Skip to content

Instantly share code, notes, and snippets.

@royharoush

royharoush/create_chrootjail.sh

Forked from schnell18/create_chrootjail.sh
Created January 15, 2020 15:16
Show Gist options
  • Save royharoush/5be9cbc948f2227ed95a177be3478243 to your computer and use it in GitHub Desktop.
Save royharoush/5be9cbc948f2227ed95a177be3478243 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @schnell18 schnell18 created this gist Nov 3, 2013.
    69 changes: 69 additions & 0 deletions create_chrootjail.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,69 @@
    #!/bin/sh
    # script to automate the creation of chroot jail
    # w/ minimal executables to run git

    export CHROOT=/var/chroot

    function copy_binary() {
    for i in $(ldd $*|grep -v dynamic|cut -d " " -f 3|sed 's/://'|sort|uniq)
    do
    cp --parents $i $CHROOT
    done

    # ARCH amd64
    if [ -f /lib64/ld-linux-x86-64.so.2 ]; then
    cp --parents /lib64/ld-linux-x86-64.so.2 $CHROOT
    fi

    # ARCH i386
    if [ -f /lib/ld-linux.so.2 ]; then
    cp --parents /lib/ld-linux.so.2 $CHROOT
    fi
    }

    # setup directory layout
    mkdir $CHROOT
    mkdir -p $CHROOT/{dev,etc,home,tmp,proc,root,var}

    # setup device
    mknod $CHROOT/dev/null c 1 3
    mknod $CHROOT/dev/zero c 1 5
    mknod $CHROOT/dev/tty c 5 0
    mknod $CHROOT/dev/random c 1 8
    mknod $CHROOT/dev/urandom c 1 9
    chmod 0666 $CHROOT/dev/{null,tty,zero}
    chown root.tty $CHROOT/dev/tty

    # copy programs and libraries
    copy_binary /bin/{bash,ls,cp,rm,cat,mkdir,ln,grep,cut,sed} /usr/bin/{vim,ssh,head,tail,which,id,find,xargs} `which git`

    # copy git resource files
    cp -r --parents /usr/share/git-core $CHROOT
    # copy vim resource files
    cp -r --parents /usr/share/vim $CHROOT
    # copy basic system level files
    cp --parents /etc/group $CHROOT
    cp --parents /etc/passwd $CHROOT
    cp --parents /etc/shadow $CHROOT
    cp --parents /etc/nsswitch.conf $CHROOT
    cp --parents /etc/resolv.conf $CHROOT
    cp --parents /etc/hosts $CHROOT
    cp --parents /lib/libnss_* $CHROOT
    cp -r --parents /usr/share/terminfo $CHROOT

    # setup public key for root
    mkdir -p $CHROOT/root/.ssh
    chmod 0700 $CHROOT/root/.ssh
    cp {id_rsa,id_rsa.pub} $CHROOT/root/.ssh

    # setup public key for qbot
    mkdir -p $CHROOT/home/qbot/.ssh
    chmod 0700 $CHROOT/home/qbot/.ssh
    cp {id_rsa,id_rsa.pub} $CHROOT/home/qbot/.ssh
    chown -R qbot.qbot $CHROOT/home/qbot/.ssh

    # create symlinks
    cd $CHROOT/usr/bin
    ln -s vim vi

    echo "chroot jail is created. type: chroot $CHROOT to access it"