Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy synced 2025-06-26 18:27:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add security audit

Browse Source
This commit is contained in:
Mauricio Siu
2024-12-15 21:13:37 -06:00
parent c0acdc5df1
commit 58c2ceb355
5 changed files with 182 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
packages/server/src/setup/server-audit.ts
View File

@@ -26,18 +26,18 @@ const validateSsh = () => `
`;
const validateNonRootUser = () => `
sudoUsers=$(grep -Po '^sudo:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
adminUsers=$(grep -Po '^admin:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
privilegedUsers=$(echo -e "${sudoUsers}\\n${adminUsers}" | sort -u | grep -v '^$')
sudoUsers=\$(grep -Po '^sudo:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
adminUsers=\$(grep -Po '^admin:.*:\\K.*$' /etc/group | tr ',' '\\n' | grep -v root)
privilegedUsers=\$(echo -e "\${sudoUsers}\\n\${adminUsers}" | sort -u | grep -v '^$')
validUserFound=false
while IFS= read -r user; do
userShell=$(getent passwd "$user" | cut -d: -f7)
if [[ "$userShell" != "/usr/sbin/nologin" && "$userShell" != "/bin/false" ]]; then
userShell=\$(getent passwd "\$user" | cut -d: -f7)
if [[ "\$userShell" != "/usr/sbin/nologin" && "\$userShell" != "/bin/false" ]]; then
validUserFound=true
break
fi
done <<< "$privilegedUsers"
done <<< "\$privilegedUsers"
echo "{\\"hasValidSudoUser\\": $validUserFound}"
`;