Rework dockerfile

2017-03-10 18:08:38 +02:00 · 2017-03-10 18:08:38 +02:00 · 19740bef7f
parent 00b949113b
commit 19740bef7f
4 changed files with 51 additions and 28 deletions
--- a/pupy/.dockerignore
+++ b/pupy/.dockerignore
@ -7,5 +7,6 @@ Dockerfile
 crypto
 data
 external/winpty
+external/scapy
 */__pycache__*
 packages/src/*
--- a/pupy/Dockerfile
+++ b/pupy/Dockerfile
@ -13,8 +13,8 @@ RUN echo 'deb http://ftp.debian.org/debian jessie-backports main' >>/etc/apt/sou
 RUN echo 'en_US.UTF-8 UTF-8' >/etc/locale.gen; locale-gen; echo 'LC_ALL=en_US.UTF-8' >/etc/default/locale
 RUN python -m pip install --upgrade setuptools wheel pip
 RUN useradd -m -d /home/pupy -s /bin/bash pupy
-RUN mkdir -p /var/run/sshd /home/pupy/.config/pupy /home/pupy/projects/default /home/pupy/.ssh
-RUN ln -sf /home/pupy/projects/keys/authorized_keys /home/pupy/.ssh/authorized_keys
+RUN mkdir -p /var/run/sshd /home/pupy/.config/pupy /home/pupy/.ssh /projects
+RUN ln -sf /projects/keys/authorized_keys /home/pupy/.ssh/authorized_keys

 COPY requirements.txt /tmp/requirements.txt
 RUN pip install -r /tmp/requirements.txt --no-binary :all:
@ -26,7 +26,7 @@ COPY conf/.bashrc /home/pupy/.bashrc.pupy
 RUN echo 'source /home/pupy/.bashrc.pupy' >> /home/pupy/.bashrc

 COPY . /opt/pupy
-RUN cd /opt/pupy && python -OO -m compileall
+RUN cd /opt/pupy && python -O -m compileall -qf && python -OO -m compileall -qf

 ADD https://github.com/gentilkiwi/mimikatz/releases/download/2.1.0-20170305/mimikatz_trunk.zip \
    /opt/mimikatz/mimikatz.zip
@ -39,6 +39,7 @@ ENV LANG en_US.UTF-8
 ENV LC_ALL en_US.UTF-8

 EXPOSE 22 53 9999 53/udp
-VOLUME /home/pupy/projects
+VOLUME [ "/projects" ]

 ENTRYPOINT [ "/opt/pupy/conf/pupyenv.sh" ]
+CMD [ "default" ]
--- a/pupy/conf/.bashrc
+++ b/pupy/conf/.bashrc
@ -4,14 +4,19 @@ alias pupysh=/opt/pupy/pupysh.py
 alias pupygen=/opt/pupy/pupygen.py
 alias gen=/opt/pupy/pupygen.py

+project=default
+
+if [ -f /home/pupy/.project ]; then
+    project=`cat /home/pupy/.project`
+fi
+
 case $- in *i*)
   if [ -z "$TMUX" ]; then
-        echo "Starting tmux.."
-        echo -ne "\033]0;[ PUPY ]\007"
+        echo -ne "\033]0;[ PUPY:${project} ]\007"
        ( tmux -2 attach || tmux -2 new-session \
-				 -c '/home/pupy/projects/default' \
+				 -c "/projects/${project}" \
 				 -s pupy \
-				 -n 'default' /opt/pupy/pupysh.py )
+				 -n "${project}" /opt/pupy/pupysh.py )
        [ $? -eq 0 ] && exit 0
   fi
 esac
--- a/pupy/conf/pupyenv.sh
+++ b/pupy/conf/pupyenv.sh
@ -1,43 +1,59 @@
 #!/bin/sh

-mkdir -p /home/pupy/projects/keys
-mkdir -p /home/pupy/projects/hostkeys
+mkdir -p /projects/keys
+mkdir -p /projects/hostkeys

-chown root /home/pupy/projects/hostkeys
-chmod 700 /home/pupy/projects/hostkeys
+chown root /projects/hostkeys
+chmod 700 /projects/hostkeys

-chown pupy /home/pupy/projects/keys
-chmod 700 /home/pupy/projects/keys
+chown pupy /projects/keys
+chmod 700 /projects/keys

-if [ ! -f /home/pupy/projects/hostkeys/ssh_host_rsa_key ]; then
-    ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_rsa_key -N '' -t rsa
+if [ ! -f /projects/hostkeys/ssh_host_rsa_key ]; then
+    ssh-keygen -f /projects/hostkeys/ssh_host_rsa_key -N '' -t rsa
 fi

-if [ ! -f /home/pupy/projects/hostkeys/ssh_host_dsa_key ]; then
-    ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_dsa_key -N '' -t dsa
+if [ ! -f /projects/hostkeys/ssh_host_dsa_key ]; then
+    ssh-keygen -f /projects/hostkeys/ssh_host_dsa_key -N '' -t dsa
 fi

-if [ ! -f /home/pupy/projects/hostkeys/ssh_host_ecdsa_key ]; then
-    ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_ecdsa_key -N '' -t ecdsa
+if [ ! -f /projects/hostkeys/ssh_host_ecdsa_key ]; then
+    ssh-keygen -f /projects/hostkeys/ssh_host_ecdsa_key -N '' -t ecdsa
 fi

-if [ ! -f /home/pupy/projects/hostkeys/ssh_host_ed25519_key ]; then
-    ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_ed25519_key -N '' -t ed25519
+if [ ! -f /projects/hostkeys/ssh_host_ed25519_key ]; then
+    ssh-keygen -f /projects/hostkeys/ssh_host_ed25519_key -N '' -t ed25519
 fi

-for k in /home/pupy/projects/hostkeys/*; do
+for k in /projects/hostkeys/*; do
    cp -af $k /etc/ssh/
 done

-if [ ! -d "/home/pupy/projects/$1" ]; then
-    mkdir -p "/home/pupy/projects/$1"
-    chown pupy "/home/pupy/projects/$1"
+if [ ! -d "/projects/$1" ]; then
+    mkdir -p "/projects/$1"
+    chown pupy "/projects/$1"
 fi

+echo "$1" >/home/pupy/.project
+
 cd /opt/pupy

-python -m compileall
+python -m compileall -q >/dev/null

-echo 'Copy your authorized_keys here!' >/home/pupy/projects/keys/README
+echo 'Copy your authorized_keys here!' >/projects/keys/README
+
+cat >>/projects/README <<__EOF__
+SSH user: pupy
+Port:     22
+
+cp ~/.ssh/authorized_keys /projects/keys/authorized_keys
+
+Example:
+
+mkdir /tmp/projects/keys
+cp ~/.ssh/authorized_keys /projects/keys/authorized_keys
+docker run -D -p 2022:22 -p 9999:9999 -v /tmp/projects:/projects pupy:latest
+ssh -p 2022 pupy@127.0.0.1
+__EOF__

 /usr/sbin/sshd -D