diff --git a/README.md b/README.md index c151c16..895ba0e 100644 --- a/README.md +++ b/README.md @@ -1 +1,4 @@ Hosts configurations related to our POC shell service. + +If you want to try it out, ask in #libcasa.info. +We currently support Arch Linux and Ubuntu after activation over IRC, but aim to support more operating systems including a better management process in the future. diff --git a/base/help.sh b/base/help.sh new file mode 100644 index 0000000..223f5e9 --- /dev/null +++ b/base/help.sh @@ -0,0 +1,2 @@ +#!/bin/sh +USER=$(whoami) /usr/local/bin/catgirl -KRh irc.liberta.casa -j '#help' -qr 'Shell Help' diff --git a/lcpubsh/bin/generate.sh b/lcpubsh/bin/generate.sh index 299cab6..b80ac49 100644 --- a/lcpubsh/bin/generate.sh +++ b/lcpubsh/bin/generate.sh @@ -1,48 +1,55 @@ #!/bin/sh # georg@lysergic.dev set -e -echo "Shell generation invoked." | nc -N 127.0.0.2 2424 +OUTPUT="nc -N 127.0.0.2 2424" +echo "Shell generation invoked." | $OUTPUT if [ ! "$#" -eq 0 ]; then user="$(echo "$1" |tr '[:upper:]' '[:lower:]')" case "$2" in - "archlinux") - os="archlinux" - image="lc-archlinux-userbase-v2:sh0" - ;; - "ubuntu") - os="ubuntu" - image="lcbase_ubuntu_14082021_2:sh0" - ;; - *) - echo "Choose between archlinux or ubuntu" - exit 1 - ;; + "archlinux") + os="Arch Linux" + image="lc-archlinux-userbase-v2:sh0" + ;; + "ubuntu") + os="Ubuntu (Latest)" + image="lcbase_ubuntu_14082021_2:sh0" + ;; + *) + echo "Choose between archlinux or ubuntu" + exit 1 + ;; esac fingerprint_ecdsa="$(ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub)" -if id "$1" &>/dev/null; then - echo "Aborted. Username is already taken." - echo "Aborted: $user is already taken." | nc -N 127.0.0.2 2424 +if id "$user" &>/dev/null; then + echo "Aborted. Username is already taken." + echo "Aborted: $user is already taken." | $OUTPUT else - echo "Hang on ..." - echo "Creating $user locally." | nc -N 127.0.0.2 2424 - sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user - pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n') - echo "Appending to config." | nc -N 127.0.0.2 2424 - echo "" >> /etc/dockersh.ini - echo "[$user]" >> /etc/dockersh.ini - echo "image = $user" >> /etc/dockersh.ini - echo "Forking Docker base image ($image)." | nc -N 127.0.0.2 2424 - /opt/lcpubsh/bin/make_lc_user_image.sh $user $image | nc -N 127.0.0.2 2424 - echo "Setting password." | nc -N 127.0.0.2 2424 - sudo /opt/adduser.sh $user $pass - echo "@$user ssh -p 2222 $user@sh.lib.casa" | nc -N 127.0.0.2 2424 - echo "@$user $fingerprint_ecdsa" | nc -N 127.0.0.2 2424 - echo "@$user $pass" | nc -N 127.0.0.2 2424 - echo "#universe $pass" | nc -N 127.0.0.2 2424 - echo "Done." | nc -N 127.0.0.2 2424 - echo "OK. Details sent to user and/or admins." + echo "Hang on ..." + echo "Creating $user locally." | $OUTPUT + sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user + pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n') + echo "Appending to config." | $OUTPUT + echo "" >> /etc/dockersh.ini + echo "[$user]" >> /etc/dockersh.ini + echo "image = $user" >> /etc/dockersh.ini + echo "Forking Docker base image ($image)." | $OUTPUT + /opt/lcpubsh/bin/make_lc_user_image.sh $user $image | $OUTPUT + echo "Setting password." | $OUTPUT + sudo /opt/adduser.sh $user $pass + echo "@$user A shell with the operating system $os has been spawned