Skip to content

Instantly share code, notes, and snippets.

@Javinator9889

Javinator9889/remove-chroot.sh

Created March 19, 2021 10:40
Show Gist options
  • Save Javinator9889/adf71c2487d3c370438b493982b7d585 to your computer and use it in GitHub Desktop.
Save Javinator9889/adf71c2487d3c370438b493982b7d585 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
remove-chroot.sh
#!/usr/bin/env bash
# exit on error
set -e
# define tput commands
# background color using ANSI escape
bgBlack=$(tput setab 0) # black
bgRed=$(tput setab 1) # red
bgGreen=$(tput setab 2) # green
bgYellow=$(tput setab 3) # yellow
bgBlue=$(tput setab 4) # blue
bgMagenta=$(tput setab 5) # magenta
bgCyan=$(tput setab 6) # cyan
bgWhite=$(tput setab 7) # white
# foreground color using ANSI escape
fgBLack=$(tput setaf 0) # black
fgRed=$(tput setaf 1) # red
fgGreen=$(tput setaf 2) # green
fgYellow=$(tput setaf 3) # yellow
fgBlue=$(tput setaf 4) # blue
fgMagenta=$(tput setaf 5) # magenta
fgCyan=$(tput setaf 6) # cyan
fgWhite=$(tput setaf 7) # white
# text editing options
txBold=$(tput bold) # bold
txHalf=$(tput dim) # half-bright
txUnderline=$(tput smul) # underline
txEndUnder=$(tput rmul) # exit underline
txReverse=$(tput rev) # reverse
txStandout=$(tput smso) # standout
txEndStand=$(tput rmso) # exit standout
txReset=$(tput sgr0) # reset attributes
function app_exists {
local path=$(command -v "$1")
if [ ! $(command -v "$1") ]; then
printf "❌ ${txBold}$1 is not installed!${txReset}\n" 1>&2
exit 1
else
printf "✅ ${txBold}$1 found at path: ${path}\n"
fi
}
function dir_exists {
if [ -d "$1" ]; then
printf "✅ Directory $1 found!\n"
else
printf "❌ Directory $1 not found! Exiting...\n" 1>&2
exit 1
fi
}
function usage {
printf "\t${txBold}Usage${txReset}: [sudo] ${txUnderline}$0 CHROOT_DIR${txReset}\n\n" 1>&2
printf "\t>> Example: sudo ${txReverse}$0 /home/demo\n" 1>&2
exit 1
}
[ $# -eq 0 ] && printf "❌ ${bgRed}Jail directory not supplied!${txReset}\n" && usage
if [ "$EUID" -ne "0" ]; then
printf "❌ ${bgRed}This script must be run with root privileges!${txReset}\n" 1>&2
usage
exit 1
fi
D="$1"
printf "${txBold}▶ [1/5] Checking prerequisites...${txReset}\n"
dir_exists "$D"
app_exists "schroot"
app_exists "debootstrap"
printf "Prerequisites checked ✅\n"
printf "${txBold}▶ [2/5] Stopping NGINX service...${txReset}\n"
chroot $D /etc/init.d/nginx stop || true
printf "NGINX stopped ✅\n"
printf "${txBold}▶ [3/5] Stopping schroot sessions...${txReset}\n"
session=$(schroot --list --all-sessions | grep server-amd64) || true
schroot -e -c $session || true
printf "schroot session stopped ✅\n"
printf "${txBold}▶ [4/5] Unmounting /run...${txReset}\n"
umount $D/run || true
printf "/run unmounted ✅\n"
printf "${txBold}▶ [5/5] Cleaning-up directory...${txReset}\n"
rm -r $D
printf "$D cleaned ✅\n"
Raw
setup-nginx.sh
#!/usr/bin/env bash
# exit on error
set -e
# define tput commands
# background color using ANSI escape
bgBlack=$(tput setab 0) # black
bgRed=$(tput setab 1) # red
bgGreen=$(tput setab 2) # green
bgYellow=$(tput setab 3) # yellow
bgBlue=$(tput setab 4) # blue
bgMagenta=$(tput setab 5) # magenta
bgCyan=$(tput setab 6) # cyan
bgWhite=$(tput setab 7) # white
# foreground color using ANSI escape
fgBLack=$(tput setaf 0) # black
fgRed=$(tput setaf 1) # red
fgGreen=$(tput setaf 2) # green
fgYellow=$(tput setaf 3) # yellow
fgBlue=$(tput setaf 4) # blue
fgMagenta=$(tput setaf 5) # magenta
fgCyan=$(tput setaf 6) # cyan
fgWhite=$(tput setaf 7) # white
# text editing options
txBold=$(tput bold) # bold
txHalf=$(tput dim) # half-bright
txUnderline=$(tput smul) # underline
txEndUnder=$(tput rmul) # exit underline
txReverse=$(tput rev) # reverse
txStandout=$(tput smso) # standout
txEndStand=$(tput rmso) # exit standout
txReset=$(tput sgr0) # reset attributes
function app_exists {
local path=$(command -v "$1")
if [ ! $(command -v "$1") ]; then
printf "❌ ${txBold}$1 is not installed!${txReset}\n" 1>&2
exit 1
else
printf "✅ ${txBold}$1 found at path: ${path}\n"
fi
}
function dir_exists {
if [ -d "$1" ]; then
printf "✅ Directory $1 found!\n"
else
printf "❗ Directory $1 not found! Creating...\n" 1>&2
mkdir -vp $1
fi
}
function tree_dir {
local exists=$(command -v tree)
if [ exists ]; then
tree -L 1 "$1"
fi
}
function create_schroot_config {
tee /etc/schroot/chroot.d/server-amd64.conf > /dev/null << EOF
[server-amd64]
description=Ubuntu minimal 20.04 for amd64
directory=$1
root-users=$2
type=directory
users=$2
EOF
}
function schroot_init_config {
debootstrap --variant=buildd --arch=amd64 focal $1 https://fr.archive.ubuntu.com/ubuntu
schroot -c chroot:server-amd64 -u root --directory=/ -- sh -c "apt-get update && apt-get install -y ubuntu-minimal"
}
function install_nginx {
schroot -c chroot:server-amd64 -u root --directory=/ -- sh -c "apt-get update && apt-get install -y nginx"
}
function patch_schroot {
sed -i -e 's/^\/dev\s/#&/g' -e 's/^\/home/#&/g' -e 's/^\/tmp/#&/g' -e 's/^\/run/#&/g' /etc/schroot/default/fstab
}
function create_node {
if [ ! -c "/dev/$1" ]; then
printf "❌ ${txBold}Character device \"/dev/$1\" does not exist!\n" 1>&2
exit 1
fi
local minor=$(stat -c %T "/dev/$1")
local major=$(stat -c %t "/dev/$1")
if [[ "$minor" -eq "0" && "$major" -eq "0" ]]; then
printf "❗ \"/dev/$1\" is not a character device\n"
else
if [ -z "$2" ]; then
printf "❌ ${txBold}Target character directory not provided!\n" 1>&2
exit 1
fi
local perms=$(stat -c %a "/dev/$1")
printf "\tCreating device \"$1\" with permissions ${perms}...\n"
if [ ! -c "$2/dev/$1" ]; then
mknod -m "$perms" "$2/dev/$1" c "$major" "$minor"
fi
fi
}
function stop_nginx {
killall -9 nginx || true
}
function start_chroot_nginx {
chroot "$1" /etc/init.d/nginx start
chroot "$1" /etc/init.d/nginx status
printf "✅ NGINX configuration is OK and it's running inside the jail\n"
}
function usage {
printf "\t${txBold}Usage${txReset}: [sudo] ${txUnderline}$0 CHROOT_DIR USER${txReset}\n\n" 1>&2
printf "\t>> Example: sudo ${txReverse}$0 /home/demo user1\n" 1>&2
exit 1
}
[ $# -lt 1 ] && printf "❌ ${bgRed}Jail directory and user not supplied!${txReset}\n" 1>&2 && usage
if [ "$EUID" -ne "0" ]; then
printf "❌ ${bgRed}This script must be run with root privileges!${txReset}\n" 1>&2
usage
exit 1
fi
D="$1"
U="$2"
printf "${txBold}▶ [1/9] Checking prerequisites...${txReset}\n"
dir_exists "$D"
app_exists "schroot"
app_exists "debootstrap"
if ! id "$U" &> /dev/null; then
printf "❌ ${bgRed}User \"$U\" does not exist!${txReset}\n"
exit 1
fi
printf "Prerequisites checked ✅\n"
printf "${txBold}▶ [2/9] Initializing base system...${txReset}\n"
create_schroot_config $D
patch_schroot
schroot_init_config $D
printf "Base system created ✅\n"
printf "${txBold}▶ [3/9] Creating directory structure...${txReset}\n"
mkdir -p $D/{etc/{nginx,init.d},dev,var/log/nginx,/var/lib,var/lib/nginx,var/run,usr,usr/sbin,usr/share/nginx,usr/lib/nginx,lib64,lib32,lib,home/nginx}
mkdir -p -m 1777 $D/{tmp,var/tmp}
tree_dir "$D"
printf "Directory structure completed ✅\n"
printf "${txBold}▶ [4/9] Creating character devices...${txReset}\n"
create_node "null" "$D"
create_node "random" "$D"
create_node "urandom" "$D"
tree_dir "$D/dev"
printf "Character devices created ✅\n"
printf "${txBold}▶ [5/9] Installing NGINX...${txReset}\n"
install_nginx
printf "NGINX correctly installed ✅\n"
printf "${txBold}▶ [6/9] Adding user to chroot sudoers...${txReset}\n"
echo "$U ALL=(ALL) NOPASSWD:ALL" | tee -a $D/etc/sudoers > /dev/null
printf "User $U is now an admin ✅\n"
printf "${txBold}▶ [7/9] Mounting system directories inside chroot...${txReset}\n"
# mount -o "bind,rw" /run $D/run
printf "Mounted /run ✅\n"
printf "${txBold}▶ [8/9] Stopping any running instance of NGINX...${txReset}\n"
stop_nginx
sed -i 's/Welcome to nginx/Bienvenido a nginx enjaulado/' $D/var/www/html/*.html
printf "NGINX has been stopped ✅\n"
printf "${txBold}▶ [9/9] Starting jailed NGINX...${txReset}\n"
start_chroot_nginx "$D"
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment