Improvements 14/08/2021
Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
parent
c27753da86
commit
39e54cc83b
GPG Key ID:
1DAF57F49F8E8F22
@ -1 +1,4 @@
|
|||||||
Hosts configurations related to our POC shell service.
|
Hosts configurations related to our POC shell service.
|
||||||
|
|
||||||
|
If you want to try it out, ask in #libcasa.info.
|
||||||
|
We currently support Arch Linux and Ubuntu after activation over IRC, but aim to support more operating systems including a better management process in the future.
|
||||||
|
|||||||
2
base/help.sh
Normal file
2
base/help.sh
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
USER=$(whoami) /usr/local/bin/catgirl -KRh irc.liberta.casa -j '#help' -qr 'Shell Help'
|
||||||
@ -1,48 +1,55 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# georg@lysergic.dev
|
# georg@lysergic.dev
|
||||||
set -e
|
set -e
|
||||||
echo "Shell generation invoked." | nc -N 127.0.0.2 2424
|
OUTPUT="nc -N 127.0.0.2 2424"
|
||||||
|
echo "Shell generation invoked." | $OUTPUT
|
||||||
if [ ! "$#" -eq 0 ]; then
|
if [ ! "$#" -eq 0 ]; then
|
||||||
user="$(echo "$1" |tr '[:upper:]' '[:lower:]')"
|
user="$(echo "$1" |tr '[:upper:]' '[:lower:]')"
|
||||||
case "$2" in
|
case "$2" in
|
||||||
"archlinux")
|
"archlinux")
|
||||||
os="archlinux"
|
os="Arch Linux"
|
||||||
image="lc-archlinux-userbase-v2:sh0"
|
image="lc-archlinux-userbase-v2:sh0"
|
||||||
;;
|
;;
|
||||||
"ubuntu")
|
"ubuntu")
|
||||||
os="ubuntu"
|
os="Ubuntu (Latest)"
|
||||||
image="lcbase_ubuntu_14082021_2:sh0"
|
image="lcbase_ubuntu_14082021_2:sh0"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Choose between archlinux or ubuntu"
|
echo "Choose between archlinux or ubuntu"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fingerprint_ecdsa="$(ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub)"
|
fingerprint_ecdsa="$(ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub)"
|
||||||
if id "$1" &>/dev/null; then
|
if id "$user" &>/dev/null; then
|
||||||
echo "Aborted. Username is already taken."
|
echo "Aborted. Username is already taken."
|
||||||
echo "Aborted: $user is already taken." | nc -N 127.0.0.2 2424
|
echo "Aborted: $user is already taken." | $OUTPUT
|
||||||
else
|
else
|
||||||
echo "Hang on ..."
|
echo "Hang on ..."
|
||||||
echo "Creating $user locally." | nc -N 127.0.0.2 2424
|
echo "Creating $user locally." | $OUTPUT
|
||||||
sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user
|
sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user
|
||||||
pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n')
|
pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n')
|
||||||
echo "Appending to config." | nc -N 127.0.0.2 2424
|
echo "Appending to config." | $OUTPUT
|
||||||
echo "" >> /etc/dockersh.ini
|
echo "" >> /etc/dockersh.ini
|
||||||
echo "[$user]" >> /etc/dockersh.ini
|
echo "[$user]" >> /etc/dockersh.ini
|
||||||
echo "image = $user" >> /etc/dockersh.ini
|
echo "image = $user" >> /etc/dockersh.ini
|
||||||
echo "Forking Docker base image ($image)." | nc -N 127.0.0.2 2424
|
echo "Forking Docker base image ($image)." | $OUTPUT
|
||||||
/opt/lcpubsh/bin/make_lc_user_image.sh $user $image | nc -N 127.0.0.2 2424
|
/opt/lcpubsh/bin/make_lc_user_image.sh $user $image | $OUTPUT
|
||||||
echo "Setting password." | nc -N 127.0.0.2 2424
|
echo "Setting password." | $OUTPUT
|
||||||
sudo /opt/adduser.sh $user $pass
|
sudo /opt/adduser.sh $user $pass
|
||||||
echo "@$user ssh -p 2222 $user@sh.lib.casa" | nc -N 127.0.0.2 2424
|
echo "@$user A shell with the operating system $os has been spawned for you." | $OUTPUT
|
||||||
echo "@$user $fingerprint_ecdsa" | nc -N 127.0.0.2 2424
|
echo "@$user Option A) Connect directly:" | $OUTPUT
|
||||||
echo "@$user $pass" | nc -N 127.0.0.2 2424
|
echo "@$user ssh -p 2222 $user@sh.lib.casa" | $OUTPUT
|
||||||
echo "#universe $pass" | nc -N 127.0.0.2 2424
|
echo "@$user Option B) Connect through Tor:" | $OUTPUT
|
||||||
echo "Done." | nc -N 127.0.0.2 2424
|
echo "@$user torsocks ssh -p 2222 $user@yib4545ooc4bndo27tcdd4jdeqsfnjm44yacusemwf5eu7lnlwskt5ad.onion" | $OUTPUT
|
||||||
echo "OK. Details sent to user and/or admins."
|
echo "@$user Confirm the fingerprint (displayed upon connecting for the first time) matches the one shown here:" | $OUTPUT
|
||||||
|
echo "@$user $fingerprint_ecdsa" | $OUTPUT
|
||||||
|
echo "@$user And finally, here's your password:" | $OUTPUT
|
||||||
|
echo "@$user $pass" | $OUTPUT
|
||||||
|
echo "@$user Have fun!" | $OUTPUT
|
||||||
|
echo "#universe $pass" | $OUTPUT
|
||||||
|
echo "Done." | $OUTPUT
|
||||||
|
echo "OK. Details sent to user and/or admins."
