1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN { for i in {3..5}; do useradd -m -s /bin/bash user$i; echo -e "Password$i\nPassword$i" | passwd user$i; done; } \
&& useradd -m user9 && echo -e 'p\x1fssw\x09rd\np\x1fssw\x09rd' | passwd user9
# utils
RUN sed -i 's:^path-exclude=/usr/share/man:#path-exclude=/usr/share/man:' /etc/dpkg/dpkg.cfg.d/excludes \
&& apt-get update \
&& apt-get install -y --no-install-recommends man manpages-posix iproute2 mlocate lsof sudo vim less telnet finger rsh-client smbclient \
&& rm -rf /var/lib/apt/lists/* \
&& echo 'set bg=dark' > /root/.vimrc \
&& usermod -aG sudo user3
# services
RUN apt-get update \
&& apt-get install -y --no-install-recommends vsftpd openssh-server telnetd rsh-redone-server fingerd apache2 socat \
&& rm -rf /var/lib/apt/lists/* \
&& echo 'background=YES' >> /etc/vsftpd.conf \
&& sed -i -e 's,start-stop-daemon --start --background,start-stop-daemon --start,' /etc/init.d/vsftpd
RUN { echo "postfix postfix/mailname string ubuntu-blah"; \
echo "postfix postfix/main_mailer_type string 'Internet Site'"; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y --no-install-recommends postfix dovecot-pop3d dovecot-imapd \
&& rm -rf /var/lib/apt/lists/* \
&& postconf 'smtpd_sasl_exceptions_networks=' 'smtpd_sasl_auth_enable=yes' 'smtpd_sasl_type=dovecot' 'smtpd_sasl_path=private/dovecot-auth' \
&& echo -e 'auth_mechanisms = plain login\n\
service auth {\n\
unix_listener /var/spool/postfix/private/dovecot-auth {\n\
mode = 0660\n\
user = postfix\n\
group = postfix\n\
}\n\
}\n' > /etc/dovecot/conf.d/99-blah.conf
RUN echo 'ServerName localhost' >> /etc/apache2/apache2.conf \
&& mkdir /var/www/html/{wp,pma,bak} && echo secret > /var/www/html/key
RUN LDAPPW=Password1; \
{ \
echo slapd slapd/internal/generated_adminpw password $LDAPPW; \
echo slapd slapd/password2 password $LDAPPW; \
echo slapd slapd/internal/adminpw password $LDAPPW; \
echo slapd slapd/password1 password $LDAPPW; \
echo slapd slapd/domain string example.com; \
echo slapd shared/organization string example.com; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y --no-install-recommends slapd ldap-utils \
&& rm -rf /var/lib/apt/lists/*
RUN MYSRP=Password1; \
{ echo "mysql-server mysql-server/root_password password $MYSRP"; \
echo "mysql-server mysql-server/root_password_again password $MYSRP"; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y --no-install-recommends mysql-server \
&& rm -rf /var/lib/apt/lists/* \
&& sed -i "s/bind-address.*/bind-address = 0.0.0.0/" /etc/mysql/mysql.conf.d/mysqld.cnf \
&& echo secure_file_priv= >> /etc/mysql/mysql.conf.d/mysqld.cnf \
&& rm -f /etc/apparmor.d/usr.sbin.mysqld \
&& service mysql start \
&& Q1="CREATE USER 'root'@'%' identified by 'Password1';" \
&& Q2="GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';" \
&& Q3="FLUSH PRIVILEGES;" \
&& SQL="${Q1}${Q2}${Q3}" \
&& mysql -uroot -p"$MYSRP" -e "$SQL"
RUN PGPW=Password1 \
&& apt-get update && apt-get install -y --no-install-recommends postgresql \
&& rm -rf /var/lib/apt/lists/* \
&& sed -ie 's,127.0.0.1/32,0.0.0.0/0,' /etc/postgresql/14/main/pg_hba.conf \
&& sed -ie "s,^#listen_addresses = 'localhost',listen_addresses = '*'," /etc/postgresql/14/main/postgresql.conf \
&& service postgresql start \
&& su - postgres -c "psql -c \"ALTER USER postgres WITH PASSWORD '$PGPW';\" -c '\\q'" \
&& su - postgres -c "PGPASSWORD='$PGPW' psql -d postgres -w --no-password -h localhost -p 5432 -t -c 'SELECT version()'"
RUN apt-get update && apt-get install -y --no-install-recommends tomcat9 tomcat9-admin \
