Change image base to ubuntu16.04, add some safety options of xinetd.

Author: Eadom

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:14.04
+FROM ubuntu:16.04
 
 RUN sed -i "s/http:\/\/archive.ubuntu.com/http:\/\/mirrors.tuna.tsinghua.edu.cn/g" /etc/apt/sources.list
 RUN apt-get update && apt-get -y dist-upgrade
@@ -9,13 +9,23 @@ RUN useradd -m ctf
 COPY ./bin/ /home/ctf/
 COPY ./ctf.xinetd /etc/xinetd.d/ctf
 COPY ./start.sh /start.sh
+RUN echo "Blocked by ctf_xinetd" > /etc/banner_fail
 
 RUN chmod +x /start.sh
 RUN chown -R root:ctf /home/ctf
 RUN chmod -R 750 /home/ctf
 RUN chmod 740 /home/ctf/flag
+
 RUN cp -R /lib* /home/ctf
 RUN cp -R /usr/lib* /home/ctf
+
+RUN mkdir /home/ctf/dev
+RUN mknod /home/ctf/dev/null c 1 3
+RUN mknod /home/ctf/dev/zero c 1 5
+RUN mknod /home/ctf/dev/random c 1 8
+RUN mknod /home/ctf/dev/urandom c 1 9
+RUN chmod 666 /home/ctf/dev/*
+
 RUN mkdir /home/ctf/bin
 RUN cp /bin/sh /home/ctf/bin
 RUN cp /bin/ls /home/ctf/bin

ctf.xinetd

@@ -1,14 +1,20 @@
-# replace helloworld to your program
 service ctf
 {
     disable = no
     socket_type = stream
     protocol    = tcp
     wait        = no
     user        = root
+    type        = UNLISTED
+    port        = 9999
     bind        = 0.0.0.0
     server      = /usr/sbin/chroot
+    # replace helloworld to your program
     server_args = --userspec=1000:1000 /home/ctf ./helloworld
-    type        = UNLISTED
-    port        = 9999
+    banner_fail = /etc/banner_fail
+    # safety options
+    per_source	= 10 # the maximum instances of this service per source IP address
+    rlimit_cpu	= 20 # the maximum number of CPU seconds that the service may use
+    #rlimit_as  = 1024M # the Address Space resource limit for the service
+    #access_times = 2:00-9:00 12:00-24:00
 }