59 lines
1.4 KiB
Bash
59 lines
1.4 KiB
Bash
#!/bin/bash
|
|
#more info here http://www.cyberciti.biz/faq/debian-ubuntu-restricting-ssh-user-session-to-a-directory-chrooted-jail/
|
|
|
|
fs="$PWD/jail"
|
|
echo "Creating ${fs}..."
|
|
mkdir -p ${fs}/{etc,usr/{bin,lib},bin,lib}/
|
|
|
|
mkdir -p $fs/dev/
|
|
mknod -m 666 $fs/dev/null c 1 3
|
|
mknod -m 666 $fs/dev/tty c 5 0
|
|
mknod -m 666 $fs/dev/zero c 1 5
|
|
mknod -m 666 $fs/dev/random c 1 8
|
|
|
|
cp -v /lib/ld-linux.so.2 $fs/lib/
|
|
|
|
chown root:root $fs
|
|
chmod 0755 $fs
|
|
|
|
wget "http://www.busybox.net/downloads/binaries/latest/busybox-i686" -O ${fs}/bin/busybox
|
|
chmod +x ${fs}/bin/busybox
|
|
|
|
cd ${fs}/bin
|
|
./busybox --help | \
|
|
sed -e '1,/^Currently defined functions:/d' \
|
|
-e 's/[ \t]//g' -e 's/,$//' -e 's/,/\n/g' | \
|
|
while read app ; do
|
|
if [ "$app" != "" ]; then
|
|
printf "linking %-12s ...\n" "$app"
|
|
ln -sf "./busybox" "$app"
|
|
ls -ld "$app"
|
|
fi
|
|
done
|
|
|
|
echo "nameserver 8.8.8.8" > $fs/etc/resolv.conf
|
|
echo "search 8.8.8.8" >> $fs/etc/resolv.conf
|
|
|
|
#add nmap
|
|
cp -v /usr/bin/nmap $fs/usr/bin/nmap_real
|
|
#create unprivileged nmap script
|
|
cat << EOF > $fs/usr/bin/nmap
|
|
#!/bin/sh
|
|
nmap_real --unprivileged \$*
|
|
EOF
|
|
chmod +x $fs/usr/bin/nmap
|
|
|
|
mkdir -p $fs/{usr/share/nmap/,etc/services}
|
|
#cp -vr /usr/share/nmap $fs/usr/share/nmap/
|
|
ldd /usr/bin/nmap|while read line;
|
|
do
|
|
echo "$line"|\
|
|
awk '{print $3}'
|
|
done|grep lib|while read line;
|
|
do
|
|
cp -v "$line" $fs/usr/lib/;
|
|
done
|
|
|
|
clear
|
|
echo "welcome to your chroot!"
|
|
chroot $fs sh |