* adjusted dockerfile to alpine

* removed gallery.php which was no longer needed
 * To do : fix apache dying on alpine. Due to missing php lib

config/supervisord.conf

@@ -3,8 +3,12 @@ nodaemon=true
 
 [program:sshd]
 command=/usr/sbin/sshd -D
+autostart=true
 autorestart=true
+priority=20
 
 [program:apache2]
-command=/usr/sbin/apache2ctl -D FOREGROUND
+command=/usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf
+autostart=true
 autorestart=true
+priority=10

docker/Dockerfile

@@ -1,66 +1,68 @@
-FROM ubuntu:24.04
+FROM alpine:3.20
 
-ENV DEBIAN_FRONTEND=noninteractive
 ENV MYSQL_ROOT_PASSWORD=39gknzLD
 ENV MYSQL_DATABASE=app
 
 
-RUN apt update && apt upgrade -y && \
+RUN apk update && apk upgrade && \
-    apt install -y \
+    apk add --no-cache \
     apache2 \
+    apache2-ssl \
     curl \
-    nano \
     vim \
+    bash \
     supervisor \
-    openssh-server \
+    openssh \
     sudo \
-    php-mysql\
+    php82 \
-    cowsay \
+    php82-mysqli \
-    php \
+    php82-apache2 \
-    iputils-ping \
+    php82-session \
-    && rm -rf /var/lib/apt/lists/*
+    iputils \
+    shadow \
+    && rm -rf /var/cache/apk/*
 
 # the user players will need to have access as
 
-
 RUN useradd -m -s /bin/bash agent \
 && echo "agent:secure" | chpasswd
 
 # apache2 config to change default 80 port to 8080
 
-RUN sed -i 's/^Listen 80/Listen 8080/' /etc/apache2/ports.conf
+RUN sed -i 's/^Listen 80/Listen 8080/' /etc/apache2/httpd.conf  && sed -i 's/80/8080/g' /etc/apache2/conf.d/*.conf || true
-
-RUN sed -i 's/<VirtualHost \*:80>/<VirtualHost *:8080>/' /etc/apache2/sites-available/000-default.conf
-
 # remove default apache2 index.html
 
-RUN rm /var/www/html/index.html
+RUN rm -f /var/www/localhost/htdocs/index.html
 
-# enable php module
+# enable php module in apache
-RUN ls /etc/apache2/mods-enabled/
+
-RUN a2enmod php*
+RUN echo "LoadModule php_module /usr/lib/php82/libphp.so" > /etc/apache2/conf.d/php.conf
 
 # copy the app
 
-COPY ./www/ /var/www/html/
+COPY ./www/ /var/www/localhost/htdocs/
 
-# give upload permissions to the www-data user
+# add ssh key otherwise it does not work
 
-RUN chown -R www-data:www-data /var/www/html/confidential/uploads && chmod -R 755 /var/www/html/confidential/uploads
+RUN ssh-keygen -A
 
-# give permissions to access the agent user to www-data
 
-RUN usermod -aG agent www-data && chmod 750 /home/agent
+# give upload permissions to the apache user
+
+RUN chown -R apache:apache /var/www/localhost/htdocs/confidential/uploads \
+    && chmod -R 755 /var/www/localhost/htdocs/confidential/uploads
+# give permissions to access the agent user to apache
+
+RUN usermod -aG agent apache && chmod 750 /home/agent
 
 RUN mkdir /var/run/sshd
 
 # (suggestion)
-# for the privesc, cowsay allowed to be ran with sudo without password
+# for the privesc, vim allowed to be ran with sudo without password
-# https://gtfobins.github.io/gtfobins/cowsay/
+# https://gtfobins.github.io/gtfobins/vim/
 
-RUN printf 'agent ALL=(ALL) NOPASSWD: /usr/games/cowsay, /usr/bin/sudo -l\n' > /etc/sudoers.d/agent && \
+RUN echo 'agent ALL=(ALL) NOPASSWD: /usr/bin/vim, /usr/bin/sudo -l' > /etc/sudoers.d/agent \
-    chmod 0440 /etc/sudoers.d/agent && \
+    && chmod 0440 /etc/sudoers.d/agent
-    visudo -cf /etc/sudoers.d/agent
 
 # copy the agent user creds and set 777 suid
 
@@ -80,7 +82,7 @@ EXPOSE 8080
 
 # config of supervisord to have both apache2 and sshd services running
 
-COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+COPY config/supervisord.conf /etc/supervisor.d/httpd.ini
 
 # start supervisord
 CMD ["/usr/bin/supervisord", "-n"]

www/gallery.php

@@ -1,49 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<?php
-session_start();
-?>
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Tux gallery !</title>
-    <link rel="stylesheet" href="static/css/stylesheet.css">
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
-</head>
-<body>
-    <?php include 'include/nav.php'?>
-
-    <div class="wrapper">
-        <section class="info-part">
-            <h1>Tux gallery</h1>
-            <p>Tux is awesome ! So I made this extremely secure gallery app.</p>
-            <?php if (empty($_SESSION['username'])): ?>
-                You can also add tux pictures to the gallery, first <a href="login.php">login</a> and then you should be able to upload a new image of tux.
-            <?php else: ?>
-                First navigate to the <a href="admin/upload.php">upload.php</a> page and upload your tux image from there!
-            <?php endif; ?>
-        </section>
-        <hr>
-        <section class="gallery-part">
-            <div class="gallery">
-            <?php
-                foreach (new DirectoryIterator('static/img/gallery') as $file) {
-                    if($file->isDot()) continue;
-                        print '<img class="tux-img" src="/static/img/gallery/'. $file->getFilename() . '" onerror="this.onerror=null;this.src=`/static/img/fallback.png`;" data-original="/static/img/gallery/'. $file->getFilename() .'">'; // to do, is there an 'fstring' like for php ? just like in python
-                    } // xss ? i call it a feature
-            ?>
-            </div>
-        </section>
-    </div>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/js/bootstrap.bundle.min.js" integrity="sha384-FKyoEForCGlyvwx9Hj09JcYn3nv7wiPVlz7YYwJrWVcXK/BmnVDxM+D2scQbITxI" crossorigin="anonymous"></script>
-<script>
-    window.addEventListener("load", () => {
-        Array.from(document.getElementsByClassName("tux-img")).forEach(img => {
-            img.addEventListener('click', function() {
-                window.open(img.dataset.original);
-            });
-        });
-    });
-</script>
-</body>
-</html>