Last active
August 29, 2015 13:57
-
-
Save Doooooo0o/9860682 to your computer and use it in GitHub Desktop.
Simple chrootgen script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # exit 0 : OK | |
| # exit 1 : KO | |
| # TODO : intégrer le script en mode read avec p-e une interface curl | |
| # : proposer du password random | |
| # : proposer un mail d'avertissement | |
| # : mode debug | |
| # author [email protected] | |
| # Fork of : http://root-lab.fr/2012/01/25/creer-chroot-ssh-limite-simplement/ | |
| # | |
| #################################################################################################### | |
| USER=$1 | |
| PASSWD=$2 | |
| TMPFILE1=./temp1 | |
| TMPFILE2=./temp2 | |
| userdir="/home/$USER" | |
| sshfile="/etc/ssh/sshd_config" | |
| if [ $(echo $*|wc -w) -ne 2 ]; then | |
| echo "Usage :" | |
| echo "./chrootgen.sh login password" | |
| exit 1 | |
| fi | |
| mkdir -p $userdir | |
| cd $userdir | |
| mkdir -p {bin,dev,lib,lib64} | |
| mknod dev/null c 1 3 | |
| mknod dev/zero c 1 5 | |
| chmod 0666 dev/{null,zero} | |
| SSH=" /usr/bin/ssh" | |
| # TODO : Ajouter un paramètre pour le SSH | |
| APPS="/bin/bash /bin/cp /bin/ls /bin/mkdir /bin/mv /bin/rm /bin/rmdir /usr/bin/id /usr/bin/rsync /usr/bin/scp /usr/bin/wget /usr/bin/vim /usr/bin/vi /bin/cat /bin/less /usr/bin/tail /usr/bin/clear /bin/chmod" | |
| useradd $USER -s /bin/bash -d / -p $PASSWD | |
| for app in $APPS; do | |
| if [ -x $app ]; then | |
| app_path=$(dirname $app) | |
| if ! [ -d .$app_path ]; then | |
| mkdir -p .$app_path | |
| fi | |
| cp -p $app .$app | |
| ldd $app >> ${TMPFILE1} | |
| fi | |
| done | |
| for libs in $(cat ${TMPFILE1}); do | |
| frst_char="`echo $libs | cut -c1`" | |
| if [ "$frst_char" = "/" ]; then | |
| echo "$libs" >> ${TMPFILE2} | |
| fi | |
| done | |
| for lib in $(cat ${TMPFILE2}); do | |
| mkdir -p .$(dirname $lib) > /dev/null 2>&1 | |
| cp $lib .$lib | |
| done | |
| cp -r /lib/terminfo ./lib/ | |
| rm -f $TMPFILE1 | |
| rm -f $TMPFILE2 | |
| echo "Match User $USER" >> $sshfile | |
| echo "ChrootDirectory $userdir" >> $sshfile | |
| echo "AllowTCPForwarding no" >> $sshfile | |
| echo "X11Forwarding no" >> $sshfile | |
| #if [ $(grep -ci "AllowUsers" $sshfile) -eq 1 ]; then | |
| # lineorig=$(grep -i ^AllowUsers $sshfile) | |
| # linenew=$(echo -e $lineorig $USER) | |
| # #sed -i -e s/"$lineorig"/"$linenew"/ $sshfile | |
| # sed -e s/"$lineorig"/"$linenew"/ $sshfile | |
| #fi | |
| # TODO : Faire un insert si on détecte un allowusers dans le fichier de conf SSH ! | |
| if [ -f /etc/init.d/ssh ]; then | |
| /etc/init.d/ssh restart | |
| else | |
| service ssh restart | |
| if [ $? -ne 0 ]; then | |
| service sshd restart | |
| if [ $? -ne 0 ]; then | |
| echo "could not restart ssh service :-(" | |
| exit 1 | |
| fi | |
| fi | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TODO si utile : rendre le script méthodique