pendrag00n / chrooter Goto Github PK
View Code? Open in Web Editor NEWScript to automatically set up a chroot environment
License: GNU General Public License v3.0
Script to automatically set up a chroot environment
License: GNU General Public License v3.0
Prevent the chroot folder from exceeding a certain size
Instead of editing "chrootpath, chrootuser, corebinares, binaries" in chrooter.sh with this we can edit it with settings.conf
we use this as chrooter.sh
`#!/bin/bash
source settings.conf
RED='\033[1;91m'
YEL='\033[1;93m'
BLU='\033[1;94m'
NC='\033[0m' # No Color
if [ "$EUID" -ne 0 ]; then
echo ""
echo -e "${RED} ERROR: Please run this script as root.${NC}"
echo ""
exit 1
fi
for binary in "${binaries[@]}"; do
if ! which "$binary" >/dev/null; then
echo ""
echo -e "${RED} ERROR:
echo ""
exit 1
fi
done
for binary in "${corebinaries[@]}"; do
if ! which "$binary" >/dev/null; then
echo ""
echo -e "${RED} ERROR:
echo ""
exit 1
fi
done
if id -u $chrootuser >/dev/null 2>&1; then
echo ""
echo -e "${RED} ERROR: User
echo ""
exit 1
fi
if ! [[ $chrootpath =~ ^/ ]]; then
echo ""
echo -e "${RED} ERROR:
echo ""
exit 1
fi
if [ ${chrootpath: -1} = "/" ]; then
chrootpath=${chrootpath::-1}
fi
if [ -d $chrootpath ]; then
echo ""
echo -e "${RED} ERROR: The directory
echo ""
exit 1
else
mkdir -p $chrootpath
echo "Creating $chrootpath..."
fi
useradd $chrootuser -c "Chrooted user" -s /bin/bash
echo "Creating user $chrootuser..."
mkdir -p "$chrootpath"/{dev,etc,lib64,lib,bin,home}
mknod -m 666 "$chrootpath"/dev/null c 1 3
echo "Creating /dev/null..."
mknod -m 666 "$chrootpath"/dev/zero c 1 5
echo "Creating /dev/zero..."
mknod -m 666 "$chrootpath"/dev/random c 1 8
echo "Creating /dev/random..."
mknod -m 666 "$chrootpath"/dev/urandom c 1 9
echo "Creating /dev/urandom..."
mknod -m 666 "$chrootpath"/dev/tty c 5 0
echo "Creating /dev/tty..."
echo ""
chown root:root "$chrootpath"
chmod 0755 "$chrootpath"
echo "Setting permissions and ownership for $chrootpath..."
cp -f /etc/{passwd,group} "$chrootpath"/etc/
echo "Copying /etc/passwd and /etc/group to $chrootpath/etc..."
[ -d "$chrootpath"/home/$chrootuser ] || mkdir -p "$chrootpath"/home/$chrootuser
chown -R $chrootuser:$chrootuser "$chrootpath"/home/$chrootuser
chmod -R 0700 "$chrootpath"/home/$chrootuser
echo ""
echo "Copying core binaries to $chrootpath/bin..."
mainlib=$(ldd /bin/bash | grep -v "=>" | grep "lib" | cut -d " " -f 1 | tr -d '[:blank:]')
libtype=$(echo "$mainlib" | cut -d "/" -f 2)
cp "$mainlib" "$chrootpath"/"$libtype"
for binary in "${corebinaries[@]}"; do
cp /bin/"$binary" "$chrootpath"/bin/
echo "Copying /bin/$binary to $chrootpath/bin..."
ldd /bin/"$binary" | grep "=> /" | awk '{print $3}' | while read -r dep; do
if [[ $dep == /lib* ]]; then
cp "$dep" "$chrootpath/lib/"
elif [[ $dep == /lib64* ]]; then
cp "$dep" "$chrootpath/lib64/"
fi
done
done
echo ""
echo "Copying the rest of binaries to $chrootpath/bin..."
mainlib=$(ldd /bin/bash | grep -v "=>" | grep "lib" | cut -d " " -f 1 | tr -d '[:blank:]')
libtype=$(echo "$mainlib" | cut -d "/" -f 2)
cp "$mainlib" "$chrootpath"/"$libtype"
for binary in "${binaries[@]}"; do
cp /bin/"$binary" "$chrootpath"/bin/
echo "Copying /bin/$binary to $chrootpath/bin..."
ldd /bin/"$binary" | grep "=> /" | awk '{print $3}' | while read -r dep; do
if [[ $dep == /lib* ]]; then
cp "$dep" "$chrootpath/lib/"
elif [[ $dep == /lib64* ]]; then
cp "$dep" "$chrootpath/lib64/"
fi
done
done
echo ""
echo "Setting $chrootuser's BASH envivorement..."
echo 'PATH="/bin/"' >"$chrootpath"/home/$chrootuser/.bashrc
echo 'PS1="[\033[01;32m]\u@\h [\033[01;34m]\w[\033[00m]$ "' >>"$chrootpath"/home/$chrootuser/.bashrc
echo "alias ls='ls --color{,=auto,=always}'" >>"$chrootpath"/home/$chrootuser/.bashrc
echo "alias ls -la='ls -la --color{,=auto,=always}'" >>"$chrootpath"/home/$chrootuser/.bashrc
echo "alias ll='ls -la --color{,=auto,=always}'" >>"$chrootpath"/home/$chrootuser/.bashrc
echo " " >>"$chrootpath"/home/$chrootuser/.bashrc
chown $chrootuser:$chrootuser "$chrootpath"/home/$chrootuser/.bashrc
chmod 644 "$chrootpath"/home/$chrootuser/.bashrc
echo 'source ~/.bashrc' >"$chrootpath"/home/$chrootuser/.bash_profile
chown $chrootuser:$chrootuser "$chrootpath"/home/$chrootuser/.bash_profile
chmod 644 "$chrootpath"/home/$chrootuser/.bash_profile
echo ""
echo -e "${YEL}Do you want to set a new password for user
read -r answer
if ! [ "$answer" = "${answer#[Yy]}" ]; then
passwd $chrootuser
fi
if [ -f "/etc/ssh/sshd_config" ]; then
sshport=$(grep </etc/ssh/sshd_config "^Port" | cut -d " " -f 2)
echo "Match User $chrootuser" >>/etc/ssh/sshd_config
echo " ChrootDirectory $chrootpath" >>/etc/ssh/sshd_config
echo ""
sshconfigured=true
else
echo -e "${YEL} WARN: The SSH config file couldn't be found! Skipping automatic SSH exception configuration${NC}"
sshconfigured=false
fi
if [ -z "$sshport" ]; then
sshport=22
fi
if systemctl is-active --quiet sshd.service; then
sshservice_name="sshd.service"
elif systemctl is-active --quiet ssh.service; then
sshservice_name="ssh.service"
else
sshservice_name="unknown"
fi
if [ "$sshconfigured" = true ] && ! [ "$sshservice_name" = "unknown" ]; then
echo ""
echo -e "${YEL}Do you want to restart the SSH daemon? (y/n)${NC}"
read -r answer
if ! [ "$answer" = "${answer#[Yy]}" ]; then
systemctl restart $sshservice_name
fi
fi
echo ""
echo -e "${BLU} Done! ${NC}"
if [ "$sshconfigured" = false ]; then
echo ""
echo "To configure the user to be able to access via SSH do the following:"
echo ""
echo "1. Add the following lines to /etc/ssh/sshd_config:"
echo " Match User $chrootuser"
echo " ChrootDirectory $chrootpath"
echo ""
echo "2. Restart sshd:"
echo " systemctl restart ssh.service"
echo ""
else
echo ""
echo "The user $chrootuser can now be accessed via SSH by running:"
echo ""
echo -e " $ ${BLU}ssh
echo ""
fi
exit 0
we create settings.conf as
# Config dir chroot
chrootpath="/jail/chroot"
chrootuser="example"
corebinaries=("bash" "cat" "cp" "echo" "ls" "mkdir" "mv" "rm" "rmdir" "touch")
binaries=("awk" "chmod" "chown" "clear" "crontab" "cut" "du" "find" "grep" "head" "mount" "nano" "nc" "passwd" "rsync" "sh" "sleep" "tail" "tar" "touch" "umount")`
Jailed users can still crash the entire system just by running a fork bomb
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.