FROM debian:stretch-slim MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com" # Environment ENV LANG C.UTF-8 ENV LANGUAGE C.UTF-8 ENV LC_ALL C.UTF-8 # Update and upgrade RUN apt-get update \ && apt-get dist-upgrade -y # Environnement ENV user puppet-master ENV admin zetatech-maintenance # Install packets RUN apt-get install -y wget \ openssh-server \ vim \ nano \ python2.7 \ python3 \ sudo \ iputils-ping # Bash vulnerable install (Shellshock) COPY bash_4.2+dfsg-0.1_amd64.deb /tmp/bash_4.2+dfsg-0.1_amd64.deb RUN dpkg -i /tmp/bash_4.2+dfsg-0.1_amd64.deb RUN mkdir /var/run/sshd # Change root password RUN echo "root:0Prop-bonn2-itt-4Mere-judy-Midst-Tine1" | chpasswd # Adduser RUN adduser --home /home/${admin} --shell /bin/bash --disabled-password --gecos "" ${admin} RUN adduser --home /home/${user} --shell /bin/bash --disabled-password --gecos "" ${user} \ && echo ${user}":"${user} | chpasswd # Sudo (vulnerable) RUN echo 'Defaults lecture="never"' >> /etc/sudoers RUN echo ${user}" ALL=("${user}":"${admin}") /usr/bin/wget" >> /etc/sudoers # SSH files RUN mkdir -p /home/${user}/.ssh COPY ./sshd_config /etc/ssh/sshd_config COPY ./maintenance.pub /home/${user}/.ssh/authorized_keys COPY ./banner /etc/banner # Configure permissions RUN chmod -R 550 /home/${user} \ && chown -R ${user}:${user} /home/${user}/.ssh \ && chmod 500 /home/${user}/.ssh \ && chmod 400 /home/${user}/.ssh/authorized_keys \ && chmod 773 /tmp \ && chmod +t /tmp # Copy Flag and set permissions COPY ./client.note /home/${user}/client.note COPY ./tech.note /home/${user}/tech.note RUN chown root:${user} /home/${user}/client.note \ && chmod 740 /home/${user}/client.note \ && chown root:${admin} /home/${user}/tech.note \ && chmod 740 /home/${user}/tech.note # Copy ssh exec file and set permissions COPY ./status.sh /home/${user}/status.sh RUN chown root:${user} /home/${user}/status.sh \ && chmod 750 /home/${user}/status.sh # Clean up RUN apt-get autoremove RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Launch service COPY start.sh /start.sh RUN chmod 770 /start.sh CMD ["./start.sh"] # Open ports EXPOSE 22