#!/bin/bash
CHROOT_DIR=/tmp
COMMAND="ls cp bash mv cat grep"
USER="readonly"
PASS="readonly"
umount $CHROOT_DIR/proc 2>/dev/null
echo -n "Please input chroot path"
read -p "(Default path: $CHROOT_DIR)" mychroot
if [ ! -z $myuser ];then
USER=$mychroot
fi
echo -n "Please input you user"
read -p "(Default user: readonly)" myuser
if [ ! -z $myuser ];then
USER=$myuser
fi
if [ -d /home/$USER ]
then
while [ 1 ]
do
echo "Found that directory /home/$USER exsits"
read -p "Do you want to contine?force delete /home/$USER (Y/N):" user
if [ "$user" == "Y" ];then
break
else
continue
fi
done
fi
echo "Please input the password for $USER:"
read -p "Default password: readonly" mypass
if [ ! -z $mypass ];then
PASS=$mypass
fi
##### create user and secret###########
userdel $USER
rm -fr $CHROOT_DIR
rm -fr /home/$USER
useradd $USER
echo $USER:$PASS | chpasswd
#######################################
##### mkdir for user ##################
mkdir $CHROOT_DIR/etc -p
mkdir $CHROOT_DIR/bin -p
mkdir $CHROOT_DIR/usr -p
mkdir $CHROOT_DIR/lib -p
mkdir $CHROOT_DIR/lib64 -p
mkdir $CHROOT_DIR/home -p
mkdir $CHROOT_DIR/home/$USER -p
mkdir $CHROOT_DIR/dev -p
mkdir $CHROOT_DIR/dev/pts -p
mkdir $CHROOT_DIR/proc -p
touch /etc/environment
#######################################
###### copy command ###################
echo "Copy commands......"
for bin in $COMMAND
do
cp -f /bin/$bin $CHROOT_DIR/bin
done
echo "Copy commands finished......"
#######################################
###### copy lib ######################
echo "Copy libraries ......"
cp -f /lib64/ld-linux-x86-64.so.2 $CHROOT_DIR/lib64
for cmd in $COMMAND
do
ldd /bin/$cmd | awk '{print $1}' | grep -v '^/' | while read cmd_lib
do
cp -f /lib64/${cmd_lib}* $CHROOT_DIR/lib64 2>/dev/null
done
done
echo "Copy libraries finished"
######################################
grep $USER /etc/passwd > $CHROOT_DIR/etc/passwd
sed -i '/pam_chroot/d' /etc/pam.d/sshd
echo "session required pam_chroot.so" >>/etc/pam.d/sshd
grep -v "$USER" /etc/security/chroot.conf > /tmp/tmp.txt
echo "USERCHROOT_DIR" >> /tmp/tmp.txt
cat /tmp/tmp.txt > /etc/security/chroot.conf
mkdir -p /virtual_root/chroot/etc/security
cp /etc/security/pam_env.conf /virtual_root/chroot/etc/security/
cat >>$CHROOT_DIR/environment<<EOF
PATH=/bin
export $PATH
EOF
mknod -m 644 $CHROOT_DIR/dev/tty1 c 4 1
mknod -m 644 $CHROOT_DIR/dev/tty2 c 4 2
mknod -m 644 $CHROOT_DIR/dev/tty3 c 4 3
mknod -m 644 $CHROOT_DIR/dev/tty4 c 4 4
mknod -m 644 $CHROOT_DIR/dev/tty5 c 4 5
mknod -m 644 $CHROOT_DIR/dev/tty6 c 4 6
mknod -m 444 $CHROOT_DIR/dev/urandom c 1 9
mknod -m 666 $CHROOT_DIR/dev/zero c 1 5
mknod -m 666 $CHROOT_DIR/dev/null c 1 3
mknod -m 666 $CHROOT_DIR/dev/ptmx c 5 2
mknod -m 666 $CHROOT_DIR/dev/ptmx c 5 2
# /etc/fstab
#devpts /chroot/dev/pts
#devpts gid=5,mode=620 0 0
#proc /chroot/proc proc defaults 0 0
mount proc $CHROOT_DIR/proc -t proc
mount devpts $CHROOT_DIR/dev/pts -t devpts
/etc/pam.d/sshd
#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/ssh_users onerr=fail
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
session required pam_chroot.so
- 微信扫码赞助
-
- 支付宝赞助
-
