Инструкция о том как настроить в kali: изолированную сеть и многопользовательский apache, для установки таких вещей как dvwa. Установим нужный софт Code: root@localhost:~# apt install apache2 libapache2-mod-php libapache2-mpm-itk mariadb-server php-mysql Немного настроим после установки diff apache2/ports.conf /etc/apache2/ports.conf Code: 5c5,6 < Listen 80 --- > Listen 127.0.0.1:80 > ServerName localhost Инфа по изоляции сети и стартеров для демонов ip-netns (8) - Process network namespace management systemd.service (5) - Service unit configuration systemd.unit (5) - Unit configuration Стартер для создания изолированной сети Code: user@localhost:~$ sudo screen root@localhost:~# cat > /lib/systemd/system/isolator.service << "EOF" [Unit] Description=Isolator After=network.target [Service] RemainAfterExit=yes ExecStart=/usr/bin/ip netns add isolator ExecStartPost=/usr/bin/ip netns exec isolator /usr/sbin/ifconfig lo up 127.0.0.1/8 ExecStop=/usr/bin/ip netns delete isolator [Install] WantedBy=multi-user.target EOF Создадим запускатель программ в изоляторе Code: root@localhost:~# cat > /usr/local/sbin/in_isolator << "EOF" #!/bin/sh if [ -n "${1}" ] && [ -z "${2}" ]; then /usr/bin/ip netns exec isolator ${1} exit $? fi if [ -n "${1}" ] && [ -n "${2}" ] && [ -n "${3}" ] && [ -z "${4}" ]; then /usr/bin/ip netns exec isolator su -s "/bin/sh" -g "${2}" -c "${3}" "${1}" exit $? fi exit 255 EOF root@localhost:~# chmod 755 /usr/local/sbin/in_isolator Проверим работу изолятора Code: root@localhost:~# sudo in_isolator screen root@localhost:~# ifconfig -a Настроим запуск apache2 в изоляторе Code: root@localhost:~# cat > /lib/systemd/system/apache2-isolated.service << "EOF" [Unit] Description=Apache After=isolator.service [Service] RemainAfterExit=yes Environment=APACHE_STARTED_BY_SYSTEMD=true ExecStart=/usr/bin/ip netns exec isolator /usr/sbin/apachectl start ExecStop=/usr/bin/ip netns exec isolator /usr/sbin/apachectl graceful-stop ExecReload=/usr/bin/ip netns exec isolator /usr/sbin/apachectl graceful [Install] WantedBy=multi-user.target EOF root@localhost:~# systemctl start apache2-isolated root@localhost:~# systemctl enable apache2-isolated Настроим запуск mariadb в изоляторе Code: root@localhost:~# cat > /lib/systemd/system/mariadb-isolated.service << "EOF" [Unit] Description=MariaDB After=isolator.service [Service] ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld ExecStart=/usr/bin/ip netns exec isolator su -c /usr/sbin/mariadbd -s /bin/sh -g mysql mysql ExecStop=/bin/sh -c "/bin/kill -SIGTERM `/bin/cat /var/run/mysqld/mysqld.pid`" [Install] WantedBy=multi-user.target EOF root@localhost:~# systemctl start mariadb-isolated root@localhost:~# systemctl enable mariadb-isolated Проверим работу apache2 и mariadb Code: root@localhost:~# sudo in_isolator screen root@localhost:~# netstat -antup Сделаем профиль isolator браузеру Code: user@localhost:~$ firefox --ProfileManager Сделаем стартер браузеру Code: root@localhost:~# cat > /usr/local/sbin/firefox-isolated << "EOF" /usr/local/sbin/in_isolator user users "/usr/bin/firefox -P isolator" EOF root@localhost:~# chmod 755 /usr/local/sbin/firefox-isolated Проверим работу браузера на localhost Code: user@localhost:~$ sudo /usr/local/sbin/firefox-isolated Настроим apache2 diff old/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf Code: 9a10,11 > > AssignUserID nobody nogroup diff old/apache2/apache2.conf /etc/apache2/apache2.conf Code: 115,116c115,116 < User ${APACHE_RUN_USER} < Group ${APACHE_RUN_GROUP} --- > #User ${APACHE_RUN_USER} > #Group ${APACHE_RUN_GROUP} Code: root@localhost:~# systemctl restart apache2-isolated Сделаем проверку пользователя Code: root@localhost:~# cat > /var/www/html/index.php << "EOF" <?php var_dump(['uid' => posix_getuid(), 'gid' => posix_getgid()]); EOF root@localhost:~# chown www-data:www-data /var/www/html/index.html root@localhost:~# chmod 640 /var/www/html/index.html Проверяем http://localhost/index.php и http://localhost/index.html Настроим папку для сайтов diff old/apache2/apache2.conf /etc/apache2/apache2.conf Code: 176,180c176,180 < #<Directory /srv/> < # Options Indexes FollowSymLinks < # AllowOverride None < # Require all granted < #</Directory> --- > <Directory /srv/> > Options Indexes FollowSymLinks > AllowOverride None > Require all granted > </Directory> Code: root@localhost:~# systemctl restart apache2-isolated Создадим типовой сайт Code: root@localhost:~# mkdir -m 750 -v /srv/nobody && \ chown -v root:nogroup /srv/nobody && \ mkdir -m 770 -v /srv/nobody/www && \ chown -v root:nogroup /srv/nobody/www &&\ mkdir -m 760 -v /srv/nobody/log && \ chown -v root:nogroup /srv/nobody/log diff apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf Code: 1c1 < <VirtualHost *:80> --- > <VirtualHost 127.0.0.1:80> 9c9,11 < #ServerName www.example.com --- > ServerName nobody.localhost > > AssignUserID nobody nogroup 12c14 < DocumentRoot /var/www/html --- > DocumentRoot /srv/nobody/www 20,21c22,23 < ErrorLog ${APACHE_LOG_DIR}/error.log < CustomLog ${APACHE_LOG_DIR}/access.log combined --- > ErrorLog /srv/nobody/log/error.log > CustomLog /srv/nobody/log/access.log combined 28a31,33 > > php_value error_reporting "32767" > php_flag display_errors on Code: root@localhost:~# systemctl restart apache2-isolated Настроим почту Code: root@localhost:~# mkdir /srv/mail && \ chmod 777 /srv/mail && \ chmod +t /srv/mail diff old/php/8.2/apache2/php.ini /etc/php/8.2/apache2/php.ini Code: 1095c1095 < ;sendmail_path = --- > sendmail_path = /usr/local/bin/sendmail_cap Code: root@localhost:~# systemctl restart apache2-isolated Code: root@localhost:~# touch /usr/local/bin/sendmail_cap && \ chmod 755 /usr/local/bin/sendmail_cap && \ vim /usr/local/bin/sendmail_cap /usr/local/bin/sendmail_cap Code: #!/usr/bin/php <?php define('MAIL_DIR_NAME', '/srv/mail'); $contents = file_get_contents("php://stdin"); if (!is_string($contents)) { trigger_error("can't get contents from stdin", E_USER_ERROR); exit(255); } $uid = posix_getuid(); if (!is_int($uid)) { trigger_error("can't get uid", E_USER_ERROR); exit(255); } $a = posix_getpwuid($uid); if (!is_array($a)) { trigger_error("can't get info about a user by user id", E_USER_ERROR); exit(255); } $user_name = $a['name']; $date = date("Y.m.d-H:i.s"); $prefix = "{$date}-{$user_name}"; $string = '1234567890QWERTYUIOPASDFGHJKLZXCVBNM1234567890'; $id = ''; $max = strlen($string) - 1; for($i = 0; $i < 4; $i++) { $number = rand(0, $max); $id = $id . substr($string, $number, 1); } $mail_file_name = MAIL_DIR_NAME."/{$prefix}.{$id}"; $r = file_put_contents($mail_file_name, $contents); if (!is_int($r)) { trigger_error("can't put mail content to file", E_USER_ERROR); exit(255); } $r = chmod($mail_file_name, 0400); if (!$r) { trigger_error("can't change mode to mail file", E_USER_ERROR); exit(255); } exit(0); Тестируем Code: user@localhost:~$ sudo -u nobody bash root@localhost:~# cat > /srv/nobody/www/index.php << "EOF" <?php user_error("Test error message"); var_dump(mail('[email protected]', 'Test subject', 'Test message')); EOF Убираем тестовый сайт Code: root@localhost:~# a2dissite 000-default root@localhost:~# rm -r /srv/nobody root@localhost:~# systemctl restart apache2-isolated Создаём новый сайт Code: root@localhost:~# mkdir /srv/dvwa root@localhost:~# adduser \ --comment "" \ --disabled-login \ --disabled-password \ --firstgid 33000 \ --firstuid 33000 \ --home /srv/dvwa \ --no-create-home \ --shell /bin/false \ dvwa root@localhost:~# deluser dvwa users Code: root@localhost:~# chmod 750 /srv/dvwa && \ chown root:dvwa /srv/dvwa && \ mkdir -m 770 /srv/dvwa/www && \ chown root:dvwa /srv/dvwa/www &&\ mkdir -m 760 /srv/dvwa/log && \ chown root:dvwa /srv/dvwa/log Code: root@localhost:~# cat > /etc/apache2/sites-available/001-dvwa.conf << "EOF" <VirtualHost 127.0.0.1:80> ServerName dvwa.localhost AssignUserID dvwa dvwa ServerAdmin webmaster@localhost DocumentRoot /srv/dvwa/www ErrorLog /srv/dvwa/log/error.log CustomLog /srv/dvwa/log/access.log combined php_value error_reporting "32767" php_flag display_errors on </VirtualHost> EOF Code: root@localhost:~# a2ensite 001-dvwa root@localhost:~# systemctl restart apache2-isolated Code: root@localhost:~# \ USER="dvwa" PASSWORD=`apg -a 0 -n 1 -m 6 -x 6 -M NCL` DATABASE="dvwa" QUERY=" CREATE DATABASE \`${DATABASE}\`; CREATE USER \`${USER}\`@\`localhost\` IDENTIFIED BY '${PASSWORD}'; GRANT ALL ON \`${DATABASE}\`.* TO \`${USER}\`@\`localhost\`; " root@localhost:~# echo "${QUERY}" | mysql -v root@localhost:~# echo "database: ${DATABASE} user: ${USER} password: ${PASSWORD}" >> /root/password Code: user@localhost:~$ sudo -u dvwa /bin/bash dvwa@localhost:~$ cd ~/www dvwa@localhost:~$ wget https://github.com/digininja/DVWA/archive/master.zip dvwa@localhost:~$ unzip master.zip dvwa@localhost:~$ mv DVWA-master/* ./ dvwa@localhost:~$ mv DVWA-master/\.[a-z]* ./ dvwa@localhost:~$ rmdir DVWA-master dvwa@localhost:~$ cp config/config.inc.php.dist config/config.inc.php dvwa@localhost:~$ vim.tiny config/config.inc.php dvwa@localhost:~$ exit Открываем в браузере http://dvwa.localhost/ и начинаем исследовать