for you." | $OUTPUT + echo "@$user Option A) Connect directly:" | $OUTPUT + echo "@$user ssh -p 2222 $user@sh.lib.casa" | $OUTPUT + echo "@$user Option B) Connect through Tor:" | $OUTPUT + echo "@$user torsocks ssh -p 2222 $user@yib4545ooc4bndo27tcdd4jdeqsfnjm44yacusemwf5eu7lnlwskt5ad.onion" | $OUTPUT + echo "@$user Confirm the fingerprint (displayed upon connecting for the first time) matches the one shown here:" | $OUTPUT + echo "@$user $fingerprint_ecdsa" | $OUTPUT + echo "@$user And finally, here's your password:" | $OUTPUT + echo "@$user $pass" | $OUTPUT + echo "@$user Have fun!" | $OUTPUT + echo "#universe $pass" | $OUTPUT + echo "Done." | $OUTPUT + echo "OK. Details sent to user and/or admins." fi else - echo "No argument supplied." + echo "No argument supplied." fi - diff --git a/lcpubsh/bin/nuke.sh b/lcpubsh/bin/nuke.sh new file mode 100644 index 0000000..33e3aed --- /dev/null +++ b/lcpubsh/bin/nuke.sh @@ -0,0 +1,42 @@ +#!/bin/sh +# georg@lysergic.dev +set -e +OUTPUT="nc -N 127.0.0.2 2424" +echo "Shell removal invoked." | $OUTPUT +if [ ! "$#" -eq 0 ]; then +user="$(echo "$1" |tr '[:upper:]' '[:lower:]')" +if id "$user" &>/dev/null; then + CONTAINER="$(docker ps -qf "name=$user")" + echo "User: $user - Container ID: $CONTAINER" | $OUTPUT + if [ ! -z "$CONTAINER" ]; then + docker stop $CONTAINER + if [ $? -eq "0" ]; then + echo "Running shell found and stopped." + else + echo "Shell could not be stopped. Maybe it's lready down?" + fi + docker rm $CONTAINER + if [ $? -eq "0" ]; then + echo "Shell container found and removed." + else + echo "Shell could not be removed. Maybe it doesn't exist?" + fi + else + echo "ID could not be determined." + fi + sudo /usr/sbin/userdel -f $user | $OUTPUT + sudo /usr/sbin/groupdel -f $user | $OUTPUT + sudo /usr/bin/rm -rf /home/$user + sudo /usr/bin/rm -rf /var/spool/mail/$user + INITEMP=$(mktemp --tmpdir initemp.XXXXX) + trap "rm -f $INITEMP" 0 1 2 3 15 + sed "/$user/d" "/etc/dockersh.ini" > "$INITEMP" + cat "$INITEMP" > /etc/dockersh.ini + echo "Done." | $OUTPUT + echo "OK." +else + echo "Aborted: User not found." +fi +else + echo "No argument supplied." +fi diff --git a/lcpubsh/image_template/user-mapping.sh b/lcpubsh/bin/user_mapping.sh similarity index 70% rename from lcpubsh/image_template/user-mapping.sh rename to lcpubsh/bin/user_mapping.sh index f2aa456..9b32ba0 100644 --- a/lcpubsh/image_template/user-mapping.sh +++ b/lcpubsh/bin/user_mapping.sh @@ -1,21 +1,18 @@ #!/bin/bash # Original by https://github.com/sleeepyjack/dockersh # Modified by georg@lysergic.dev + if [ -z "${HOST_USER_NAME}" -o -z "${HOST_USER_ID}" -o -z "${HOST_USER_GID}" ]; then echo "HOST_USER_NAME, HOST_USER_ID & HOST_USER_GID needs to be set!"; exit 100 fi - useradd \ --uid ${HOST_USER_ID} \ - --gid ${HOST_USER_GID} \ - --create-home \ - --shell /bin/bash \ + -U \ + -m \ + -s /bin/bash \ ${HOST_USER_NAME} -groupadd --gid "${HOST_USER_GID}" "${HOST_USER_NAME}" -usermod -aG sudo ${HOST_USER_NAME} -sleep 5s +sleep 3s echo ${HOST_USER_NAME}:${HOST_USER_NAME} | chpasswd exec su - "${HOST_USER_NAME}" - diff --git a/lcpubsh/image_template/user_mapping.sh b/lcpubsh/image_template/user_mapping.sh new file mode 120000 index 0000000..e51feef --- /dev/null +++ b/lcpubsh/image_template/user_mapping.sh @@ -0,0 +1 @@ +../bin/user_mapping.sh \ No newline at end of file