From cbb7d430063f3ad6e2a43527a7919a68b60374ef Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Thu, 23 Mar 2023 23:43:52 -0400
Subject: [PATCH] Updated base image.  Removed all suid & sgid bits from image.
  Drop root privileges by default.

---
 Dockerfile | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 357f63b..c358daa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,18 @@
-FROM python:3.9-slim
+FROM python:3-slim
 
 WORKDIR /
 
+# Remove suid & sgid bits from all files.
+RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
+
+# Copy the ssh-audit code.
 COPY ssh-audit.py .
 COPY src/ .
 
-ENTRYPOINT ["python3", "/ssh-audit.py"]
-
+# Allow listening on 2222/tcp for client auditing.
 EXPOSE 2222
+
+# Drop root privileges.
+USER nobody:nogroup
+
+ENTRYPOINT ["python3", "/ssh-audit.py"]