From 2cdefa184e98bc955e4cf0337b08a2b88db19fbd Mon Sep 17 00:00:00 2001
From: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
Date: Tue, 31 Jan 2017 11:33:11 -0800
Subject: [PATCH] Use apk audit to check system binaries

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
---
 alpine/packages/diagnostics/capture.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/alpine/packages/diagnostics/capture.go b/alpine/packages/diagnostics/capture.go
index efff5d935..5692fa859 100644
--- a/alpine/packages/diagnostics/capture.go
+++ b/alpine/packages/diagnostics/capture.go
@@ -29,6 +29,7 @@ var (
 		{"/bin/uname", []string{"-a"}, defaultCommandTimeout},
 		{"/bin/ps", []string{"uax"}, defaultCommandTimeout},
 		{"/bin/netstat", []string{"-tulpn"}, defaultCommandTimeout},
+		{"/sbin/apk", []string{"audit", "--system"}, defaultCommandTimeout}, // check if system binaries were modified
 		{"/sbin/iptables-save", nil, defaultCommandTimeout},
 		{"/sbin/ifconfig", nil, defaultCommandTimeout},
 		{"/sbin/route", nil, defaultCommandTimeout},