo "created device node: $CHROOT_DIR/dev/random"
     43 	mknod -m 666 $CHROOT_DIR/dev/zero c 1 5
     44 	echo "created device node: $CHROOT_DIR/dev/zero"
     45 	echo "copying required shared libraries..."
     46 	for x in ${CHROOT_CMDS[@]}; do
     47 		for y in $(ldd $(which $x)|grep -v dynamic|cut -d " " -f 3|sed 's/://'|sort|uniq); do
     48 			cp --parents -v $y $CHROOT_DIR
     49 		done
     50 	done
     51 	echo "copying additional required files..."
     52 	if [ ! -d $CHROOT_DIR/bin ] && [ -d $CHROOT_DIR/usr/bin ]; then
     53 		cp -r $CHROOT_DIR/usr/bin $CHROOT_DIR/bin	# This can be improved.
     54 	fi
     55 	if [ ! -d $CHROOT_DIR/lib ] && [ -d $CHROOT_DIR/usr/lib ]; then
     56 		cp -r $CHROOT_DIR/usr/lib $CHROOT_DIR/lib	# This can be improved.
     57 	fi
     58 	cp -v /etc/{hosts,ld.so.cache,ld.so.conf,localtime,nsswitch.conf,resolv.conf} $CHROOT_DIR/etc/
     59 	cp -v /lib/ld-linux.so.* $CHROOT_DIR/lib/
     60 	cp -rv /lib/terminfo/ $CHROOT_DIR/lib/
     61 	cp -rv /usr/share/terminfo/ $CHROOT_DIR/usr/share/
     62 	grep $CHROOT_USER /etc/passwd > $CHROOT_DIR/etc/passwd
     63 	grep $CHROOT_USER /etc/group  > $CHROOT_DIR/etc/group
     64 	grep $CHROOT_USER /etc/shadow > $CHROOT_DIR/etc/shadow
     65 	echo -e "[[ \$- != *i* ]] && return\nalias ls='ls --color=auto'\nPS1='\e[1;30mjail\e[0m | \e[1;34m> \e[0;32m\w \e[0;37m: '" > $CHROOT_DIR/home/$CHROOT_USER/.bash_profile
     66 	if ! id $CHROOT_USER >/dev/null 2>&1; then
     67 		useradd -s /bin/bash -M -p $CHROOT_PWD $CHROOT_USER
     68 		echo "added $CHROOT_USER user"
     69 	fi
     70 	if [ ! $(getent group jail) ]; then
     71 		groupadd jail
     72 		echo "added jail group"
     73 	fi
     74 	if ! getent group jail | grep &>/dev/null "\b${CHROOT_USER}\b"; then
     75 		gpasswd -a $CHROOT_USER jail
     76 		echo "added $CHROOT_USER to jail group"
     77 	fi
     78 	echo "setting permissions..."
     79 	chown -v root:root $CHROOT_DIR
     80 	chown -v root:tty $CHROOT_DIR/dev/tty
     81 	chown -v $CHROOT_USER:$CHROOT_USER $CHROOT_DIR/home/$CHROOT_USER
     82 	chmod -Rv 755 $CHROOT_DIR/home/$CHROOT_USER
     83 	chattr +i $CHROOT_DIR/etc/group
     84 	chattr +i $CHROOT_DIR/etc/hosts
     85 	chattr +i $CHROOT_DIR/etc/nsswitch.conf
     86 	chattr +i $CHROOT_DIR/etc/passwd
     87 	chattr +i $CHROOT_DIR/etc/resolv.conf
     88 	chattr +i $CHROOT_DIR/etc/shadow
     89 	echo "mounting pseudoterminal slave device on $CHROOT_DIR/dev/pts"
     90 	if ! grep -q "devpts $CHROOT_DIR/dev/pts devpts rw,noatime,mode=600,ptmxmode=000 0 0" /etc/fstab; then
     91 		echo -e "\ndevpts $CHROOT_DIR/dev/pts devpts rw,noatime,mode=600,ptmxmode=000 0 0" >> /etc/fstab
     92 		mount -av
     93 	fi
     94 	if ! grep -q "proc $CHROOT_DIR/proc proc rw,noatime,gid=26,hidepid=2 0 0" /etc/fstab; then
     95 		echo -e "\nproc $CHROOT_DIR/proc proc rw,noatime,gid=26,hidepid=2 0 0" >> /etc/fstab
     96 		mount -av
     97 	fi
     98 	if grep -q "AuthorizedKeysFile" /etc/ssh/sshd_config; then
     99 		if ! grep -q "AuthorizedKeysFile /etc/ssh/authorized_keys/%u" /etc/ssh/sshd_config; then
    100 			sed 's/AuthorizedKeysFile.*/AuthorizedKeysFile /etc/ssh/authorized_keys/%u/' /etc/ssh/sshd_config > /etc/ssh/sshd_config
    101 			echo "updated sshd_config with AuthorizedKeysFile"
    102 		fi
    103 	else
    104 		sed -i "1iAuthorizedKeysFile /etc/ssh/authorized_keys/%u" /etc/ssh/sshd_config
    105 	fi
    106 	if ! grep $'Match Group jail\n\tChrootDirectory /var/jail/%u' /etc/ssh/sshd_config; then
    107 		echo -e "\nMatch Group jail\n\tChrootDirectory /var/jail/%u" >> /etc/ssh/sshd_config
    108 		echo "updated sshd_config with ChrootDirectory"
    109 	fi
    110 	echo -e "\nchroot jail for $CHROOT_USER created at $CHROOT_DIR"
    111 	echo "password for $CHROOT_USER is: $CHROOT_PWD"
    112 }
    113 
    114 destroy_jail() {
    115 	[ $EUID -ne 0 ] && echo "insufficent privledges" && exit 1
    116 	if [[ ${#1} -ne 2 ]]; then
    117 		CHROOT_USER="${1#*=}"
    118 	else
    119 		CHROOT_USER=$2
    120 	fi
    121 	CHROOT_DIR="$CHROOT_BASE/$CHROOT_USER"
    122 	if mount | grep -q "$CHROOT_DIR/dev/pts"; then
    123 		umount -v $CHROOT_DIR/dev/pts
    124 		echo "unmounted pseudoterminal slave device"
    125 	fi
    126 	if mount | grep -q "$CHROOT_DIR/proc"; then
    127 		umount -v $CHROOT_DIR/proc
    128 		echo "unmounted proc device"
    129 	fi
    130 	if [ -d $CHROOT_DIR ]; then
    131 		chattr -i $CHROOT_DIR/etc/*
    132 		rm -rfv $CHROOT_DIR
    133 	fi
    134 	if id $CHROOT_USER >/dev/null 2>&1; then
    135 		userdel -f $CHROOT_USER
    136 		echo "deleted $CHROOT_USER user"
    137 	fi
    138 	echo "jail destroyed"
    139 }
    140 
    141 list_jails() {
    142 	CHROOT_DIRS=$(getent group jail | cut -d: -f4 | sed 's/,/ /g')
    143 	for i in ${CHROOT_DIRS[@]}; do
    144 		echo " * $i"
    145 	done
    146 }
    147 
    148 [ "$#" -eq 0 ] && echo -e "invalid or missing arguments\n" && display_help && exit 1
    149 case $1 in
    150 	-c|--create=*)  create_jail  "$@" ;;
    151 	-d|--destroy=*) destroy_jail "$@" ;;
    152 	-l|--list)      list_jails        ;;
    153 	-h|--help)      display_help      ;;
    154 	*) echo -e "invalid or missing arguments\n"; display_help ; exit 1;;
    155 esac