evolix/evobackup
22
0
Fork 1
Code Issues 27 Pull requests 6 Releases 18 Activity
evobackup/chroot-ssh.sh
Gregory Colpart f184017820 Now in Git!
2010-09-09 01:07:03 +02:00

141 lines
3.4 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
# Gregory Colpart <reg@evolix.fr>
# chroot script for OpenSSH
# $Id: chroot-ssh.sh,v 1.12 2010-07-02 17:40:29 gcolpart Exp $
# tested on Debian Etch and recently on Lenny
# Exec this script for jail creation:
# ./chroot-ssh.sh /backup/jails/myserver
# Note: etc/{sshd_config,group,passwd} files should be present
# For Etch
# Start: chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Restart: Stop + Start
# For Lenny
# Start :
# chroot /backup/jails/myserver mount -t proc proc-chroot /proc/
# chroot /backup/jails/myserver mount -t devpts devpts-chroot /dev/pts/
# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
# Reload: kill -HUP `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Stop: kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# Restart:
# kill -9 `chroot /backup/jails/myserver cat /var/run/sshd.pid`
# chroot /backup/jails/myserver /usr/sbin/sshd > /dev/null
# After *each* ssh upgrade or libs upgrade:
# sh chroot-ssh.sh updateall
# And restart all sshd daemons
bincopy() {
chrootdir=$1
# TODO : better detection of amd64 arch
cp -f /lib/ld-linux.so.2 $chrootdir/lib/ || cp -f /lib64/ld-linux-x86-64.so.2 $chrootdir/lib64/
cp /lib/libnss* $chrootdir/lib/
for dbin in /bin/bash /bin/cat /bin/chown /bin/mknod /bin/rm /bin/sed /bin/sh /bin/uname /bin/mount /usr/bin/rsync /usr/sbin/sshd /usr/lib/openssh/sftp-server; do
cp -f $dbin $chrootdir/$dbin;
# (comme dans http://www.gcolpart.com/hacks/chroot-bind.sh)
for lib in `ldd $dbin | cut -d">" -f2 | cut -d"(" -f1`; do
cp -p $lib $chrootdir/$lib
done
done
}
# synopsis
if [ $# -ne 1 ]; then
echo "Vous devez indiquer un repertoire."
echo "Exemple : chroot-ssh.sh /backup/jails/myserver"
exit 0
fi
# are u root?
if [ `whoami` != "root" ]; then
echo "Vous devez executer le script en étant root."
exit 0
fi
if [ -e $1 ]; then
echo "Le repertoire $1 existe deja..."
fi
if [ "$1" = "updateall" ]; then
for i in `ls -1 /backup/jails/*/lib/libnss_compat.so.2`; do
chrootdir=`echo $i | cut -d"/" -f1,2,3,4`
echo -n "MaJ $chrootdir ..."
bincopy $chrootdir
echo "...OK"
done
else
# where is jail
chrootdir=$1
mkdir -p $chrootdir
chown root:root $chrootdir
# create jail
echo -n "1 - Creation de la prison..."
mkdir -p $chrootdir/{bin,dev,etc/ssh,lib,lib64}
mkdir -p $chrootdir/lib/tls/i686/cmov/
mkdir -p $chrootdir/proc
mkdir -p $chrootdir/root/.ssh
mkdir -p $chrootdir/usr/lib/i686/cmov/
mkdir -p $chrootdir/lib/i686/cmov/
mkdir -p $chrootdir/usr/{bin,lib,sbin}
mkdir -p $chrootdir/usr/lib/openssh
mkdir -p $chrootdir/var/log/
mkdir -p $chrootdir/var/run/sshd
touch $chrootdir/var/log/{authlog,lastlog,messages,syslog}
touch $chrootdir/etc/fstab
echo "...OK"
echo -n "2 - Copie des donnees..."
cp /proc/devices $chrootdir/proc
cp /etc/ssh/{ssh_host_rsa_key,ssh_host_dsa_key} $chrootdir/etc/ssh/
cp etc/sshd_config $chrootdir/etc/ssh/
cp etc/passwd $chrootdir/etc/
cp etc/shadow $chrootdir/etc/
cp etc/group $chrootdir/etc/
echo ".......OK"
echo -n "3 - Copie des binaires..."
bincopy $chrootdir
echo "......OK"
echo -n "4 - Creation des devices..."
cd $chrootdir/dev/
cp /dev/MAKEDEV ./
./MAKEDEV {null,random,urandom,pty}
mkdir pts
#mknod ptmx c 5 2
echo "....OK"
echo -n "5 - Termine."
# end
echo ""
fi
Reference in a new issue View git blame Copy permalink