-
Notifications
You must be signed in to change notification settings - Fork 89
/
dojo-init
executable file
·126 lines (112 loc) · 4.11 KB
/
dojo-init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/sh
if findmnt -n /data >/dev/null; then
echo '[+] Data mount exists.'
mount --make-shared /data
else
echo '[!] Data mount does not exist. Please start the dojo with a data mount (`-v /data:/data`).'
exit 1
fi
>> /data/config.env
> /data/.config.env
define () {
name="$1"
default="$2"
re="^${name}=\K.*"
current="$(env | grep -oP ${re})"
defined="$(grep -oP ${re} /data/config.env)"
value="${current:-${defined:-$default}}"
echo "${name}=${value}" >> /data/.config.env
}
DEFAULT_DOJO_HOST=localhost.pwn.college
define DOJO_HOST "${DEFAULT_DOJO_HOST}"
define VIRTUAL_HOST "${DEFAULT_DOJO_HOST}"
define LETSENCRYPT_HOST "${DEFAULT_DOJO_HOST}"
define DOJO_ENV development
define DOJO_WORKSPACE core
define WORKSPACE_KEY
define WORKSPACE_NODE 0
define SECRET_KEY $(openssl rand -hex 16)
define UBUNTU_VERSION 20.04
define INTERNET_FOR_ALL False
define MAIL_SERVER
define MAIL_PORT
define MAIL_USERNAME
define MAIL_PASSWORD
define MAIL_ADDRESS
define DISCORD_CLIENT_ID
define DISCORD_CLIENT_SECRET
define DISCORD_BOT_TOKEN
define DISCORD_GUILD_ID
define DEFAULT_INSTALL_SELECTION no # default to not installing tools
define INSTALL_IDA_FREE no # explicitly disable -- only for free dojos
define INSTALL_BINJA_FREE no # explicitly disable -- only for free dojos
define INSTALL_WINDOWS no # explicitly disable
define DB_HOST db
define DB_NAME ctfd
define DB_USER ctfd
define DB_PASS ctfd
define DB_EXTERNAL no # change to anything but no and the db container will not start mysql
define BACKUP_AES_KEY_FILE
define S3_BACKUP_BUCKET
define AWS_DEFAULT_REGION
define AWS_ACCESS_KEY_ID
define AWS_SECRET_ACCESS_KEY
define MAC_HOSTNAME
define MAC_USERNAME
define MAC_KEY_FILE
define MAC_GUEST_CONTROL_FILE
mv /data/.config.env /data/config.env
. /data/config.env
mkdir -p /data/workspace/nix
mkdir -p /data/workspacefs/bin
if [ ! -f /data/homes/homefs ]; then
echo "[+] Creating user home structure."
mkdir -p /data/homes
mkdir -p /data/homes/data
mkdir -p /data/homes/mounts
dd if=/dev/zero of=/data/homes/homefs bs=1M count=0 seek=1000
mkfs.ext4 -O ^has_journal /data/homes/homefs
mount /data/homes/homefs -o X-mount.mkdir /data/homes/homefs_mount
rm -rf /data/homes/homefs_mount/lost+found/
cp -a /etc/skel/. /data/homes/homefs_mount
chown -R 1000:1000 /data/homes/homefs_mount
umount /data/homes/homefs_mount
rm -rf /data/homes/homefs_mount
fi
mkdir -p /data/workspace/homes/mounts /data/workspace/homes/overlays
cat <<EOF > /etc/auto.master.d/homes.autofs
/data/homes/mounts program:/usr/bin/automount-home --timeout=28800
/data/workspace/homes/mounts /etc/auto.nfs --timeout=25200
/data/workspace/homes/overlays program:/usr/bin/automount-overlay --timeout=25200
EOF
echo '* -fstype=nfs,rw,soft,nosuid 192.168.42.1:/data/homes/mounts/&' > /etc/auto.nfs
echo '/data/homes 192.168.42.0/24(fsid=0,rw,sync,no_subtree_check,no_root_squash,crossmnt)' > /etc/exports
exportfs -ra
if [ ! -d /data/ssh_host_keys ]; then
mkdir -p /data/ssh_host_keys
rm /etc/ssh/ssh_host_*_key*
ssh-keygen -A -m PEM
for key in $(ls /etc/ssh/ssh_host_*_key*); do
cp -a $key /data/ssh_host_keys
done
fi
ssh-keyscan github.com > /data/ssh_host_keys/ssh_known_hosts
for file in $(ls /data/ssh_host_keys/*); do
cp -a $file /etc/ssh
done
if [ ! -z ${BACKUP_AES_KEY_FILE+x} ] && [ ! -f ${BACKUP_AES_KEY_FILE} ]
then
openssl rand 214 > "${BACKUP_AES_KEY_FILE}"
fi
sysctl -w kernel.pty.max=1048576
echo core > /proc/sys/kernel/core_pattern
dojo-node refresh
iptables -N DOCKER-USER
iptables -I DOCKER-USER -i workspace_net -j DROP
for host in $(cat /opt/pwn.college/user_firewall.allowed); do
iptables -I DOCKER-USER -i workspace_net -d $(host $host | awk '{print $NF; exit}') -j ACCEPT
done
iptables -I DOCKER-USER -i workspace_net -s 10.0.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I DOCKER-USER -i workspace_net -d 10.0.0.0/8 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -I DOCKER-USER -i workspace_net -s 192.168.42.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I DOCKER-USER -i workspace_net -d 192.168.42.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT