Add shell access and scp support
This commit is contained in:
Daniel Winzen
56
etc/security/limits.conf
Normal file
56
etc/security/limits.conf
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
# /etc/security/limits.conf
|
||||||
|
#
|
||||||
|
#Each line describes a limit for a user in the form:
|
||||||
|
#
|
||||||
|
#<domain> <type> <item> <value>
|
||||||
|
#
|
||||||
|
#Where:
|
||||||
|
#<domain> can be:
|
||||||
|
# - a user name
|
||||||
|
# - a group name, with @group syntax
|
||||||
|
# - the wildcard *, for default entry
|
||||||
|
# - the wildcard %, can be also used with %group syntax,
|
||||||
|
# for maxlogin limit
|
||||||
|
# - NOTE: group and wildcard limits are not applied to root.
|
||||||
|
# To apply a limit to the root user, <domain> must be
|
||||||
|
# the literal username root.
|
||||||
|
#
|
||||||
|
#<type> can have the two values:
|
||||||
|
# - "soft" for enforcing the soft limits
|
||||||
|
# - "hard" for enforcing hard limits
|
||||||
|
#
|
||||||
|
#<item> can be one of the following:
|
||||||
|
# - core - limits the core file size (KB)
|
||||||
|
# - data - max data size (KB)
|
||||||
|
# - fsize - maximum filesize (KB)
|
||||||
|
# - memlock - max locked-in-memory address space (KB)
|
||||||
|
# - nofile - max number of open files
|
||||||
|
# - rss - max resident set size (KB)
|
||||||
|
# - stack - max stack size (KB)
|
||||||
|
# - cpu - max CPU time (MIN)
|
||||||
|
# - nproc - max number of processes
|
||||||
|
# - as - address space limit (KB)
|
||||||
|
# - maxlogins - max number of logins for this user
|
||||||
|
# - maxsyslogins - max number of logins on the system
|
||||||
|
# - priority - the priority to run user process with
|
||||||
|
# - locks - max number of file locks the user can hold
|
||||||
|
# - sigpending - max number of pending signals
|
||||||
|
# - msgqueue - max memory used by POSIX message queues (bytes)
|
||||||
|
# - nice - max nice priority allowed to raise to values: [-20, 19]
|
||||||
|
# - rtprio - max realtime priority
|
||||||
|
# - chroot - change root to directory (Debian-specific)
|
||||||
|
#
|
||||||
|
#<domain> <type> <item> <value>
|
||||||
|
#
|
||||||
|
|
||||||
|
#* soft core 0
|
||||||
|
#root hard core 100000
|
||||||
|
#* hard rss 10000
|
||||||
|
#@student hard nproc 20
|
||||||
|
#@faculty soft nproc 20
|
||||||
|
#@faculty hard nproc 50
|
||||||
|
#ftp hard nproc 0
|
||||||
|
#ftp - chroot /ftp
|
||||||
|
#@student - maxlogins 4
|
||||||
|
|
||||||
|
# End of file
|
||||||
@ -19,11 +19,12 @@ const INDEX_MD5S=[ //MD5 sums of index.hosting.html files that should be considd
|
|||||||
'703fac6634bf637f942db8906092d0ab', //new default file
|
'703fac6634bf637f942db8906092d0ab', //new default file
|
||||||
];
|
];
|
||||||
const REQUIRE_APPROVAL=false; //require admin approval of new sites? true/false
|
const REQUIRE_APPROVAL=false; //require admin approval of new sites? true/false
|
||||||
|
const ENABLE_SHELL_ACCESS=true; //allows users to login via ssh, when disabled only (s)ftp is allowed - run setup.php to migrate existing accounts
|
||||||
const ADMIN_PASSWORD='MY_PASSWORD'; //password for admin interface
|
const ADMIN_PASSWORD='MY_PASSWORD'; //password for admin interface
|
||||||
const SERVICE_INSTANCES=['2', '3', '4', '5', '6', '7', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'];
|
const SERVICE_INSTANCES=['2', '3', '4', '5', '6', '7', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'];
|
||||||
const DISABLED_PHP_VERSIONS=[];
|
const DISABLED_PHP_VERSIONS=[]; //php versions still installed on the system but no longer offered for new accounts
|
||||||
const PHP_VERSIONS=[4 => '7.3'];
|
const PHP_VERSIONS=[4 => '7.3']; //currently active php versions
|
||||||
const DEFAULT_PHP_VERSION='7.3';
|
const DEFAULT_PHP_VERSION='7.3'; //default php version
|
||||||
const PHP_CONFIG='memory_limit = 256M
|
const PHP_CONFIG='memory_limit = 256M
|
||||||
error_reporting = E_ALL
|
error_reporting = E_ALL
|
||||||
post_max_size = 10G
|
post_max_size = 10G
|
||||||
|
|||||||
@ -26,7 +26,8 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
|
|||||||
$reload[$firstchar]=true;
|
$reload[$firstchar]=true;
|
||||||
$enable_onion->execute([$id[6]]);
|
$enable_onion->execute([$id[6]]);
|
||||||
//add and manage rights of system user
|
//add and manage rights of system user
|
||||||
exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s /usr/sbin/nologin ' . escapeshellarg($system_account));
|
$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
|
||||||
|
exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($system_account));
|
||||||
exec('/var/www/setup_chroot.sh ' . escapeshellarg("/home/$system_account"));
|
exec('/var/www/setup_chroot.sh ' . escapeshellarg("/home/$system_account"));
|
||||||
exec('grep ' . escapeshellarg($system_account) . ' /etc/passwd >> ' . escapeshellarg("/home/$system_account/etc/passwd"));
|
exec('grep ' . escapeshellarg($system_account) . ' /etc/passwd >> ' . escapeshellarg("/home/$system_account/etc/passwd"));
|
||||||
foreach(['.ssh', 'data', 'Maildir'] as $dir){
|
foreach(['.ssh', 'data', 'Maildir'] as $dir){
|
||||||
|
|||||||
@ -19,7 +19,8 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
|
|||||||
</head><body>
|
</head><body>
|
||||||
<h1>Hosting - Info</h1>
|
<h1>Hosting - Info</h1>
|
||||||
<p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
|
<p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
|
||||||
<p>After the hack that took place on November 15th, the hosting is finally back. There are just a few more things that need to be done before I can enable account registration. Due to a temporary loss of motivation in mid-december I'm behind schedule by about 2 weeks as initially planned, but new year, new opportunity. Registrations will open soon, once the last necessary changes are done, stay tuned.</p>
|
<p><b>The waiting has an end - Happy new Year and Hosting!</b></p>
|
||||||
|
<p>This is a completely fresh installation with many changes done to the internals of how the hosting works. Not everything is working 100% yet, please be patient. To those coming here for the first time since 15th November and are wondering what happened to their account, see <a href="https://www.zdnet.com/article/popular-dark-web-hosting-provider-got-hacked-6500-sites-down/" target="_blank">here</a>.</p>
|
||||||
<p>Here you can get yourself a hosting account on my server.</p>
|
<p>Here you can get yourself a hosting account on my server.</p>
|
||||||
<p>What you will get:</p>
|
<p>What you will get:</p>
|
||||||
<ul>
|
<ul>
|
||||||
|
|||||||
@ -169,7 +169,7 @@ foreach(PHP_VERSIONS as $key => $version){
|
|||||||
<?php echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : ''; ?>
|
<?php echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : ''; ?>
|
||||||
</textarea>
|
</textarea>
|
||||||
</label></td></tr>
|
</label></td></tr>
|
||||||
<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>
|
<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="https://danwin1210.me/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>
|
||||||
<tr><td colspan="2"><input type="submit" value="Register"></td></tr>
|
<tr><td colspan="2"><input type="submit" value="Register"></td></tr>
|
||||||
</table></form>
|
</table></form>
|
||||||
</body></html>
|
</body></html>
|
||||||
|
|||||||
@ -233,7 +233,10 @@ php_admin_value[open_basedir] = /usr/share/adminer:/tmp
|
|||||||
echo "Updating chroots, this might take a while…\n";
|
echo "Updating chroots, this might take a while…\n";
|
||||||
exec('/var/www/setup_chroot.sh /var/www');
|
exec('/var/www/setup_chroot.sh /var/www');
|
||||||
$stmt=$db->query('SELECT system_account FROM users;');
|
$stmt=$db->query('SELECT system_account FROM users;');
|
||||||
|
$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
|
||||||
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
|
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
|
||||||
|
echo "Updating chroot for user $tmp[system_account]…\n";
|
||||||
|
exec('usermod -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($tmp['system_account']));
|
||||||
exec('/var/www/setup_chroot.sh ' . escapeshellarg('/home/'.$tmp['system_account']));
|
exec('/var/www/setup_chroot.sh ' . escapeshellarg('/home/'.$tmp['system_account']));
|
||||||
exec('grep ' . escapeshellarg($tmp['system_account']) . ' /etc/passwd >> ' . escapeshellarg("/home/$tmp[system_account]/etc/passwd"));
|
exec('grep ' . escapeshellarg($tmp['system_account']) . ' /etc/passwd >> ' . escapeshellarg("/home/$tmp[system_account]/etc/passwd"));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -102,6 +102,7 @@ BINARIES_GENERAL=(
|
|||||||
'/usr/bin/unzip'
|
'/usr/bin/unzip'
|
||||||
'/usr/bin/curl'
|
'/usr/bin/curl'
|
||||||
'/usr/bin/rsync'
|
'/usr/bin/rsync'
|
||||||
|
'/usr/bin/scp'
|
||||||
'/usr/bin/wget'
|
'/usr/bin/wget'
|
||||||
'/usr/bin/php7.3'
|
'/usr/bin/php7.3'
|
||||||
'/usr/bin/mysql'
|
'/usr/bin/mysql'
|
||||||
|
|||||||
Reference in New Issue
Block a user