Skip to content

Instantly share code, notes, and snippets.

@wcypierre
Last active December 20, 2015 13:09
Show Gist options
  • Save wcypierre/6136781 to your computer and use it in GitHub Desktop.
Save wcypierre/6136781 to your computer and use it in GitHub Desktop.
[Debian 7] Chroot Setup
#!/bin/bash
# Made for Debian 7 with CLI
apt-get remove --purge apache2 xinetd samba bind bind9 -y;
apt-get update -y;
service apache2 stop;
rm /etc/init.d/apache2;
sleep 2;
apt-get install dialog -y;
dpkg-reconfigure locales;
apt-get install g++-4.7 g++-4.6 g++-4.4 g++ gcc clang -y;
#apt-get install gdb valgrind kmtrace mutextrace -y;
sleep 2;
#apt-get install styx lemon doxygen colorgcc colormake cppcheck cpputest cproto libboost-all-dev libboost-dev libboost-chrono-dev astyle bcpp ccache cccc ccbuild cloc cmake automake -y;
sleep 2;
#apt-get install stl-manual manpages-posix manpages-posix-dev -y;
apt-get install sudo and aptitude -y;
apt-get install debconf autoconf binutils bison debhelper -y;
#apt-get install cpulimit htop ioping iotop -y;
apt-get install vim nano emacs -y;
apt-get install git git-core -y;
#apt-get install zsh csh rsh -y;
#apt-get install bashdb bc bash-completion -y;
#apt-get install unrar p7zip-full -y;
#apt-get install curl -y;
#apt-get install lynx -y;
apt-get install python python3 python-support python-pip -y;
apt-get install makejail fakeroot -y;
apt-get install php5-fpm nginx fail2ban zendframework php-apc php5-cli php5-curl phpunit -y;
#apt-get remove --purge mysql-server* mysql-client* -y;
mkdir -p /var/chroot/sshd/;
makejail /usr/share/doc/makejail/examples/sshd.py;
cd ~/;
wget https://gist.github.com/wcypierre/6095848/raw/6fbc059fe95fe6d605ab7c9ada8e27a1a71c3da9/bin_lib_copy.sh;
sh ./bin_lib_copy.sh ssh
wget https://gist.github.com/wcypierre/6136797/raw/66fa8e35f4d27321628f4cec836395a4949a2aa8/sshd_config_client
wget https://gist.github.com/wcypierre/6136792/raw/cf1d920f9e0981ae2420d198f8afbac54548b1f2/sshd_config_host
cp sshd_config_host /etc/ssh/sshd_config
cp sshd_config_client /var/chroot/sshd/etc/ssh/sshd_config
cp /etc/passwd /var/chroot/sshd/etc/passwd;
cp /etc/group /var/chroot/sshd/etc/group;
cp /etc/shadow /var/chroot/sshd/etc/shadow;
mkdir -p /var/chroot/sshd/home;
mkdir -p /var/chroot/sshd/proc;
mount -t proc proc /var/chroot/sshd/proc;
echo "proc-ssh /var/chroot/sshd/proc proc none 0 0" >> /etc/fstab
wget https://gist.github.com/wcypierre/6138295/raw/fd0b9b5b09deb33b0f598d9cb765488507f9b5dc/ssh-chroot
cp ssh-chroot /etc/init.d/ssh-chroot
chmod 700 /etc/init.d/ssh-chroot
echo "-a /var/chroot/sshd/dev/log" >> /etc/default/syslogd
cp /etc/pam.d/common-* /var/chroot/sshd/etc/pam.d/
ssh-keygen -A
cp /etc/ssh/ssh_host_key /var/chroot/sshd/etc/ssh/ssh_host_key
cp /etc/ssh/ssh_host_key.pub /var/chroot/sshd/etc/ssh/ssh_host_key.pub
cp /etc/ssh/ssh_host_dsa_key /var/chroot/sshd/etc/ssh/ssh_host_dsa_key
cp /etc/ssh/ssh_host_rsa_key.pub /var/chroot/sshd/etc/ssh/ssh_host_rsa_key.pub
cp /etc/ssh/ssh_host_ecdsa_key /var/chroot/sshd/etc/ssh/ssh_host_ecdsa_key
cp /etc/ssh/ssh_host_ecdsa_key.pub /var/chroot/sshd/etc/ssh/ssh_host_ecdsa_key.pub
echo "session required pam_chroot.so" >> /etc/pam.d/ssh
/etc/init.d/ssh-chroot restart
/etc/init.d/ssh-chroot restart
/etc/init.d/ssh-chroot restart
/etc/init.d/ssh restart
echo "When you want to add user, you need to copy /etc/{passwd, group, shadow} to /var/chroot/sshd/{passwd, group, shadow}"
echo "vm.swappiness=30" >> /etc/sysctl.conf;
cd /usr/;
git clone https://github.com/wcypierre/GateOne.git
cd /usr/GateOne/;
pip install tornado stdeb slimit cssmin
python setup.py install
cd /opt/gateone/;
./gateone.py &
cd /etc/fail2ban/action.d/
rm sendmail-whois-lines.conf
wget https://gist.github.com/wcypierre/6145883/raw/7c7a9764fa7f51f9922d3bdd6bfd07296819d2f0/sendmail-whois-lines.conf
cd /etc/fail2ban;
rm jail.conf
wget https://gist.github.com/wcypierre/6145891/raw/3b05db2d85d60502015b1aafedda174b3cb24236/jail.conf
groupadd chroot
cd /usr/bin
wget https://gist.github.com/wcypierre/6146014/raw/85149dfeac7b62822d10216d4b75c0c2ba828bd8/user_add.sh
rm /etc/nginx/sites-available/default
cd /etc/nginx/sites-available/;
wget https://gist.github.com/wcypierre/6146312/raw/4031e22b7376c00b70c566b3b5457628832e9fd6/default
cd /etc/php5/fpm/;
rm php.ini;
wget https://gist.github.com/wcypierre/6146337/raw/f734c7cc3a76c6a00b66e63561f0a51c05da6c15/php.ini
service apache2 stop;
sleep 2;
service nginx restart;
service php5-fpm restart;
# Copy xterm to enable nano
mkdir -p /var/chroot/sshd/etc/terminfo/x
cp /lib/terminfo/x/* /var/chroot/sshd/etc/terminfo/x/
service ssh-chroot restart
service ssh-chroot restart
echo "TMOUT=1440
readonly TMOUT
export TMOUT" >> /etc/profile.d/autologout.sh
echo "deb http://dl.ajaxplorer.info/repos/apt stable main
deb-src http://dl.ajaxplorer.info/repos/apt stable main" >> /etc/apt/sources.list
apt-get update -y; apt-get install ajaxplorer -y;
cp /usr/share/doc/ajaxplorer/apache2.sample.conf /etc/apache2/sites-enabled/ajaxplorer.conf
# edit /opt/gateone/settings/50limits.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment