Setup jail - general script for setting up a chroot jail with SSH support built-in

setup-jail-ssh.sh

#!/usr/bin/env bash

# exit on error
set -e

# define tput commands
# background color using ANSI escape

bgBlack=$(tput setab 0) # black
bgRed=$(tput setab 1) # red
bgGreen=$(tput setab 2) # green
bgYellow=$(tput setab 3) # yellow
bgBlue=$(tput setab 4) # blue
bgMagenta=$(tput setab 5) # magenta
bgCyan=$(tput setab 6) # cyan
bgWhite=$(tput setab 7) # white

# foreground color using ANSI escape

fgBLack=$(tput setaf 0) # black
fgRed=$(tput setaf 1) # red
fgGreen=$(tput setaf 2) # green
fgYellow=$(tput setaf 3) # yellow
fgBlue=$(tput setaf 4) # blue
fgMagenta=$(tput setaf 5) # magenta
fgCyan=$(tput setaf 6) # cyan
fgWhite=$(tput setaf 7) # white

# text editing options

txBold=$(tput bold)   # bold
txHalf=$(tput dim)    # half-bright
txUnderline=$(tput smul)   # underline
txEndUnder=$(tput rmul)   # exit underline
txReverse=$(tput rev)    # reverse
txStandout=$(tput smso)   # standout
txEndStand=$(tput rmso)   # exit standout
txReset=$(tput sgr0)   # reset attributes


function dir_exists {
    if [ -d "$1" ]; then
        printf "✅ Directory $1 found!\n"
    else
        printf "❗ Directory $1 not found! Creating...\n" 1>&2
        mkdir -vp $1
    fi
}

function tree_dir {
    local exists=$(command -v tree)
    if [ exists ]; then
        tree -L 1 "$1"
    fi
}

function create_node {
    if [ ! -c "/dev/$1" ]; then
        printf "❌ ${txBold}Character device \"/dev/$1\" does not exist!\n" 1>&2
        exit 1
    fi
    local minor=$(stat -c %T "/dev/$1")
    local major=$(stat -c %t "/dev/$1")
    if [[ "$minor" -eq "0" && "$major" -eq "0" ]]; then
        printf "❗ \"/dev/$1\" is not a character device\n"
    else
        if [ -z "$2" ]; then
            printf "❌ ${txBold}Target character directory not provided!\n" 1>&2
            exit 1
        fi
        local perms=$(stat -c %a "/dev/$1")
        printf "\tCreating device \"$1\" with permissions ${perms}...\n"
        if [ ! -c "$2/dev/$1" ]; then
            mknod -m "$perms" "$2/dev/$1" c "$major" "$minor"
        fi
    fi
}

function usage {
    printf "\t${txBold}Usage${txReset}: [sudo] ${txUnderline}$0 CHROOT_DIR${txReset}\n\n" 1>&2
    printf "\t>> Example: sudo ${txReverse}$0 /home/demo${txReset}\n" 1>&2
    exit 1
}

[ $# -lt 1 ] && printf "❌ ${bgRed}Jail directory not supplied!${txReset}\n" 1>&2 && usage

if [ "$EUID" -ne "0" ]; then
    printf "❌ ${bgRed}This script must be run with root privileges!${txReset}\n" 1>&2
    usage
    exit 1
fi

D="$1"

printf "${txBold}▶ [1/4] Checking prerequisites...${txReset}\n"
dir_exists "$D"
printf "Prerequisites checked ✅\n"

printf "${txBold}▶ [2/4] Creating directory structure...${txReset}\n"
mkdir -p $D/{etc,home,tmp,var/tmp,dev}
mkdir -p -m 1777 $D/{tmp,var/tmp}
tree_dir "$D"
printf "Directory structure completed ✅\n"

printf "${txBold}▶ [3/4] Creating character devices...${txReset}\n"
create_node "tty" "$D"
create_node "zero" "$D"
create_node "null" "$D"
create_node "random" "$D"
create_node "urandom" "$D"
tree_dir "$D/dev"
printf "Character devices created ✅\n"

printf "${txBold}▶ [4/4] Copying required folders and files...${txReset}\n"
cp -rvf --parents /lib/terminfo/x "$D"
cp -vf --parents /etc/{passwd,group,ld.so.cache,ld.so.conf,nsswitch.conf,hosts} "$D"
printf "Folders and files copied! ✅\n"

exit 0