&& rm -rf /var/lib/apt/lists/* \
&& echo '<?xml version="1.0" encoding="UTF-8"?><tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"><user username="tomcat" password="Password1" roles="manager-gui"/></tomcat-users>' > /etc/tomcat9/tomcat-users.xml \
&& sed -ie 's,^.*Define an AJP .* Connector on port.*$,<Connector protocol="AJP/1.3" address="0.0.0.0" port="8009" redirectPort="8443" secretRequired="false"/>,' /etc/tomcat9/server.xml \
&& sed -ie 's,catalina.realm.LockOutRealm",catalina.realm.LockOutRealm" lockOutTime="0",' /etc/tomcat9/server.xml \
&& echo -e "#!/bin/sh\n\
export CATALINA_HOME=/usr/share/tomcat9\n\
export CATALINA_BASE=/var/lib/tomcat9\n\
export CATALINA_TMPDIR=/tmp\n\
export SECURITY_MANAGER=true\n\
export JAVA_OPTS=-Djava.awt.headless=true\n\
/usr/libexec/tomcat9/tomcat-update-policy.sh\n\
/usr/libexec/tomcat9/tomcat-start.sh &\n" > /usr/local/sbin/start-tomcat.sh
RUN apt-get update && apt-get install -y --no-install-recommends dovecot-imapd dovecot-pop3d poppassd \
&& rm -rf /var/lib/apt/lists/* \
&& sed -ie 's,^#login_trusted_networks = *$,login_trusted_networks = 0.0.0.0/0,' /etc/dovecot/dovecot.conf
RUN apt-get update && apt-get install -y --no-install-recommends p7zip-full \
&& rm -rf /var/lib/apt/lists/* \
&& 7za a -pPassword1 /root/enc.zip /etc/passwd
RUN apt-get update && apt-get install -y --no-install-recommends openjdk-18-jre-headless \
&& rm -rf /var/lib/apt/lists/* \
&& keytool -genkey -alias test -storepass Password1 -keypass Password1 -keystore /root/keystore.jks -dname "CN=a,OU=b,O=c,L=d,ST=e,C=f" -keyalg RSA
RUN apt-get update && apt-get install -y --no-install-recommends sqlcipher \
&& rm -rf /var/lib/apt/lists/* \
&& sqlcipher /root/enc.db "PRAGMA key = 'Password1';create table a(id int);"
RUN echo -e 'user1:kW+7AlKMnSZQIRluNxwJOMiohAw=\nuser2:oBk37hmkFgZdZ247+g6c0Ay6Vw8=\nuser3:kW+7AlKMnSZQIRluNxwJOMiohAw=' > /root/umbraco_users.pw
RUN apt-get update && apt-get install -y --no-install-recommends tightvncserver xfonts-base \
&& rm -rf /var/lib/apt/lists/* \
&& useradd -m vncuser && mkdir ~vncuser/.vnc && echo Password | vncpasswd -f > ~vncuser/.vnc/passwd \
&& chmod 400 ~vncuser/.vnc/passwd && chown -R vncuser:vncuser ~vncuser/.vnc
RUN apt-get update \
&& apt-get install -y --no-install-recommends samba \
&& rm -rf /var/lib/apt/lists/* \
&& { for i in {3..5}; do echo -e "Password$i\nPassword$i" | smbpasswd -a "user$i"; done; } \
&& sed -ie 's,map to guest =,#map to guest =,' /etc/samba/smb.conf
RUN apt-get update \
&& apt-get install -y --no-install-recommends snmpd snmp \
&& rm -rf /var/lib/apt/lists/* \
&& sed -ie 's,^agentaddress .*$,agentaddress udp:161,' /etc/snmp/snmpd.conf \
&& echo 'createUser user3 SHA authPass AES privPass' >> /var/lib/snmp/snmpd.conf \
&& echo 'rouser user3 priv .1' >> /etc/snmp/snmpd.conf
RUN echo -e "echo Starting services\n\
service vsftpd start\n\
service ssh start\n\
/usr/sbin/inetd\n\
service postfix start\n\
service dovecot start\n\
service apache2 start\n\
ulimit -n 1024; service slapd start\n\
service mysql start\n\
service postgresql start\n\
sh /usr/local/sbin/start-tomcat.sh\n\
socat tcp-l:106,fork,reuseaddr exec:/usr/sbin/poppassd &\n\
socat tcp-l:4444,fork,reuseaddr exec:\"echo -e 'W\xe1\xc0me'\" &\n\
cp -v /root/enc.zip /root/keystore.jks /root/enc.db /root/umbraco_users.pw /opt/patator/\n\
su - vncuser -c 'vncserver -rfbport 5900'\n\
service smbd start\n\
service snmpd start\n\
tail -f /dev/null\n" > /usr/local/sbin/start-all-services.sh
CMD ["sh", "/usr/local/sbin/start-all-services.sh"]
|
