Initial commit.

cxs/cxschroot.sh

@@ -0,0 +1,54 @@
+#!/bin/sh
+###############################################################################
+# Copyright 2009-2016, Way to the Web Limited
+# URL: http://www.configserver.com
+# Email: sales@waytotheweb.com
+###############################################################################
+# Experimental procedure to create a chroot environment for script decoding
+
+DESTDIR="/home/cxschroot"
+
+echo -n "Preparing chroot environment..."
+mkdir -p $DESTDIR/sys
+mkdir -p $DESTDIR/proc
+mkdir -p $DESTDIR/dev
+mkdir -p $DESTDIR/etc
+mkdir -p $DESTDIR/tmp
+mkdir -p $DESTDIR/lib
+mkdir -p $DESTDIR/lib64
+cp /lib/libgcc* $DESTDIR/lib/
+if [ -d "/lib64/" ]; then
+	cp /lib64/libgcc* $DESTDIR/lib64/
+fi
+echo "DONE"
+
+echo -n "Copying files..."
+for prog in /bin/bash /bin/ls /usr/bin/id /usr/local/bin/php /usr/bin/php; do
+	if [ -e $prog ]; then
+		mkdir -p $DESTDIR/`dirname $prog`
+		cp $prog $DESTDIR/$prog
+
+		for lib in `ldd $prog |sed -rn 's/[^\/]*(.*\/lib.*\/[^ ]*).*/\1/gp'`; do 
+			mkdir -p $DESTDIR/`dirname $lib`
+			cp $lib $DESTDIR/$lib
+		done
+	fi
+done
+echo "DONE"
+
+echo "Adding cxschroot user..."
+useradd -M -s /bin/false cxschroot
+chown cxschroot:cxschroot $DESTDIR/tmp
+echo "DONE"
+
+echo "Block outgoing connections by cxschroot in csf..."
+echo '#!/bin/bash
+/sbin/iptables -I OUTPUT -m owner --uid-owner cxschroot -j DROP
+' >> /etc/csf/csfpost.sh
+chmod +x /etc/csf/csfpost.sh
+/sbin/iptables -I OUTPUT -m owner --uid-owner cxschroot -j DROP
+echo "DONE"
+echo
+echo "You should now be able to use            : cxs --chroot /home/cxschroot --chuser cxschroot ..."
+echo "You can test the chroot environment using: cxs --chroot /home/cxschroot --chuser cxschroot --chtest"
+echo