Updated base image. Removed all suid & sgid bits from image. Drop root privileges by default.

This commit is contained in:
Joe Testa 2023-03-23 23:43:52 -04:00
parent cc9e4fbc4a
commit cbb7d43006

View File

@ -1,10 +1,18 @@
FROM python:3.9-slim FROM python:3-slim
WORKDIR / WORKDIR /
# Remove suid & sgid bits from all files.
RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
# Copy the ssh-audit code.
COPY ssh-audit.py . COPY ssh-audit.py .
COPY src/ . COPY src/ .
ENTRYPOINT ["python3", "/ssh-audit.py"] # Allow listening on 2222/tcp for client auditing.
EXPOSE 2222 EXPOSE 2222
# Drop root privileges.
USER nobody:nogroup
ENTRYPOINT ["python3", "/ssh-audit.py"]