Harden Dockerfile - Githubissues

v3n0m-Scanner / V3n0M-Scanner

Popular Pentesting scanner in Python3.6 for SQLi/XSS/LFI/RFI and other Vulns

GNU General Public License v3.0

1.44k stars 409 forks source link

Harden Dockerfile #220

Closed vittring closed 2 years ago

vittring commented 2 years ago

Here we contain the running processes to non-root user to prevent mounting filesystems of host and protect against local privilege escalation (LPE).

[x] Create non-root user and CHROOT

RUN useradd --create-home --system --shell /bin/false $USER
RUN mkdir --parents $WORKDIR
RUN chown $USER:$USER --recursive $WORKDIR

[x] Verify container image is running as venom

docker ps --quiet | xargs docker inspect --format '{{ .Id }}: User={{ .Config.User }}'

kattstof commented 2 years ago

this ready to be merged i assume?

vittring commented 2 years ago

Yes, it's ready. I moved all the Docker stuff to a new directory to kind of clean up the tree a little. I've tested the image on Ubuntu 20.04 LTS and several Debian and Windows VMs, everything is working.