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "No argument supplied."
|
echo "No argument supplied."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
42
lcpubsh/bin/nuke.sh
Normal file
42
lcpubsh/bin/nuke.sh
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# georg@lysergic.dev
|
||||||
|
set -e
|
||||||
|
OUTPUT="nc -N 127.0.0.2 2424"
|
||||||
|
echo "Shell removal invoked." | $OUTPUT
|
||||||
|
if [ ! "$#" -eq 0 ]; then
|
||||||
|
user="$(echo "$1" |tr '[:upper:]' '[:lower:]')"
|
||||||
|
if id "$user" &>/dev/null; then
|
||||||
|
CONTAINER="$(docker ps -qf "name=$user")"
|
||||||
|
echo "User: $user - Container ID: $CONTAINER" | $OUTPUT
|
||||||
|
if [ ! -z "$CONTAINER" ]; then
|
||||||
|
docker stop $CONTAINER
|
||||||
|
if [ $? -eq "0" ]; then
|
||||||
|
echo "Running shell found and stopped."
|
||||||
|
else
|
||||||
|
echo "Shell could not be stopped. Maybe it's lready down?"
|
||||||
|
fi
|
||||||
|
docker rm $CONTAINER
|
||||||
|
if [ $? -eq "0" ]; then
|
||||||
|
echo "Shell container found and removed."
|
||||||
|
else
|
||||||
|
echo "Shell could not be removed. Maybe it doesn't exist?"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "ID could not be determined."
|
||||||
|
fi
|
||||||
|
sudo /usr/sbin/userdel -f $user | $OUTPUT
|
||||||
|
sudo /usr/sbin/groupdel -f $user | $OUTPUT
|
||||||
|
sudo /usr/bin/rm -rf /home/$user
|
||||||
|
sudo /usr/bin/rm -rf /var/spool/mail/$user
|
||||||
|
INITEMP=$(mktemp --tmpdir initemp.XXXXX)
|
||||||
|
trap "rm -f $INITEMP" 0 1 2 3 15
|
||||||
|
sed "/$user/d" "/etc/dockersh.ini" > "$INITEMP"
|
||||||
|
cat "$INITEMP" > /etc/dockersh.ini
|
||||||
|
echo "Done." | $OUTPUT
|
||||||
|
echo "OK."
|
||||||
|
else
|
||||||
|
echo "Aborted: User not found."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "No argument supplied."
|
||||||
|
fi
|
||||||
@ -1,21 +1,18 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Original by https://github.com/sleeepyjack/dockersh
|
# Original by https://github.com/sleeepyjack/dockersh
|
||||||
# Modified by georg@lysergic.dev
|
# Modified by georg@lysergic.dev
|
||||||
|
|
||||||
if [ -z "${HOST_USER_NAME}" -o -z "${HOST_USER_ID}" -o -z "${HOST_USER_GID}" ]; then
|
if [ -z "${HOST_USER_NAME}" -o -z "${HOST_USER_ID}" -o -z "${HOST_USER_GID}" ]; then
|
||||||
echo "HOST_USER_NAME, HOST_USER_ID & HOST_USER_GID needs to be set!"; exit 100
|
echo "HOST_USER_NAME, HOST_USER_ID & HOST_USER_GID needs to be set!"; exit 100
|
||||||
fi
|
fi
|
||||||
|
|
||||||
useradd \
|
useradd \
|
||||||
--uid ${HOST_USER_ID} \
|
--uid ${HOST_USER_ID} \
|
||||||
--gid ${HOST_USER_GID} \
|
-U \
|
||||||
--create-home \
|
-m \
|
||||||
--shell /bin/bash \
|
-s /bin/bash \
|
||||||
${HOST_USER_NAME}
|
${HOST_USER_NAME}
|
||||||
groupadd --gid "${HOST_USER_GID}" "${HOST_USER_NAME}"
|
sleep 3s
|
||||||
usermod -aG sudo ${HOST_USER_NAME}
|
|
||||||
sleep 5s
|
|
||||||
|
|
||||||
echo ${HOST_USER_NAME}:${HOST_USER_NAME} | chpasswd
|
echo ${HOST_USER_NAME}:${HOST_USER_NAME} | chpasswd
|
||||||
|
|
||||||
exec su - "${HOST_USER_NAME}"
|
exec su - "${HOST_USER_NAME}"
|
||||||
|
|
||||||
1
lcpubsh/image_template/user_mapping.sh
Symbolic link
1
lcpubsh/image_template/user_mapping.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../bin/user_mapping.sh
|
||||||
Loading…
Reference in New Issue
Block a user