setup syslog in hackerlab for class4

stratosphereips · Oct 16, 2024 · f41e84c · f41e84c
1 parent 73793d0
commit f41e84c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/hackerlab/Dockerfile b/hackerlab/Dockerfile
@@ -3,7 +3,7 @@ FROM debian:bookworm
 COPY data /data
 
 RUN apt update && \
-    apt install -y openssh-server curl vim nano nmap net-tools iputils-ping htop netcat-traditional dnsutils less tcpdump tmux wget iproute2 python3-pip git ncat
+    apt install -y openssh-server curl vim nano nmap net-tools iputils-ping htop netcat-traditional dnsutils less tcpdump tmux wget iproute2 python3-pip git ncat rsyslog attr
 
 ENV TERM=xterm-256color
 RUN echo "PS1='\e[92m\u\e[0m@\e[94m\h\e[0m:\e[35m\w\e[0m# '" >> /root/.bashrc
@@ -14,10 +14,23 @@ RUN mkdir -p /root/.ssh
 COPY config/sshd_config /etc/ssh/sshd_config
 COPY config/banner /etc/banner
 COPY tools/tcpdump-colorize.pl /usr/bin/tcpdump-colorize.pl
+COPY start.sh /root/.start-container.sh
+
+# 1. Init utmp logging (for "w" command)
+# 2. Disable kernel logging for syslog (not supported in container environment)
+# 3. Set locale lang to avoid errors in auth.log
+# 4. Disable systemd in PAM because systemd is not running in the container
+# 5. Set readenv attribute to false to avoid deprecated warnings in auth.log
+RUN touch /var/run/utmp && \
+    sed -i '/imklog/ s/^/#/' /etc/rsyslog.conf && \
+    echo "LANG=en_US.UTF-8" > /etc/default/locale && \
+    sed -i '/pam_systemd.so/ s/^/#/' /etc/pam.d/common-session && \
+    sed -i 's/user_readenv=1/user_readenv=0/' /etc/pam.d/sshd
+
 
 # easy flag for a hello world challenge
 RUN echo "BSY{6JmUwlxDMqAi7LGKyDifntSZuFCku7KaTbnYxkSvziYBLg4AwCjubDeBQHxE}" > ~/.flag.txt
 
 RUN echo "root:ByteThem123" | chpasswd
 
-CMD ["/usr/sbin/sshd", "-D"]
+CMD ["/root/.start-container.sh"]
diff --git a/hackerlab/start.sh b/hackerlab/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+rsyslogd
+
+/usr/sbin/sshd -D