#!/bin/sh # jailsetup-shell.sh 0.2.0 (26/Mar/2003) # Jail setup script for jailed Telnet/SSH accounts for FreeBSD 5.0-RELEASE # By JB Consulting Oy Ab / Jani Reinikainen [ jani (at) jbc (dot) fi ] # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. if [ x"$1" = x ] then echo Usage: $0 [ip] echo example: $0 10.0.0.20 exit fi D=/usr/jail/$1 if [ -f $D ]; then echo Error. A file has the same name as the destination. exit fi if [ ! -f /etc/make.jail.conf ]; then echo "CFLAGS= -O -pipe" >> /etc/make.jail.conf echo "COPTFLAGS= -O -pipe" >> /etc/make.jail.conf echo "MAKE_IDEA=\"NO\"" >> /etc/make.jail.conf echo "MAKE_KERBEROS4=\"NO\"" >> /etc/make.jail.conf echo "MAKE_KERBEROS5=\"NO\"" >> /etc/make.jail.conf echo "ENABLE_SUID_K5SU=\"NO\"" >> /etc/make.jail.conf echo "NO_BIND=\"TRUE\"" >> /etc/make.jail.conf echo "NO_FORTRAN=\"TRUE\"" >> /etc/make.jail.conf echo "NO_CVS=\"TRUE\"" >> /etc/make.jail.conf echo "NO_I4B=\"TRUE\"" >> /etc/make.jail.conf echo "NO_IPFILTER=\"TRUE\"" >> /etc/make.jail.conf echo "NO_LPR=\"TRUE\"" >> /etc/make.jail.conf echo "NO_MAILWRAPPER=\"TRUE\"" >> /etc/make.jail.conf echo "NO_MAKEDEV=\"TRUE\"" >> /etc/make.jail.conf echo "NO_OBJC=\"TRUE\"" >> /etc/make.jail.conf echo "NO_SENDMAIL=\"TRUE\"" >> /etc/make.jail.conf echo "NO_SHAREDOCS=\"TRUE\"" >> /etc/make.jail.conf echo "NO_X =\"TRUE\"" >> /etc/make.jail.conf echo "NO_GDB=\"TRUE\"" >> /etc/make.jail.conf echo "NO_MAILWRAPPER=\"TRUE\"" >> /etc/make.jail.conf echo "NO_TCSH=\"TRUE\"" >> /etc/make.jail.conf echo "NOGAMES=\"TRUE\"" >> /etc/make.jail.conf echo "NOINFO=\"TRUE\"" >> /etc/make.jail.conf echo "NOUUCP=\"TRUE\"" >> /etc/make.jail.conf echo "NOSHARE=\"TRUE\"" >> /etc/make.jail.conf echo "NOPROFILE=\"TRUE\"" >> /etc/make.jail.conf fi if [ ! -d $D ]; then /bin/mkdir $D fi cd /usr/obj chflags -R noschg * rm -rf * cd /usr/src make -j4 world DESTDIR=$D __MAKE_CONF="/etc/make.jail.conf" cd etc make distribution DESTDIR=$D NO_MAKEDEV=yes __MAKE_CONF="/etc/make.jail.conf" cd $D/dev sh MAKEDEV jail cd $D ln -sf dev/null kernel touch $D/etc/fstab mkdir $D/usr/ports # Genereate $D/etc/rc.conf echo "portmap_enable=\"NO\"" >> $D/etc/rc.conf echo "cron_enable=\"YES\"" >> $D/etc/rc.conf echo "syslogd_enable=\"NO\"" >> $D/etc/rc.conf echo "inetd_enable=\"NO\"" >> $D/etc/rc.conf echo "sendmail_enable=\"NO\"" >> $D/etc/rc.conf echo "network_interfaces=\"\"" >> $D/etc/rc.conf # Remove unneccessary user executables from $D/bin rm $D/bin/chio $D/bin/csh $D/bin/domainname $D/bin/hostname $D/bin/rcp $D/bin/rmail # Remove unneccessary user executables from $D/usr/bin rm $D/usr/bin/CC $D/usr/bin/Mail $D/usr/bin/addftinfo $D/usr/bin/addr2line $D/usr/bin/afmtodit rm $D/usr/bin/apropos $D/usr/bin/as $D/usr/bin/at $D/usr/bin/atq $D/usr/bin/atrm $D/usr/bin/banner rm $D/usr/bin/batch $D/usr/bin/biff $D/usr/bin/byacc $D/usr/bin/c++ $D/usr/bin/c++filt $D/usr/bin/c89 rm $D/usr/bin/cal $D/usr/bin/calendar $D/usr/bin/cap_mkdb $D/usr/bin/cc $D/usr/bin/chat $D/usr/bin/checknr rm $D/usr/bin/chflags $D/usr/bin/chfn $D/usr/bin/chgrp $D/usr/bin/ci $D/usr/bin/co $D/usr/bin/colcrt rm $D/usr/bin/colldef $D/usr/bin/compile_et $D/usr/bin/cpp $D/usr/bin/crunchgen $D/usr/bin/crunchide rm $D/usr/bin/ctags $D/usr/bin/cu $D/usr/bin/cvs $D/usr/bin/cvsbug $D/usr/bin/dnskeygen $D/usr/bin/doscmd rm $D/usr/bin/eqn $D/usr/bin/f77 $D/usr/bin/file2c $D/usr/bin/from $D/usr/bin/fsync $D/usr/bin/g++ rm $D/usr/bin/gasp $D/usr/bin/gate-ftp $D/usr/bin/gcc $D/usr/bin/gcore $D/usr/bin/gcov $D/usr/bin/gdb rm $D/usr/bin/gdbreplay $D/usr/bin/genassym $D/usr/bin/gencat $D/usr/bin/gensetdefs $D/usr/bin/getconf rm $D/usr/bin/getopt $D/usr/bin/getopts $D/usr/bin/gperf $D/usr/bin/gprof $D/usr/bin/gprof4 $D/usr/bin/grn rm $D/usr/bin/grodvi $D/usr/bin/groff $D/usr/bin/grog $D/usr/bin/grolbp $D/usr/bin/grolj4 $D/usr/bin/grops rm $D/usr/bin/grotty $D/usr/bin/groups $D/usr/bin/gzexe $D/usr/bin/hpftodit $D/usr/bin/ident rm $D/usr/bin/indent $D/usr/bin/indxbib $D/usr/bin/infokey $D/usr/bin/install $D/usr/bin/install-info rm $D/usr/bin/ipcrm $D/usr/bin/ipcs $D/usr/bin/kdump $D/usr/bin/kenv $D/usr/bin/key $D/usr/bin/keyinfo rm $D/usr/bin/keyinit $D/usr/bin/keylogin $D/usr/bin/keylogout $D/usr/bin/ktrace $D/usr/bin/kzip $D/usr/bin/last rm $D/usr/bin/ld $D/usr/bin/lessecho $D/usr/bin/limits $D/usr/bin/lint $D/usr/bin/lkbib $D/usr/bin/lock rm $D/usr/bin/lockf $D/usr/bin/logger $D/usr/bin/lookbib $D/usr/bin/lorder $D/usr/bin/lp $D/usr/bin/lpq rm $D/usr/bin/lpr $D/usr/bin/lprm $D/usr/bin/lsvfs $D/usr/bin/m4 $D/usr/bin/mail $D/usr/bin/mailq rm $D/usr/bin/mailx $D/usr/bin/make $D/usr/bin/makewhatis $D/usr/bin/manpath $D/usr/bin/minigzip rm $D/usr/bin/mkdep $D/usr/bin/mkfifo $D/usr/bin/mklocale $D/usr/bin/mkstr $D/usr/bin/mmroff $D/usr/bin/msgs rm $D/usr/bin/mt $D/usr/bin/ncal $D/usr/bin/ncplist $D/usr/bin/ncplogin $D/usr/bin/ncplogout $D/usr/bin/netstat rm $D/usr/bin/newkey $D/usr/bin/nfsstat $D/usr/bin/nice $D/usr/bin/nm $D/usr/bin/nohup $D/usr/bin/nroff rm $D/usr/bin/ntpq $D/usr/bin/objcopy $D/usr/bin/objdump $D/usr/bin/objformat $D/usr/bin/opieinfo rm $D/usr/bin/opiekey $D/usr/bin/opiepasswd $D/usr/bin/otp-md4 $D/usr/bin/otp-md5 $D/usr/bin/otp-sha rm $D/usr/bin/pagesize $D/usr/bin/pawd $D/usr/bin/pic $D/usr/bin/post-grohtml $D/usr/bin/pr $D/usr/bin/printenv rm $D/usr/bin/psroff $D/usr/bin/ptx $D/usr/bin/rcs $D/usr/bin/rcsclean $D/usr/bin/rcsdiff $D/usr/bin/rcsfreeze rm $D/usr/bin/rcsmerge $D/usr/bin/refer $D/usr/bin/renice $D/usr/bin/reset $D/usr/bin/rlog $D/usr/bin/rlogin rm $D/usr/bin/rpcgen $D/usr/bin/rpcinfo $D/usr/bin/rsh $D/usr/bin/rup $D/usr/bin/ruptime $D/usr/bin/rusers rm $D/usr/bin/rwall $D/usr/bin/rwho $D/usr/bin/sasc $D/usr/bin/send-pr $D/usr/bin/sendbug $D/usr/bin/shar rm $D/usr/bin/showmount $D/usr/bin/smbutil $D/usr/bin/sockstat $D/usr/bin/soelim $D/usr/bin/su $D/usr/bin/systat rm $D/usr/bin/talk $D/usr/bin/tbl $D/usr/bin/tcopy $D/usr/bin/texindex $D/usr/bin/tfmtodit $D/usr/bin/tip rm $D/usr/bin/tput $D/usr/bin/troff $D/usr/bin/tset $D/usr/bin/tsort $D/usr/bin/tty $D/usr/bin/ul rm $D/usr/bin/umask $D/usr/bin/unifdef $D/usr/bin/unifdefall $D/usr/bin/uptime $D/usr/bin/usbhidctl $D/usr/bin/users rm $D/usr/bin/uucp $D/usr/bin/uulog $D/usr/bin/uuname $D/usr/bin/uupick $D/usr/bin/uusched $D/usr/bin/uustat rm $D/usr/bin/uuto $D/usr/bin/uux $D/usr/bin/vacation $D/usr/bin/vgrind $D/usr/bin/vmstat $D/usr/bin/w rm $D/usr/bin/wall $D/usr/bin/what $D/usr/bin/whatis $D/usr/bin/who $D/usr/bin/write $D/usr/bin/xstr rm $D/usr/bin/yacc $D/usr/bin/ypcat $D/usr/bin/ypchfn $D/usr/bin/ypchpass $D/usr/bin/ypchsh $D/usr/bin/ypmatch rm $D/usr/bin/yppasswd $D/usr/bin/ypwhich $D/usr/bin/yyfix # Remove unneccessary superuser executables from $D/usr/sbin rm $D/usr/sbin/zzz $D/usr/sbin/IPXrouted $D/usr/sbin/ancontrol $D/usr/sbin/apm $D/usr/sbin/apmd rm $D/usr/sbin/atmarpd $D/usr/sbin/boot0cfg $D/usr/sbin/bootparamd $D/usr/sbin/bootpef $D/usr/sbin/bootptest rm $D/usr/sbin/btxld $D/usr/sbin/burncd $D/usr/sbin/cdcontrol $D/usr/sbin/callbootd $D/usr/sbin/chkprintcap rm $D/usr/sbin/chroot $D/usr/sbin/config $D/usr/sbin/ctm $D/usr/sbin/ctm_dequeue rm $D/usr/sbin/ctm_rmail $D/usr/sbin/ctm_smail $D/usr/sbin/diskpart rm $D/usr/sbin/dtmfdecode $D/usr/sbin/editmap $D/usr/sbin/fdformat $D/usr/sbin/fdcontrol $D/usr/sbin/fdwrite rm $D/usr/sbin/fixmount $D/usr/sbin/fontedit $D/usr/sbin/fsinfo $D/usr/sbin/fwcontrol $D/usr/sbin/g711conv rm $D/usr/sbin/hlfsd $D/usr/sbin/hoststat $D/usr/sbin/idprio $D/usr/sbin/ifmcstat $D/usr/sbin/inetd rm $D/usr/sbin/iostat $D/usr/sbin/ipftest $D/usr/sbin/ipresend $D/usr/sbin/ipsend $D/usr/sbin/iptest rm $D/usr/sbin/isdnd $D/usr/sbin/isdndebug $D/usr/sbin/isdndecode $D/usr/sbin/isdnmonitor $D/usr/sbin/isdnphone rm $D/usr/sbin/isdntel $D/usr/sbin/isdntrace $D/usr/sbin/isdntelctl $D/usr/sbin/kbdcontrol $D/usr/sbin/kernbb rm $D/usr/sbin/keyserv $D/usr/sbin/kgmon $D/usr/sbin/kgzip $D/usr/sbin/loadfont $D/usr/sbin/lpc $D/usr/sbin/lpd rm $D/usr/sbin/lptcontrol $D/usr/sbin/lptest $D/usr/sbin/makemap $D/usr/sbin/mailwrapper $D/usr/sbin/mailstats rm $D/usr/sbin/manctl $D/usr/sbin/map-mbone $D/usr/sbin/mcon $D/usr/sbin/memcontrol $D/usr/sbin/mergemaster rm $D/usr/sbin/mixer $D/usr/sbin/mk-amd-map $D/usr/sbin/mld6query $D/usr/sbin/moused $D/usr/sbin/mlxcontrol rm $D/usr/sbin/mptable $D/usr/sbin/mrinfo $D/usr/sbin/mtest $D/usr/sbin/mtree $D/usr/sbin/named rm $D/usr/sbin/named.reload $D/usr/sbin/named.restart $D/usr/sbin/ndc $D/usr/sbin/ndp $D/usr/sbin/newsyslog rm $D/usr/sbin/ngctl $D/usr/sbin/nghook $D/usr/sbin/nsupdate $D/usr/sbin/ntpd $D/usr/sbin/ntpdate rm $D/usr/sbin/ntpdc $D/usr/sbin/ntptime $D/usr/sbin/ntptimeset $D/usr/sbin/ntptrace $D/usr/sbin/pac rm $D/usr/sbin/pccardc $D/usr/sbin/pccardd $D/usr/sbin/pciconf $D/usr/sbin/periodic $D/usr/sbin/pmap_dump rm $D/usr/sbin/pmap_set $D/usr/sbin/pnpinfo $D/usr/sbin/portmap $D/usr/sbin/ppp $D/usr/sbin/pppctl rm $D/usr/sbin/pppd $D/usr/sbin/pppstats $D/usr/sbin/praliases $D/usr/sbin/rarpd $D/usr/sbin/raycontrol rm $D/usr/sbin/rip6query $D/usr/sbin/rmt $D/usr/sbin/rndcontrol $D/usr/sbin/route6d $D/usr/sbin/rpc.lockd rm $D/usr/sbin/rpc.statd $D/usr/sbin/rpc.umntall $D/usr/sbin/rpc.yppasswdd $D/usr/sbin/rpc.ypupdated rm $D/usr/sbin/rpc.ypxfrd $D/usr/sbin/rrenumd $D/usr/sbin/rtadvd $D/usr/sbin/rtprio $D/usr/sbin/rtsold rm $D/usr/sbin/rwhod $D/usr/sbin/sa $D/usr/sbin/scon $D/usr/sbin/scriptdump $D/usr/sbin/scspd rm $D/usr/sbin/sendmail $D/usr/sbin/setkey $D/usr/sbin/sgsc $D/usr/sbin/sicontrol $D/usr/sbin/arp rm $D/usr/sbin/slstat $D/usr/sbin/spkrtest $D/usr/sbin/spray $D/usr/sbin/stlload $D/usr/sbin/stlstty rm $D/usr/sbin/stlstats $D/usr/sbin/swapinfo $D/usr/sbin/tcpdchk $D/usr/sbin/tcpdmatch $D/usr/sbin/tcpslice rm $D/usr/sbin/timed $D/usr/sbin/timedc $D/usr/sbin/trpt $D/usr/sbin/usbd $D/usr/sbin/usbdevs $D/usr/sbin/uuchk rm $D/usr/sbin/uuconv $D/usr/sbin/vidcontrol $D/usr/sbin/vidfont $D/usr/sbin/vipw $D/usr/sbin/vnconfig rm $D/usr/sbin/watch $D/usr/sbin/wicontrol $D/usr/sbin/wire-test $D/usr/sbin/wlconfig $D/usr/sbin/xten rm $D/usr/sbin/yp_mkdb $D/usr/sbin/ypbind $D/usr/sbin/ypinit $D/usr/sbin/yppoll $D/usr/sbin/yppush rm $D/usr/sbin/ypserv $D/usr/sbin/ypset $D/usr/sbin/zic $D/usr/sbin/ac $D/usr/sbin/amq $D/usr/sbin/jail rm $D/usr/sbin/kcon $D/usr/sbin/ispcvt $D/usr/sbin/purgestat $D/usr/sbin/prefix $D/usr/sbin/procctl rm $D/usr/sbin/pstat $D/usr/sbin/mrouted $D/usr/sbin/syslogd $D/usr/sbin/mtrace $D/usr/sbin/lastlogin rm $D/usr/sbin/ckdist $D/usr/sbin/amd $D/usr/sbin/ntp-genkeys # And now from $D/sbin... rm $D/sbin/atacontrol $D/sbin/atm $D/sbin/badsect $D/sbin/camcontrol $D/sbin/ccdconfig $D/sbin/umount rm $D/sbin/clri $D/sbin/comcontrol $D/sbin/dhclient $D/sbin/dhclient-script $D/sbin/disklabel $D/sbin/dump rm $D/sbin/dumpfs $D/sbin/dumpon $D/sbin/fastboot $D/sbin/fasthalt $D/sbin/fdisk $D/sbin/ffsinfo rm $D/sbin/fore_dnld $D/sbin/fsck $D/sbin/fsck_msdosfs $D/sbin/fsdb $D/sbin/fsirand $D/sbin/growfs rm $D/sbin/halt $D/sbin/ilmid $D/sbin/ifconfig $D/sbin/kget $D/sbin/kldconfig $D/sbin/kldload rm $D/sbin/kldstat $D/sbin/kldunload $D/sbin/mknod $D/sbin/mount_ext2fs $D/sbin/mount_cd9660 rm $D/sbin/mount_fdesc $D/sbin/mount_linprocfs $D/sbin/mount_mfs $D/sbin/mount_msdos $D/sbin/mount_nfs rm $D/sbin/mount_ntfs $D/sbin/mount_null $D/sbin/mount_nwfs $D/sbin/mount_portal $D/sbin/mount_procfs rm $D/sbin/mount_smbfs $D/sbin/mount_umap $D/sbin/mount_std $D/sbin/mount_union $D/sbin/mountd $D/sbin/natd rm $D/sbin/newfs $D/sbin/newfs_msdos $D/sbin/nextboot $D/sbin/nos-tun $D/sbin/rdump $D/sbin/reboot rm $D/sbin/shutdown $D/sbin/restore $D/sbin/routed $D/sbin/rrestore $D/sbin/rtquery $D/sbin/rtsol $D/sbin/savecore rm $D/sbin/slattach $D/sbin/spppcontrol $D/sbin/startslip $D/sbin/tunefs $D/sbin/vinum rm $D/sbin/dmesg $D/sbin/swapon $D/sbin/sysctl # Remove unneccessary config directories rm -r $D/etc/ppp $D/etc/X11 $D/etc/isdn $D/etc/kerberosIV $D/etc/uucp $D/etc/skel $D/etc/mtree # Remove unneccessary config files rm $D/etc/nsmb.conf $D/etc/dhclient.conf $D/etc/usbd.conf $D/etc/printcap $D/etc/phones rm $D/etc/modems $D/etc/dm.conf $D/etc/apmd.conf $D/etc/rc.isdn $D/etc/rc.sendmail rm $D/etc/rc.pccard $D/COPYRIGHT $D/sys $D/mnt $D/modules # Remove stuff from $D/var... rm -r $D/var/yp # Remove stuff from $D/usr/share... rm -r $D/usr/share/isdn $D/usr/share/sendmail $D/usr/share/examples $D/usr/share/misc rm -r $D/usr/share/calendar $D/usr/share/dict $D/usr/share/