ctf-chal-ji/docker/Dockerfile
david 6c15c4cb33 * hardened the web app
* Disabled bash history for agent and apache users
2025-10-16 21:30:00 +02:00

98 lines
2.3 KiB
Docker

FROM alpine:3.20
ENV MYSQL_ROOT_PASSWORD=39gknzLD
ENV MYSQL_DATABASE=app
RUN apk update && apk upgrade && \
apk add --no-cache \
apache2 \
apache2-ssl \
curl \
vim \
bash \
supervisor \
openssh \
sudo \
php82 \
php82-mysqli \
php82-apache2 \
php82-session \
iputils \
shadow \
&& rm -rf /var/cache/apk/*
# the user players will need to have access as
RUN useradd -m -s /bin/bash agent \
&& echo "agent:secure" | chpasswd
# apache2 config to change default 80 port to 8080
RUN sed -i 's/^Listen 80/Listen 8080/' /etc/apache2/httpd.conf && sed -i 's/80/8080/g' /etc/apache2/conf.d/*.conf || true
# remove default apache2 index.html
RUN rm -f /var/www/localhost/htdocs/index.html
# enable php module in apache
RUN echo "LoadModule php_module /usr/lib/apache2/mod_php82.so" > /etc/apache2/conf.d/php.conf
# copy the app
COPY ./www/ /var/www/localhost/htdocs/
# add ssh key otherwise it does not work
RUN ssh-keygen -A
# give upload permissions to the apache user
RUN chown -R apache:apache /var/www/localhost/htdocs/confidential/uploads \
&& chmod -R 755 /var/www/localhost/htdocs/confidential/uploads
# give permissions to access the agent user to apache
RUN usermod -aG agent apache && chmod 750 /home/agent
RUN mkdir /var/run/sshd
# (suggestion)
# for the privesc, vim allowed to be ran with sudo without password
# https://gtfobins.github.io/gtfobins/vim/
RUN echo 'agent ALL=(ALL) NOPASSWD: /usr/bin/vim, /usr/bin/sudo -l' > /etc/sudoers.d/agent \
&& chmod 0440 /etc/sudoers.d/agent
# disable bash history for non root users
RUN echo 'export HISTFILE=/dev/null' >> /etc/bash/bashrc \
&& echo 'unset HISTSIZE' >> /etc/bash/bashrc \
&& echo 'unset HISTFILESIZE' >> /etc/bash/bashrc
# copy the agent user creds and set 777 suid
COPY ./config/creds.txt /home/agent/
RUN chmod 777 /home/agent/creds.txt
# copy the secret codes and set suid
COPY ./config/codes.txt /root/
RUN chown root:root /root/codes.txt
RUN mkdir -p /run/httpd && chown apache:apache /run/httpd
# 22 port -> ssh, 8080 port -> webserver
EXPOSE 22
EXPOSE 8080
# config of supervisord to have both apache2 and sshd services running
COPY config/supervisord.conf /etc/supervisor.d/httpd.ini
# start supervisord
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor.d/httpd.ini"]