From 10f5a7ffd22c81c93a64da3229ea2b756cadca4e Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Mon, 18 May 2020 00:11:55 +0300 Subject: [PATCH 1/4] Started working on the dockerfile - still not ready --- .gitignore | 3 +++ Dockerfile | 12 ++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 Dockerfile diff --git a/.gitignore b/.gitignore index 767dae2..4e9e9b2 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,6 @@ Cargo.lock # These are backup files generated by rustfmt **/*.rs.bk + +# For vim +*.swp diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b789332 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +from ubuntu:20.04 + +RUN apt update -y +RUN apt install -y git openssl vim nano + +RUN useradd --comment "GameMaster account" --create-home --password $(openssl passwd -6 gamemaster) gamemaster +RUN useradd --comment "Player account" --create-home --password $(openssl passwd -6 player) player + +RUN git clone https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/repo +COPY levels/checkers /home/gamemaster/repo/hooks +COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/repo/hooks + From b198847022291958aaeef7d6729e8fef3fa5ba7b Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 19 May 2020 11:48:08 +0300 Subject: [PATCH 2/4] Dockerfile moved to build dir along with helper scripts - still in testing --- Dockerfile | 12 ------------ build/Dockerfile | 34 ++++++++++++++++++++++++++++++++++ build/gamemaster_entrypoint.sh | 16 ++++++++++++++++ 3 files changed, 50 insertions(+), 12 deletions(-) delete mode 100644 Dockerfile create mode 100644 build/Dockerfile create mode 100644 build/gamemaster_entrypoint.sh diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index b789332..0000000 --- a/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -from ubuntu:20.04 - -RUN apt update -y -RUN apt install -y git openssl vim nano - -RUN useradd --comment "GameMaster account" --create-home --password $(openssl passwd -6 gamemaster) gamemaster -RUN useradd --comment "Player account" --create-home --password $(openssl passwd -6 player) player - -RUN git clone https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/repo -COPY levels/checkers /home/gamemaster/repo/hooks -COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/repo/hooks - diff --git a/build/Dockerfile b/build/Dockerfile new file mode 100644 index 0000000..76f4864 --- /dev/null +++ b/build/Dockerfile @@ -0,0 +1,34 @@ +from ubuntu:20.04 + +# Install dependencies. +RUN apt update -y +RUN apt install -y git vim nano whois + +# Create the required users. The game master is the `git` account, and the player is the user's account +# TODO - change the gamemaster password? +# TODO - change the gamemaster username to git? +RUN useradd --comment "GameMaster account" --create-home --password $(mkpasswd -m sha-512 gamemaster) gamemaster +RUN useradd --comment "Player account" --create-home --password $(mkpasswd -m player) player + +# Set up the player's SSH keys and copy the public key to /tmp +RUN su -c "ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa.player 2>/dev/null <<< y >/dev/null" - player +RUN cp /home/player/.ssh/id_rsa.player.pub /tmp + +# Set up the git server so that the player can run git clone gamemaster@localhost:/home/gamemaster/repo +RUN git clone --bare https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/repo +# This file adds the player's ssh public key from before +COPY gamemaster_entrypoint.sh /home/gamemaster +RUN chown gamemaster:gamemaster /home/gamemaster/gamemaster_entrypoint.sh +RUN chmod 770 /home/gamemaster/gamemaster_entrypoint.sh +RUN su -c "/home/gamemaster/gamemaster_entrypoint.sh" - gamemaster + +# Set up the hooks for the actual gameplay in the repo +COPY levels/checkers /home/gamemaster/repo/hooks +COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/repo/hooks + +# Now that we're done with gamemaster's setup we can change his shell to git shell +RUN chsh gamemaster -s $(which git-shell) + +# Cleanup +RUN rm -rf /tmp/* + diff --git a/build/gamemaster_entrypoint.sh b/build/gamemaster_entrypoint.sh new file mode 100644 index 0000000..25e16af --- /dev/null +++ b/build/gamemaster_entrypoint.