Improvements 14/08/2021

Signed-off-by: Georg <georg@lysergic.dev>

README.md

@@ -1 +1,4 @@
 Hosts configurations related to our POC shell service.
+
+If you want to try it out, ask in #libcasa.info.
+We currently support Arch Linux and Ubuntu after activation over IRC, but aim to support more operating systems including a better management process in the future.

base/help.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+USER=$(whoami) /usr/local/bin/catgirl -KRh irc.liberta.casa -j '#help' -qr 'Shell Help'

lcpubsh/bin/generate.sh

@@ -1,48 +1,55 @@
 #!/bin/sh
 # georg@lysergic.dev
 set -e
-echo "Shell generation invoked." | nc -N 127.0.0.2 2424
+OUTPUT="nc -N 127.0.0.2 2424"
+echo "Shell generation invoked." | $OUTPUT
 if [ ! "$#" -eq 0 ]; then
 user="$(echo "$1" |tr '[:upper:]' '[:lower:]')"
 case "$2" in
-	"archlinux")
-		os="archlinux"
-		image="lc-archlinux-userbase-v2:sh0"
-		;;
-	"ubuntu")
-		os="ubuntu"
-		image="lcbase_ubuntu_14082021_2:sh0"
-		;;
-	*)
-		echo "Choose between archlinux or ubuntu"
-		exit 1
-		;;
+        "archlinux")
+                os="Arch Linux"
+                image="lc-archlinux-userbase-v2:sh0"
+                ;;
+        "ubuntu")
+                os="Ubuntu (Latest)"
+                image="lcbase_ubuntu_14082021_2:sh0"
+                ;;
+        *)
+                echo "Choose between archlinux or ubuntu"
+                exit 1
+                ;;
 esac
 fingerprint_ecdsa="$(ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub)"
-if id "$1" &>/dev/null; then
-	echo "Aborted. Username is already taken."
-	echo "Aborted: $user is already taken." | nc -N 127.0.0.2 2424
+if id "$user" &>/dev/null; then
+        echo "Aborted. Username is already taken."
+        echo "Aborted: $user is already taken." | $OUTPUT
 else
-	echo "Hang on ..."
-	echo "Creating $user locally." | nc -N 127.0.0.2 2424
-	sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user
-	pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n')
-	echo "Appending to config." | nc -N 127.0.0.2 2424
-	echo "" >> /etc/dockersh.ini
-	echo "[$user]" >> /etc/dockersh.ini
-	echo "image = $user" >> /etc/dockersh.ini
-	echo "Forking Docker base image ($image)." | nc -N 127.0.0.2 2424
-	/opt/lcpubsh/bin/make_lc_user_image.sh $user $image | nc -N 127.0.0.2 2424
-	echo "Setting password." | nc -N 127.0.0.2 2424
-	sudo /opt/adduser.sh $user $pass
-	echo "@$user ssh -p 2222 $user@sh.lib.casa" | nc -N 127.0.0.2 2424
-	echo "@$user $fingerprint_ecdsa" | nc -N 127.0.0.2 2424
-	echo "@$user $pass" | nc -N 127.0.0.2 2424
-	echo "#universe $pass" | nc -N 127.0.0.2 2424
-	echo "Done." | nc -N 127.0.0.2 2424
-	echo "OK. Details sent to user and/or admins."
+        echo "Hang on ..."
+        echo "Creating $user locally." | $OUTPUT
+        sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user
+        pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n')
+        echo "Appending to config." | $OUTPUT
+        echo "" >> /etc/dockersh.ini
+        echo "[$user]" >> /etc/dockersh.ini
+        echo "image = $user" >> /etc/dockersh.ini
+        echo "Forking Docker base image ($image)." | $OUTPUT
+        /opt/lcpubsh/bin/make_lc_user_image.sh $user $image | $OUTPUT
+        echo "Setting password." | $OUTPUT
+        sudo /opt/adduser.sh $user $pass
+        echo "@$user A shell with the operating system $os has been spawned for you." | $OUTPUT
+        echo "@$user Option A) Connect directly:" | $OUTPUT
+        echo "@$user ssh -p 2222 $user@sh.lib.casa" | $OUTPUT
+        echo "@$user Option B) Connect through Tor:" | $OUTPUT
+        echo "@$user torsocks ssh -p 2222 $user@yib4545ooc4bndo27tcdd4jdeqsfnjm44yacusemwf5eu7lnlwskt5ad.onion" | $OUTPUT
+        echo "@$user Confirm the fingerprint (displayed upon connecting for the first time) matches the one shown here:" | $OUTPUT
+        echo "@$user $fingerprint_ecdsa" | $OUTPUT
+        echo "@$user And finally, here's your password:" | $OUTPUT
+        echo "@$user $pass" | $OUTPUT
+        echo "@$user Have fun!" | $OUTPUT
+        echo "#universe $pass" | $OUTPUT
+        echo "Done." | $OUTPUT
+        echo "OK. Details sent to user and/or admins."
 fi
 else
-	echo "No argument supplied."
+        echo "No argument supplied."
 fi
-

lcpubsh/bin/nuke.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+# georg@lysergic.dev
+set -e
+OUTPUT="nc -N 127.0.0.2 2424"
+echo "Shell removal invoked." | $OUTPUT
+if [ ! "$#" -eq 0 ]; then
+user="$(echo "$1" |tr '[:upper:]' '[:lower:]')"
+if id "$user" &>/dev/null; then
+        CONTAINER="$(docker ps -qf "name=$user")"
+        echo "User: $user - Container ID: $CONTAINER" | $OUTPUT
+        if [ ! -z "$CONTAINER" ]; then
+        docker stop $CONTAINER
+        if [ $? -eq "0" ]; then
+        echo "Running shell found and stopped."
+        else
+        echo "Shell could not be stopped. Maybe it's lready down?"
+        fi
+        docker rm $CONTAINER
+        if [ $? -eq "0" ]; then
+        echo "Shell container found and removed."
+        else
+        echo "Shell could not be removed. Maybe it doesn't exist?"
+        fi
+        else
+        echo "ID could not be determined."
+        fi
+        sudo /usr/sbin/userdel -f $user | $OUTPUT
+        sudo /usr/sbin/groupdel -f $user | $OUTPUT
+        sudo /usr/bin/rm -rf /home/$user
+        sudo /usr/bin/rm -rf /var/spool/mail/$user
+        INITEMP=$(mktemp --tmpdir initemp.XXXXX)
+        trap "rm -f $INITEMP" 0 1 2 3 15
+        sed "/$user/d" "/etc/dockersh.ini" > "$INITEMP"
+        cat "$INITEMP" > /etc/dockersh.ini
+        echo "Done." | $OUTPUT
+        echo "OK."
+else
+        echo "Aborted: User not found."
+fi
+else
+        echo "No argument supplied."
+fi

lcpubsh/bin/user_mapping.sh

@@ -1,21 +1,18 @@
 #!/bin/bash
 # Original by https://github.com/sleeepyjack/dockersh
 # Modified by georg@lysergic.dev
+
 if [ -z "${HOST_USER_NAME}" -o -z "${HOST_USER_ID}" -o -z "${HOST_USER_GID}" ]; then
         echo "HOST_USER_NAME, HOST_USER_ID & HOST_USER_GID needs to be set!"; exit 100
 fi
-
 useradd \
       --uid ${HOST_USER_ID} \
-      --gid ${HOST_USER_GID} \
-      --create-home \
-      --shell /bin/bash \
+      -U \
+      -m \
+      -s /bin/bash \
       ${HOST_USER_NAME}
-groupadd --gid "${HOST_USER_GID}" "${HOST_USER_NAME}"
-usermod -aG sudo ${HOST_USER_NAME}
-sleep 5s
+sleep 3s
 
 echo ${HOST_USER_NAME}:${HOST_USER_NAME} | chpasswd
 
 exec su - "${HOST_USER_NAME}"
-

lcpubsh/image_template/user_mapping.sh

@@ -0,0 +1 @@
+../bin/user_mapping.sh