From 4fde6ac15f1a9b24917090af4c3f227f0fe55a01 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Fri, 18 May 2018 15:40:07 +0000 Subject: [PATCH] tweaking, hardening --- docker/glutton/Dockerfile | 24 ++++++++++-------------- docker/glutton/docker-compose.yml | 3 +++ 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/docker/glutton/Dockerfile b/docker/glutton/Dockerfile index 093a1cf0..f204ae9e 100644 --- a/docker/glutton/Dockerfile +++ b/docker/glutton/Dockerfile @@ -4,16 +4,14 @@ FROM alpine ADD dist/ /root/dist/ # Setup apk -RUN apk -U --no-cache add bash \ - build-base \ - git \ - go \ - g++ \ - iptables-dev \ - libnetfilter_queue-dev \ - libpcap-dev \ - procps \ - upx && \ +RUN apk -U --no-cache add \ + build-base \ + git \ + go \ + g++ \ + iptables-dev \ + libnetfilter_queue-dev \ + libpcap-dev && \ # Setup go, glutton export GOPATH=/opt/go/ && \ @@ -28,11 +26,10 @@ RUN apk -U --no-cache add bash \ mv /opt/go/src/github.com/mushorg/glutton/bin /opt/glutton/ && \ mv /opt/go/src/github.com/mushorg/glutton/config /opt/glutton/ && \ mv /opt/go/src/github.com/mushorg/glutton/rules /opt/glutton/ && \ - upx /opt/glutton/bin/server && \ # Setup user, groups and configs addgroup -g 2000 glutton && \ - adduser -S -s /bin/bash -u 2000 -D -g 2000 glutton && \ + adduser -S -s /bin/ash -u 2000 -D -g 2000 glutton && \ mkdir -p /var/log/glutton && \ mv /root/dist/rules.yaml /opt/glutton/rules/ && \ @@ -40,8 +37,7 @@ RUN apk -U --no-cache add bash \ apk del --purge build-base \ git \ go \ - g++ \ - upx && \ + g++ && \ rm -rf /var/cache/apk/* \ /opt/go \ /root/dist diff --git a/docker/glutton/docker-compose.yml b/docker/glutton/docker-compose.yml index 4451bc98..3d05c4d0 100644 --- a/docker/glutton/docker-compose.yml +++ b/docker/glutton/docker-compose.yml @@ -8,10 +8,13 @@ services: build: . container_name: glutton restart: always + tmpfs: + - /var/lib/glutton:uid=2000,gid=2000 network_mode: "host" cap_add: - NET_ADMIN image: "dtagdevsec/glutton:1804" + read_only: true volumes: - /data/glutton/log:/var/log/glutton - /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml