extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-09 00:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed root group for zabbix user in all images. Using nmap without sudo permissions

Browse Source
This commit is contained in:
Alexey Pustovalov
2024-01-19 00:19:02 +09:00
parent 180c638483
commit bf8b26a5d8
56 changed files with 100 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfiles/proxy-mysql/alpine/Dockerfile
View File

@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -36,9 +37,10 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql
RUN set -eux && \
INSTALL_PKGS="bash \
tini \
sudo \
traceroute \
nmap \
iputils \
libcap \
libcurl \
libevent \
libldap \
@ -68,8 +70,8 @@ RUN set -eux && \
--shell /sbin/nologin \
--home /var/lib/zabbix/ \
zabbix && \
adduser zabbix root && \
echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \

8
Dockerfiles/proxy-mysql/centos/Dockerfile
View File

@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -37,7 +38,6 @@ RUN set -eux && \
REPOLIST="baseos,appstream,epel" && \
INSTALL_PKGS="libevent \
tini \
sudo \
traceroute \
nmap \
gzip \
@ -71,12 +71,12 @@ RUN set -eux && \
--system \
--comment "Zabbix monitoring system" \
-g zabbix \
-G root \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
zabbix && \
echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \

8
Dockerfiles/proxy-mysql/ol/Dockerfile
View File

@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -37,7 +38,6 @@ COPY ["conf/etc/yum.repos.d/oracle-epel-ol8.repo", "/etc/yum.repos.d/oracle-epel
RUN set -eux && \
INSTALL_PKGS="libevent \
tini \
sudo \
traceroute \
nmap \
gzip \
@ -72,12 +72,12 @@ RUN set -eux && \
--system \
--comment "Zabbix monitoring system" \
-g zabbix \
-G root \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
zabbix && \
echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \

8
Dockerfiles/proxy-mysql/rhel/Dockerfile
View File

@ -15,7 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
LABEL description="Zabbix proxy with MySQL database support" \
maintainer="alexey.pustovalov@zabbix.com" \
@ -55,7 +56,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql
RUN set -eux && \
INSTALL_PKGS="bash \
tini \
sudo \
traceroute \
nmap \
shadow-utils \
@ -101,12 +101,12 @@ RUN set -eux && \
--system \
--comment "Zabbix monitoring system" \
-g zabbix \
-G root \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
zabbix && \
echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \

11
Dockerfiles/proxy-mysql/ubuntu/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \
NMAP_PRIVILEGED=""
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix proxy with MySQL database support" \
@ -36,8 +37,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql
RUN set -eux && \
echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
INSTALL_PKGS="tini \
sudo \
INSTALL_PKGS="bash \
tini \
traceroute \
nmap \
ca-certificates \
@ -66,12 +67,12 @@ RUN set -eux && \
--system \
--comment "Zabbix monitoring system" \
-g zabbix \
-G root \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
zabbix && \
echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \
chgrp zabbix /usr/bin/nmap && \
setcap cap_net_raw+eip /usr/bin/nmap && \
mkdir -p /etc/zabbix && \
mkdir -p /var/lib/zabbix && \
mkdir -p /var/lib/zabbix/enc && \