From 39e54cc83b2d4d78191ada3dceafa22208336641 Mon Sep 17 00:00:00 2001 From: Georg Date: Sat, 14 Aug 2021 20:38:16 +0200 Subject: Improvements 14/08/2021 Signed-off-by: Georg --- README.md | 3 ++ base/help.sh | 2 + lcpubsh/bin/generate.sh | 79 ++++++++++++++++++---------------- lcpubsh/bin/nuke.sh | 42 ++++++++++++++++++ lcpubsh/bin/user_mapping.sh | 18 ++++++++ lcpubsh/image_template/user-mapping.sh | 21 --------- lcpubsh/image_template/user_mapping.sh | 1 + 7 files changed, 109 insertions(+), 57 deletions(-) create mode 100644 base/help.sh create mode 100644 lcpubsh/bin/nuke.sh create mode 100644 lcpubsh/bin/user_mapping.sh delete mode 100644 lcpubsh/image_template/user-mapping.sh create mode 120000 lcpubsh/image_template/user_mapping.sh diff --git a/README.md b/README.md index c151c16..895ba0e 100644 --- a/README.md +++ b/README.md @@ -1 +1,4 @@ Hosts configurations related to our POC shell service. + +If you want to try it out, ask in #libcasa.info. +We currently support Arch Linux and Ubuntu after activation over IRC, but aim to support more operating systems including a better management process in the future. diff --git a/base/help.sh b/base/help.sh new file mode 100644 index 0000000..223f5e9 --- /dev/null +++ b/base/help.sh @@ -0,0 +1,2 @@ +#!/bin/sh +USER=$(whoami) /usr/local/bin/catgirl -KRh irc.liberta.casa -j '#help' -qr 'Shell Help' diff --git a/lcpubsh/bin/generate.sh b/lcpubsh/bin/generate.sh index 299cab6..b80ac49 100644 --- a/lcpubsh/bin/generate.sh +++ b/lcpubsh/bin/generate.sh @@ -1,48 +1,55 @@ #!/bin/sh # georg@lysergic.dev set -e -echo "Shell generation invoked." | nc -N 127.0.0.2 2424 +OUTPUT="nc -N 127.0.0.2 2424" +echo "Shell generation invoked." | $OUTPUT if [ ! "$#" -eq 0 ]; then user="$(echo "$1" |tr '[:upper:]' '[:lower:]')" case "$2" in - "archlinux") - os="archlinux" - image="lc-archlinux-userbase-v2:sh0" - ;; - "ubuntu") - os="ubuntu" - image="lcbase_ubuntu_14082021_2:sh0" - ;; - *) - echo "Choose between archlinux or ubuntu" - exit 1 - ;; + "archlinux") + os="Arch Linux" + image="lc-archlinux-userbase-v2:sh0" + ;; + "ubuntu") + os="Ubuntu (Latest)" + image="lcbase_ubuntu_14082021_2:sh0" + ;; + *) + echo "Choose between archlinux or ubuntu" + exit 1 + ;; esac fingerprint_ecdsa="$(ssh-keygen -lf /etc/ssh/ssh_host_ecdsa_key.pub)" -if id "$1" &>/dev/null; then - echo "Aborted. Username is already taken." - echo "Aborted: $user is already taken." | nc -N 127.0.0.2 2424 +if id "$user" &>/dev/null; then + echo "Aborted. Username is already taken." + echo "Aborted: $user is already taken." | $OUTPUT else - echo "Hang on ..." - echo "Creating $user locally." | nc -N 127.0.0.2 2424 - sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user - pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n') - echo "Appending to config." | nc -N 127.0.0.2 2424 - echo "" >> /etc/dockersh.ini - echo "[$user]" >> /etc/dockersh.ini - echo "image = $user" >> /etc/dockersh.ini - echo "Forking Docker base image ($image)." | nc -N 127.0.0.2 2424 - /opt/lcpubsh/bin/make_lc_user_image.sh $user $image | nc -N 127.0.0.2 2424 - echo "Setting password." | nc -N 127.0.0.2 2424 - sudo /opt/adduser.sh $user $pass - echo "@$user ssh -p 2222 $user@sh.lib.casa" | nc -N 127.0.0.2 2424 - echo "@$user $fingerprint_ecdsa" | nc -N 127.0.0.2 2424 - echo "@$user $pass" | nc -N 127.0.0.2 2424 - echo "#universe $pass" | nc -N 127.0.0.2 2424 - echo "Done." | nc -N 127.0.0.2 2424 - echo "OK. Details sent to user and/or admins." + echo "Hang on ..." + echo "Creating $user locally." | $OUTPUT + sudo useradd -mUs /opt/lcpubsh/bin/pubsh -G docker $user + pass=$(shuf -n2 /usr/share/dict/words | tr -d '\n') + echo "Appending to config." | $OUTPUT + echo "" >> /etc/dockersh.ini + echo "[$user]" >> /etc/dockersh.ini + echo "image = $user" >> /etc/dockersh.ini + echo "Forking Docker base image ($image)." | $OUTPUT + /opt/lcpubsh/bin/make_lc_user_image.sh $user $image | $OUTPUT + echo "Setting password." | $OUTPUT + sudo /opt/adduser.sh $user $pass + echo "@$user A shell with the operating system $os has been spawned for you." | $OUTPUT + echo "@$user Option A) Connect directly:" | $OUTPUT + echo "@$user ssh -p 2222 $user@sh.lib.casa" | $OUTPUT + echo "@$user Option B) Connect through Tor:" | $OUTPUT + echo "@$user torsocks ssh -p 2222 $user@yib4545ooc4bndo27tcdd4jdeqsfnjm44yacusemwf5eu7lnlwskt5ad.onion" | $OUTPUT + echo "@$user Confirm the fingerprint (displayed upon connecting for the first time) matches the one shown here:" | $OUTPUT + echo "@$user $fingerprint_ecdsa" | $OUTPUT + echo "@$user And finally, here's your password:" | $OUTPUT + echo "@$user $pass" | $OUTPUT + echo "@$user Have fun!" | $OUTPUT + echo "#universe $pass" | $OUTPUT + echo "Done." | $OUTPUT + echo "OK. Details sent to user and/or admins." fi else - echo "No argument supplied." + echo "No argument supplied." fi - diff --git a/lcpubsh/bin/nuke.sh b/lcpubsh/bin/nuke.sh new file mode 100644 index 0000000..33e3aed --- /dev/null +++ b/lcpubsh/bin/nuke.sh @@ -0,0 +1,42 @@ +#!/bin/sh +# georg@lysergic.dev +set -e +OUTPUT="nc -N 127.0.0.2 2424" +echo "Shell removal invoked." | $OUTPUT +if [ ! "$#" -eq 0 ]; then +user="$(echo "$1" |tr '[:upper:]' '[:lower:]')" +if id "$user" &>/dev/null; then + CONTAINER="$(docker ps -qf "name=$user")" + echo "User: $user - Container ID: $CONTAINER" | $OUTPUT + if [ ! -z "$CONTAINER" ]; then + docker stop $CONTAINER + if [ $? -eq "0" ]; then + echo "Running shell found and stopped." + else + echo "Shell could not be stopped. Maybe it's lready down?" + fi + docker rm $CONTAINER + if [ $? -eq "0" ]; then + echo "Shell container found and removed." + else + echo "Shell could not be removed. Maybe it doesn't exist?" + fi + else + echo "ID could not be determined." + fi + sudo /usr/sbin/userdel -f $user | $OUTPUT + sudo /usr/sbin/groupdel -f $user | $OUTPUT + sudo /usr/bin/rm -rf /home/$user + sudo /usr/bin/rm -rf /var/spool/mail/$user + INITEMP=$(mktemp --tmpdir initemp.XXXXX) + trap "rm -f $INITEMP" 0 1 2 3 15 + sed "/$user/d" "/etc/dockersh.ini" > "$INITEMP" + cat "$INITEMP" > /etc/dockersh.ini + echo "Done." | $OUTPUT + echo "OK." +else + echo "Aborted: User not found." +fi +else + echo "No argument supplied." +fi diff --git a/lcpubsh/bin/user_mapping.sh b/lcpubsh/bin/user_mapping.sh new file mode 100644 index 0000000..9b32ba0 --- /dev/null +++ b/lcpubsh/bin/user_mapping.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# Original by https://github.com/sleeepyjack/dockersh +# Modified by georg@lysergic.dev + +if [ -z "${HOST_USER_NAME}" -o -z "${HOST_USER_ID}" -o -z "${HOST_USER_GID}" ]; then + echo "HOST_USER_NAME, HOST_USER_ID & HOST_USER_GID needs to be set!"; exit 100 +fi +useradd \ + --uid ${HOST_USER_ID} \ + -U \ + -m \ + -s /bin/bash \ + ${HOST_USER_NAME} +sleep 3s + +echo ${HOST_USER_NAME}:${HOST_USER_NAME} | chpasswd + +exec su - "${HOST_USER_NAME}" diff --git a/lcpubsh/image_template/user-mapping.sh b/lcpubsh/image_template/user-mapping.sh deleted file mode 100644 index f2aa456..0000000 --- a/lcpubsh/image_template/user-mapping.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# Original by https://github.com/sleeepyjack/dockersh -# Modified by georg@lysergic.dev -if [ -z "${HOST_USER_NAME}" -o -z "${HOST_USER_ID}" -o -z "${HOST_USER_GID}" ]; then - echo "HOST_USER_NAME, HOST_USER_ID & HOST_USER_GID needs to be set!"; exit 100 -fi - -useradd \ - --uid ${HOST_USER_ID} \ - --gid ${HOST_USER_GID} \ - --create-home \ - --shell /bin/bash \ - ${HOST_USER_NAME} -groupadd --gid "${HOST_USER_GID}" "${HOST_USER_NAME}" -usermod -aG sudo ${HOST_USER_NAME} -sleep 5s - -echo ${HOST_USER_NAME}:${HOST_USER_NAME} | chpasswd - -exec su - "${HOST_USER_NAME}" - diff --git a/lcpubsh/image_template/user_mapping.sh b/lcpubsh/image_template/user_mapping.sh new file mode 120000 index 0000000..e51feef --- /dev/null +++ b/lcpubsh/image_template/user_mapping.sh @@ -0,0 +1 @@ +../bin/user_mapping.sh \ No newline at end of file -- cgit v1.2.3