Skip to content
This repository has been archived by the owner on Feb 26, 2021. It is now read-only.

Add privileged docker image to support operating system scans and more scripts #20

Merged
merged 3 commits into from
Aug 21, 2019

Conversation

J12934
Copy link
Member

@J12934 J12934 commented Jun 28, 2019

🐳 Added new docker image tag

All images are now build as two version the default one, and one were special capabilities required by nmap are added. The images don't have a privileged user but only have added the required capabilities to the nmap binary.

These are available for tagged releases and the develop versions:

  • vX.X.X-privileged (e.g. v1.0.5-privileged)
  • develop-privileged

👮‍♀️ Added Capabilities for new image tag

  • cap_net_raw
  • cap_net_admin
  • cap_net_bind_service

See: https://secwiki.org/w/Running_nmap_as_an_unprivileged_user#Set_capabilities

⎈ Container Orchestrator Notes

To properly run these images the capabilities must also be added to the orchestrator. Most orchestrators do that quite easily:

@J12934 J12934 added the enhancement New feature or request label Jun 28, 2019
@J12934 J12934 self-assigned this Jun 28, 2019
@J12934 J12934 marked this pull request as ready for review August 21, 2019 08:12
@J12934 J12934 requested a review from dpatanin August 21, 2019 08:12
@dpatanin dpatanin merged commit 371ae19 into master Aug 21, 2019
@J12934 J12934 deleted the support-os-scans branch August 21, 2019 11:15
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants