arag0re · June 21, 2022 14:22
diff --git a/Dockerfile b/Dockerfile
 FROM ubuntu:22.04
 LABEL Maintainer=arag0re.eth
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get -y update 
 RUN apt-get install -y ssh zsh curl wget git libssl-dev ca-certificates sudo build-essential systemd dbus dbus-user-session python3 openssh-server openssh-client 
 RUN apt-get install -y python-is-python3 neofetch libnet-ssleay-perl libcrypt-ssleay-perl freeradius freeradius-utils eapoltest
 RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" 
 RUN git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions 
 RUN sed 's,plugins=(git)[^;]*,plugins=(git zsh-autosuggestions),' -i /root/.zshrc 
 RUN source /root/.zshrc | bash 
 COPY systemctl.py /usr/bin/systemctl
 RUN cpan HTTP::Status LWP::UserAgent LWP::Protocol::https
 RUN cp -a /etc/freeradius /etc/freeradius.orig
 RUN cd /opt && git clone https://github.com/jimdigriz/freeradius-oauth2-perl
 RUN printf '\n$INCLUDE /opt/freeradius-oauth2-perl/dictionary\n' >> /etc/freeradius/3.0/dictionary
 RUN ln -s /opt/freeradius-oauth2-perl/module /etc/freeradius/3.0/mods-enabled/oauth2
 RUN ln -s /opt/freeradius-oauth2-perl/policy /etc/freeradius/3.0/policy.d/oauth2 
 RUN echo "realm example.com {" >> /etc/freeradius/3.0/proxy.conf
 RUN echo "		oauth2 {" >> /etc/freeradius/3.0/proxy.conf
 RUN echo "			discovery = \"https://login.microsoftonline.com/%{Realm}/v2.0\"" >> /etc/freeradius/3.0/proxy.conf
 RUN echo "			client_id = \"CLIENT-ID\"" >> /etc/freeradius/3.0/proxy.conf
 RUN echo "			client_secret = \"CLIENT-SECRET\"" >> /etc/freeradius/3.0/proxy.conf
 RUN echo "			cache_password = yes" >> /etc/freeradius/3.0/proxy.conf
 RUN echo "	}" >> /etc/freeradius/3.0/proxy.conf
 RUN echo "}" >> /etc/freeradius/3.0/proxy.conf
 RUN sed -i '440s/\t/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/default
 RUN sed -i '586s/#\t\}/\t\Auth-Type oauth2 {/' /etc/freeradius/3.0/sites-enabled/default
 RUN sed -i '587s/}/\t\t\oauth2/' /etc/freeradius/3.0/sites-enabled/default
 RUN sed -i '588s/^$/\t\}/' /etc/freeradius/3.0/sites-enabled/default
 RUN sed -i '589s/^$/}/' /etc/freeradius/3.0/sites-enabled/default
 RUN sed -i '845s/^$/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/default
 RUN sed -i '155s/^$/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
 RUN sed -i '248s/}/\t\Auth-Type oauth2 {/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
 RUN sed -i '249s/^$/\t\t\oauth2\n/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
 RUN sed -i '250s/^$/\t\}\n/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
 RUN sed -i '251s/^$/}\n/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
 RUN sed -i '318s/^$/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
 RUN echo "test		Cleartext-Password := \"hello\"" >> /etc/freeradius/3.0/users
 RUN echo "						Reply-Message := \"Hello, %{User-Name}\"" >> /etc/freeradius/3.0/users
 RUN touch /etc/freeradius/eapol_test.conf
 RUN echo "network={" >> /etc/freeradius/eapol_test.conf
 RUN echo "	key_mgmt=IEEE8021X" >> /etc/freeradius/eapol_test.conf
 RUN echo "	eap=TTLS" >> /etc/freeradius/eapol_test.conf
 RUN echo "	anonymous_identity=\"@example.com\"" >> /etc/freeradius/eapol_test.conf
 RUN echo "	identity=\"[email protected]\"" >> /etc/freeradius/eapol_test.conf
 RUN echo "	password=\"hello\"" >> /etc/freeradius/eapol_test.conf
 RUN echo "	phase2=\"auth=PAP\"" >> /etc/freeradius/eapol_test.conf
 RUN echo "}" >> /etc/freeradius/eapol_test.conf
 RUN mkdir /run/sshd
 RUN mkdir /root/.ssh
 RUN touch /root/.ssh/authorized_keys
 RUN /usr/bin/ssh-keygen -A  
 RUN echo "ssh-ed25519 YOUR_ED25519_SSH-PUB-KEY_HERE" >> /root/.ssh/authorized_keys
 RUN sed -i -e 's/^PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
 RUN sed -i -e 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config
 RUN sed -i -e 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
 RUN sed -i -e 's/^#X11Forwarding yes/X11Forwarding yes/g' /etc/ssh/sshd_config
 RUN sed -i -e 's/^#X11UseLocalhost yes/X11UseLocalhost  no/g' /etc/ssh/sshd_config 
 RUN echo "client \"WLAN-SSID\" {" >> /etc/freeradius/3.0/clients.conf
 RUN echo "  ipaddr = 192.168.178.88" >> /etc/freeradius/3.0/clients.conf
 RUN echo "  proto = udp" >> /etc/freeradius/3.0/clients.conf
 RUN echo "  secret = SH4r€DS€CreT!$F0rS€rveRAnD4ccesP01nt!" >> /etc/freeradius/3.0/clients.conf
 RUN echo "  require_message_authenticator = no" >> /etc/freeradius/3.0/clients.conf
 RUN echo "  max_connections = 500" >> /etc/freeradius/3.0/clients.conf
 RUN echo "  shortname = WLAN-SSID" >> /etc/freeradius/3.0/clients.conf
 RUN echo "  nastype = other" >> /etc/freeradius/3.0/clients.conf
 RUN echo "}" >> /etc/freeradius/3.0/clients.conf
 RUN touch /root/.Xauthority
 RUN export XDG_RUNTIME_DIR=/run/user/0
 EXPOSE 22
 VOLUME [ “/sys/fs/cgroup” ]
 RUN systemctl enable ssh sshd freeradius 
 CMD ["/usr/bin/systemctl"]
	FROM ubuntu:22.04
	LABEL Maintainer=arag0re.eth
	ENV DEBIAN_FRONTEND=noninteractive
	RUN apt-get -y update
	RUN apt-get install -y ssh zsh curl wget git libssl-dev ca-certificates sudo build-essential systemd dbus dbus-user-session python3 openssh-server openssh-client
	RUN apt-get install -y python-is-python3 neofetch libnet-ssleay-perl libcrypt-ssleay-perl freeradius freeradius-utils eapoltest
	RUN sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
	RUN git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
	RUN sed 's,plugins=(git)[^;]*,plugins=(git zsh-autosuggestions),' -i /root/.zshrc
	RUN source /root/.zshrc \| bash
	COPY systemctl.py /usr/bin/systemctl
	RUN cpan HTTP::Status LWP::UserAgent LWP::Protocol::https
	RUN cp -a /etc/freeradius /etc/freeradius.orig
	RUN cd /opt && git clone https://github.com/jimdigriz/freeradius-oauth2-perl
	RUN printf '\n$INCLUDE /opt/freeradius-oauth2-perl/dictionary\n' >> /etc/freeradius/3.0/dictionary
	RUN ln -s /opt/freeradius-oauth2-perl/module /etc/freeradius/3.0/mods-enabled/oauth2
	RUN ln -s /opt/freeradius-oauth2-perl/policy /etc/freeradius/3.0/policy.d/oauth2
	RUN echo "realm example.com {" >> /etc/freeradius/3.0/proxy.conf
	RUN echo " oauth2 {" >> /etc/freeradius/3.0/proxy.conf
	RUN echo " discovery = \"https://login.microsoftonline.com/%{Realm}/v2.0\"" >> /etc/freeradius/3.0/proxy.conf
	RUN echo " client_id = \"CLIENT-ID\"" >> /etc/freeradius/3.0/proxy.conf
	RUN echo " client_secret = \"CLIENT-SECRET\"" >> /etc/freeradius/3.0/proxy.conf
	RUN echo " cache_password = yes" >> /etc/freeradius/3.0/proxy.conf
