From f41e84c4bbd3f30b6d322bef2a4af651816f773a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20=C5=98epa?= <repa.martin@protonmail.ch>
Date: Wed, 16 Oct 2024 11:51:07 +0200
Subject: [PATCH] setup syslog in hackerlab for class4

---
 hackerlab/Dockerfile | 17 +++++++++++++++--
 hackerlab/start.sh   |  5 +++++
 2 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100755 hackerlab/start.sh

diff --git a/hackerlab/Dockerfile b/hackerlab/Dockerfile
index 773cd62..7d0ce7d 100644
--- a/hackerlab/Dockerfile
+++ b/hackerlab/Dockerfile
@@ -3,7 +3,7 @@ FROM debian:bookworm
 COPY data /data
 
 RUN apt update && \
-    apt install -y openssh-server curl vim nano nmap net-tools iputils-ping htop netcat-traditional dnsutils less tcpdump tmux wget iproute2 python3-pip git ncat
+    apt install -y openssh-server curl vim nano nmap net-tools iputils-ping htop netcat-traditional dnsutils less tcpdump tmux wget iproute2 python3-pip git ncat rsyslog attr
 
 ENV TERM=xterm-256color
 RUN echo "PS1='\e[92m\u\e[0m@\e[94m\h\e[0m:\e[35m\w\e[0m# '" >> /root/.bashrc
@@ -14,10 +14,23 @@ RUN mkdir -p /root/.ssh
 COPY config/sshd_config /etc/ssh/sshd_config
 COPY config/banner /etc/banner
 COPY tools/tcpdump-colorize.pl /usr/bin/tcpdump-colorize.pl
+COPY start.sh /root/.start-container.sh
+
+# 1. Init utmp logging (for "w" command)
+# 2. Disable kernel logging for syslog (not supported in container environment)
+# 3. Set locale lang to avoid errors in auth.log
+# 4. Disable systemd in PAM because systemd is not running in the container
+# 5. Set readenv attribute to false to avoid deprecated warnings in auth.log
+RUN touch /var/run/utmp && \
+    sed -i '/imklog/ s/^/#/' /etc/rsyslog.conf && \
+    echo "LANG=en_US.UTF-8" > /etc/default/locale && \
+    sed -i '/pam_systemd.so/ s/^/#/' /etc/pam.d/common-session && \
+    sed -i 's/user_readenv=1/user_readenv=0/' /etc/pam.d/sshd
+
 
 # easy flag for a hello world challenge
 RUN echo "BSY{6JmUwlxDMqAi7LGKyDifntSZuFCku7KaTbnYxkSvziYBLg4AwCjubDeBQHxE}" > ~/.flag.txt
 
 RUN echo "root:ByteThem123" | chpasswd
 
-CMD ["/usr/sbin/sshd", "-D"]
\ No newline at end of file
+CMD ["/root/.start-container.sh"]
\ No newline at end of file
diff --git a/hackerlab/start.sh b/hackerlab/start.sh
new file mode 100755
index 0000000..efb5902
--- /dev/null
+++ b/hackerlab/start.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+rsyslogd
+
+/usr/sbin/sshd -D
\ No newline at end of file