forked from pwncollege/dojo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.sh
executable file
·131 lines (102 loc) · 2.98 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/usr/bin/env bash
set -e
DIR="$(readlink -f $(dirname $0))"
INSTANCE=$1
NUM_USERS=256
if [ -z $1 ]; then
echo "Usage: $0 <INSTANCE>"
exit 1
fi
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
BLUE='\033[0;34m'
NC='\033[0m'
color_echo ()
{
echo -e "$1$2$NC"
}
cd $DIR
color_echo $YELLOW "[+] Install dependencies"
apt update
apt install -y python-is-python3 python3-dev python3-pip
if [ ! -x /usr/bin/docker ]; then
wget -O - https://get.docker.io/ | sh
fi
python3 -m pip install docker docker-compose
git -C $DIR submodule update --init
color_echo $YELLOW "[+] Creating config file"
if [ ! -f config.env ]; then
cat <<EOF >> config.env
COMPOSE_PROJECT_NAME=$INSTANCE
PWN_COLLEGE_INSTANCE=$INSTANCE
HOST_DATA_PATH=$DIR/.data
SECRET_KEY=$(openssl rand -hex 16)
VIRTUAL_HOST=ec2-54-251-157-79.ap-southeast-1.compute.amazonaws.com
VIRTUAL_PORT=8000
LETSENCRYPT_HOST=ec2-54-251-157-79.ap-southeast-1.compute.amazonaws.com
EOF
fi
export $(cat config.env | xargs)
color_echo $YELLOW "[+] Setting up homes"
mkdir -p $DIR/.data/homes
mkdir -p $DIR/.data/homes/data
mkdir -p $DIR/.data/homes/nosuid
for i in $(seq 0 $NUM_USERS); do
if [ ! -d $DIR/.data/homes/data/$i ]; then
cp -r /etc/skel $DIR/.data/homes/data/$i
chown -R ubuntu:ubuntu $DIR/.data/homes/data/$i
fi
if [ ! -d $DIR/.data/homes/nosuid/$i ]; then
mkdir -p $DIR/.data/homes/nosuid/$i
fi
if ! mount | grep -q $DIR/.data/homes/nosuid/$i; then
mount -o bind,nosuid $DIR/.data/homes/data/$i $DIR/.data/homes/nosuid/$i
fi
done
color_echo $YELLOW "[+] Setting up challenges"
mkdir -p $DIR/.data/challenges
for i in $(seq 0 $NUM_USERS); do
mkdir -p $DIR/.data/challenges/$i
done
if [ ! -e $DIR/.data/challenges/global ]; then
pushd $DIR/.data/challenges
ln -s 0 global
popd
fi
color_echo $YELLOW "[+] Configuring global resources"
sysctl -w kernel.pty.max=1048576
echo core >/proc/sys/kernel/core_pattern
chmod 666 /var/run/docker.sock
color_echo $YELLOW "[+] Setting up SSH"
if [ -z "$(getent passwd $INSTANCE)" ]; then
useradd -m $INSTANCE
usermod -aG docker $INSTANCE
mkdir -p /home/$INSTANCE/.docker
cat <<EOF >> /home/$INSTANCE/.docker/config.json
{
"detachKeys": "ctrl-q,ctrl-q"
}
EOF
fi
if ! grep -q "Match User $INSTANCE" /etc/ssh/sshd_config; then
cat <<EOF >> /etc/ssh/sshd_config
Match User $INSTANCE
AuthorizedKeysCommand $DIR/auth.py ${INSTANCE}_db $INSTANCE
AuthorizedKeysCommandUser root
X11Forwarding no
AllowTcpForwarding no
EOF
service ssh restart
fi
color_echo $YELLOW "[+] Pulling docker images"
docker pull pwncollege/pwncollege_challenge
docker pull pwncollege/pwncollege_kernel_challenge
docker pull jwilder/nginx-proxy
docker pull jrcs/letsencrypt-nginx-proxy-companion
color_echo $YELLOW "[+] Setup docker compose"
cp -r $DIR/CTFd_plugin/. $DIR/CTFd/CTFd/plugins/CTFd-pwn-college-plugin/
docker-compose build
if [ -z "$(docker network ls -q -f name=${INSTANCE}_network)" ]; then
docker network create "${INSTANCE}_network"
fi