Updated base image. Removed all suid & sgid bits from image. Drop root privileges by default.

2024-11-16 13:35:39 +01:00 · 2023-03-23 23:43:52 -04:00 · 2023-03-23 23:43:52 -04:00 · cbb7d43006
commit cbb7d43006
parent cc9e4fbc4a
1 changed files with 11 additions and 3 deletions
--- a/14
+++ b/14
@ -1,10 +1,18 @@
-FROM python:3.9-slim
+FROM python:3-slim

 WORKDIR /

+# Remove suid & sgid bits from all files.
+RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
+
+# Copy the ssh-audit code.
 COPY ssh-audit.py .
 COPY src/ .

-ENTRYPOINT ["python3", "/ssh-audit.py"]
-
+# Allow listening on 2222/tcp for client auditing.
 EXPOSE 2222
+
+# Drop root privileges.
+USER nobody:nogroup
+
+ENTRYPOINT ["python3", "/ssh-audit.py"]