mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-23 11:00:25 +00:00
commit
02e06bf9c9
29
pkg/auditd/Dockerfile
Normal file
29
pkg/auditd/Dockerfile
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
FROM linuxkit/alpine:cdb4e4d12ada4071a6c6a60bf4c14d35171ffae8 AS build
|
||||||
|
RUN apk add abuild gcc git
|
||||||
|
|
||||||
|
ADD build.sh /
|
||||||
|
RUN adduser -D -G abuild builder && sudo -u builder /build.sh
|
||||||
|
|
||||||
|
FROM linuxkit/alpine:cdb4e4d12ada4071a6c6a60bf4c14d35171ffae8 AS mirror
|
||||||
|
COPY --from=build /home/builder/*apk /
|
||||||
|
|
||||||
|
RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
|
||||||
|
RUN apk add --initdb -p /out alpine-baselayout tini
|
||||||
|
RUN apk add --allow-untrusted -p /out /*apk
|
||||||
|
|
||||||
|
# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
|
||||||
|
RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
|
||||||
|
|
||||||
|
FROM scratch
|
||||||
|
ENTRYPOINT []
|
||||||
|
CMD []
|
||||||
|
WORKDIR /
|
||||||
|
COPY --from=mirror /out/ /
|
||||||
|
|
||||||
|
COPY auditd.conf /etc/audit
|
||||||
|
COPY audit.rules /etc/audit
|
||||||
|
COPY runaudit.sh /usr/bin
|
||||||
|
|
||||||
|
CMD ["/sbin/tini", "/usr/bin/runaudit.sh"]
|
||||||
|
|
||||||
|
LABEL org.mobyproject.config='{"pid": "host", "binds": ["/var/log:/var/log"], "capabilities": ["CAP_AUDIT_CONTROL", "CAP_AUDIT_READ", "CAP_AUDIT_WRITE", "CAP_SYS_NICE"]}'
|
3
pkg/auditd/Makefile
Normal file
3
pkg/auditd/Makefile
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
include ../package.mk
|
||||||
|
|
||||||
|
IMAGE?=auditd
|
12
pkg/auditd/audit.rules
Normal file
12
pkg/auditd/audit.rules
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
## First rule - delete all
|
||||||
|
-D
|
||||||
|
|
||||||
|
## Increase the buffers to survive stress events.
|
||||||
|
## Make this bigger for busy systems
|
||||||
|
-b 8192
|
||||||
|
|
||||||
|
## This determine how long to wait in burst of events
|
||||||
|
--backlog_wait_time 0
|
||||||
|
|
||||||
|
## Set failure mode to syslog
|
||||||
|
-f 1
|
32
pkg/auditd/auditd.conf
Normal file
32
pkg/auditd/auditd.conf
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
#
|
||||||
|
# This file controls the configuration of the audit daemon
|
||||||
|
#
|
||||||
|
|
||||||
|
local_events = yes
|
||||||
|
write_logs = no
|
||||||
|
log_format = RAW
|
||||||
|
flush = INCREMENTAL_ASYNC
|
||||||
|
freq = 50
|
||||||
|
priority_boost = 4
|
||||||
|
disp_qos = lossy
|
||||||
|
dispatcher = /sbin/audispd
|
||||||
|
name_format = NONE
|
||||||
|
##name = mydomain
|
||||||
|
max_log_file_action = ROTATE
|
||||||
|
space_left = 75
|
||||||
|
space_left_action = SYSLOG
|
||||||
|
action_mail_acct = root
|
||||||
|
admin_space_left = 50
|
||||||
|
admin_space_left_action = SUSPEND
|
||||||
|
disk_full_action = SUSPEND
|
||||||
|
disk_error_action = SUSPEND
|
||||||
|
use_libwrap = yes
|
||||||
|
##tcp_listen_port =
|
||||||
|
tcp_listen_queue = 5
|
||||||
|
tcp_max_per_addr = 1
|
||||||
|
##tcp_client_ports = 1024-65535
|
||||||
|
tcp_client_max_idle = 0
|
||||||
|
enable_krb5 = no
|
||||||
|
krb5_principal = auditd
|
||||||
|
##krb5_key_file = /etc/audit/audit.key
|
||||||
|
distribute_network = no
|
5
pkg/auditd/runaudit.sh
Executable file
5
pkg/auditd/runaudit.sh
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# load the audit rules into the kernel
|
||||||
|
auditctl -R /etc/audit/audit.rules
|
||||||
|
exec /sbin/auditd -f
|
@ -1,3 +1,4 @@
|
|||||||
|
abuild
|
||||||
alpine-baselayout
|
alpine-baselayout
|
||||||
alpine-keys
|
alpine-keys
|
||||||
apk-tools
|
apk-tools
|
||||||
@ -36,6 +37,7 @@ iptables
|
|||||||
jq
|
jq
|
||||||
kmod
|
kmod
|
||||||
libarchive-tools
|
libarchive-tools
|
||||||
|
libcap-ng-dev
|
||||||
libc-dev
|
libc-dev
|
||||||
libc-utils
|
libc-utils
|
||||||
libelf-dev
|
libelf-dev
|
||||||
@ -52,6 +54,7 @@ openrc
|
|||||||
openssh-server
|
openssh-server
|
||||||
open-vm-tools
|
open-vm-tools
|
||||||
patch
|
patch
|
||||||
|
python3
|
||||||
qemu-aarch64
|
qemu-aarch64
|
||||||
qemu-arm
|
qemu-arm
|
||||||
qemu-guest-agent
|
qemu-guest-agent
|
||||||
@ -64,6 +67,7 @@ sfdisk
|
|||||||
slang-dev
|
slang-dev
|
||||||
squashfs-tools
|
squashfs-tools
|
||||||
strace
|
strace
|
||||||
|
swig
|
||||||
syslinux
|
syslinux
|
||||||
tar
|
tar
|
||||||
tini
|
tini
|
||||||
|
Loading…
Reference in New Issue
Block a user