This repository has been archived by the owner on Oct 15, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
entrypoint.sh
60 lines (54 loc) · 2.61 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
IP="172.17.0.1"
# start services
service mariadb start
service php8.3-fpm start
service nginx start
sleep 1
# prompt to either proceed with SSH configurations or jump into shell
printf "\n\n"
read -p "[ ? ] Proceed with SSH configurations? [yes/no] " yn
case $yn in
yes )
# step: establishing reverse tunneling to SSH
printf "\n\n== Establishing Reverse Tunneling to SSH ==\n"
# ask for host's credentials, which will be required for sudo operations
printf "\n[ * ] Please enter the following information from you host environment.\n"
read -p " - Username: " USER
read -s -p " - Password: " PASS
printf "\n"
# setup container's SSH keys and connection to the SSH server (host environment)
printf "\n[ * ] Setting up SSH keys.\n\n"
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa
sshpass -p ${PASS} ssh-copy-id -o StrictHostKeyChecking=no ${USER}@${IP}
printf "\n[ * ] Configuring reverse tunneling.\n\n"
ssh -f -N -R 2222:localhost:22 ${USER}@${IP}
printf "[ * ] Opening SSH connection. When ready, \"exit\" it to proceed with port knocking protection setup.\n\n"
ssh -p 22 ${USER}@${IP}
# step: protecting SSH from Nmap scanning with port knocking protection
printf "\n\n== Protecting SSH from Nmap Scanning ==\n"
printf "\n[ * ] Please enter the following information from you host environment.\n"
read -p " - Full path to this repository: " RPATH
printf "\n"
printf "\n[ * ] Checking that SSH port is currently open using NMAP.\n\n"
nmap -p 22 ${IP}
printf "\n[ * ] Configuring knockd service on the host machine (via SSH).\n\n"
ssh -p 22 ${USER}@${IP} -t "cd ${RPATH} && echo ${PASS} | sudo -S bash knockd_setup.sh"
sleep 1
printf "\n[ * ] Attemting to scan the SSH port and connect to the SSH server with knockd service running.\n\n"
nmap -p 22 ${IP}
ssh -p 22 ${USER}@${IP}
printf "\n[ * ] Executing magic knock-knock sequence and actually connecting to the SSH server. When ready, \"exit\" it to proceed.\n\n"
knock -v ${IP} 20001 20002 20003 -d 500
ssh -p 22 ${USER}@${IP}
printf "\n[ * ] Restoring iptables rules on the host machine.\n\n"
knock -v ${IP} 20001 20002 20003 -d 500
ssh -p 22 ${USER}@${IP} -t "echo ${PASS} | sudo -S iptables -F DOCKER && sudo -S iptables -F INPUT && sudo -S service knockd stop"
;;
no )
printf "[ * ] Jumping directly into Bash shell..\n\n";;
* ) printf "\n[ ! ] Error: Invalid response, exiting container..\n\n";
exit 1;;
esac
# start a shell to freeroam in the container
/bin/bash