2024-03-13 02:02:26 +01:00
|
|
|
# syntax=docker/dockerfile:latest
|
|
|
|
|
FROM scratch AS files
|
2020-10-20 17:31:50 +02:00
|
|
|
|
2024-03-13 02:02:26 +01:00
|
|
|
# Copy ssh-audit code to temporary container
|
|
|
|
|
COPY ssh-audit.py /
|
|
|
|
|
COPY src/ /
|
2020-10-20 17:31:50 +02:00
|
|
|
|
2024-03-13 02:02:26 +01:00
|
|
|
FROM python:3-alpine AS runtime
|
2023-09-04 00:07:30 +02:00
|
|
|
|
2024-03-13 02:02:26 +01:00
|
|
|
# Update the image to remediate any vulnerabilities.
|
|
|
|
|
RUN apk upgrade -U --no-cache -a -l && \
|
|
|
|
|
# Remove suid & sgid bits from all files.
|
|
|
|
|
find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
|
2023-03-24 04:43:52 +01:00
|
|
|
|
2024-03-13 02:02:26 +01:00
|
|
|
# Copy the ssh-audit code from files container.
|
|
|
|
|
COPY --from=files / /
|
2020-10-20 17:31:50 +02:00
|
|
|
|
2023-03-24 04:43:52 +01:00
|
|
|
# Allow listening on 2222/tcp for client auditing.
|
2020-10-20 17:31:50 +02:00
|
|
|
EXPOSE 2222
|
2023-03-24 04:43:52 +01:00
|
|
|
|
|
|
|
|
# Drop root privileges.
|
|
|
|
|
USER nobody:nogroup
|
|
|
|
|
|
|
|
|
|
ENTRYPOINT ["python3", "/ssh-audit.py"]
|
