From 76559f6767569a3030ab308f0eb3a8f7454818c6 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 19 Jan 2024 00:19:02 +0900 Subject: [PATCH] Removed root group for zabbix user in all images. Using nmap without sudo permissions --- Dockerfiles/agent/alpine/Dockerfile | 1 - Dockerfiles/agent/centos/Dockerfile | 2 +- Dockerfiles/agent/ol/Dockerfile | 2 +- Dockerfiles/agent/rhel/Dockerfile | 2 +- Dockerfiles/agent/ubuntu/Dockerfile | 1 - Dockerfiles/agent2/alpine/Dockerfile | 2 +- Dockerfiles/agent2/centos/Dockerfile | 2 +- Dockerfiles/agent2/ol/Dockerfile | 2 +- Dockerfiles/agent2/rhel/Dockerfile | 2 +- Dockerfiles/agent2/ubuntu/Dockerfile | 2 +- Dockerfiles/java-gateway/alpine/Dockerfile | 1 - Dockerfiles/java-gateway/centos/Dockerfile | 1 - Dockerfiles/java-gateway/ol/Dockerfile | 1 - Dockerfiles/java-gateway/rhel/Dockerfile | 1 - Dockerfiles/java-gateway/ubuntu/Dockerfile | 1 - Dockerfiles/proxy-mysql/alpine/Dockerfile | 9 +++++---- Dockerfiles/proxy-mysql/centos/Dockerfile | 8 ++++---- Dockerfiles/proxy-mysql/ol/Dockerfile | 8 ++++---- Dockerfiles/proxy-mysql/rhel/Dockerfile | 8 ++++---- Dockerfiles/proxy-mysql/ubuntu/Dockerfile | 9 +++++---- Dockerfiles/proxy-sqlite3/alpine/Dockerfile | 9 +++++---- Dockerfiles/proxy-sqlite3/centos/Dockerfile | 8 ++++---- Dockerfiles/proxy-sqlite3/ol/Dockerfile | 8 ++++---- Dockerfiles/proxy-sqlite3/rhel/Dockerfile | 8 ++++---- Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile | 8 ++++---- Dockerfiles/server-mysql/alpine/Dockerfile | 9 +++++---- Dockerfiles/server-mysql/centos/Dockerfile | 9 +++++---- Dockerfiles/server-mysql/ol/Dockerfile | 9 +++++---- Dockerfiles/server-mysql/rhel/Dockerfile | 9 +++++---- Dockerfiles/server-mysql/ubuntu/Dockerfile | 9 +++++---- Dockerfiles/server-pgsql/alpine/Dockerfile | 8 ++++---- Dockerfiles/server-pgsql/centos/Dockerfile | 9 +++++---- Dockerfiles/server-pgsql/ol/Dockerfile | 9 +++++---- Dockerfiles/server-pgsql/ubuntu/Dockerfile | 9 +++++---- Dockerfiles/snmptraps/alpine/Dockerfile | 1 - Dockerfiles/snmptraps/centos/Dockerfile | 1 - Dockerfiles/snmptraps/ol/Dockerfile | 1 - Dockerfiles/snmptraps/rhel/Dockerfile | 1 - Dockerfiles/snmptraps/ubuntu/Dockerfile | 1 - Dockerfiles/web-apache-mysql/alpine/Dockerfile | 1 - Dockerfiles/web-apache-mysql/centos/Dockerfile | 1 - Dockerfiles/web-apache-mysql/ol/Dockerfile | 1 - Dockerfiles/web-apache-mysql/ubuntu/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/alpine/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/centos/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/ol/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/alpine/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/centos/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/ol/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/rhel/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/alpine/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/centos/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/ol/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile | 1 - Dockerfiles/web-service/alpine/Dockerfile | 1 - Dockerfiles/web-service/centos/Dockerfile | 1 - Dockerfiles/web-service/ol/Dockerfile | 1 - Dockerfiles/web-service/rhel/Dockerfile | 2 +- Dockerfiles/web-service/ubuntu/Dockerfile | 1 - 61 files changed, 96 insertions(+), 118 deletions(-) diff --git a/Dockerfiles/agent/alpine/Dockerfile b/Dockerfiles/agent/alpine/Dockerfile index 0b4c9115b..7762f371a 100644 --- a/Dockerfiles/agent/alpine/Dockerfile +++ b/Dockerfiles/agent/alpine/Dockerfile @@ -58,7 +58,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index 9e2ff189f..50ca5c639 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -54,7 +54,7 @@ RUN set -eux && \ zabbix && \ useradd \ --system --comment "Zabbix monitoring system" \ - -g zabbix -G root \ + -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index e84373811..9ef583f3c 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -56,7 +56,7 @@ RUN set -eux && \ useradd \ --system \ --comment "Zabbix monitoring system" \ - -g zabbix -G root \ + -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index 4d3577dc7..0dc5e0517 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -81,7 +81,7 @@ RUN set -eux && \ useradd \ --system \ --comment "Zabbix monitoring system" \ - -g zabbix -G root \ + -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent/ubuntu/Dockerfile b/Dockerfiles/agent/ubuntu/Dockerfile index 1eef5bed1..fb22caf1c 100644 --- a/Dockerfiles/agent/ubuntu/Dockerfile +++ b/Dockerfiles/agent/ubuntu/Dockerfile @@ -53,7 +53,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent2/alpine/Dockerfile b/Dockerfiles/agent2/alpine/Dockerfile index 801ac9e6d..34025bb37 100644 --- a/Dockerfiles/agent2/alpine/Dockerfile +++ b/Dockerfiles/agent2/alpine/Dockerfile @@ -61,7 +61,7 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/centos/Dockerfile b/Dockerfiles/agent2/centos/Dockerfile index 2337ad79f..97973c3d7 100644 --- a/Dockerfiles/agent2/centos/Dockerfile +++ b/Dockerfiles/agent2/centos/Dockerfile @@ -62,11 +62,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/ol/Dockerfile b/Dockerfiles/agent2/ol/Dockerfile index f6fba30e4..c76c9636b 100644 --- a/Dockerfiles/agent2/ol/Dockerfile +++ b/Dockerfiles/agent2/ol/Dockerfile @@ -63,11 +63,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index 1d3eafcf0..fd5126815 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -89,11 +89,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/ubuntu/Dockerfile b/Dockerfiles/agent2/ubuntu/Dockerfile index de6128a29..29770dd5e 100644 --- a/Dockerfiles/agent2/ubuntu/Dockerfile +++ b/Dockerfiles/agent2/ubuntu/Dockerfile @@ -58,11 +58,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/java-gateway/alpine/Dockerfile b/Dockerfiles/java-gateway/alpine/Dockerfile index 7c525ab49..28368d66e 100644 --- a/Dockerfiles/java-gateway/alpine/Dockerfile +++ b/Dockerfiles/java-gateway/alpine/Dockerfile @@ -50,7 +50,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix/ && \ mkdir -p /usr/sbin/zabbix_java/ && \ mkdir -p /usr/sbin/zabbix_java/ext_lib/ && \ diff --git a/Dockerfiles/java-gateway/centos/Dockerfile b/Dockerfiles/java-gateway/centos/Dockerfile index 47d258d98..8e33fc5d7 100644 --- a/Dockerfiles/java-gateway/centos/Dockerfile +++ b/Dockerfiles/java-gateway/centos/Dockerfile @@ -49,7 +49,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/java-gateway/ol/Dockerfile b/Dockerfiles/java-gateway/ol/Dockerfile index f058f42a8..b71db4be1 100644 --- a/Dockerfiles/java-gateway/ol/Dockerfile +++ b/Dockerfiles/java-gateway/ol/Dockerfile @@ -49,7 +49,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/java-gateway/rhel/Dockerfile b/Dockerfiles/java-gateway/rhel/Dockerfile index 213128585..7eff9ea32 100644 --- a/Dockerfiles/java-gateway/rhel/Dockerfile +++ b/Dockerfiles/java-gateway/rhel/Dockerfile @@ -69,7 +69,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/java-gateway/ubuntu/Dockerfile b/Dockerfiles/java-gateway/ubuntu/Dockerfile index aa49b693d..2fc5b4558 100644 --- a/Dockerfiles/java-gateway/ubuntu/Dockerfile +++ b/Dockerfiles/java-gateway/ubuntu/Dockerfile @@ -45,7 +45,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/proxy-mysql/alpine/Dockerfile b/Dockerfiles/proxy-mysql/alpine/Dockerfile index 52bd9d7ae..3a173be0d 100644 --- a/Dockerfiles/proxy-mysql/alpine/Dockerfile +++ b/Dockerfiles/proxy-mysql/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -35,10 +36,10 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql RUN set -eux && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ iputils \ + libcap \ libcurl \ libevent \ libldap \ @@ -68,8 +69,8 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/centos/Dockerfile b/Dockerfiles/proxy-mysql/centos/Dockerfile index d5a9a0491..1594fea7e 100644 --- a/Dockerfiles/proxy-mysql/centos/Dockerfile +++ b/Dockerfiles/proxy-mysql/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -36,7 +37,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql RUN set -eux && \ REPOLIST="baseos,appstream,crb,epel" && \ INSTALL_PKGS="libevent \ - sudo \ traceroute \ nmap \ gzip \ @@ -69,12 +69,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/ol/Dockerfile b/Dockerfiles/proxy-mysql/ol/Dockerfile index 257c6d29e..c360dd318 100644 --- a/Dockerfiles/proxy-mysql/ol/Dockerfile +++ b/Dockerfiles/proxy-mysql/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -36,7 +37,6 @@ COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel RUN set -eux && \ INSTALL_PKGS="libevent \ - sudo \ traceroute \ nmap \ gzip \ @@ -71,12 +71,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 6cd1647f2..433d93b0c 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -15,7 