zira-etc/cxs/cxschroot.sh

#!/bin/sh
###############################################################################
# Copyright 2009-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# Experimental procedure to create a chroot environment for script decoding

DESTDIR="/home/cxschroot"

echo -n "Preparing chroot environment..."
mkdir -p $DESTDIR/sys
mkdir -p $DESTDIR/proc
mkdir -p $DESTDIR/dev
mkdir -p $DESTDIR/etc
mkdir -p $DESTDIR/tmp
mkdir -p $DESTDIR/lib
mkdir -p $DESTDIR/lib64
cp /lib/libgcc* $DESTDIR/lib/
if [ -d "/lib64/" ]; then
	cp /lib64/libgcc* $DESTDIR/lib64/
fi
echo "DONE"

echo -n "Copying files..."
for prog in /bin/bash /bin/ls /usr/bin/id /usr/local/bin/php /usr/bin/php; do
	if [ -e $prog ]; then
		mkdir -p $DESTDIR/`dirname $prog`
		cp $prog $DESTDIR/$prog

		for lib in `ldd $prog |sed -rn 's/[^\/]*(.*\/lib.*\/[^ ]*).*/\1/gp'`; do 
			mkdir -p $DESTDIR/`dirname $lib`
			cp $lib $DESTDIR/$lib
		done
	fi
done
echo "DONE"

echo "Adding cxschroot user..."
useradd -M -s /bin/false cxschroot
chown cxschroot:cxschroot $DESTDIR/tmp
echo "DONE"

echo "Block outgoing connections by cxschroot in csf..."
echo '#!/bin/bash
/sbin/iptables -I OUTPUT -m owner --uid-owner cxschroot -j DROP
' >> /etc/csf/csfpost.sh
chmod +x /etc/csf/csfpost.sh
/sbin/iptables -I OUTPUT -m owner --uid-owner cxschroot -j DROP
echo "DONE"
echo
echo "You should now be able to use            : cxs --chroot /home/cxschroot --chuser cxschroot ..."
echo "You can test the chroot environment using: cxs --chroot /home/cxschroot --chuser cxschroot --chtest"
echo