From 19740bef7f3fc27ab6a2f7a997ca640c68e6a710 Mon Sep 17 00:00:00 2001 From: Oleksii Shevchuk Date: Fri, 10 Mar 2017 18:08:38 +0200 Subject: [PATCH] Rework dockerfile --- pupy/.dockerignore | 1 + pupy/Dockerfile | 9 +++---- pupy/conf/.bashrc | 13 ++++++---- pupy/conf/pupyenv.sh | 56 ++++++++++++++++++++++++++++---------------- 4 files changed, 51 insertions(+), 28 deletions(-) diff --git a/pupy/.dockerignore b/pupy/.dockerignore index f2b7522a..75ae8727 100644 --- a/pupy/.dockerignore +++ b/pupy/.dockerignore @@ -7,5 +7,6 @@ Dockerfile crypto data external/winpty +external/scapy */__pycache__* packages/src/* diff --git a/pupy/Dockerfile b/pupy/Dockerfile index b6d1e103..778d739e 100644 --- a/pupy/Dockerfile +++ b/pupy/Dockerfile @@ -13,8 +13,8 @@ RUN echo 'deb http://ftp.debian.org/debian jessie-backports main' >>/etc/apt/sou RUN echo 'en_US.UTF-8 UTF-8' >/etc/locale.gen; locale-gen; echo 'LC_ALL=en_US.UTF-8' >/etc/default/locale RUN python -m pip install --upgrade setuptools wheel pip RUN useradd -m -d /home/pupy -s /bin/bash pupy -RUN mkdir -p /var/run/sshd /home/pupy/.config/pupy /home/pupy/projects/default /home/pupy/.ssh -RUN ln -sf /home/pupy/projects/keys/authorized_keys /home/pupy/.ssh/authorized_keys +RUN mkdir -p /var/run/sshd /home/pupy/.config/pupy /home/pupy/.ssh /projects +RUN ln -sf /projects/keys/authorized_keys /home/pupy/.ssh/authorized_keys COPY requirements.txt /tmp/requirements.txt RUN pip install -r /tmp/requirements.txt --no-binary :all: @@ -26,7 +26,7 @@ COPY conf/.bashrc /home/pupy/.bashrc.pupy RUN echo 'source /home/pupy/.bashrc.pupy' >> /home/pupy/.bashrc COPY . /opt/pupy -RUN cd /opt/pupy && python -OO -m compileall +RUN cd /opt/pupy && python -O -m compileall -qf && python -OO -m compileall -qf ADD https://github.com/gentilkiwi/mimikatz/releases/download/2.1.0-20170305/mimikatz_trunk.zip \ /opt/mimikatz/mimikatz.zip @@ -39,6 +39,7 @@ ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 EXPOSE 22 53 9999 53/udp -VOLUME /home/pupy/projects +VOLUME [ "/projects" ] ENTRYPOINT [ "/opt/pupy/conf/pupyenv.sh" ] +CMD [ "default" ] diff --git a/pupy/conf/.bashrc b/pupy/conf/.bashrc index ea2612cd..fc7b3201 100644 --- a/pupy/conf/.bashrc +++ b/pupy/conf/.bashrc @@ -4,14 +4,19 @@ alias pupysh=/opt/pupy/pupysh.py alias pupygen=/opt/pupy/pupygen.py alias gen=/opt/pupy/pupygen.py +project=default + +if [ -f /home/pupy/.project ]; then + project=`cat /home/pupy/.project` +fi + case $- in *i*) if [ -z "$TMUX" ]; then - echo "Starting tmux.." - echo -ne "\033]0;[ PUPY ]\007" + echo -ne "\033]0;[ PUPY:${project} ]\007" ( tmux -2 attach || tmux -2 new-session \ - -c '/home/pupy/projects/default' \ + -c "/projects/${project}" \ -s pupy \ - -n 'default' /opt/pupy/pupysh.py ) + -n "${project}" /opt/pupy/pupysh.py ) [ $? -eq 0 ] && exit 0 fi esac diff --git a/pupy/conf/pupyenv.sh b/pupy/conf/pupyenv.sh index 1b31f5ca..23eabbcd 100755 --- a/pupy/conf/pupyenv.sh +++ b/pupy/conf/pupyenv.sh @@ -1,43 +1,59 @@ #!/bin/sh -mkdir -p /home/pupy/projects/keys -mkdir -p /home/pupy/projects/hostkeys +mkdir -p /projects/keys +mkdir -p /projects/hostkeys -chown root /home/pupy/projects/hostkeys -chmod 700 /home/pupy/projects/hostkeys +chown root /projects/hostkeys +chmod 700 /projects/hostkeys -chown pupy /home/pupy/projects/keys -chmod 700 /home/pupy/projects/keys +chown pupy /projects/keys +chmod 700 /projects/keys -if [ ! -f /home/pupy/projects/hostkeys/ssh_host_rsa_key ]; then - ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_rsa_key -N '' -t rsa +if [ ! -f /projects/hostkeys/ssh_host_rsa_key ]; then + ssh-keygen -f /projects/hostkeys/ssh_host_rsa_key -N '' -t rsa fi -if [ ! -f /home/pupy/projects/hostkeys/ssh_host_dsa_key ]; then - ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_dsa_key -N '' -t dsa +if [ ! -f /projects/hostkeys/ssh_host_dsa_key ]; then + ssh-keygen -f /projects/hostkeys/ssh_host_dsa_key -N '' -t dsa fi -if [ ! -f /home/pupy/projects/hostkeys/ssh_host_ecdsa_key ]; then - ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_ecdsa_key -N '' -t ecdsa +if [ ! -f /projects/hostkeys/ssh_host_ecdsa_key ]; then + ssh-keygen -f /projects/hostkeys/ssh_host_ecdsa_key -N '' -t ecdsa fi -if [ ! -f /home/pupy/projects/hostkeys/ssh_host_ed25519_key ]; then - ssh-keygen -f /home/pupy/projects/hostkeys/ssh_host_ed25519_key -N '' -t ed25519 +if [ ! -f /projects/hostkeys/ssh_host_ed25519_key ]; then + ssh-keygen -f /projects/hostkeys/ssh_host_ed25519_key -N '' -t ed25519 fi -for k in /home/pupy/projects/hostkeys/*; do +for k in /projects/hostkeys/*; do cp -af $k /etc/ssh/ done -if [ ! -d "/home/pupy/projects/$1" ]; then - mkdir -p "/home/pupy/projects/$1" - chown pupy "/home/pupy/projects/$1" +if [ ! -d "/projects/$1" ]; then + mkdir -p "/projects/$1" + chown pupy "/projects/$1" fi +echo "$1" >/home/pupy/.project + cd /opt/pupy -python -m compileall +python -m compileall -q >/dev/null -echo 'Copy your authorized_keys here!' >/home/pupy/projects/keys/README +echo 'Copy your authorized_keys here!' >/projects/keys/README + +cat >>/projects/README <<__EOF__ +SSH user: pupy +Port: 22 + +cp ~/.ssh/authorized_keys /projects/keys/authorized_keys + +Example: + +mkdir /tmp/projects/keys +cp ~/.ssh/authorized_keys /projects/keys/authorized_keys +docker run -D -p 2022:22 -p 9999:9999 -v /tmp/projects:/projects pupy:latest +ssh -p 2022 pupy@127.0.0.1 +__EOF__ /usr/sbin/sshd -D