FROM debian:stable

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && \
    apt-get install -y nginx php8.4-fpm openssh-server rsyslog

RUN mkdir -p /var/run/sshd

# Création du compte SSH vulnérable
RUN useradd -m -s /bin/bash vuln && \
    mkdir -p /home/vuln/.ssh && \
    ssh-keygen -t rsa -b 2048 -f /home/vuln/.ssh/id_rsa -N "" && \
    chown -R vuln:vuln /home/vuln/.ssh && \
    chmod 700 /home/vuln/.ssh && \
    chmod 600 /home/vuln/.ssh/id_rsa

# Authorize ssh with cert
RUN cp /home/vuln/.ssh/id_rsa.pub /home/vuln/.ssh/authorized_keys && \
        chmod 600 /home/vuln/.ssh/authorized_keys && \
        chown vuln:vuln /home/vuln/.ssh/authorized_keys

# Unlock vuln account
RUN echo "vuln:abcd" | chpasswd

# Configuration SSH
COPY ssh_config /etc/ssh/sshd_config

# Configuration Nginx
COPY nginx.conf /etc/nginx/nginx.conf
COPY default.conf /etc/nginx/sites-available/default

# Code PHP
COPY www/ /var/www/html/
RUN chown -R www-data:www-data /var/www/html/

# Expose vuln cert
RUN printf "id: vuln\npass: id_rsa" > /var/www/html/upload/creds.txt
RUN cat /home/vuln/.ssh/id_rsa  >> /var/www/html/upload/id_rsa
RUN chmod a+rx /var/www/html/upload/*

# Démarrage supervisé
# Configuration SSH
COPY start.sh /start.sh
RUN chmod a+x /start.sh
CMD /start.sh