前言
大家在构建Dockerfile时,会要写很多的一些设置和许多的命令,如果要构建一个docker的话,还能自己写一写,但大量的话写起来工作量就有点大了,我的大佬室友RenCvn也遇到了这种问题,于是RenCvn便编写了此脚本,意在节约构建docker的时间,经过RenCvn师傅的创作,有了以下docker构建的一个自动化脚本,亲测非常的实用,因此想写下来方便同样有困扰的师傅们.RenCvn师傅博客RenCvn
脚本
import sys
import os
import shutil
import time
def banner():
banner = '''
_______ __
/ \ / |
$$$$$$$ | ______ _______ $$ | __ ______ ______
$$ | $$ | / \ / |$$ | / | / \ / \
$$ | $$ |/$$$$$$ |/$$$$$$$/ $$ |_/$$/ /$$$$$$ |/$$$$$$ |
$$ | $$ |$$ | $$ |$$ | $$ $$< $$ $$ |$$ | $$/
$$ |__$$ |$$ \__$$ |$$ \_____ $$$$$$ \ $$$$$$$$/ $$ |
$$ $$/ $$ $$/ $$ |$$ | $$ |$$ |$$ |
$$$$$$$/ $$$$$$/ $$$$$$$/ $$/ $$/ $$$$$$$/ $$/
write by RenCvn
--help
sys.argv[1] ==> 文件路径 (必填)
sys.argv[2] ==> docker端口
sys.argv[3] ==> ubuntu版本
sys.argv[4] ==> flag
'''
print(banner)
time.sleep(1)
def success_print(content,dname):
print("\033[1;32m "+ str(content) +"\033[0m" + str(dname))
def fail_print(content):
print("\033[1;31m "+ str(content) +"\033[0m")
def remind_print(content,dname=''):
print("\033[1;33m "+ str(content) +"\033[0m" + str(dname))
def get_filename(file_path):
file_name = os.path.basename(file_path)
if file_name=='':
fail_print('[-]未获取到文件名')
exit
else:
success_print('[+]获取到文件名: ',str(file_name))
return str(file_name)
def get_file_basepath(file_path):
file_basedir = os.path.abspath(os.path.dirname(file_path))
success_print("[+]获取到文件路径: ",str(file_basedir))
return file_basedir
def mk_docker_file(path):
try:
os.mkdir(path)
success_print("[+]成功创建目录: ",str(path))
time.sleep(0.2)
except Exception as e:
remind_print("[!]已经该存在目录" + str(path))
time.sleep(0.2)
#print(xinetd_path)
def main():
banner()
file_path = sys.argv[1]
try:
port = sys.argv[2]
success_print("[+]设置端口: ",str(port))
time.sleep(0.2)
except Exception as e:
port = 10003
fail_print("[-]未发现设置端口,默认设置端口: 10003")
try:
version = sys.argv[3]
success_print("[+]设置Docker版本: ",str(version))
time.sleep(0.2)
except Exception as e:
version = 16.04
fail_print("[-]未发现设置版本,默认设置版本: 16.04")
try:
flag = sys.argv[4]
success_print("[+]设置flag文件: ",str(flag))
time.sleep(0.2)
except Exception as e:
flag = "flag{this_is_test_flag}"
fail_print("[-]未发现设置flag,默认设置flag: " + str(flag))
file_name = get_filename(file_path)
file_base_path = get_file_basepath(file_path)
docker_path = file_base_path + "/docker"
mk_docker_file(docker_path)
#print(file_base_path)
xinetd = '''service ctf
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
type = UNLISTED
port = '''+str(port)+'''
bind = 0.0.0.0
server = /usr/sbin/chroot
server_args = --userspec=1000:1000 / timeout 50 ./pwn/'''+str(file_name)+'''
banner_fail = /etc/banner_fail
# safety options
per_source = 10 # the maximum instances of this service per source IP address
rlimit_cpu = 60 # the maximum number of CPU seconds that the service may use
rlimit_as = 1024M # the Address Space resource limit for the service
#access_times = 2:00-9:00 12:00-24:00
#Instances = 20 #process limit
#per_source = 5 #link ip limit
#log warning die
log_on_success = PID HOST EXIT DURATION
log_on_failure = HOST ATTEMPT
log_type =FILE /var/log/myservice.log 8388608 15728640
