FROM debian:stretch-slim

MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com"


# Environment
ENV LANG C.UTF-8
ENV LANGUAGE C.UTF-8
ENV LC_ALL C.UTF-8


# Update and upgrade
RUN apt-get update \
    && apt-get dist-upgrade -y

# Environnement
ENV user puppet-master
ENV admin zetatech-maintenance


# Install packets
RUN apt-get install -y wget \
    openssh-server \
    vim \
    nano \
    python2.7 \
    python3 \
    sudo \
    iputils-ping


# Bash vulnerable install (Shellshock)
COPY bash_4.2+dfsg-0.1_amd64.deb /tmp/bash_4.2+dfsg-0.1_amd64.deb
RUN dpkg -i /tmp/bash_4.2+dfsg-0.1_amd64.deb


RUN mkdir /var/run/sshd

# Change root password
RUN echo "root:0Prop-bonn2-itt-4Mere-judy-Midst-Tine1" | chpasswd

# Adduser
RUN adduser --home /home/${admin} --shell /bin/bash --disabled-password --gecos "" ${admin}
RUN adduser --home /home/${user} --shell /bin/bash --disabled-password --gecos "" ${user} \
    && echo ${user}":"${user} | chpasswd

# Sudo (vulnerable)
RUN echo 'Defaults  lecture="never"' >> /etc/sudoers
RUN echo ${user}" ALL=("${user}":"${admin}") /usr/bin/wget" >> /etc/sudoers

# SSH files
RUN mkdir -p /home/${user}/.ssh
COPY ./sshd_config /etc/ssh/sshd_config
COPY ./maintenance.pub /home/${user}/.ssh/authorized_keys
COPY ./banner /etc/banner

# Configure permissions
RUN chmod -R 550 /home/${user} \
    && chown -R root:${user} /home/${user} \
    && chmod 750 /home/${user}/.ssh \
    && chmod 440 /home/${user}/.ssh/authorized_keys \
    && chmod 773 /tmp \
    && chmod +t /tmp


# Copy Flag and set permissions
COPY ./client.note /home/${user}/client.note
COPY ./tech.note /home/${user}/tech.note

RUN chown root:${user} /home/${user}/client.note \
    && chmod 740 /home/${user}/client.note \
    && chown root:${admin} /home/${user}/tech.note \
    && chmod 740 /home/${user}/tech.note


# Copy ssh exec file and set permissions
COPY ./status.sh /home/${user}/status.sh
RUN chown root:${user} /home/${user}/status.sh \
    && chmod 750 /home/${user}/status.sh

# Clean up
RUN apt-get autoremove
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Launch service
COPY start.sh /start.sh
RUN chmod 770 /start.sh
CMD ["./start.sh"]

# Open ports
EXPOSE 22