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL description="Zabbix proxy with MySQL database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -54,7 +55,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql RUN set -eux && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ shadow-utils \ @@ -101,12 +101,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 5d02a9e34..e585ac322 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -36,7 +37,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ - INSTALL_PKGS="sudo \ + INSTALL_PKGS="bash \ traceroute \ nmap \ ca-certificates \ @@ -66,12 +67,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile index 6e110798b..5f01a6ba7 100644 --- a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -34,11 +35,11 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ RUN set -eux && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ fping \ iputils \ + libcap \ libcurl \ libevent \ libldap \ @@ -66,8 +67,8 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ - adduser zabbix root && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/centos/Dockerfile b/Dockerfiles/proxy-sqlite3/centos/Dockerfile index 74d0b452d..3a37368e2 100644 --- a/Dockerfiles/proxy-sqlite3/centos/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -35,7 +36,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ RUN set -eux && \ REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="libevent \ - sudo \ traceroute \ nmap \ libssh \ @@ -66,12 +66,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/ol/Dockerfile b/Dockerfiles/proxy-sqlite3/ol/Dockerfile index ce7d87366..6e86f4e88 100644 --- a/Dockerfiles/proxy-sqlite3/ol/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -35,7 +36,6 @@ COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel RUN set -eux && \ INSTALL_PKGS="libevent \ - sudo \ traceroute \ nmap \ libssh \ @@ -67,12 +67,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index 1f38583d0..52ea546b9 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -15,7 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL description="Zabbix proxy with SQLite3 database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -53,7 +54,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ RUN set -eux && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ shadow-utils \ @@ -98,12 +98,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index 236106c63..a79cbfcd3 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -35,7 +36,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ ca-certificates \ @@ -64,12 +64,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/server-mysql/alpine/Dockerfile b/Dockerfiles/server-mysql/alpine/Dockerfile index d8b005ac5..d30bcb0f5 100644 --- a/Dockerfiles/server-mysql/alpine/Dockerfile +++ b/Dockerfiles/server-mysql/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -36,11 +37,11 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sq RUN set -eux && \ INSTALL_PKGS="bash \ fping \ - sudo \ traceroute \ nmap \ tzdata \ iputils \ + libcap \ libcurl \ libevent \ libldap \ @@ -69,9 +70,9 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ adduser zabbix dialout && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/centos/Dockerfile b/Dockerfiles/server-mysql/centos/Dockerfile index 1b0d88404..43b8d581e 100644 --- a/Dockerfiles/server-mysql/centos/Dockerfile +++ b/Dockerfiles/server-mysql/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -36,7 +37,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sq RUN set -eux && \ REPOLIST="baseos,appstream,crb,epel" && \ INSTALL_PKGS="fping \ - sudo \ traceroute \ nmap \ file-libs \ @@ -79,12 +79,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/ol/Dockerfile b/Dockerfiles/server-mysql/ol/Dockerfile index cb23038be..86251f306 100644 --- a/Dockerfiles/server-mysql/ol/Dockerfile +++ b/Dockerfiles/server-mysql/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -37,7 +38,6 @@ COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel RUN set -eux && \ INSTALL_PKGS="bash \ fping \ - sudo \ traceroute \ nmap \ file-libs \ @@ -74,12 +74,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index 90b03a7f5..91df2e5f9 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -15,7 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL description="Zabbix server