feat: auto-scan containers, tunnel stability, and SSH container proxy#72
feat: auto-scan containers, tunnel stability, and SSH container proxy#72hsinatfootprintai merged 1 commit intomainfrom
Conversation
## ClamAV Auto-Scan - Subscribe to container creation events and auto-enqueue ClamAV scan after 2-minute delay (previously waited 24h for next scan cycle) ## Tunnel SSH Stability - Close yamux session on context cancel for clean shutdown - Close write side of TCP connections in bidirectional proxy to properly propagate EOF (fixes SSH connections hanging/dropping) - Apply fix on both tunnel client and tunnel server sides ## SSH Container Proxy - Add Containarium ASCII banner to containarium-shell for interactive sessions - Show container name, user, IP, and host in banner - Extract eth0 IP correctly (skip Docker bridge) - Create .hushlogin for new users to suppress host MOTD - Setup script: auto-configure sudoers, sshd MOTD suppression, and banner Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| // Success! | ||
| // Success! Create .hushlogin to suppress host MOTD (user lands in container via containarium-shell) | ||
| hushPath := filepath.Join("/home", username, ".hushlogin") | ||
| _ = os.WriteFile(hushPath, nil, 0644) |
Check failure
Code scanning / gosec
Expect WriteFile permissions to be 0600 or less Error
| // Close session when context is cancelled (enables clean shutdown) | ||
| go func() { | ||
| <-ctx.Done() | ||
| session.Close() |
Check warning
Code scanning / gosec
Errors unhandled Warning
| io.Copy(localConn, stream) | ||
| // Close write side of local conn to signal EOF | ||
| if tc, ok := localConn.(*net.TCPConn); ok { | ||
| tc.CloseWrite() |
Check warning
Code scanning / gosec
Errors unhandled Warning
| io.Copy(stream, localConn) | ||
| // Close write side of stream to signal EOF | ||
| if cs, ok := stream.(interface{ CloseWrite() error }); ok { | ||
| cs.CloseWrite() |
Check warning
Code scanning / gosec
Errors unhandled Warning
| go func() { | ||
| io.Copy(stream, localConn) | ||
| if cs, ok := stream.(interface{ CloseWrite() error }); ok { | ||
| cs.CloseWrite() |
Check warning
Code scanning / gosec
Errors unhandled Warning
| go func() { | ||
| io.Copy(localConn, stream) | ||
| if tc, ok := localConn.(*net.TCPConn); ok { | ||
| tc.CloseWrite() |
Check warning
Code scanning / gosec
Errors unhandled Warning
3 participants
ClamAV Auto-Scan
Tunnel SSH Stability
SSH Container Proxy