Created
March 19, 2021 10:40
-
-
Save Javinator9889/adf71c2487d3c370438b493982b7d585 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# exit on error | |
set -e | |
# define tput commands | |
# background color using ANSI escape | |
bgBlack=$(tput setab 0) # black | |
bgRed=$(tput setab 1) # red | |
bgGreen=$(tput setab 2) # green | |
bgYellow=$(tput setab 3) # yellow | |
bgBlue=$(tput setab 4) # blue | |
bgMagenta=$(tput setab 5) # magenta | |
bgCyan=$(tput setab 6) # cyan | |
bgWhite=$(tput setab 7) # white | |
# foreground color using ANSI escape | |
fgBLack=$(tput setaf 0) # black | |
fgRed=$(tput setaf 1) # red | |
fgGreen=$(tput setaf 2) # green | |
fgYellow=$(tput setaf 3) # yellow | |
fgBlue=$(tput setaf 4) # blue | |
fgMagenta=$(tput setaf 5) # magenta | |
fgCyan=$(tput setaf 6) # cyan | |
fgWhite=$(tput setaf 7) # white | |
# text editing options | |
txBold=$(tput bold) # bold | |
txHalf=$(tput dim) # half-bright | |
txUnderline=$(tput smul) # underline | |
txEndUnder=$(tput rmul) # exit underline | |
txReverse=$(tput rev) # reverse | |
txStandout=$(tput smso) # standout | |
txEndStand=$(tput rmso) # exit standout | |
txReset=$(tput sgr0) # reset attributes | |
function app_exists { | |
local path=$(command -v "$1") | |
if [ ! $(command -v "$1") ]; then | |
printf "❌ ${txBold}$1 is not installed!${txReset}\n" 1>&2 | |
exit 1 | |
else | |
printf "✅ ${txBold}$1 found at path: ${path}\n" | |
fi | |
} | |
function dir_exists { | |
if [ -d "$1" ]; then | |
printf "✅ Directory $1 found!\n" | |
else | |
printf "❌ Directory $1 not found! Exiting...\n" 1>&2 | |
exit 1 | |
fi | |
} | |
function usage { | |
printf "\t${txBold}Usage${txReset}: [sudo] ${txUnderline}$0 CHROOT_DIR${txReset}\n\n" 1>&2 | |
printf "\t>> Example: sudo ${txReverse}$0 /home/demo\n" 1>&2 | |
exit 1 | |
} | |
[ $# -eq 0 ] && printf "❌ ${bgRed}Jail directory not supplied!${txReset}\n" && usage | |
if [ "$EUID" -ne "0" ]; then | |
printf "❌ ${bgRed}This script must be run with root privileges!${txReset}\n" 1>&2 | |
usage | |
exit 1 | |
fi | |
D="$1" | |
printf "${txBold}▶ [1/5] Checking prerequisites...${txReset}\n" | |
dir_exists "$D" | |
app_exists "schroot" | |
app_exists "debootstrap" | |
printf "Prerequisites checked ✅\n" | |
printf "${txBold}▶ [2/5] Stopping NGINX service...${txReset}\n" | |
chroot $D /etc/init.d/nginx stop || true | |
printf "NGINX stopped ✅\n" | |
printf "${txBold}▶ [3/5] Stopping schroot sessions...${txReset}\n" | |
session=$(schroot --list --all-sessions | grep server-amd64) || true | |
schroot -e -c $session || true | |
printf "schroot session stopped ✅\n" | |
printf "${txBold}▶ [4/5] Unmounting /run...${txReset}\n" | |
umount $D/run || true | |
printf "/run unmounted ✅\n" | |
printf "${txBold}▶ [5/5] Cleaning-up directory...${txReset}\n" | |
rm -r $D | |
printf "$D cleaned ✅\n" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# exit on error | |
set -e | |
# define tput commands | |
# background color using ANSI escape | |
bgBlack=$(tput setab 0) # black | |
bgRed=$(tput setab 1) # red | |
bgGreen=$(tput setab 2) # green | |
bgYellow=$(tput setab 3) # yellow | |
bgBlue=$(tput setab 4) # blue | |
bgMagenta=$(tput setab 5) # magenta | |
bgCyan=$(tput setab 6) # cyan | |
bgWhite=$(tput setab 7) # white | |
# foreground color using ANSI escape | |
fgBLack=$(tput setaf 0) # black | |
fgRed=$(tput setaf 1) # red | |
fgGreen=$(tput setaf 2) # green | |
fgYellow=$(tput setaf 3) # yellow | |
fgBlue=$(tput setaf 4) # blue | |
fgMagenta=$(tput setaf 5) # magenta | |
fgCyan=$(tput setaf 6) # cyan | |
fgWhite=$(tput setaf 7) # white | |
# text editing options | |
txBold=$(tput bold) # bold | |
txHalf=$(tput dim) # half-bright | |
txUnderline=$(tput smul) # underline | |
txEndUnder=$(tput rmul) # exit underline | |
txReverse=$(tput rev) # reverse | |
txStandout=$(tput smso) # standout | |
txEndStand=$(tput rmso) # exit standout | |
txReset=$(tput sgr0) # reset attributes | |
function app_exists { | |
local path=$(command -v "$1") | |
if [ ! $(command -v "$1") ]; then | |
printf "❌ ${txBold}$1 is not installed!${txReset}\n" 1>&2 | |
exit 1 | |
else | |
printf "✅ ${txBold}$1 found at path: ${path}\n" | |
fi | |
} | |
function dir_exists { | |
if [ -d "$1" ]; then | |
printf "✅ Directory $1 found!\n" | |
else | |
printf "❗ Directory $1 not found! Creating...\n" 1>&2 | |
mkdir -vp $1 | |
fi | |
} | |
function tree_dir { | |
local exists=$(command -v tree) | |
if [ exists ]; then | |
tree -L 1 "$1" | |
fi | |
} | |
function create_schroot_config { | |
tee /etc/schroot/chroot.d/server-amd64.conf > /dev/null << EOF | |
[server-amd64] | |
description=Ubuntu minimal 20.04 for amd64 | |
directory=$1 | |
root-users=$2 | |
type=directory | |
users=$2 | |
EOF | |
} | |
function schroot_init_config { | |
debootstrap --variant=buildd --arch=amd64 focal $1 https://fr.archive.ubuntu.com/ubuntu | |
schroot -c chroot:server-amd64 -u root --directory=/ -- sh -c "apt-get update && apt-get install -y ubuntu-minimal" | |
} | |
function install_nginx { | |
schroot -c chroot:server-amd64 -u root --directory=/ -- sh -c "apt-get update && apt-get install -y nginx" | |
} | |
function patch_schroot { | |
sed -i -e 's/^\/dev\s/#&/g' -e 's/^\/home/#&/g' -e 's/^\/tmp/#&/g' -e 's/^\/run/#&/g' /etc/schroot/default/fstab | |
} | |
function create_node { | |
if [ ! -c "/dev/$1" ]; then | |
printf "❌ ${txBold}Character device \"/dev/$1\" does not exist!\n" 1>&2 | |
exit 1 | |
fi | |
local minor=$(stat -c %T "/dev/$1") | |
local major=$(stat -c %t "/dev/$1") | |
if [[ "$minor" -eq "0" && "$major" -eq "0" ]]; then | |
printf "❗ \"/dev/$1\" is not a character device\n" | |
else | |
if [ -z "$2" ]; then | |
printf "❌ ${txBold}Target character directory not provided!\n" 1>&2 | |
exit 1 | |
fi | |
local perms=$(stat -c %a "/dev/$1") | |
printf "\tCreating device \"$1\" with permissions ${perms}...\n" | |
if [ ! -c "$2/dev/$1" ]; then | |
mknod -m "$perms" "$2/dev/$1" c "$major" "$minor" | |
fi | |
fi | |
} | |
function stop_nginx { | |
killall -9 nginx || true | |
} | |
function start_chroot_nginx { | |
chroot "$1" /etc/init.d/nginx start | |
chroot "$1" /etc/init.d/nginx status | |
printf "✅ NGINX configuration is OK and it's running inside the jail\n" | |
} | |
function usage { | |
printf "\t${txBold}Usage${txReset}: [sudo] ${txUnderline}$0 CHROOT_DIR USER${txReset}\n\n" 1>&2 | |
printf "\t>> Example: sudo ${txReverse}$0 /home/demo user1\n" 1>&2 | |
exit 1 | |
} | |
[ $# -lt 1 ] && printf "❌ ${bgRed}Jail directory and user not supplied!${txReset}\n" 1>&2 && usage | |
if [ "$EUID" -ne "0" ]; then | |
printf "❌ ${bgRed}This script must be run with root privileges!${txReset}\n" 1>&2 | |
usage | |
exit 1 | |
fi | |
D="$1" | |
U="$2" | |
printf "${txBold}▶ [1/9] Checking prerequisites...${txReset}\n" | |
dir_exists "$D" | |
app_exists "schroot" | |
app_exists "debootstrap" | |
if ! id "$U" &> /dev/null; then | |
printf "❌ ${bgRed}User \"$U\" does not exist!${txReset}\n" | |
exit 1 | |
fi | |
printf "Prerequisites checked ✅\n" | |
printf "${txBold}▶ [2/9] Initializing base system...${txReset}\n" | |
create_schroot_config $D | |
patch_schroot | |
schroot_init_config $D | |
printf "Base system created ✅\n" | |
printf "${txBold}▶ [3/9] Creating directory structure...${txReset}\n" | |
mkdir -p $D/{etc/{nginx,init.d},dev,var/log/nginx,/var/lib,var/lib/nginx,var/run,usr,usr/sbin,usr/share/nginx,usr/lib/nginx,lib64,lib32,lib,home/nginx} | |
mkdir -p -m 1777 $D/{tmp,var/tmp} | |
tree_dir "$D" | |
printf "Directory structure completed ✅\n" | |
printf "${txBold}▶ [4/9] Creating character devices...${txReset}\n" | |
create_node "null" "$D" | |
create_node "random" "$D" | |
create_node "urandom" "$D" | |
tree_dir "$D/dev" | |
printf "Character devices created ✅\n" | |
printf "${txBold}▶ [5/9] Installing NGINX...${txReset}\n" | |
install_nginx | |
printf "NGINX correctly installed ✅\n" | |
printf "${txBold}▶ [6/9] Adding user to chroot sudoers...${txReset}\n" | |
echo "$U ALL=(ALL) NOPASSWD:ALL" | tee -a $D/etc/sudoers > /dev/null | |
printf "User $U is now an admin ✅\n" | |
printf "${txBold}▶ [7/9] Mounting system directories inside chroot...${txReset}\n" | |
# mount -o "bind,rw" /run $D/run | |
printf "Mounted /run ✅\n" | |
printf "${txBold}▶ [8/9] Stopping any running instance of NGINX...${txReset}\n" | |
stop_nginx | |
sed -i 's/Welcome to nginx/Bienvenido a nginx enjaulado/' $D/var/www/html/*.html | |
printf "NGINX has been stopped ✅\n" | |
printf "${txBold}▶ [9/9] Starting jailed NGINX...${txReset}\n" | |
start_chroot_nginx "$D" | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment