random- collection of un-sorted bollocks |
git clone git://git.acid.vegas/random.git |
Log | Files | Refs | Archive |
mkchroot (5811B)
1 #!/bin/sh 2 # developed by acidvegas (https://acid.vegas/random) 3 4 set -e 5 6 CHROOT_BASE="/var/jail" 7 8 display_help() { 9 echo "usage: mkchroot [option]" 10 echo -e "\nexample: mkchroot --create=acidvegas bash cp irssi ls mkdir mv rm screen wget" 11 echo -e "\noptions:" 12 echo " -c, --create=USER <cmds> create a new chroot jail" 13 echo " -d, --destroy=USER destroy a chroot jail" 14 echo " -l, --list list chroot jails" 15 echo " -h, --help display this help and exit" 16 } 17 18 create_jail() { 19 [ $EUID -ne 0 ] && echo "insufficent privledges" && exit 1 20 if [ ${#1} -ne 2 ]; then 21 CHROOT_USER="${1#*=}" 22 CHROOT_CMDS="${@:2}" 23 else 24 CHROOT_USER=$2 25 CHROOT_CMDS="${@:3}" 26 fi 27 CHROOT_DIR="$CHROOT_BASE/$CHROOT_USER" 28 CHROOT_PWD="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 25 | head -n 1)" 29 [ -d $CHROOT_DIR ] && echo "chroot jail already exists for $CHROOT_USER at $CHROOT_DIR" && exit 1 30 echo "creating initial directory structure..." 31 mkdir -v $CHROOT_DIR 32 mkdir -pv $CHROOT_DIR/{dev,etc,home,proc,usr} 33 mkdir -v $CHROOT_DIR/dev/pts 34 mkdir -v $CHROOT_DIR/home/$CHROOT_USER 35 mkdir -v $CHROOT_DIR/usr/share 36 echo "making required devices nodes..." 37 mknod -m 666 $CHROOT_DIR/dev/null c 1 3 38 echo "created device node: $CHROOT_DIR/dev/null" 39 mknod -m 666 $CHROOT_DIR/dev/tty c 5 0 40 echo "created device node: $CHROOT_DIR/dev/tty" 41 mknod -m 666 $CHROOT_DIR/dev/random c 1 8 42 echo "created device node: $CHROOT_DIR/dev/random" 43 mknod -m 666 $CHROOT_DIR/dev/zero c 1 5 44 echo "created device node: $CHROOT_DIR/dev/zero" 45 echo "copying required shared libraries..." 46 for x in ${CHROOT_CMDS[@]}; do 47 for y in $(ldd $(which $x)|grep -v dynamic|cut -d " " -f 3|sed 's/://'|sort|uniq); do 48 cp --parents -v $y $CHROOT_DIR 49 done 50 done 51 echo "copying additional required files..." 52 if [ ! -d $CHROOT_DIR/bin ] && [ -d $CHROOT_DIR/usr/bin ]; then 53 cp -r $CHROOT_DIR/usr/bin $CHROOT_DIR/bin # This can be improved. 54 fi 55 if [ ! -d $CHROOT_DIR/lib ] && [ -d $CHROOT_DIR/usr/lib ]; then 56 cp -r $CHROOT_DIR/usr/lib $CHROOT_DIR/lib # This can be improved. 57 fi 58 cp -v /etc/{hosts,ld.so.cache,ld.so.conf,localtime,nsswitch.conf,resolv.conf} $CHROOT_DIR/etc/ 59 cp -v /lib/ld-linux.so.* $CHROOT_DIR/lib/ 60 cp -rv /lib/terminfo/ $CHROOT_DIR/lib/ 61 cp -rv /usr/share/terminfo/ $CHROOT_DIR/usr/share/ 62 grep $CHROOT_USER /etc/passwd > $CHROOT_DIR/etc/passwd 63 grep $CHROOT_USER /etc/group > $CHROOT_DIR/etc/group 64 grep $CHROOT_USER /etc/shadow > $CHROOT_DIR/etc/shadow 65 echo -e "[[ \$- != *i* ]] && return\nalias ls='ls --color=auto'\nPS1='\e[1;30mjail\e[0m | \e[1;34m> \e[0;32m\w \e[0;37m: '" > $CHROOT_DIR/home/$CHROOT_USER/.bash_profile 66 if ! id $CHROOT_USER >/dev/null 2>&1; then 67 useradd -s /bin/bash -M -p $CHROOT_PWD $CHROOT_USER 68 echo "added $CHROOT_USER user" 69 fi 70 if [ ! $(getent group jail) ]; then 71 groupadd jail 72 echo "added jail group" 73 fi 74 if ! getent group jail | grep &>/dev/null "\b${CHROOT_USER}\b"; then 75 gpasswd -a $CHROOT_USER jail 76 echo "added $CHROOT_USER to jail group" 77 fi 78 echo "setting permissions..." 79 chown -v root:root $CHROOT_DIR 80 chown -v root:tty $CHROOT_DIR/dev/tty 81 chown -v $CHROOT_USER:$CHROOT_USER $CHROOT_DIR/home/$CHROOT_USER 82 chmod -Rv 755 $CHROOT_DIR/home/$CHROOT_USER 83 chattr +i $CHROOT_DIR/etc/group 84 chattr +i $CHROOT_DIR/etc/hosts 85 chattr +i $CHROOT_DIR/etc/nsswitch.conf 86 chattr +i $CHROOT_DIR/etc/passwd 87 chattr +i $CHROOT_DIR/etc/resolv.conf 88 chattr +i $CHROOT_DIR/etc/shadow 89 echo "mounting pseudoterminal slave device on $CHROOT_DIR/dev/pts" 90 if ! grep -q "devpts $CHROOT_DIR/dev/pts devpts rw,noatime,mode=600,ptmxmode=000 0 0" /etc/fstab; then 91 echo -e "\ndevpts $CHROOT_DIR/dev/pts devpts rw,noatime,mode=600,ptmxmode=000 0 0" >> /etc/fstab 92 mount -av 93 fi 94 if ! grep -q "proc $CHROOT_DIR/proc proc rw,noatime,gid=26,hidepid=2 0 0" /etc/fstab; then 95 echo -e "\nproc $CHROOT_DIR/proc proc rw,noatime,gid=26,hidepid=2 0 0" >> /etc/fstab 96 mount -av 97 fi 98 if grep -q "AuthorizedKeysFile" /etc/ssh/sshd_config; then 99 if ! grep -q "AuthorizedKeysFile /etc/ssh/authorized_keys/%u" /etc/ssh/sshd_config; then 100 sed 's/AuthorizedKeysFile.*/AuthorizedKeysFile /etc/ssh/authorized_keys/%u/' /etc/ssh/sshd_config > /etc/ssh/sshd_config 101 echo "updated sshd_config with AuthorizedKeysFile" 102 fi 103 else 104 sed -i "1iAuthorizedKeysFile /etc/ssh/authorized_keys/%u" /etc/ssh/sshd_config 105 fi 106 if ! grep $'Match Group jail\n\tChrootDirectory /var/jail/%u' /etc/ssh/sshd_config; then 107 echo -e "\nMatch Group jail\n\tChrootDirectory /var/jail/%u" >> /etc/ssh/sshd_config 108 echo "updated sshd_config with ChrootDirectory" 109 fi 110 echo -e "\nchroot jail for $CHROOT_USER created at $CHROOT_DIR" 111 echo "password for $CHROOT_USER is: $CHROOT_PWD" 112 } 113 114 destroy_jail() { 115 [ $EUID -ne 0 ] && echo "insufficent privledges" && exit 1 116 if [[ ${#1} -ne 2 ]]; then 117 CHROOT_USER="${1#*=}" 118 else 119 CHROOT_USER=$2 120 fi 121 CHROOT_DIR="$CHROOT_BASE/$CHROOT_USER" 122 if mount | grep -q "$CHROOT_DIR/dev/pts"; then 123 umount -v $CHROOT_DIR/dev/pts 124 echo "unmounted pseudoterminal slave device" 125 fi 126 if mount | grep -q "$CHROOT_DIR/proc"; then 127 umount -v $CHROOT_DIR/proc 128 echo "unmounted proc device" 129 fi 130 if [ -d $CHROOT_DIR ]; then 131 chattr -i $CHROOT_DIR/etc/* 132 rm -rfv $CHROOT_DIR 133 fi 134 if id $CHROOT_USER >/dev/null 2>&1; then 135 userdel -f $CHROOT_USER 136 echo "deleted $CHROOT_USER user" 137 fi 138 echo "jail destroyed" 139 } 140 141 list_jails() { 142 CHROOT_DIRS=$(getent group jail | cut -d: -f4 | sed 's/,/ /g') 143 for i in ${CHROOT_DIRS[@]}; do 144 echo " * $i" 145 done 146 } 147 148 [ "$#" -eq 0 ] && echo -e "invalid or missing arguments\n" && display_help && exit 1 149 case $1 in 150 -c|--create=*) create_jail "$@" ;; 151 -d|--destroy=*) destroy_jail "$@" ;; 152 -l|--list) list_jails ;; 153 -h|--help) display_help ;; 154 *) echo -e "invalid or missing arguments\n"; display_help ; exit 1;; 155 esac