Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy synced 2025-06-26 18:27:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add security audit

Browse Source
This commit is contained in:
Mauricio Siu
2024-12-15 21:13:37 -06:00
parent c0acdc5df1
commit 58c2ceb355
5 changed files with 182 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
packages/server/src/index.ts
View File

@@ -43,6 +43,7 @@ export * from "./setup/server-security";
export * from "./setup/setup";
export * from "./setup/traefik-setup";
export * from "./setup/server-validate";
export * from "./setup/server-audit";
export * from "./utils/backups/index";
export * from "./utils/backups/mariadb";

12
packages/server/src/setup/server-audit.ts
View File

@@ -26,18 +26,18 @@ const validateSsh = () => `
`;
const validateNonRootUser = () => `
sudoUsers=$(grep -Po '^sudo:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
adminUsers=$(grep -Po '^admin:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
privilegedUsers=$(echo -e "${sudoUsers}\\n${adminUsers}" | sort -u | grep -v '^$')
sudoUsers=\$(grep -Po '^sudo:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
adminUsers=\$(grep -Po '^admin:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
privilegedUsers=\$(echo -e "\${sudoUsers}\\n\${adminUsers}" | sort -u | grep -v '^$')
validUserFound=false
while IFS= read -r user; do
userShell=$(getent passwd "$user" | cut -d: -f7)
if [[ "$userShell" != "/usr/sbin/nologin" && "$userShell" != "/bin/false" ]]; then
userShell=\$(getent passwd "\$user" | cut -d: -f7)
if [[ "\$userShell" != "/usr/sbin/nologin" && "\$userShell" != "/bin/false" ]]; then
validUserFound=true
break
fi
done <<< "$privilegedUsers"
done <<< "\$privilegedUsers"
echo "{\\"hasValidSudoUser\\": $validUserFound}"
`;

26
packages/server/src/setup/server-security.ts
View File

@@ -89,6 +89,32 @@ export const serverSecurity = async (serverId: string) => {
fi
}
check_dependencies() {
echo -e "Checking required dependencies..."
local required_commands=("curl" "jq" "systemctl" "apt-get")
local missing_commands=()
for cmd in "\${required_commands[@]}"; do
if ! command -v "\$cmd" >/dev/null 2>&1; then
missing_commands+=("\$cmd")
fi
done
if [ \${#missing_commands[@]} -ne 0 ]; then
echo -e "\${RED}The following required commands are missing:\${NC}"
for cmd in "\${missing_commands[@]}"; do
echo " - \$cmd"
done
echo
echo -e "\${YELLOW}Please install these commands before running this script.\${NC}"
exit 1
fi
echo -e "All required dependencies are installed\n"
return 0
}
os=$(check_os)