Hardening (#30)
* set build-argument for environment * hardening remove dangerous commands * add hardening scripts for base and final image
This commit is contained in:
Stefan Allius
GitHub
22
app/hardening_final.sh
Normal file
22
app/hardening_final.sh
Normal file
@@ -0,0 +1,22 @@
|
||||
#!/bin/sh
|
||||
# For production images delete all uneeded admin commands and remove dangerous commands.
|
||||
# addgroup, adduser and chmod will be removed in entrypoint.sh during first start
|
||||
# su-exec will be needed for ever restart of the cotainer
|
||||
if [ "$environment" = "production" ] ; then \
|
||||
find /sbin /usr/sbin ! -type d \
|
||||
-a ! -name addgroup \
|
||||
-a ! -name adduser \
|
||||
-a ! -name nologin \
|
||||
-a ! -name su-exec \
|
||||
-delete; \
|
||||
find /bin /usr/bin -xdev \( \
|
||||
-name chgrp -o \
|
||||
-name chmod -o \
|
||||
-name hexdump -o \
|
||||
-name ln -o \
|
||||
-name od -o \
|
||||
-name strings -o \
|
||||
-name su -o \
|
||||
-name wget -o \
|
||||
\) -delete \
|
||||
; fi
|
||||
Reference in New Issue
Block a user