Initial commit

This is a fully working version of the script that creates chroot directory

create_chroot_jail.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env sh
+
+# This script is primarily designed to create a chroot jail to be used by an SSH user.
+# My primary use case for this script is that I have a bastion server that I want users
+# to be able to use for port forwarding to access a database behind a firewall.
+# I want these users to have as little permissions as possible.  This script has been tested
+# on Ubuntu 22.02
+
+
+# Define a directory for our jail and a user.
+JAIL_DIRECTORY=/BASTIONJAIL
+JAIL_USER=bastionuser
+
+# Create the necessary directories.
+sudo mkdir -p $JAIL_DIRECTORY/{etc,bin,lib64,lib/x86_64-linux-gnu,dev/urandom,dev/tty}
+sudo cp /bin/bash $JAIL_DIRECTORY/bin
+sudo cp /bin/sleep $JAIL_DIRECTORY/bin
+sudo cp /bin/ssh $JAIL_DIRECTORY/bin
+sudo cp /dev/null $JAIL_DIRECTORY/dev/
+
+sudo chown $JAIL_USER:$JAIL_USER $JAIL_DIRECTORY/dev/null 
+
+# Link our hosts file for any network needs.
+sudo ln -s /etc/hosts $JAIL_DIRECTORY/etc/hosts
+
+
+Copy_Dependencies(){
+  # Get a list of libraries and parse out just the pathnames.
+  list="$(ldd "$1" | grep -E -o '/lib.*\.[0-9]')"
+  for i in $list; do cp  -v "$i" "${JAIL_DIRECTORY}${i}"; done
+}
+
+# These are the minimum requirements for setting up an SSH tunnel.
+Copy_Dependencies "/bin/bash"
+Copy_Dependencies "/bin/sleep"
+Copy_Dependencies "/bin/ssh"
+
+# Now make sure that the user has an entry in /etc/passwd.
+# Shell should be /bin/bash.
+
+# Add the following to /etc/sshd_config
+#   Match User batchtesting
+#     ChrootDirectory /BASTIONJAIL
+#     Banner none
+
+# Create special devices
+
+sudo mknod -m 666 $JAIL_DIRECTORY/null c 1 3
+sudo mknod -m 666 $JAIL_DIRECTORY/zero c 1 5
+sudo chown root:root $JAIL_DIRECTORY/null $JAIL_DIRECTORY/zero