custom scripts used to manage the public access systemHEADmaster

3 files changed, 235 insertions, 0 deletions

diff --git a/bin/create_user.sh b/bin/create_user.sh
new file mode 100755
index 0000000..9685a3d
--- /dev/null
+++ b/bin/create_user.sh
@@ -0,0 +1,207 @@
+#!/bin/bash
+# Script to create a jailed user with restricted access
+
+# Variables
+USERNAME="$1"           # Set the username from the first argument
+PUBKEY="$2"          # Set the password from the second argument
+JAIL_DIR="/home/publicaccess"          # Set the base jail directory
+BASH_PATH="/usr/sbin/jk_chrootsh"    # Path to the bash shell
+USER_HOME="$JAIL_DIR/home/$USERNAME" # The user's home directory inside the jail
+RESTRICTED_PROFILE="$USER_HOME/.bash_profile" # Path to restricted profile
+
+# Check if Jailkit is installed
+if ! command -v jk_init >/dev/null 2>&1; then
+    echo "Error: Jailkit is not installed. Please install Jailkit before running this script."
+    echo "On Debian/Ubuntu systems, you can use: apt-get install jailkit"
+    echo "On Red Hat/CentOS/Fedora systems, you might use: yum install jailkit"
+    exit 1
+fi
+
+# Create the jail directory
+
+# Check if the user already exists
+if id "$USERNAME" >/dev/null 2>&1; then
+    echo "User '$USERNAME' already exists. Exiting."
+    exit 1;
+fi
+# Create the user
+sudo useradd -d "/home/publicaccess/home/$USERNAME" -m "$USERNAME" -s /bin/bash
+# Set a password for the user
+echo "$USERNAME:acsg3Gzc0A!" | sudo chpasswd
+sudo passwd -u "$USERNAME"
+
+# Jailkit configuration
+echo "Creating the jail for $USERNAME..."
+sudo jk_jailuser -j /home/publicaccess "$USERNAME"
+# change line PASSWD
+PASSWD_FILE="/home/publicaccess/etc/passwd"
+
+# Make sure the username is passed in
+TEMP_FILE=$(mktemp)
+
+# Edit the passwd file
+awk -F: -v user="$USERNAME" '{
+    if ($1 == user) {
+        $7 = "/usr/local/bin/review_message.sh"
+    }
+    print $0
+}' OFS=":" "$PASSWD_FILE" > "$TEMP_FILE"
+
+# Replace original file
+sudo mv "$TEMP_FILE" "$PASSWD_FILE"
+echo "Updated shell for $USERNAME to /bin/bash"
+echo "PS1='(KILLSWITCH PUBLIC UNIX)$ '" >> "/home/publicaccess/home/$USERNAME/.bashrc"
+echo 'echo -e "`cat /usr/local/bin/motd.txt`"' >> "/home/publicaccess/home/$USERNAME/.bashrc"
+
+# Function to copy a file and create necessary directorie
+
+# # Function to copy libraries for a given binary - Removed
+# copy_libs() {
+#     local BINARY="$1"
+#     local LIBS_ARRAY
+#     LIBS_ARRAY=($(ldd "$BINARY" | awk '/=>/ {print $3}') )
+#
+#     for LIB in "${LIBS_ARRAY[@]}"; do
+#         if [ -n "$LIB" ] && [ -e "$LIB" ]; then  # Check if the library exists
+#             JAIL_LIB_PATH="${JAIL_DIR}${LIB#\/}"
+#             copy_with_dirs "$LIB" "$JAIL_LIB_PATH"
+#         elif [ -n "$LIB" ]; then
+#             echo "Warning: Library $LIB not found, but is required by $BINARY"
+#         fi
+#     done
+# }
+
+# # Copy essential commands and their libraries - Removed
+# declare -a ESSENTIAL_BINS
+# # Check for existence in /bin and /usr/bin, use the correct path
+# if [ -e "/bin/ls" ]; then
+#   ESSENTIAL_BINS+=("/bin/ls")
+# else
+#   ESSENTIAL_BINS+=("/usr/bin/ls")
+# fi
+# if [ -e "/bin/pwd" ]; then
+#   ESSENTIAL_BINS+=("/bin/pwd")
+# else
+#   ESSENTIAL_BINS+=("/usr/bin/pwd")
+# fi
+# if [ -e "/bin/cat" ]; then
+#   ESSENTIAL_BINS+=("/bin/cat")
+# else
+#   ESSENTIAL_BINS+=("/usr/bin/cat")
+# fi
+# if [ -e "/bin/echo" ]; then
+#   ESSENTIAL_BINS+=("/bin/echo")
+# else
+#   ESSENTIAL_BINS+=("/usr/bin/echo")
+# fi
+# if [ -e "/bin/mkdir" ]; then
+#   ESSENTIAL_BINS+=("/bin/mkdir")
+# else
+#   ESSENTIAL_BINS+=("/usr/bin/mkdir")
+# fi
+# if [ -e "/bin/cd" ]; then
+#   ESSENTIAL_BINS+=("/bin/cd")
+# else
+#   ESSENTIAL_BINS+=("/usr/bin/cd")
+# fi
+# ESSENTIAL_BINS+=("/usr/bin/passwd")  # /usr/bin/passwd is standard
+# if [ -e "/bin/bash" ]; then
+#   ESSENTIAL_BINS+=("/bin/bash")
+# else
+#   ESSENTIAL_BINS+=("/usr/bin/bash")
+# fi
+#
+# for BIN in "${ESSENTIAL_BINS[@]}"; do
+#     jk_cp -v -j "$JAIL_DIR" "$BIN"
+#     copy_libs "$BIN"
+# done
+jk_cp -v -j "/home/publicaccess" "/usr/bin/gcc"
+jk_cp -v -j "/home/publicaccess" "/usr/bin/g++"
+jk_cp -v -j "/home/publicaccess" "/usr/bin/make"
+jk_cp -v -j "/home/publicaccess" "/usr/sbin/jk_lsh"
+jk_cp -v -j "/home/publicaccess" "/usr/local/bin/review_message.sh"
+
+
+# Create necessary directories within the jail
+mkdir -p "$USER_HOME/.ssh"
+CLEAN_PUBKEY=$(python3 -c "import urllib.parse; print(urllib.parse.unquote_plus('$PUBKEY'))")
+
+echo "$CLEAN_PUBKEY" > "$USER_HOME/.ssh/authorized_keys"
+chmod 700 "$USER_HOME/.ssh"
+chmod 600 "$USER_HOME/.ssh/authorized_keys"
+mkdir -p "$USER_HOME/tmp" # Create a /tmp directory
+chmod 777 "$USER_HOME/tmp" # Set permissions for /tmp
+
+# Create a restricted .bash_profile
+cat > "$RESTRICTED_PROFILE" <<EOL
+# Restricted .bash_profile for $USERNAME
+
+
+# Prevent the user from changing the PATH
+readonly PATH
+HOME="$HOME"
+
+
+# Additional restrictions (optional, but recommended)
+# Disallow variable assignment
+ set -o nounset
+
+# Disallow redirection (including <<, >, >>)
+ set -o no_redirection
+
+# You can add aliases for allowed commands here
+
+stty erase ^H
+
+# Prompts
+PS1='(KILLSWITCH PUBLIC UNIX)$ '
+
+#unset -f type
+#unset -f hash
+echo -e "`cat /usr/local/bin/motd.txt`"
+
+EOL
+
+# Set permissions (important for security)
+chown -R root:root "$JAIL_DIR"
+chmod -R 755 "$JAIL_DIR"
+chmod 700 "$USER_HOME/.ssh"
+chown "$USERNAME":"$USERNAME" "$USER_HOME"
+chown "$USERNAME":"$USERNAME" "$USER_HOME/.ssh"
+#chmod 644 "$RESTRICTED_PROFILE" # Make .bash_profile readable only by owner
+sudo chown root:root "$RESTRICTED_PROFILE"
+
+# Create default www directory for web access
+WWW_DIR="$USER_HOME/www"
+mkdir -p "$WWW_DIR"
+cat > "$WWW_DIR/index.html" <<EOF
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Welcome to Killswitch</title>
+    <meta charset="UTF-8">
+</head>
+<body>
+    <h1>Hello from ~${USERNAME}</h1>
+    <p>This is your public web directory. Place your files here.</p>
+</body>
+</html>
+EOF
+
+# Set permissions for web access
+sudo chown -R "$USERNAME":"$USERNAME" "$USER_HOME"
+chmod 755 "$WWW_DIR"
+chmod 644 "$WWW_DIR/index.html"
+chown -R "$USERNAME:$USERNAME" "$WWW_DIR"
+sudo /home/ubuntu/setown.sh
+
+
+if id "$USERNAME" >/dev/null 2>&1; then
+    echo "User '$USERNAME' created successfully."
+    exit 0
+else
+    echo "Error: User creation failed." >&2
+    exit 1
+fi
+
+sudo /home/ubuntu/setown.sh
diff --git a/bin/review_message.sh b/bin/review_message.sh
new file mode 100755
index 0000000..97f52a7
--- /dev/null
+++ b/bin/review_message.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+echo "Your account is under review."
+echo "Approval usually takes up to 24 hours."
+echo "If you have questions, contact: blackburnarson@netzero.net"
+exit 1
diff --git a/bin/sync-cgit-repos.sh b/bin/sync-cgit-repos.sh
new file mode 100755
index 0000000..007d2c7
--- /dev/null
+++ b/bin/sync-cgit-repos.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+BASE_HOME="/home/publicaccess/home"
+CGIT_DIR="/srv/git/listed"
+
+mkdir -p "$CGIT_DIR"
+
+for user_dir in "$BASE_HOME"/*; do
+    [ -d "$user_dir/git/listed" ] || continue
+    username=$(basename "$user_dir")
+    
+    for repo in "$user_dir/git/listed/"*.git; do
+        [ -d "$repo" ] || continue
+        reponame=$(basename "$repo")
+        mount_point="${CGIT_DIR}/${username}-${reponame}"
+        
+        # Create the mount point directory if it doesn't exist
+        mkdir -p "$mount_point"
+        
+        # Bind mount the repo to the cgit directory
+        mountpoint -q "$mount_point" || mount --bind "$repo" "$mount_point"
+    done
+done