	RUN echo " }" >> /etc/freeradius/3.0/proxy.conf
	RUN echo "}" >> /etc/freeradius/3.0/proxy.conf
	RUN sed -i '440s/\t/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/default
	RUN sed -i '586s/#\t\}/\t\Auth-Type oauth2 {/' /etc/freeradius/3.0/sites-enabled/default
	RUN sed -i '587s/}/\t\t\oauth2/' /etc/freeradius/3.0/sites-enabled/default
	RUN sed -i '588s/^$/\t\}/' /etc/freeradius/3.0/sites-enabled/default
	RUN sed -i '589s/^$/}/' /etc/freeradius/3.0/sites-enabled/default
	RUN sed -i '845s/^$/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/default
	RUN sed -i '155s/^$/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
	RUN sed -i '248s/}/\t\Auth-Type oauth2 {/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
	RUN sed -i '249s/^$/\t\t\oauth2\n/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
	RUN sed -i '250s/^$/\t\}\n/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
	RUN sed -i '251s/^$/}\n/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
	RUN sed -i '318s/^$/\t\oauth2/' /etc/freeradius/3.0/sites-enabled/inner-tunnel
	RUN echo "test Cleartext-Password := \"hello\"" >> /etc/freeradius/3.0/users
	RUN echo " Reply-Message := \"Hello, %{User-Name}\"" >> /etc/freeradius/3.0/users
	RUN touch /etc/freeradius/eapol_test.conf
	RUN echo "network={" >> /etc/freeradius/eapol_test.conf
	RUN echo " key_mgmt=IEEE8021X" >> /etc/freeradius/eapol_test.conf
	RUN echo " eap=TTLS" >> /etc/freeradius/eapol_test.conf
	RUN echo " anonymous_identity=\"@example.com\"" >> /etc/freeradius/eapol_test.conf
	RUN echo " identity=\"[email protected]\"" >> /etc/freeradius/eapol_test.conf
	RUN echo " password=\"hello\"" >> /etc/freeradius/eapol_test.conf
	RUN echo " phase2=\"auth=PAP\"" >> /etc/freeradius/eapol_test.conf
	RUN echo "}" >> /etc/freeradius/eapol_test.conf
	RUN mkdir /run/sshd
	RUN mkdir /root/.ssh
	RUN touch /root/.ssh/authorized_keys
	RUN /usr/bin/ssh-keygen -A
	RUN echo "ssh-ed25519 YOUR_ED25519_SSH-PUB-KEY_HERE" >> /root/.ssh/authorized_keys
	RUN sed -i -e 's/^PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
	RUN sed -i -e 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config
	RUN sed -i -e 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
	RUN sed -i -e 's/^#X11Forwarding yes/X11Forwarding yes/g' /etc/ssh/sshd_config
	RUN sed -i -e 's/^#X11UseLocalhost yes/X11UseLocalhost no/g' /etc/ssh/sshd_config
	RUN echo "client \"WLAN-SSID\" {" >> /etc/freeradius/3.0/clients.conf
	RUN echo " ipaddr = 192.168.178.88" >> /etc/freeradius/3.0/clients.conf
	RUN echo " proto = udp" >> /etc/freeradius/3.0/clients.conf
	RUN echo " secret = SH4r€DS€CreT!$F0rS€rveRAnD4ccesP01nt!" >> /etc/freeradius/3.0/clients.conf
	RUN echo " require_message_authenticator = no" >> /etc/freeradius/3.0/clients.conf
	RUN echo " max_connections = 500" >> /etc/freeradius/3.0/clients.conf
	RUN echo " shortname = WLAN-SSID" >> /etc/freeradius/3.0/clients.conf
	RUN echo " nastype = other" >> /etc/freeradius/3.0/clients.conf
	RUN echo "}" >> /etc/freeradius/3.0/clients.conf
	RUN touch /root/.Xauthority
	RUN export XDG_RUNTIME_DIR=/run/user/0
	EXPOSE 22
	VOLUME [ “/sys/fs/cgroup” ]
	RUN systemctl enable ssh sshd freeradius
	CMD ["/usr/bin/systemctl"]