elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2026-05-25 23:41:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge 31fa0577bd into f326d58068

Browse Source
This commit is contained in:
Daniel Thamdrup
2024-01-29 21:46:30 -07:00
committed by GitHub
parent f326d58068 31fa0577bd
commit 8d08570ef5
1 changed files with 8 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+8 -16
View File
@@ -1,21 +1,13 @@
FROM python:3-slim #syntax=docker/dockerfile:1.6.0
FROM scratch AS tmp
WORKDIR /
# Update the image to remediate any vulnerabilities.
RUN apt clean && apt update && apt -y dist-upgrade && apt clean && rm -rf /var/lib/apt/lists/*
# Remove suid & sgid bits from all files.
RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
# Copy the ssh-audit code. # Copy the ssh-audit code.
COPY ssh-audit.py . COPY ssh-audit.py /home/nonroot/
COPY src/ . COPY src/ /home/nonroot/
FROM cgr.dev/chainguard/python:latest AS runtime
# Copy files collected in tmp container
COPY --from=tmp --chown=nonroot:nonroot /home/nonroot/ /home/nonroot/
# Allow listening on 2222/tcp for client auditing. # Allow listening on 2222/tcp for client auditing.
EXPOSE 2222 EXPOSE 2222
# Drop root privileges. ENTRYPOINT ["python3", "/home/nonroot/ssh-audit.py"]
USER nobody:nogroup
ENTRYPOINT ["python3", "/ssh-audit.py"]