From 988d7f2e26bb20d476332a9700a36cbff456d868 Mon Sep 17 00:00:00 2001
From: ben <ben@mailliet.ovh>
Date: Wed, 28 Dec 2022 14:19:03 +0100
Subject: [PATCH] Set correct TimeZone conf

---
 Dockerfile      | 18 ++++++++++++------
 make.conf       | 21 +++++++++++++++++++++
 makefile        | 32 ++++++++------------------------
 src/issue.net   | 12 ++++++++++++
 src/secure.conf |  7 +++++++
 src/start.sh    |  4 ++++
 6 files changed, 64 insertions(+), 30 deletions(-)
 create mode 100644 make.conf
 create mode 100644 src/issue.net
 create mode 100644 src/secure.conf
 create mode 100755 src/start.sh

diff --git a/Dockerfile b/Dockerfile
index 8378f8b..a8a9a9e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,16 +5,22 @@ MAINTAINER BeN
 RUN apt-get clean && apt-get update && apt-get -y upgrade
 
 RUN apt-get install -y \
-    openssh-server
+    openssh-server \
+    inetutils-syslogd \
+    sudo
 
 RUN apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN useradd -rm -d /home/ben -s /bin/bash -g 100 -u 1000 ben && \
+ echo "ben ALL=NOPASSWD: ALL" > /etc/sudoers.d/ben
 
-RUN useradd -rm -d /home/ben -s /bin/bash -g root -G sudo -u 1000 ben
+#RUN  echo 'ben:ben' | chpasswd
 
-RUN  echo 'ben:ben' | chpasswd
+RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config 
+COPY src/issue.net /etc/issue.net
+COPY src/secure.conf /etc/ssh/sshd_config.d/secure.conf
+COPY src/start.sh /start.sh
 
 RUN service ssh start
-
 EXPOSE 22
-
-CMD ["/usr/sbin/sshd","-D"]
+#CMD ["/usr/sbin/sshd","-D", "-e"]
+CMD ["/start.sh"]
diff --git a/make.conf b/make.conf
new file mode 100644
index 0000000..d21cf22
--- /dev/null
+++ b/make.conf
@@ -0,0 +1,21 @@
+IMAGE=openssh
+
+CONTNAME=$(IMAGE)-1
+
+DATAVOLUME=/home/_dockervol/openssh
+
+STARTOPT= \
+--hostname bastion \
+-e TZ="Europe/Paris" \
+-p 22122:22 \
+-v $(DATAVOLUME)/homeben:/home/ben \
+-v $(DATAVOLUME)/etcssh/ssh_host_ecdsa_key:/etc/ssh/ssh_host_ecdsa_key \
+-v $(DATAVOLUME)/etcssh/ssh_host_ecdsa_key.pub:/etc/ssh/ssh_host_ecdsa_key.pub \
+-v $(DATAVOLUME)/etcssh/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key \
+-v $(DATAVOLUME)/etcssh/ssh_host_ed25519_key.pub:/etc/ssh/ssh_host_ed25519_key.pub \
+-v $(DATAVOLUME)/etcssh/ssh_host_rsa_key:/etc/ssh/ssh_host_rsa_key \
+-v $(DATAVOLUME)/etcssh/ssh_host_rsa_key.pub:/etc/ssh/ssh_host_rsa_key.pub \
+-v $(DATAVOLUME)/log/ssh.log:/var/log/ssh.log \
+-v $(DATAVOLUME)/log/auth.log:/var/log/auth.log \
+--name $(CONTNAME) \
+$(IMAGE)
diff --git a/makefile b/makefile
index f891dc5..0df691a 100644
--- a/makefile
+++ b/makefile
@@ -1,32 +1,13 @@
-#########################################
-#VARIABLES: CAN BE EDITED
-#########################################
-
-CONTAINER=test
-
-CONTNAME=$(CONTAINER)-1
-
-DATAVOLUME=$(shell pwd)
-
-#net=host: mandatory for others containers to connect to mysql
-STARTOPT=-d \
--p 22122:22 \
---name $(CONTNAME) \
-$(CONTAINER)
-
-
-#########################################
-# ACTIONS: DO NOT EDIT BEYOND THIS POINT
-#########################################
+include make.conf
 
 build:
-	docker build -t $(CONTAINER) .
+	docker build -t $(IMAGE) .
 
 build-nocache:
-	docker build --no-cache -t $(CONTAINER) .
+	docker build --no-cache -t $(IMAGE) .
 
 run:
-	docker run $(STARTOPT)
+	docker run -d $(STARTOPT)
 
 bash:
 	docker exec -i -t $(CONTNAME) /bin/bash
@@ -41,4 +22,7 @@ clear:
 	docker rmi -f $(CONTAINER)
 
 install:
-	docker run --restart=always $(STARTOPT)
+	docker run -d --restart=always $(STARTOPT)
+
+reinstall:
+	 make stop;make delete ;make install
diff --git a/src/issue.net b/src/issue.net
new file mode 100644
index 0000000..5bf0b1d
--- /dev/null
+++ b/src/issue.net
@@ -0,0 +1,12 @@
+ * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
+THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE
+ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE
+PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR
+OTHER APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM,
+DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES
+AND DATA CONTENT BEING MONITORED. ALL PERSONS ARE HEREBY
+NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT TO
+MONITORING AND AUDITING.
+################################################################
+
+
diff --git a/src/secure.conf b/src/secure.conf
new file mode 100644
index 0000000..3f1b06f
--- /dev/null
+++ b/src/secure.conf
@@ -0,0 +1,7 @@
+PermitRootLogin no
+PermitEmptyPasswords no
+AllowTcpForwarding yes
+MaxStartups 10:30:60
+Banner /etc/issue.net
+AllowUsers ben
+LogLevel VERBOSE
diff --git a/src/start.sh b/src/start.sh
new file mode 100755
index 0000000..1bc8753
--- /dev/null
+++ b/src/start.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+/usr/sbin/syslogd
+/usr/sbin/sshd -D