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +if [[ ! $(whoami) == "gamemaster" ]] + then echo "I'm not the gamemaster"; exit 1; +fi + +if [[ ! -f /tmp/id_rsa.player.pub ]] + then echo "Not public key file found"; exit 1; +fi + +# https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server +cd +pwd +mkdir .ssh && chmod 700 .ssh +cat /tmp/id_rsa.player.pub >> ~/.ssh/authorized_keys + From ca79b2fbcff52c00e842f5547a31d655f34d6482 Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Tue, 19 May 2020 15:45:48 +0300 Subject: [PATCH 3/4] =?UTF-8?q?It=20works=20=F0=9F=A4=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 63 ++++++++++++++++++++++++++++++++++++++ build/Dockerfile | 34 -------------------- build/player_entrypoint.sh | 21 +++++++++++++ build/ssh_banner.txt | 24 +++++++++++++++ 4 files changed, 108 insertions(+), 34 deletions(-) create mode 100644 Dockerfile delete mode 100644 build/Dockerfile create mode 100644 build/player_entrypoint.sh create mode 100644 build/ssh_banner.txt diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0985dcb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,63 @@ +from ubuntu:latest + +# Install dependencies. +RUN apt update -y +RUN DEBIAN_FRONTEND="noninteractive" apt install -y tzdata +RUN apt install -y \ + git-all \ + vim \ + nano \ + whois \ + openssh-server \ + curl \ + apt-utils \ + iputils-ping \ + zsh \ + tmux + +# Create the required users. The game master is the `git` account, and the player is the user's account +# TODO - change the gamemaster password? +# TODO - change the gamemaster username to git? +RUN useradd --comment "GameMaster account" --create-home --password $(mkpasswd -m sha-512 gamemaster) gamemaster +RUN useradd --comment "Player account" --create-home --password $(mkpasswd -m sha-512 player) --shell /bin/zsh player + +# Set up the player's SSH keys and copy the public key to /tmp +COPY build/player_entrypoint.sh /home/player +RUN ls -Rla /home/player +RUN chown player:player /home/player/player_entrypoint.sh +RUN chmod 770 /home/player/player_entrypoint.sh +RUN ls -Rla /home/player +RUN su -c "/home/player/player_entrypoint.sh" - player + +RUN mkdir /var/run/sshd +RUN echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config +RUN echo 'ClientAliveCountMax 10' >> /etc/ssh/sshd_config +COPY build/ssh_banner.txt /etc/banner +RUN echo 'Banner /etc/banner' >> /etc/ssh/sshd_config + +# Set up the git server so that the player can run git clone gamemaster@localhost:/home/gamemaster/game-repo +RUN git clone --bare https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/game-repo +# This file adds the player's ssh public key from before +COPY build/gamemaster_entrypoint.sh /home/gamemaster +RUN chown gamemaster:gamemaster /home/gamemaster/gamemaster_entrypoint.sh +RUN chmod 770 /home/gamemaster/gamemaster_entrypoint.sh +RUN su -c "/home/gamemaster/gamemaster_entrypoint.sh" - gamemaster +# Set up the hooks for the actual gameplay in the repo +COPY levels/checkers /home/gamemaster/game-repo/hooks/checkers +COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/game-repo/hooks +# Make sure that gamemaster owns all of their files +RUN chown -R gamemaster:gamemaster /home/gamemaster + +# Now that we're done with gamemaster's setup we can change his shell to git shell +RUN chsh gamemaster -s $(which git-shell) + +# Cleanup +RUN rm -rf /tmp/* +RUN rm -rf /home/player/player_entrypoint.sh + +# Some debug messages +RUN ls -Rla /home + +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] + diff --git a/build/Dockerfile b/build/Dockerfile deleted file mode 100644 index 76f4864..0000000 --- a/build/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -from ubuntu:20.04 - -# Install dependencies. -RUN apt update -y -RUN apt install -y git vim nano whois - -# Create the required users. The game master is the `git` account, and the player is the user's account -# TODO - change