telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

tweaking, hardening

Browse Source
This commit is contained in:
Marco Ochse
2018-05-18 15:40:07 +00:00
parent b151397d85
commit 4fde6ac15f
2 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docker/glutton/Dockerfile
View File

@ -4,16 +4,14 @@ FROM alpine
ADD dist/ /root/dist/ ADD dist/ /root/dist/
# Setup apk # Setup apk
RUN apk -U --no-cache add bash \ RUN apk -U --no-cache add \
build-base \ build-base \
git \ git \
go \ go \
g++ \ g++ \
iptables-dev \ iptables-dev \
libnetfilter_queue-dev \ libnetfilter_queue-dev \
libpcap-dev \ libpcap-dev && \
procps \
upx && \
# Setup go, glutton # Setup go, glutton
export GOPATH=/opt/go/ && \ export GOPATH=/opt/go/ && \
@ -28,11 +26,10 @@ RUN apk -U --no-cache add bash \
mv /opt/go/src/github.com/mushorg/glutton/bin /opt/glutton/ && \ mv /opt/go/src/github.com/mushorg/glutton/bin /opt/glutton/ && \
mv /opt/go/src/github.com/mushorg/glutton/config /opt/glutton/ && \ mv /opt/go/src/github.com/mushorg/glutton/config /opt/glutton/ && \
mv /opt/go/src/github.com/mushorg/glutton/rules /opt/glutton/ && \ mv /opt/go/src/github.com/mushorg/glutton/rules /opt/glutton/ && \
upx /opt/glutton/bin/server && \
# Setup user, groups and configs # Setup user, groups and configs
addgroup -g 2000 glutton && \ addgroup -g 2000 glutton && \
adduser -S -s /bin/bash -u 2000 -D -g 2000 glutton && \ adduser -S -s /bin/ash -u 2000 -D -g 2000 glutton && \
mkdir -p /var/log/glutton && \ mkdir -p /var/log/glutton && \
mv /root/dist/rules.yaml /opt/glutton/rules/ && \ mv /root/dist/rules.yaml /opt/glutton/rules/ && \
@ -40,8 +37,7 @@ RUN apk -U --no-cache add bash \
apk del --purge build-base \ apk del --purge build-base \
git \ git \
go \ go \
g++ \ g++ && \
upx && \
rm -rf /var/cache/apk/* \ rm -rf /var/cache/apk/* \
/opt/go \ /opt/go \
/root/dist /root/dist

3
docker/glutton/docker-compose.yml
View File

@ -8,10 +8,13 @@ services:
build: . build: .
container_name: glutton container_name: glutton
restart: always restart: always
tmpfs:
- /var/lib/glutton:uid=2000,gid=2000
network_mode: "host" network_mode: "host"
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
image: "dtagdevsec/glutton:1804" image: "dtagdevsec/glutton:1804"
read_only: true
volumes: volumes:
- /data/glutton/log:/var/log/glutton - /data/glutton/log:/var/log/glutton
- /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml - /root/tpotce/docker/glutton/dist/rules.yaml:/opt/glutton/rules/rules.yaml