Updated README.

use alpine, reduce layers (#249 )
Signed-off-by: Daniel Thamdrup <dallemon@protonmail.com>
2026-05-26 07:51:23 +02:00 · 2024-03-12 21:13:10 -04:00 · 2024-03-12 21:02:26 -04:00 · 2024-03-12 20:46:39 -04:00
4 changed files with 16 additions and 16 deletions
@@ -1,16 +1,19 @@
-FROM python:3-slim
+# syntax=docker/dockerfile:latest
+FROM scratch AS files

-WORKDIR /
+# Copy ssh-audit code to temporary container
+COPY ssh-audit.py /
+COPY src/ /
+
+FROM python:3-alpine AS runtime

 # Update the image to remediate any vulnerabilities.
-RUN apt update && apt -y upgrade && apt -y dist-upgrade && rm -rf /var/lib/apt/lists/*
-
+RUN apk upgrade -U --no-cache -a -l && \ 
    # Remove suid & sgid bits from all files.
-RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
+    find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true

-# Copy the ssh-audit code.
-COPY ssh-audit.py .
-COPY src/ .
+# Copy the ssh-audit code from files container.
+COPY --from=files / /

 # Allow listening on 2222/tcp for client auditing.
 EXPOSE 2222
@@ -187,6 +187,7 @@ For convenience, a web front-end on top of the command-line tool is available at
 - Snap builds are now architecture-independent.
 - Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests.
 - Added built-in policy for OpenSSH 9.7.
+ - Changed Docker base image from `python:3-slim` to `python:3-alpine`, resulting in a 59% reduction in image size; credit [Daniel Thamdrup](https://github.com/dallemon).

 ### v3.1.0 (2023-12-20)
 - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
@@ -365,11 +365,8 @@ def output_recommendations(out: OutputBuffer, algs: Algorithms, algorithm_recomm
        for cve_list in VersionVulnerabilityDB.CVE['PuTTY']:
            vuln_version = float(cve_list[1])
            cvssv2_severity = cve_list[4]
-
-            if vuln_version > max_vuln_version:
-                max_vuln_version = vuln_version
-            if cvssv2_severity > max_cvssv2_severity:
-                max_cvssv2_severity = cvssv2_severity
+            max_vuln_version = max(vuln_version, max_vuln_version)
+            max_cvssv2_severity = max(cvssv2_severity, max_cvssv2_severity)

        fn = out.warn
        if max_cvssv2_severity > 8.0:
@@ -246,8 +246,7 @@ class SSH_Socket(ReadBuf, WriteBuf):

    def send_banner(self, banner: str) -> None:
        self.send(banner.encode() + b'\r\n')
-        if self.__state < self.SM_BANNER_SENT:
-            self.__state = self.SM_BANNER_SENT
+        self.__state = max(self.__state, self.SM_BANNER_SENT)

    def ensure_read(self, size: int) -> None:
        while self.unread_len < size:
Author	SHA1	Message	Date
Joe Testa	a4f508374a	Updated README.	2024-03-12 21:13:10 -04:00
Daniel Thamdrup	6f39407a8c	use alpine, reduce layers (#249 ) Signed-off-by: Daniel Thamdrup <dallemon@protonmail.com>	2024-03-12 21:02:26 -04:00
Joe Testa	cb0f6b63d7	Fixed new pylint warnings.	2024-03-12 20:46:39 -04:00