the gamemaster password? -# TODO - change the gamemaster username to git? -RUN useradd --comment "GameMaster account" --create-home --password $(mkpasswd -m sha-512 gamemaster) gamemaster -RUN useradd --comment "Player account" --create-home --password $(mkpasswd -m player) player - -# Set up the player's SSH keys and copy the public key to /tmp -RUN su -c "ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa.player 2>/dev/null <<< y >/dev/null" - player -RUN cp /home/player/.ssh/id_rsa.player.pub /tmp - -# Set up the git server so that the player can run git clone gamemaster@localhost:/home/gamemaster/repo -RUN git clone --bare https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/repo -# This file adds the player's ssh public key from before -COPY gamemaster_entrypoint.sh /home/gamemaster -RUN chown gamemaster:gamemaster /home/gamemaster/gamemaster_entrypoint.sh -RUN chmod 770 /home/gamemaster/gamemaster_entrypoint.sh -RUN su -c "/home/gamemaster/gamemaster_entrypoint.sh" - gamemaster - -# Set up the hooks for the actual gameplay in the repo -COPY levels/checkers /home/gamemaster/repo/hooks -COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/repo/hooks - -# Now that we're done with gamemaster's setup we can change his shell to git shell -RUN chsh gamemaster -s $(which git-shell) - -# Cleanup -RUN rm -rf /tmp/* - diff --git a/build/player_entrypoint.sh b/build/player_entrypoint.sh new file mode 100644 index 0000000..3cdfd68 --- /dev/null +++ b/build/player_entrypoint.sh @@ -0,0 +1,21 @@ +#!/bin/zsh + +if [[ ! $(whoami) == "player" ]] + then echo "I'm not the player"; exit 1; +fi + +# https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server +cd +pwd +ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + +cat ~/.ssh/id_rsa.pub >> /tmp/id_rsa.player.pub + +echo "Setting up zsh" +sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" +echo "ZSH_THEME=\"agnoster\"" >> ~/.zshrc +echo "plugins=( git )" >> ~/.zshrc + +git config --global user.email "player@mrnice.dev" +git config --global user.name "CTF player" + diff --git a/build/ssh_banner.txt b/build/ssh_banner.txt new file mode 100644 index 0000000..e434295 --- /dev/null +++ b/build/ssh_banner.txt @@ -0,0 +1,24 @@ + _ _ _ + _ __ __ _ | |__ ___ __ _ (_) | |_ + | ' \ / _` | | / / / -_) / _` | | | | _| + |_|_|_| \__,_| |_\_\ \___| \__, | |_| \__| + |___/ + ___ ___ ___ + _____ / /\ ___ ___ / /\ / /\ + / /::\ / /:/_ / /\ / /\ / /:/_ / /::\ + / /:/\:\ / /:/ /\ / /:/ / /:/ / /:/ /\ / /:/\:\ + / /:/~/::\ / /:/ /:/_ / /:/ / /:/ / /:/ /:/_ / /:/~/:/ +/__/:/ /:/\:| /__/:/ /:/ /\ / /::\ / /::\ /__/:/ /:/ /\ /__/:/ /:/___ +\ \:\/:/~/:/ \ \:\/:/ /:/ /__/:/\:\ /__/:/\:\ \ \:\/:/ /:/ \ \:\/:::::/ + \ \::/ /:/ \ \::/ /:/ \__\/ \:\ \__\/ \:\ \ \::/ /:/ \ \::/~~~~ + \ \:\/:/ \ \:\/:/ \ \:\ \ \:\ \ \:\/:/ \ \:\ + \ \::/ \ \::/ \__\/ \__\/ \ \::/ \ \:\ + \__\/ \__\/ \__\/ \__\/ + + + A CTF challenge by Shay Nehmad + Visit https://mrnice.dev + +This is a game server. Please try to not mess it up ¯\_(ツ)_/¯ +If you find any issues, let me know @ShayNehmad on Twitter. + From 781ee27d1de61da260c787e1dbf9ba9ec2b5804e Mon Sep 17 00:00:00 2001 From: Shay Nehmad Date: Wed, 20 May 2020 18:02:30 +0300 Subject: [PATCH 4/4] Fixed CR and made some other small improvements --- Dockerfile | 28 ++++++++++------------ build/{ssh_banner.txt => login_banner.txt} | 6 ++++- build/player_entrypoint.sh | 3 +-- build/player_zshrc.sh | 6 +++++ 4 files changed, 24 insertions(+), 19 deletions(-) rename build/{ssh_banner.txt => login_banner.txt} (90%) create mode 100644 build/player_zshrc.sh diff --git a/Dockerfile b/Dockerfile index 0985dcb..f627980 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,48 +16,44 @@ RUN apt install -y \ tmux # Create the required users. The game master is the `git` account, and the player is the user's account -# TODO - change the gamemaster password? -# TODO - change the gamemaster username to git? -RUN useradd --comment "GameMaster account" --create-home --password $(mkpasswd -m sha-512 gamemaster) gamemaster -RUN useradd --comment "Player account" --create-home --password $(mkpasswd -m sha-512 player) --shell /bin/zsh player +RUN useradd --comment "GameMaster account" --create-home --password $(mkpasswd -m sha-512 94+wings+STRONG+mountain+35) gamemaster +RUN useradd --comment "Player account" --create-home --password $(mkpasswd -m sha-512 player) --shell $(which zsh) player # Set up the player's SSH keys and copy the public key to /tmp COPY build/player_entrypoint.sh /home/player -RUN ls -Rla /home/player RUN chown player:player /home/player/player_entrypoint.sh RUN chmod 770 /home/player/player_entrypoint.sh -RUN ls -Rla /home/player RUN su -c "/home/player/player_entrypoint.sh" - player +COPY build/player_zshrc.sh /home/player/.zshrc +RUN chown player:player /home/player/.zshrc +RUN chmod 770 /home/player/.zshrc RUN mkdir /var/run/sshd RUN echo 'ClientAliveInterval 60' >> /etc/ssh/sshd_config RUN echo 'ClientAliveCountMax 10' >> /etc/ssh/sshd_config -COPY build/ssh_banner.txt /etc/banner -RUN echo 'Banner /etc/banner' >> /etc/ssh/sshd_config +COPY build/login_banner.txt /etc/motd -# Set up the git server so that the player can run git clone gamemaster@localhost:/home/gamemaster/game-repo -RUN git clone --bare https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/game-repo +# Set up the git server so that the player can run git clone gamemaster@localhost:/home/gamemaster/ctf-repo +RUN git clone --bare https://github.com/ShayNehmad/make-git-better-levels.git /home/gamemaster/ctf-repo # This file adds the player's ssh public key from before COPY build/gamemaster_entrypoint.sh /home/gamemaster RUN chown gamemaster:gamemaster /home/gamemaster/gamemaster_entrypoint.sh RUN chmod 770 /home/gamemaster/gamemaster_entrypoint.sh RUN su -c "/home/gamemaster/gamemaster_entrypoint.sh" - gamemaster # Set up the hooks for the actual gameplay in the repo -COPY levels/checkers /home/gamemaster/game-repo/hooks/checkers -COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/game-repo/hooks +COPY levels/checkers /home/gamemaster/ctf-repo/hooks/checkers +COPY scripts/generate-pre-receive-hook/output/pre-receive /home/gamemaster/ctf-repo/hooks # Make sure that gamemaster owns all of their files RUN chown -R gamemaster:gamemaster /home/gamemaster -# Now that we're done with gamemaster's setup we can change his shell to git shell +# Now that we're done with gamemaster's setup we can change their shell to git shell and block their home directory RUN chsh gamemaster -s $(which git-shell) +RUN chmod 700 -R /home/gamemaster # Cleanup RUN rm -rf /tmp/* RUN rm -rf /home/player/player_entrypoint.sh -# Some debug messages -RUN ls -Rla /home - EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] diff --git a/build/ssh_banner.txt b/build/login_banner.txt similarity index 90% rename from build/ssh_banner.txt rename to build/login_banner.txt index e434295..2d36a41 100644 --- a/build/ssh_banner.txt +++ b/build/login_banner.txt @@ -16,9 +16,13 @@ \__\/ \__\/ \__\/ \__\/ - A CTF challenge by Shay Nehmad + A git CTF challenge by Shay Nehmad Visit https://mrnice.dev This is a game server. Please try to not mess it up ¯\_(ツ)_/¯ If you find any issues, let me know @ShayNehmad on Twitter. +To start playing, clone the game repository by running: + + git clone gamemaster@localhost:~/ctf-repo + diff --git a/build/player_entrypoint.sh b/build/player_entrypoint.sh index 3cdfd68..bda963c 100644 --- a/build/player_entrypoint.sh +++ b/build/player_entrypoint.sh @@ -13,8 +13,7 @@ cat ~/.ssh/id_rsa.pub >> /tmp/id_rsa.player.pub echo "Setting up zsh" sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" -echo "ZSH_THEME=\"agnoster\"" >> ~/.zshrc -echo "plugins=( git )" >> ~/.zshrc + git config --global user.email "player@mrnice.dev" git config --global user.name "CTF player" diff --git a/build/player_zshrc.sh b/build/player_zshrc.sh new file mode 100644 index 0000000..2794053 --- /dev/null +++ b/build/player_zshrc.sh @@ -0,0 +1,6 @@ +export ZSH="/home/player/.oh-my-zsh" +ZSH_THEME="juanghurtado" +plugins=(git) + +source $ZSH/oh-my-zsh.sh +