mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-25 00:08:47 +00:00
rc1
This commit is contained in:
parent
198a55c594
commit
b043420878
@ -1,4 +1,4 @@
|
||||
0.5.1 - 2022-04-00
|
||||
0.4.6 - 2023-05-08
|
||||
* SF-UI alpha
|
||||
* SetEnv HIDEIP, HUSHLOGIN, PRJ, TOKEN
|
||||
* NOVPN/DIRECT support
|
||||
@ -8,13 +8,13 @@
|
||||
* Avoid port 53 traffic to VPNs that mangle with DNS
|
||||
* Fixed ARP MITM (thanks extencil@proton.thc.org)
|
||||
|
||||
0.4.4 - 2022-03-00
|
||||
0.4.4 - 2023-03-00
|
||||
* Updated for quarterly Kali-latest
|
||||
* pipx, xpra and pwndbg update
|
||||
* SSHD master/NameSpace fix
|
||||
* Redis via unix domain socket only
|
||||
|
||||
0.4.3 - 2022-02-21
|
||||
0.4.3 - 2023-02-21
|
||||
* kali-linux-everything
|
||||
* sshd to user's network namespace
|
||||
* Better cgroups (encfs/blkio, slices, cpus=)
|
||||
|
2
Makefile
2
Makefile
@ -1,4 +1,4 @@
|
||||
VER := 0.4.5b3
|
||||
VER := 0.4.6
|
||||
|
||||
all:
|
||||
make -C router
|
||||
|
@ -36,6 +36,7 @@ rm -rf /root /home
|
||||
mkdir -p /sec
|
||||
cp -a /etc/skel /sec/root
|
||||
ln -s /sec/root /root
|
||||
cd . # Prevent 'getcwd() failed' after deleting my own directory
|
||||
ln -s /sec/home /home
|
||||
|
||||
echo "NOT ENCRYPTED" >/sec/THIS-DIRECTORY-IS-NOT-ENCRYPTED--DO-NOT-USE.txt
|
||||
|
@ -11,9 +11,10 @@ SF_BASEDIR=${HOME}/segfault
|
||||
#SF_FQDN=CHANGEME.segfault-net
|
||||
## Route TOR VIA VPN (the default it to route directly to Internet)
|
||||
#SF_TOR_VIA_VPN=
|
||||
## Use no VPN at all and route directly to the Internet.
|
||||
#SF_DIRECT=
|
||||
## Obtain the private key by executing:
|
||||
## docker run --rm --cap-add=NET_ADMIN -e USER=XXX -e PASS=YYY bubuntux/nordvpn:get_private_key
|
||||
#SF_DIRECT=1
|
||||
#SF_NORDVPN_PRIVATE_KEY=
|
||||
## Obtain the config by executing:
|
||||
## docker run --rm --e CRYPTOSTORM_TOKEN=XXX --entrypoint /getkey.sh hackerschoice/cryptostorm
|
||||
|
@ -33,6 +33,7 @@ source /dev/shm/net-devs.txt || exit
|
||||
set -e
|
||||
# Delete stale iptables-FORWARD rule for this C_IP (if it exist then it would go to wrong chain)
|
||||
[[ -e "${IPT_FN}" ]] && iptables -D FORWARD -i "${DEV_LG}" -s "${C_IP}" -p tcp --syn -j "$(<"$IPT_FN")"
|
||||
# New chain must be hit before our global SYN-limit chain => Use '-I FORWARD 1'
|
||||
iptables -I FORWARD 1 -i "${DEV_LG}" -s "${C_IP}" -p tcp --syn -j "${CHAIN}"
|
||||
|
||||
# Save chain name
|
||||
|
@ -113,7 +113,7 @@ lgwall()
|
||||
|
||||
# Enter a docker network namespace
|
||||
# [container] <cmd ...>
|
||||
dnenter()
|
||||
netns()
|
||||
{
|
||||
local pid
|
||||
local c_id
|
||||
@ -123,14 +123,16 @@ dnenter()
|
||||
|
||||
shift 1
|
||||
pid=$(docker inspect -f '{{.State.Pid}}' "${c_id:?}") || return
|
||||
[[ ${#} -le 0 ]] && {
|
||||
env HISTFILE=/dev/null nsenter -t "${pid}" -a bash -il
|
||||
return
|
||||
}
|
||||
# [[ ${#} -le 0 ]] && {
|
||||
# env HISTFILE=/dev/null nsenter -t "${pid}" -a bash -il
|
||||
# return
|
||||
# }
|
||||
|
||||
# str=$(head -n1 "/proc/${pid}/cgroup")
|
||||
# FIXME: '*' wont work if there are more than 1 cgroup.
|
||||
# cgexec --sticky -g "*:${str##*:}" nsenter -t "${pid}" -a "${cmd[@]}"
|
||||
# nsenter -C doesnt seem to be sticky: Child processes run as /user.slice rather then
|
||||
# the slice of the spawned 'bash' (/sf.slice) -> That's contrary to the man page.
|
||||
nsenter -t "${pid}" -n "$@"
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user