diff --git a/Dockerfile b/Dockerfile index 7e88669..2bb0655 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,8 +18,11 @@ RUN pip install --no-cache-dir -r requirements.txt COPY bashgen/app.py . COPY bashgen/templates/ ./templates/ -# Copy banner markdown files -COPY workingscope/loginbanner.md workingscope/postloginbanner.md workingscope/ +# Copy banner markdown files (prefer workingscope, fallback to templates) +COPY workingscope/loginbanner.md workingscope/postloginbanner.md workingscope/ 2>/dev/null || \ + (mkdir -p workingscope && \ + cp bashgen/templates/loginbanner.md.template workingscope/loginbanner.md && \ + cp bashgen/templates/postloginbanner.md.template workingscope/postloginbanner.md) # Expose port EXPOSE 8080 diff --git a/README.md b/README.md index 3b81b31..d831c17 100644 --- a/README.md +++ b/README.md @@ -74,10 +74,56 @@ bashgen/ ├── docker-compose.yml # Docker Compose configuration ├── templates/ │ ├── index.html # Web form frontend -│ └── script.sh.j2 # Bash script Jinja2 template +│ ├── script.sh.j2 # Bash script Jinja2 template +│ ├── loginbanner.md.template # Pre-login SSH banner template +│ └── postloginbanner.md.template # Post-login MOTD banner template └── README.md # This file ``` +## Banner Templates Setup + +The application uses banner templates for SSH pre-login and post-login messages. These templates are included in the `templates/` directory. + +### Using Default Templates + +The application automatically uses the included templates: +- `templates/loginbanner.md.template` - Pre-login SSH banner +- `templates/postloginbanner.md.template` - Post-login MOTD banner + +### Customizing Banners + +1. **Edit the template files** in the `templates/` directory: + - `loginbanner.md.template` - Customize your SSH pre-login warning banner + - `postloginbanner.md.template` - Customize your post-login MOTD message + +2. **Placeholder variables** you can use in templates: + - `[OWNER_NAME]` - Will be replaced with the owner name from the form + - `[OWNER_WEBSITE]` - Will be replaced with the owner website + - `[OWNER_EMAIL]` - Will be replaced with the owner email + +3. **Example template content:** + ```markdown + System Owner: + Name: [OWNER_NAME] + Website: [OWNER_WEBSITE] + Email: [OWNER_EMAIL] + ``` + +4. **For Docker deployment**, the templates are copied into the container during build. + +### Local Development Setup + +If running locally (not in Docker), create a `workingscope/` directory in the parent directory: + +```bash +# From the bashgen directory +mkdir -p ../workingscope +cp templates/loginbanner.md.template ../workingscope/loginbanner.md +cp templates/postloginbanner.md.template ../workingscope/postloginbanner.md +``` + +The application will automatically detect and use these files. + ## Requirements - Python 3.11+ diff --git a/app.py b/app.py index dc76a8c..e92113c 100644 --- a/app.py +++ b/app.py @@ -87,11 +87,20 @@ def generate( """Generate bash script based on form inputs""" # Load banner templates from markdown files # Try multiple paths to support both local development and Docker container - base_path = Path(__file__).parent.parent + app_path = Path(__file__).parent + base_path = app_path.parent + + # Priority order: 1) workingscope directory, 2) templates directory, 3) Docker workingscope prelogin_banner_path = base_path / "workingscope" / "loginbanner.md" postlogin_banner_path = base_path / "workingscope" / "postloginbanner.md" - # If not found, try relative to current working directory (for Docker) + # Fallback to templates directory (for repository templates) + if not prelogin_banner_path.exists(): + prelogin_banner_path = app_path / "templates" / "loginbanner.md.template" + if not postlogin_banner_path.exists(): + postlogin_banner_path = app_path / "templates" / "postloginbanner.md.template" + + # Final fallback: Docker container workingscope directory if not prelogin_banner_path.exists(): prelogin_banner_path = Path("workingscope") / "loginbanner.md" if not postlogin_banner_path.exists(): diff --git a/templates/loginbanner.md.template b/templates/loginbanner.md.template new file mode 100644 index 0000000..4629e3b --- /dev/null +++ b/templates/loginbanner.md.template @@ -0,0 +1,57 @@ +******************************************************************************** +* * +* ⚠ WARNING – RESTRICTED SYSTEM ⚠ * +* * +* ███████╗ ██████╗ █████╗ ██████╗ ██████╗ ██╗ ██╗███████╗███████╗ * +* ██╔════╝██╔════╝██╔══██╗██╔══██╗██╔══██╗██║ ██║██╔════╝██╔════╝ * +* ███████╗██║ ███████║██████╔╝██║ ██║██║ ██║███████╗███████║ * +* ╚════██║██║ ██╔══██║██╔══██╗██║ ██║██║ ██║╚════██║╚════██║ * +* ███████║╚██████╗██║ ██║██║ ██║██████╔╝╚██████╔╝███████║███████║ * +* ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═════╝ ╚══════╝╚══════╝ * +* * +* UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED * +* * +******************************************************************************** +* * +* This system is PRIVATE PROPERTY. * +* * +* Access is permitted only to explicitly authorized users. * +* * +* Any attempt to access this system without authorization is prohibited * +* and may result in civil liability, contractual penalties, and legal * +* proceedings where applicable. * +* * +******************************************************************************** +* * +* SECURITY NOTICE * +* * +* • This system actively records and monitors: * +* - Source IP addresses * +* - Login attempts (successful and failed) * +* - Authentication methods * +* - Session activity and timestamps * +* * +* • All connection data is logged and preserved. * +* * +* • These records may be used as DIGITAL EVIDENCE and may be presented * +* in a court of law, arbitration, or legal proceeding when required. * +* * +* • Attempting access constitutes acknowledgment of this monitoring. * +* * +******************************************************************************** +* * +* System Caretaker / Technical Administration: * +* ScardusTech L.L.C. * +* https://scardustech.com * +* * +* System Owner (fill in): * +* Name: [OWNER_NAME] * +* Website: [OWNER_WEBSITE] * +* Email: [OWNER_EMAIL] * +* * +******************************************************************************** +* * +* IF YOU ARE NOT AN AUTHORIZED USER: * +* TERMINATE THIS CONNECTION IMMEDIATELY. * +* * +******************************************************************************** \ No newline at end of file diff --git a/templates/postloginbanner.md.template b/templates/postloginbanner.md.template new file mode 100644 index 0000000..f3c7af3 --- /dev/null +++ b/templates/postloginbanner.md.template @@ -0,0 +1,57 @@ +================================================================================ + SYSTEM ACCESS NOTICE +================================================================================ + +Welcome. + +You are logged into a protected information system administered and maintained +by ScardusTech L.L.C. (scardustech.com) as the technical caretaker. + +This system is provided exclusively for authorized use by the owner and +designated personnel. + +──────────────────────────────────────────────────────────────────────────────── +SECURITY & COMPLIANCE NOTICE +──────────────────────────────────────────────────────────────────────────────── + +• All activities on this system may be monitored, recorded, and audited. +• Logs may be retained for operational, security, and legal purposes. +• Use of this system constitutes consent to such monitoring. +• Any misuse, negligence, or unauthorized activity may result in: + – immediate access revocation + – contractual liability + – civil penalties + – legal action where applicable + +Users are responsible for safeguarding credentials, protecting data, and +complying with organizational security policies and applicable law. + +──────────────────────────────────────────────────────────────────────────────── +SYSTEM CARETAKER +──────────────────────────────────────────────────────────────────────────────── + +Caretaker / Technical Administration: + ScardusTech L.L.C. + Web: https://scardustech.com + +──────────────────────────────────────────────────────────────────────────────── +SYSTEM OWNER +──────────────────────────────────────────────────────────────────────────────── + +Owner / Organization: + Name: [OWNER_NAME] + Website: [OWNER_WEBSITE] + Email: [OWNER_EMAIL] + +──────────────────────────────────────────────────────────────────────────────── +CONFIDENTIALITY +──────────────────────────────────────────────────────────────────────────────── + +Data stored or processed on this system may include confidential or protected +information. Disclosure, modification, or transfer without authorization is +strictly prohibited. + +If you are not the intended user of this system, terminate your session +immediately and notify the system owner. + +================================================================================ \ No newline at end of file