dockerfile.latest missing sudo #271
Replies: 5 comments
-
|
Hi @c-goosen, Ah that sounds like a good plan (re: removing the need for |
Beta Was this translation helpful? Give feedback.
-
|
@jayjb Ive started down the path, but nothing PR yet. Also working on a blog post for opencanary in k8s |
Beta Was this translation helpful? Give feedback.
-
|
@c-goosen oh awesome! Let us know if there is anything we can do to help out. |
Beta Was this translation helpful? Give feedback.
-
|
Not forgotten about this, just need some time to do this the right way and to check what other changes came into the project. One issue I identified so far was using IP tables in a container. Docker has a mechanism for setting up IPtables before a container starts, so the nmap mitigations wouldn't work in the current @jayjb state. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @c-goosen, Ah yes the iptables. Ill check into how we can figure a nice way to handle that. I guess as a quick way forward we could make sure that the portscan module isn't enabled (and other uses of iptables too). But i think finding a clean solution would be best. |
Beta Was this translation helpful? Give feedback.
-
Latest dockerfile does not include installing sudo, thus bin/opencanaryd will fail.
Will open PR for this.
Can we look at removing sudo when not necessary in this script? Especially when running in docker and all the Dockerfile's using root user.
Beta Was this translation helpful? Give feedback.
All reactions