1#! /bin/sh 2 3# NOTE: tested on Debian Linux 4# 5# NO WARRANTY - may or may not work on your system 6# 7 8# Copyright Rainer Wichmann (2003) 9# 10# License Information: 11# This program is free software; you can redistribute it and/or modify 12# it under the terms of the GNU General Public License as published by 13# the Free Software Foundation; either version 2 of the License, or 14# (at your option) any later version. 15# 16# This program is distributed in the hope that it will be useful, 17# but WITHOUT ANY WARRANTY; without even the implied warranty of 18# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19# GNU General Public License for more details. 20# 21# You should have received a copy of the GNU General Public License 22# along with this program; if not, write to the Free Software 23# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 24# 25 26 27CHROOT=$1 28 29SYSTEM=`uname -s` 30 31if test "x$SYSTEM" = xLinux; then 32 : 33else 34 echo "This script will fail on systems other than Linux," 35 echo "mainly because of the mknod commands to create devices" 36 echo "in the chroot jail." 37 exit 1 38fi 39 40if test "x$CHROOT" = x; then 41 echo "Usage: chroot.sh chroot_dir" 42 echo "Purpose: prepare a chroot jail for yule" 43 echo 44 echo "NOTE: tested on Debian Linux" 45 echo "NO WARRANTY - may or may not work on your system" 46 exit 1 47fi 48 49# 50# Link configuration file 51# 52echo " Link configuration file:" 53echo " ln -s ${CHROOT}/etc/yulerc /etc/yulerc" 54 55ln -s -f ${CHROOT}/etc/yulerc /etc/yulerc 56echo 57 58 59# 60# Create passwd file 61# 62echo " Create passwd file" 63echo " grep root /etc/passwd > ${CHROOT}/etc/passwd" 64echo " grep daemon /etc/passwd >> ${CHROOT}/etc/passwd" 65echo " grep yule /etc/passwd >> ${CHROOT}/etc/passwd" 66 67grep root /etc/passwd > ${CHROOT}/etc/passwd 68grep daemon /etc/passwd >> ${CHROOT}/etc/passwd 69grep yule /etc/passwd >> ${CHROOT}/etc/passwd 70echo 71 72 73# 74# Create group file 75# 76echo " Create group file" 77echo " grep root /etc/group > ${CHROOT}/etc/group" 78echo " grep daemon /etc/group >> ${CHROOT}/etc/group" 79echo " grep yule /etc/group >> ${CHROOT}/etc/group" 80 81grep root /etc/group > ${CHROOT}/etc/group 82grep daemon /etc/group >> ${CHROOT}/etc/group 83grep yule /etc/group >> ${CHROOT}/etc/group 84echo 85 86# 87# Create devices 88# 89echo " Create devices" 90echo " mkdir ${CHROOT}/dev" 91echo " mknod -m 444 ${CHROOT}/dev/urandom c 1 9" 92echo " mknod -m 666 ${CHROOT}/dev/random c 1 8" 93echo " mknod -m 666 ${CHROOT}/dev/null c 1 3" 94echo " mknod -m 666 ${CHROOT}/dev/null c 1 5" 95 96mkdir ${CHROOT}/dev 97mknod -m 444 ${CHROOT}/dev/urandom c 1 9 98mknod -m 666 ${CHROOT}/dev/random c 1 8 99mknod -m 666 ${CHROOT}/dev/null c 1 3 100mknod -m 666 ${CHROOT}/dev/zero c 1 5 101echo 102 103# 104# DNS 105# 106echo " Copy files for DNS" 107echo " cp -p /etc/nsswitch.conf ${CHROOT}/etc/" 108echo " cp -p /etc/hosts ${CHROOT}/etc/" 109echo " cp -p /etc/host.conf ${CHROOT}/etc/" 110echo " cp -p /etc/resolv.conf ${CHROOT}/etc/" 111echo " cp -p /etc/services ${CHROOT}/etc/" 112echo " cp -p /etc/protocols ${CHROOT}/etc/" 113 114cp -p /etc/nsswitch.conf ${CHROOT}/etc/ 115cp -p /etc/hosts ${CHROOT}/etc/ 116cp -p /etc/host.conf ${CHROOT}/etc/ 117cp -p /etc/resolv.conf ${CHROOT}/etc/ 118cp -p /etc/services ${CHROOT}/etc/ 119cp -p /etc/protocols ${CHROOT}/etc/ 120 121echo "----------------------------------------------------" 122echo 123echo " You may want to review ${CHROOT}/etc/passwd" 124echo " to replace passwords with a *, and to fix the" 125echo " path to the home directory of the yule user." 126echo 127echo " If using a signed configuration file, you need" 128echo " a working copy of GnuPG inside the chroot jail." 129echo 130echo "----------------------------------------------------" 131