schnell18 · November 3, 2013 05:23 · jasonwbarnett · Aug 10, 2020 · nshakeeb · Jun 4, 2021
diff --git a/create_chrootjail.sh b/create_chrootjail.sh
 #!/bin/sh
 # script to automate the creation of chroot jail
 # w/ minimal executables to run git

 export CHROOT=/var/chroot

 function copy_binary() {
    for i in $(ldd $*|grep -v dynamic|cut -d " " -f 3|sed 's/://'|sort|uniq)
      do
        cp --parents $i $CHROOT
      done

    # ARCH amd64
    if [ -f /lib64/ld-linux-x86-64.so.2 ]; then
       cp --parents /lib64/ld-linux-x86-64.so.2 $CHROOT
    fi

    # ARCH i386
    if [ -f  /lib/ld-linux.so.2 ]; then
       cp --parents /lib/ld-linux.so.2 $CHROOT
    fi
 }

 # setup directory layout
 mkdir $CHROOT
 mkdir -p $CHROOT/{dev,etc,home,tmp,proc,root,var}

 # setup device
 mknod $CHROOT/dev/null c 1 3
 mknod $CHROOT/dev/zero c 1 5
 mknod $CHROOT/dev/tty  c 5 0
 mknod $CHROOT/dev/random c 1 8
 mknod $CHROOT/dev/urandom c 1 9
 chmod 0666 $CHROOT/dev/{null,tty,zero}
 chown root.tty $CHROOT/dev/tty

 # copy programs and libraries
 copy_binary /bin/{bash,ls,cp,rm,cat,mkdir,ln,grep,cut,sed} /usr/bin/{vim,ssh,head,tail,which,id,find,xargs} `which git`

 # copy git resource files
 cp -r --parents /usr/share/git-core $CHROOT
 # copy vim resource files
 cp -r --parents /usr/share/vim $CHROOT
 # copy basic system level files
 cp --parents /etc/group $CHROOT
 cp --parents /etc/passwd $CHROOT
 cp --parents /etc/shadow $CHROOT
 cp --parents /etc/nsswitch.conf $CHROOT
 cp --parents /etc/resolv.conf $CHROOT
 cp --parents /etc/hosts $CHROOT
 cp --parents /lib/libnss_* $CHROOT
 cp -r --parents /usr/share/terminfo $CHROOT

 # setup public key for root
 mkdir -p $CHROOT/root/.ssh
 chmod 0700 $CHROOT/root/.ssh
 cp {id_rsa,id_rsa.pub} $CHROOT/root/.ssh

 # setup public key for qbot
 mkdir -p $CHROOT/home/qbot/.ssh
 chmod 0700 $CHROOT/home/qbot/.ssh
 cp {id_rsa,id_rsa.pub} $CHROOT/home/qbot/.ssh
 chown -R qbot.qbot $CHROOT/home/qbot/.ssh

 # create symlinks
 cd $CHROOT/usr/bin
 ln -s vim vi

 echo "chroot jail is created. type: chroot $CHROOT to access it"
	#!/bin/sh
	# script to automate the creation of chroot jail
	# w/ minimal executables to run git

	export CHROOT=/var/chroot

	function copy_binary() {
	for i in $(ldd $*\|grep -v dynamic\|cut -d " " -f 3\|sed 's/://'\|sort\|uniq)
	do
	cp --parents $i $CHROOT
	done

	# ARCH amd64
	if [ -f /lib64/ld-linux-x86-64.so.2 ]; then
	cp --parents /lib64/ld-linux-x86-64.so.2 $CHROOT
	fi

	# ARCH i386
	if [ -f /lib/ld-linux.so.2 ]; then
	cp --parents /lib/ld-linux.so.2 $CHROOT
	fi
	}

	# setup directory layout
	mkdir $CHROOT
	mkdir -p $CHROOT/{dev,etc,home,tmp,proc,root,var}

	# setup device
	mknod $CHROOT/dev/null c 1 3
	mknod $CHROOT/dev/zero c 1 5
	mknod $CHROOT/dev/tty c 5 0
	mknod $CHROOT/dev/random c 1 8
	mknod $CHROOT/dev/urandom c 1 9
	chmod 0666 $CHROOT/dev/{null,tty,zero}
	chown root.tty $CHROOT/dev/tty

	# copy programs and libraries
	copy_binary /bin/{bash,ls,cp,rm,cat,mkdir,ln,grep,cut,sed} /usr/bin/{vim,ssh,head,tail,which,id,find,xargs} `which git`

	# copy git resource files
	cp -r --parents /usr/share/git-core $CHROOT
	# copy vim resource files
	cp -r --parents /usr/share/vim $CHROOT
	# copy basic system level files
	cp --parents /etc/group $CHROOT
	cp --parents /etc/passwd $CHROOT
	cp --parents /etc/shadow $CHROOT
	cp --parents /etc/nsswitch.conf $CHROOT
	cp --parents /etc/resolv.conf $CHROOT
	cp --parents /etc/hosts $CHROOT
	cp --parents /lib/libnss_* $CHROOT
	cp -r --parents /usr/share/terminfo $CHROOT

	# setup public key for root
	mkdir -p $CHROOT/root/.ssh
	chmod 0700 $CHROOT/root/.ssh
	cp {id_rsa,id_rsa.pub} $CHROOT/root/.ssh

	# setup public key for qbot
	mkdir -p $CHROOT/home/qbot/.ssh
	chmod 0700 $CHROOT/home/qbot/.ssh
	cp {id_rsa,id_rsa.pub} $CHROOT/home/qbot/.ssh
	chown -R qbot.qbot $CHROOT/home/qbot/.ssh

	# create symlinks
	cd $CHROOT/usr/bin
	ln -s vim vi

	echo "chroot jail is created. type: chroot $CHROOT to access it"