Use apk audit to check system binaries

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2025-07-21 10:09:07 +00:00 · 2017-01-31 11:33:11 -08:00 · 2017-01-31 11:33:11 -08:00 · 2cdefa184e
commit 2cdefa184e
parent 0ede7d930b
1 changed files with 1 additions and 0 deletions
--- a/alpine/packages/diagnostics/capture.go
+++ b/alpine/packages/diagnostics/capture.go
@ -29,6 +29,7 @@ var (
 		{"/bin/uname", []string{"-a"}, defaultCommandTimeout},
 		{"/bin/ps", []string{"uax"}, defaultCommandTimeout},
 		{"/bin/netstat", []string{"-tulpn"}, defaultCommandTimeout},
+		{"/sbin/apk", []string{"audit", "--system"}, defaultCommandTimeout}, // check if system binaries were modified
 		{"/sbin/iptables-save", nil, defaultCommandTimeout},
 		{"/sbin/ifconfig", nil, defaultCommandTimeout},
 		{"/sbin/route", nil, defaultCommandTimeout},