with MySQL database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -54,7 +55,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sq RUN set -eux && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ fping \ @@ -109,12 +109,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/ubuntu/Dockerfile b/Dockerfiles/server-mysql/ubuntu/Dockerfile index 655f75df5..dca20b30d 100644 --- a/Dockerfiles/server-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/server-mysql/ubuntu/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -36,7 +37,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sq RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ tzdata \ @@ -69,12 +69,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/alpine/Dockerfile b/Dockerfiles/server-pgsql/alpine/Dockerfile index 0e742868c..89701c3de 100644 --- a/Dockerfiles/server-pgsql/alpine/Dockerfile +++ b/Dockerfiles/server-pgsql/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -38,7 +39,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb RUN set -eux && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ fping \ @@ -72,9 +72,9 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ adduser zabbix dialout && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index 992775872..faaf44647 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -40,7 +41,6 @@ RUN set -eux && \ REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="fping \ file-libs \ - sudo \ traceroute \ nmap \ iputils \ @@ -82,12 +82,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 0e4cc2e45..7e703e8a1 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.title="Zabbix server (PostgreSQL)" \ org.opencontainers.image.authors="Alexey Pustovalov " \ @@ -40,7 +41,6 @@ COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel RUN set -eux && \ INSTALL_PKGS="fping \ file-libs \ - sudo \ traceroute \ nmap \ iputils \ @@ -75,12 +75,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/ubuntu/Dockerfile b/Dockerfiles/server-pgsql/ubuntu/Dockerfile index e6cd54457..b8fba2384 100644 --- a/Dockerfiles/server-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/server-pgsql/ubuntu/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/mibs/ietf:/var/lib/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -39,7 +40,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ - sudo \ traceroute \ nmap \ tzdata \ @@ -72,12 +72,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/snmptraps/alpine/Dockerfile b/Dockerfiles/snmptraps/alpine/Dockerfile index 7dc771e80..6cd9465ed 100644 --- a/Dockerfiles/snmptraps/alpine/Dockerfile +++ b/Dockerfiles/snmptraps/alpine/Dockerfile @@ -42,7 +42,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/snmptraps && \ mkdir -p /var/lib/zabbix/mibs && \ diff --git a/Dockerfiles/snmptraps/centos/Dockerfile b/Dockerfiles/snmptraps/centos/Dockerfile index 878dc4c08..b1e9affa4 100644 --- a/Dockerfiles/snmptraps/centos/Dockerfile +++ b/Dockerfiles/snmptraps/centos/Dockerfile @@ -41,7 +41,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/snmptraps/ol/Dockerfile b/Dockerfiles/snmptraps/ol/Dockerfile index 8b479f863..fa7a00001 100644 --- a/Dockerfiles/snmptraps/ol/Dockerfile +++ b/Dockerfiles/snmptraps/ol/Dockerfile @@ -41,7 +41,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/snmptraps/rhel/Dockerfile b/Dockerfiles/snmptraps/rhel/Dockerfile index f63ca9162..2d40fdc28 100644 --- a/Dockerfiles/snmptraps/rhel/Dockerfile +++ b/Dockerfiles/snmptraps/rhel/Dockerfile @@ -63,7 +63,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/snmptraps/ubuntu/Dockerfile b/Dockerfiles/snmptraps/ubuntu/Dockerfile index 786f4a933..c4c41ea95 100644 --- a/Dockerfiles/snmptraps/ubuntu/Dockerfile +++ b/Dockerfiles/snmptraps/ubuntu/Dockerfile @@ -39,7 +39,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-mysql/alpine/Dockerfile b/Dockerfiles/web-apache-mysql/alpine/Dockerfile index ea50208d9..415920c53 100644 --- a/Dockerfiles/web-apache-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-mysql/alpine/Dockerfile @@ -73,7 +73,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-apache-mysql/centos/Dockerfile b/Dockerfiles/web-apache-mysql/centos/Dockerfile index 7dc34ca21..a39ec5e7e 100644 --- a/Dockerfiles/web-apache-mysql/centos/Dockerfile +++ b/Dockerfiles/web-apache-mysql/centos/Dockerfile @@ -64,7 +64,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-mysql/ol/Dockerfile b/Dockerfiles/web-apache-mysql/ol/Dockerfile index 558ae8168..905e93eb5 100644 --- a/Dockerfiles/web-apache-mysql/ol/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ol/Dockerfile @@ -65,7 +65,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile index 0aaa01011..25527e252 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile @@ -57,7 +57,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile index c052e4f45..d6c923898 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile @@ -72,7 +72,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-apache-pgsql/centos/Dockerfile b/Dockerfiles/web-apache-pgsql/centos/Dockerfile index 6a7df3f5e..933a9e28f 100644 --- a/Dockerfiles/web-apache-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/centos/Dockerfile @@ -64,7 +64,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-pgsql/ol/Dockerfile b/Dockerfiles/web-apache-pgsql/ol/Dockerfile index 21c48d2b1..3a31f9070 100644 --- a/Dockerfiles/web-apache-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ol/Dockerfile @@ -65,7 +65,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile index 23f9409b1..5bdbd452d 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile @@ -57,7 +57,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile index 61b7b5d86..4f02a8c42 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile @@ -74,7 +74,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-nginx-mysql/centos/Dockerfile b/Dockerfiles/web-nginx-mysql/centos/Dockerfile index 731e06e75..d93d971e4 100644 --- a/Dockerfiles/web-nginx-mysql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/centos/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/ol/Dockerfile b/Dockerfiles/web-nginx-mysql/ol/Dockerfile index b7a59f615..ff51ad454 100644 --- a/Dockerfiles/web-nginx-mysql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ol/Dockerfile @@ -63,7 +63,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index e6b7a7479..1d4e5e1e6 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -95,7 +95,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile index f3056d638..5a4c2c5c0 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile @@ -78,7 +78,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile index e9e585943..d97380032 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile @@ -73,7 +73,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile index a10097cfc..a607420c6 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile @@ -62,7 +62,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile index 23bb82093..40aad09c9 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile @@ -63,7 +63,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile index 8874fae9e..866d7c9d4 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile @@ -78,7 +78,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-service/alpine/Dockerfile b/Dockerfiles/web-service/alpine/Dockerfile index ad8216525..4a60511cf 100644 --- a/Dockerfiles/web-service/alpine/Dockerfile +++ b/Dockerfiles/web-service/alpine/Dockerfile @@ -49,7 +49,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ chown --quiet -R zabbix:root /etc/zabbix/ /var/lib/zabbix/ && \ diff --git a/Dockerfiles/web-service/centos/Dockerfile b/Dockerfiles/web-service/centos/Dockerfile index b795779b8..bd9b05871 100644 --- a/Dockerfiles/web-service/centos/Dockerfile +++ b/Dockerfiles/web-service/centos/Dockerfile @@ -50,7 +50,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-service/ol/Dockerfile b/Dockerfiles/web-service/ol/Dockerfile index 88eccbe76..508c20d25 100644 --- a/Dockerfiles/web-service/ol/Dockerfile +++ b/Dockerfiles/web-service/ol/Dockerfile @@ -51,7 +51,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index 66ed24b9b..cd21dffbf 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -79,7 +79,7 @@ RUN set -eux && \ groupadd --system --gid 1995 zabbix && \ useradd \ --system --comment "Zabbix monitoring system" \ - -g zabbix -G root \ + -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-service/ubuntu/Dockerfile b/Dockerfiles/web-service/ubuntu/Dockerfile index 54bdbcba9..55185b89e 100644 --- a/Dockerfiles/web-service/ubuntu/Dockerfile +++ b/Dockerfiles/web-service/ubuntu/Dockerfile @@ -57,7 +57,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \