mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-25 02:19:49 +01:00
use alpine, reduce layers (#249)
Signed-off-by: Daniel Thamdrup <dallemon@protonmail.com>
This commit is contained in:
parent
cb0f6b63d7
commit
6f39407a8c
19
Dockerfile
19
Dockerfile
@ -1,16 +1,19 @@
|
||||
FROM python:3-slim
|
||||
# syntax=docker/dockerfile:latest
|
||||
FROM scratch AS files
|
||||
|
||||
WORKDIR /
|
||||
# Copy ssh-audit code to temporary container
|
||||
COPY ssh-audit.py /
|
||||
COPY src/ /
|
||||
|
||||
FROM python:3-alpine AS runtime
|
||||
|
||||
# Update the image to remediate any vulnerabilities.
|
||||
RUN apt update && apt -y upgrade && apt -y dist-upgrade && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN apk upgrade -U --no-cache -a -l && \
|
||||
# Remove suid & sgid bits from all files.
|
||||
RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
|
||||
find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
|
||||
|
||||
# Copy the ssh-audit code.
|
||||
COPY ssh-audit.py .
|
||||
COPY src/ .
|
||||
# Copy the ssh-audit code from files container.
|
||||
COPY --from=files / /
|
||||
|
||||
# Allow listening on 2222/tcp for client auditing.
|
||||
EXPOSE 2222
|
||||
|
Loading…
Reference in New Issue
Block a user