}
'''
dockerfile_content = '''FROM ubuntu:'''+ str(version) +'''
RUN sed -i "s/http:\/\/archive.ubuntu.com/http:\/\/mirrors.tuna.tsinghua.edu.cn/g" /etc/apt/sources.list && \
apt-get update && apt-get -y dist-upgrade && \
apt-get install -y lib32z1 xinetd build-essential && useradd -m ctf
COPY ./'''+str(file_name)+''' /pwn/'''+str(file_name)+'''
COPY ./ctf.xinetd /etc/xinetd.d/ctf
COPY ./flag /flag
COPY ./start.sh /start.sh
RUN chmod +x /start.sh
RUN chown root:ctf /pwn/'''+str(file_name)+''' && chmod 750 /pwn/'''+str(file_name)+''' && chmod 444 /flag
RUN echo 'ctf - nproc 1500' >>/etc/security/limits.conf
ENTRYPOINT ["/start.sh"]
EXPOSE '''+str(port)+'''
'''
start_sh_content = '''#!/bin/bash
#
/etc/init.d/xinetd start;
sleep infinity;
'''
xinetd_path = docker_path + '/ctf.xinetd'
xinetd_file = open(xinetd_path,'w')
xinetd_file.write(xinetd)
xinetd_file.close()
success_print("[+]成功创建ctf.xinetd",str(xinetd_path))
time.sleep(0.2)
dockerfile_path = docker_path + '/Dockerfile'
dockerfile_file = open(dockerfile_path,'w')
dockerfile_file.write(dockerfile_content)
dockerfile_file.close()
success_print("[+]成功创建Dockerfile",str(dockerfile_path))
time.sleep(0.2)
start_sh_path = docker_path + '/start.sh'
start_sh_file = open(start_sh_path,'w')
start_sh_file.write(start_sh_content)
start_sh_file.close()
success_print("[+]成功创建start.sh",str(start_sh_path))
time.sleep(0.2)
target_path = file_base_path + '/docker/' + str(file_name)
shutil.copyfile(file_path,target_path)
success_print("[+]成功创建程序文件: ",str(file_name))
time.sleep(0.2)
os.system('chmod 777 ' + str(target_path))
flag_path = docker_path + '/flag'
flag_file = open(flag_path,'w')
flag_file.write(flag)
flag_file.close()
success_print("[+]成功创建flag: ",str(flag))
if __name__ == "__main__":
main()
通过此脚本师傅们可以自己来选择ubuntu版本,自己创建flag等一些设置,大大节约了时间成本.
此脚本要用python3来跑.
师傅们同样也可以创建快捷方式,直接用快捷键来跑此脚本,就不用在同一目录下来跑脚本了.
使用时可以通过如下命令:
$ python3 docker_static.py [文件路径](必填) [端口] [ubuntu版本] [flag设置](未设置的话会生成测试flag)
我在本地用脚本创建一个docker文件来给师傅们展示一下:
rencvn@ubuntu:~/Desktop/test$ python3 docker_static.py '/home/rencvn/Desktop/test/babystack' 10001 16.04 flag{this_is_test_flag}
_______ __
/ \ / |
$$$$$$$ | ______ _______ $$ | __ ______ ______
$$ | $$ | / \ / |$$ | / | / \ / \
$$ | $$ |/$$$$$$ |/$$$$$$$/ $$ |_/$$/ /$$$$$$ |/$$$$$$ |
$$ | $$ |$$ | $$ |$$ | $$ $$< $$ $$ |$$ | $$/
$$ |__$$ |$$ \__$$ |$$ \_____ $$$$$$ \ $$$$$$$$/ $$ |
$$ $$/ $$ $$/ $$ |$$ | $$ |$$ |$$ |
$$$$$$$/ $$$$$$/ $$$$$$$/ $$/ $$/ $$$$$$$/ $$/
write by RenCvn
--help
sys.argv[1] ==> 文件路径 (必填)
sys.argv[2] ==> docker端口
sys.argv[3] ==> ubuntu版本
sys.argv[4] ==> flag
[+]设置端口: 10001
[+]设置Docker版本: 16.04
[+]设置flag文件: flag{this_is_test_flag}
[+]获取到文件名: babystack
[+]获取到文件路径: /home/rencvn/Desktop/test
[+]成功创建目录: /home/rencvn/Desktop/test/docker
[+]成功创建ctf.xinetd/home/rencvn/Desktop/test/docker/ctf.xinetd
[+]成功创建Dockerfile/home/rencvn/Desktop/test/docker/Dockerfile
[+]成功创建start.sh/home/rencvn/Desktop/test/docker/start.sh
[+]成功创建程序文件: babystack
[+]成功创建flag: flag{this_is_test_flag}
欢迎师傅们来交流使用此脚本,感谢RenCvn师傅为我们提供方便自动化的docker搭建脚本!!