v3rlly/network-sandbox-linux.sh

## network-sandbox-linux.sh
#!/bin/bash

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# "sandbox" account to drop network traffic in linux programs
# tested on ubuntu 19.10
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# -------------------------------------------------------------------------
# 1. Create a user group that should receive the firewall rule
# -------------------------------------------------------------------------

# 'password' is the group password
# 'offline' is the name of the group
$ sudo groupadd -p password offline
# check that the group has been created
$ cat /etc/group | grep offline


# -------------------------------------------------------------------------
# 2. create a user to run the programs without an internet connection
# -------------------------------------------------------------------------


# -m => create the user folder
# -g => add user to a group
# 'offline' => group | 'off' => user
$ sudo useradd -m -g offline off

# set a password for the created user
$ sudo passwd off


# -------------------------------------------------------------------------
# 3. allows the 'off' user to access the running X server
# -------------------------------------------------------------------------

$ sudo xhost local:off


# -------------------------------------------------------------------------
# 4. Create a rule that drop network traffic for the user group 'offline'
# -------------------------------------------------------------------------

$ sudo iptables -I OUTPUT 1 -m owner --gid-owner offline -j DROP


# -------------------------------------------------------------------------
# 5. run a program this way => su off -c COMAND
# -------------------------------------------------------------------------

# examples
$ su off -c firefox

# su off -c "python /home/off/codes/hello.py"
# su off -c "python /home/off/codes/hello.py"
	#!/bin/bash

	# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
	# "sandbox" account to drop network traffic in linux programs
	# tested on ubuntu 19.10
	# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

	# -------------------------------------------------------------------------
	# 1. Create a user group that should receive the firewall rule
	# -------------------------------------------------------------------------

	# 'password' is the group password
	# 'offline' is the name of the group
	$ sudo groupadd -p password offline
	# check that the group has been created
	$ cat /etc/group \| grep offline



	# -------------------------------------------------------------------------
	# 2. create a user to run the programs without an internet connection
	# -------------------------------------------------------------------------


	# -m => create the user folder
	# -g => add user to a group
	# 'offline' => group \| 'off' => user
	$ sudo useradd -m -g offline off

	# set a password for the created user
	$ sudo passwd off



	# -------------------------------------------------------------------------
	# 3. allows the 'off' user to access the running X server
	# -------------------------------------------------------------------------

	$ sudo xhost local:off



	# -------------------------------------------------------------------------
	# 4. Create a rule that drop network traffic for the user group 'offline'
	# -------------------------------------------------------------------------

	$ sudo iptables -I OUTPUT 1 -m owner --gid-owner offline -j DROP



	# -------------------------------------------------------------------------
	# 5. run a program this way => su off -c COMAND
	# -------------------------------------------------------------------------

	# examples
	$ su off -c firefox

	# su off -c "python /home/off/codes/hello.py"
	# su off -c "python /home/off/codes/hello.py"