From bf8b26a5d84c71a5f46b81ffdd921fbd129e9ad4 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 19 Jan 2024 00:19:02 +0900 Subject: [PATCH] Removed root group for zabbix user in all images. Using nmap without sudo permissions --- Dockerfiles/agent/alpine/Dockerfile | 1 - Dockerfiles/agent/centos/Dockerfile | 2 +- Dockerfiles/agent/ol/Dockerfile | 2 +- Dockerfiles/agent/rhel/Dockerfile | 2 +- Dockerfiles/agent/ubuntu/Dockerfile | 1 - Dockerfiles/agent2/alpine/Dockerfile | 2 +- Dockerfiles/agent2/centos/Dockerfile | 2 +- Dockerfiles/agent2/ol/Dockerfile | 2 +- Dockerfiles/agent2/rhel/Dockerfile | 2 +- Dockerfiles/agent2/ubuntu/Dockerfile | 2 +- Dockerfiles/java-gateway/alpine/Dockerfile | 1 - Dockerfiles/java-gateway/centos/Dockerfile | 1 - Dockerfiles/java-gateway/ol/Dockerfile | 1 - Dockerfiles/java-gateway/rhel/Dockerfile | 1 - Dockerfiles/java-gateway/ubuntu/Dockerfile | 1 - Dockerfiles/proxy-mysql/alpine/Dockerfile | 10 ++++++---- Dockerfiles/proxy-mysql/centos/Dockerfile | 8 ++++---- Dockerfiles/proxy-mysql/ol/Dockerfile | 8 ++++---- Dockerfiles/proxy-mysql/rhel/Dockerfile | 8 ++++---- Dockerfiles/proxy-mysql/ubuntu/Dockerfile | 11 ++++++----- Dockerfiles/proxy-sqlite3/alpine/Dockerfile | 10 ++++++---- Dockerfiles/proxy-sqlite3/centos/Dockerfile | 8 ++++---- Dockerfiles/proxy-sqlite3/ol/Dockerfile | 8 ++++---- Dockerfiles/proxy-sqlite3/rhel/Dockerfile | 8 ++++---- Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile | 8 ++++---- Dockerfiles/server-mysql/alpine/Dockerfile | 10 ++++++---- Dockerfiles/server-mysql/centos/Dockerfile | 9 +++++---- Dockerfiles/server-mysql/ol/Dockerfile | 9 +++++---- Dockerfiles/server-mysql/rhel/Dockerfile | 9 +++++---- Dockerfiles/server-mysql/ubuntu/Dockerfile | 9 +++++---- Dockerfiles/server-pgsql/alpine/Dockerfile | 9 +++++---- Dockerfiles/server-pgsql/centos/Dockerfile | 9 +++++---- Dockerfiles/server-pgsql/ol/Dockerfile | 9 +++++---- Dockerfiles/server-pgsql/ubuntu/Dockerfile | 9 +++++---- Dockerfiles/snmptraps/alpine/Dockerfile | 1 - Dockerfiles/snmptraps/centos/Dockerfile | 1 - Dockerfiles/snmptraps/ol/Dockerfile | 1 - Dockerfiles/snmptraps/rhel/Dockerfile | 1 - Dockerfiles/snmptraps/ubuntu/Dockerfile | 1 - Dockerfiles/web-apache-mysql/alpine/Dockerfile | 1 - Dockerfiles/web-apache-mysql/centos/Dockerfile | 1 - Dockerfiles/web-apache-mysql/ol/Dockerfile | 1 - Dockerfiles/web-apache-mysql/ubuntu/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/alpine/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/centos/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/ol/Dockerfile | 1 - Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/alpine/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/centos/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/ol/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/rhel/Dockerfile | 1 - Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/alpine/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/centos/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/ol/Dockerfile | 1 - Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile | 1 - 56 files changed, 100 insertions(+), 114 deletions(-) diff --git a/Dockerfiles/agent/alpine/Dockerfile b/Dockerfiles/agent/alpine/Dockerfile index 5a98b9801..c672652e6 100644 --- a/Dockerfiles/agent/alpine/Dockerfile +++ b/Dockerfiles/agent/alpine/Dockerfile @@ -58,7 +58,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent/centos/Dockerfile b/Dockerfiles/agent/centos/Dockerfile index 07dcbdeaf..86fdb6eab 100644 --- a/Dockerfiles/agent/centos/Dockerfile +++ b/Dockerfiles/agent/centos/Dockerfile @@ -55,7 +55,7 @@ RUN set -eux && \ zabbix && \ useradd \ --system --comment "Zabbix monitoring system" \ - -g zabbix -G root \ + -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent/ol/Dockerfile b/Dockerfiles/agent/ol/Dockerfile index a160dcd54..ca487546d 100644 --- a/Dockerfiles/agent/ol/Dockerfile +++ b/Dockerfiles/agent/ol/Dockerfile @@ -57,7 +57,7 @@ RUN set -eux && \ useradd \ --system \ --comment "Zabbix monitoring system" \ - -g zabbix -G root \ + -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index e48e0c606..2aceaf59b 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -82,7 +82,7 @@ RUN set -eux && \ useradd \ --system \ --comment "Zabbix monitoring system" \ - -g zabbix -G root \ + -g zabbix \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent/ubuntu/Dockerfile b/Dockerfiles/agent/ubuntu/Dockerfile index ea68486b2..63e8628fe 100644 --- a/Dockerfiles/agent/ubuntu/Dockerfile +++ b/Dockerfiles/agent/ubuntu/Dockerfile @@ -52,7 +52,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/agent2/alpine/Dockerfile b/Dockerfiles/agent2/alpine/Dockerfile index a352b8737..5c7d451e5 100644 --- a/Dockerfiles/agent2/alpine/Dockerfile +++ b/Dockerfiles/agent2/alpine/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/centos/Dockerfile b/Dockerfiles/agent2/centos/Dockerfile index eab304506..22ab5b719 100644 --- a/Dockerfiles/agent2/centos/Dockerfile +++ b/Dockerfiles/agent2/centos/Dockerfile @@ -58,11 +58,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/ol/Dockerfile b/Dockerfiles/agent2/ol/Dockerfile index 467cb5d74..930b4b226 100644 --- a/Dockerfiles/agent2/ol/Dockerfile +++ b/Dockerfiles/agent2/ol/Dockerfile @@ -59,11 +59,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index 619f5dcc0..4fe7f8093 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -85,11 +85,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/agent2/ubuntu/Dockerfile b/Dockerfiles/agent2/ubuntu/Dockerfile index ec4cbd8cf..5b3dcbb4f 100644 --- a/Dockerfiles/agent2/ubuntu/Dockerfile +++ b/Dockerfiles/agent2/ubuntu/Dockerfile @@ -53,11 +53,11 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ + echo "zabbix ALL=(root) NOPASSWD: /usr/sbin/smartctl" >> /etc/sudoers.d/zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/zabbix_agentd.d && \ mkdir -p /var/lib/zabbix && \ diff --git a/Dockerfiles/java-gateway/alpine/Dockerfile b/Dockerfiles/java-gateway/alpine/Dockerfile index b2a678290..f18070bfa 100644 --- a/Dockerfiles/java-gateway/alpine/Dockerfile +++ b/Dockerfiles/java-gateway/alpine/Dockerfile @@ -50,7 +50,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix/ && \ mkdir -p /usr/sbin/zabbix_java/ && \ mkdir -p /usr/sbin/zabbix_java/ext_lib/ && \ diff --git a/Dockerfiles/java-gateway/centos/Dockerfile b/Dockerfiles/java-gateway/centos/Dockerfile index d0fe9c386..345ad2e33 100644 --- a/Dockerfiles/java-gateway/centos/Dockerfile +++ b/Dockerfiles/java-gateway/centos/Dockerfile @@ -49,7 +49,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/java-gateway/ol/Dockerfile b/Dockerfiles/java-gateway/ol/Dockerfile index 98ee7e4b1..15888bcb5 100644 --- a/Dockerfiles/java-gateway/ol/Dockerfile +++ b/Dockerfiles/java-gateway/ol/Dockerfile @@ -49,7 +49,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/java-gateway/rhel/Dockerfile b/Dockerfiles/java-gateway/rhel/Dockerfile index c98a2e14b..4ad2dcb49 100644 --- a/Dockerfiles/java-gateway/rhel/Dockerfile +++ b/Dockerfiles/java-gateway/rhel/Dockerfile @@ -69,7 +69,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/java-gateway/ubuntu/Dockerfile b/Dockerfiles/java-gateway/ubuntu/Dockerfile index eb190cc03..8171527bf 100644 --- a/Dockerfiles/java-gateway/ubuntu/Dockerfile +++ b/Dockerfiles/java-gateway/ubuntu/Dockerfile @@ -45,7 +45,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/proxy-mysql/alpine/Dockerfile b/Dockerfiles/proxy-mysql/alpine/Dockerfile index 9504f320c..6a24ad77d 100644 --- a/Dockerfiles/proxy-mysql/alpine/Dockerfile +++ b/Dockerfiles/proxy-mysql/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -36,9 +37,10 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql RUN set -eux && \ INSTALL_PKGS="bash \ tini \ - sudo \ + traceroute \ nmap \ iputils \ + libcap \ libcurl \ libevent \ libldap \ @@ -68,8 +70,8 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/centos/Dockerfile b/Dockerfiles/proxy-mysql/centos/Dockerfile index adf2c747a..213e9e507 100644 --- a/Dockerfiles/proxy-mysql/centos/Dockerfile +++ b/Dockerfiles/proxy-mysql/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -37,7 +38,6 @@ RUN set -eux && \ REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="libevent \ tini \ - sudo \ traceroute \ nmap \ gzip \ @@ -71,12 +71,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/ol/Dockerfile b/Dockerfiles/proxy-mysql/ol/Dockerfile index c1b52feb6..c93b2b737 100644 --- a/Dockerfiles/proxy-mysql/ol/Dockerfile +++ b/Dockerfiles/proxy-mysql/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -37,7 +38,6 @@ COPY ["conf/etc/yum.repos.d/oracle-epel-ol8.repo", "/etc/yum.repos.d/oracle-epel RUN set -eux && \ INSTALL_PKGS="libevent \ tini \ - sudo \ traceroute \ nmap \ gzip \ @@ -72,12 +72,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index cf7b4eea6..5dac3b28d 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -15,7 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL description="Zabbix proxy with MySQL database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -55,7 +56,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql RUN set -eux && \ INSTALL_PKGS="bash \ tini \ - sudo \ traceroute \ nmap \ shadow-utils \ @@ -101,12 +101,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile index 361a69dab..333404a8a 100644 --- a/Dockerfiles/proxy-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-mysql/ubuntu/Dockerfile @@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with MySQL database support" \ @@ -36,8 +37,8 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ - INSTALL_PKGS="tini \ - sudo \ + INSTALL_PKGS="bash \ + tini \ traceroute \ nmap \ ca-certificates \ @@ -66,12 +67,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/enc && \ diff --git a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile index a4d7dc432..056d3b4f1 100644 --- a/Dockerfiles/proxy-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -35,10 +36,11 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ RUN set -eux && \ INSTALL_PKGS="bash \ tini \ - sudo \ + traceroute \ nmap \ fping \ iputils \ + libcap \ libcurl \ libevent \ libldap \ @@ -66,8 +68,8 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ - adduser zabbix root && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/centos/Dockerfile b/Dockerfiles/proxy-sqlite3/centos/Dockerfile index d1ed9899a..068228b95 100644 --- a/Dockerfiles/proxy-sqlite3/centos/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -36,7 +37,6 @@ RUN set -eux && \ REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="libevent \ tini \ - sudo \ traceroute \ nmap \ libssh \ @@ -67,12 +67,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/ol/Dockerfile b/Dockerfiles/proxy-sqlite3/ol/Dockerfile index 3b1cf933d..75f341fc2 100644 --- a/Dockerfiles/proxy-sqlite3/ol/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -36,7 +37,6 @@ COPY ["conf/etc/yum.repos.d/oracle-epel-ol8.repo", "/etc/yum.repos.d/oracle-epel RUN set -eux && \ INSTALL_PKGS="libevent \ tini \ - sudo \ traceroute \ nmap \ libssh \ @@ -68,12 +68,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index 3d0448d24..397458a6f 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -15,7 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL description="Zabbix proxy with SQLite3 database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -54,7 +55,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ RUN set -eux && \ INSTALL_PKGS="bash \ tini \ - sudo \ traceroute \ nmap \ shadow-utils \ @@ -97,12 +97,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile index a8f61710f..e741a0b47 100644 --- a/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/ubuntu/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix proxy with SQLite3 database support" \ @@ -36,7 +37,6 @@ RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ - sudo \ traceroute \ nmap \ ca-certificates \ @@ -64,12 +64,12 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/db_data && \ diff --git a/Dockerfiles/server-mysql/alpine/Dockerfile b/Dockerfiles/server-mysql/alpine/Dockerfile index 5344d4066..143210055 100644 --- a/Dockerfiles/server-mysql/alpine/Dockerfile +++ b/Dockerfiles/server-mysql/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -37,10 +38,11 @@ RUN set -eux && \ INSTALL_PKGS="bash \ tini \ fping \ - sudo \ + traceroute \ nmap \ tzdata \ iputils \ + libcap \ libcurl \ libevent \ libldap \ @@ -69,9 +71,9 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ adduser zabbix dialout && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/centos/Dockerfile b/Dockerfiles/server-mysql/centos/Dockerfile index aad56c144..431dadeba 100644 --- a/Dockerfiles/server-mysql/centos/Dockerfile +++ b/Dockerfiles/server-mysql/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -37,7 +38,6 @@ RUN set -eux && \ REPOLIST="baseos,appstream,epel" && \ INSTALL_PKGS="fping \ tini \ - sudo \ traceroute \ nmap \ file-libs \ @@ -74,12 +74,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/ol/Dockerfile b/Dockerfiles/server-mysql/ol/Dockerfile index e0ce4a8cc..7b315fec9 100644 --- a/Dockerfiles/server-mysql/ol/Dockerfile +++ b/Dockerfiles/server-mysql/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -38,7 +39,6 @@ RUN set -eux && \ INSTALL_PKGS="bash \ fping \ tini \ - sudo \ traceroute \ nmap \ file-libs \ @@ -76,12 +76,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index c47366dbf..a26c8985e 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -15,7 +15,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL description="Zabbix server with MySQL database support" \ maintainer="alexey.pustovalov@zabbix.com" \ @@ -55,7 +56,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sq RUN set -eux && \ INSTALL_PKGS="bash \ tini \ - sudo \ traceroute \ nmap \ fping \ @@ -102,12 +102,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-mysql/ubuntu/Dockerfile b/Dockerfiles/server-mysql/ubuntu/Dockerfile index 326856edd..e9f1a6632 100644 --- a/Dockerfiles/server-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/server-mysql/ubuntu/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with MySQL database support" \ @@ -37,7 +38,6 @@ RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ - sudo \ traceroute \ nmap \ tzdata \ @@ -69,12 +69,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/alpine/Dockerfile b/Dockerfiles/server-pgsql/alpine/Dockerfile index f76792fdd..d6d8b7ca1 100644 --- a/Dockerfiles/server-pgsql/alpine/Dockerfile +++ b/Dockerfiles/server-pgsql/alpine/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -37,7 +38,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/postgresql/timescaledb RUN set -eux && \ INSTALL_PKGS="bash \ tini \ - sudo \ + traceroute \ nmap \ fping \ tzdata \ @@ -70,9 +71,9 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ adduser zabbix dialout && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/centos/Dockerfile b/Dockerfiles/server-pgsql/centos/Dockerfile index 7fdbb07bf..8a876bdeb 100644 --- a/Dockerfiles/server-pgsql/centos/Dockerfile +++ b/Dockerfiles/server-pgsql/centos/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -39,7 +40,6 @@ RUN set -eux && \ INSTALL_PKGS="fping \ file-libs \ tini \ - sudo \ traceroute \ nmap \ iputils \ @@ -74,12 +74,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/ol/Dockerfile b/Dockerfiles/server-pgsql/ol/Dockerfile index 9d9489199..443afa46d 100644 --- a/Dockerfiles/server-pgsql/ol/Dockerfile +++ b/Dockerfiles/server-pgsql/ol/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.title="Zabbix server (PostgreSQL)" \ org.opencontainers.image.authors="Alexey Pustovalov " \ @@ -39,7 +40,6 @@ RUN set -eux && \ INSTALL_PKGS="fping \ file-libs \ tini \ - sudo \ traceroute \ nmap \ iputils \ @@ -74,12 +74,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/server-pgsql/ubuntu/Dockerfile b/Dockerfiles/server-pgsql/ubuntu/Dockerfile index 5bb1f2be9..1adb8c1e5 100644 --- a/Dockerfiles/server-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/server-pgsql/ubuntu/Dockerfile @@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git ENV TERM=xterm \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ - MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL + MIBDIRS=/var/lib/snmp/mibs/ietf:/var/lib/snmp/mibs/iana:/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL \ + NMAP_PRIVILEGED="" LABEL org.opencontainers.image.authors="Alexey Pustovalov " \ org.opencontainers.image.description="Zabbix server with PostgreSQL database support" \ @@ -38,7 +39,6 @@ RUN set -eux && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ INSTALL_PKGS="bash \ tini \ - sudo \ traceroute \ nmap \ tzdata \ @@ -70,12 +70,13 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root,dialout \ + -G dialout \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ zabbix && \ - echo "zabbix ALL=(root) NOPASSWD: /usr/bin/nmap" >> /etc/sudoers.d/zabbix && \ + chgrp zabbix /usr/bin/nmap && \ + setcap cap_net_raw+eip /usr/bin/nmap && \ mkdir -p /etc/zabbix && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ diff --git a/Dockerfiles/snmptraps/alpine/Dockerfile b/Dockerfiles/snmptraps/alpine/Dockerfile index ce436037f..26e9c67f6 100644 --- a/Dockerfiles/snmptraps/alpine/Dockerfile +++ b/Dockerfiles/snmptraps/alpine/Dockerfile @@ -42,7 +42,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /var/lib/zabbix && \ mkdir -p /var/lib/zabbix/snmptraps && \ mkdir -p /var/lib/zabbix/mibs && \ diff --git a/Dockerfiles/snmptraps/centos/Dockerfile b/Dockerfiles/snmptraps/centos/Dockerfile index 049016550..4480d40f1 100644 --- a/Dockerfiles/snmptraps/centos/Dockerfile +++ b/Dockerfiles/snmptraps/centos/Dockerfile @@ -41,7 +41,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/snmptraps/ol/Dockerfile b/Dockerfiles/snmptraps/ol/Dockerfile index 71a313134..c29a1b19a 100644 --- a/Dockerfiles/snmptraps/ol/Dockerfile +++ b/Dockerfiles/snmptraps/ol/Dockerfile @@ -41,7 +41,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/snmptraps/rhel/Dockerfile b/Dockerfiles/snmptraps/rhel/Dockerfile index 705695f1e..a6c7a55d0 100644 --- a/Dockerfiles/snmptraps/rhel/Dockerfile +++ b/Dockerfiles/snmptraps/rhel/Dockerfile @@ -63,7 +63,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/snmptraps/ubuntu/Dockerfile b/Dockerfiles/snmptraps/ubuntu/Dockerfile index 430ecf6ac..34effd40d 100644 --- a/Dockerfiles/snmptraps/ubuntu/Dockerfile +++ b/Dockerfiles/snmptraps/ubuntu/Dockerfile @@ -39,7 +39,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-mysql/alpine/Dockerfile b/Dockerfiles/web-apache-mysql/alpine/Dockerfile index 76d31b3bd..7612edc69 100644 --- a/Dockerfiles/web-apache-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-mysql/alpine/Dockerfile @@ -73,7 +73,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-apache-mysql/centos/Dockerfile b/Dockerfiles/web-apache-mysql/centos/Dockerfile index e5526e74d..a19a25085 100644 --- a/Dockerfiles/web-apache-mysql/centos/Dockerfile +++ b/Dockerfiles/web-apache-mysql/centos/Dockerfile @@ -66,7 +66,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-mysql/ol/Dockerfile b/Dockerfiles/web-apache-mysql/ol/Dockerfile index 6a8214e90..640288656 100644 --- a/Dockerfiles/web-apache-mysql/ol/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ol/Dockerfile @@ -67,7 +67,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile index 811d1cca1..79d64cb67 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile @@ -57,7 +57,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile index bb00ec3fb..ffee1c75f 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile @@ -72,7 +72,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-apache-pgsql/centos/Dockerfile b/Dockerfiles/web-apache-pgsql/centos/Dockerfile index 186866900..5dcad23f6 100644 --- a/Dockerfiles/web-apache-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/centos/Dockerfile @@ -65,7 +65,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-pgsql/ol/Dockerfile b/Dockerfiles/web-apache-pgsql/ol/Dockerfile index d0f8d9497..b11127732 100644 --- a/Dockerfiles/web-apache-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ol/Dockerfile @@ -66,7 +66,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile index 74c3f99b2..8e3315150 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile @@ -57,7 +57,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile index 5f2cb0bb2..96f616e74 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile @@ -74,7 +74,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-nginx-mysql/centos/Dockerfile b/Dockerfiles/web-nginx-mysql/centos/Dockerfile index 9cd8d5ffd..dd0902658 100644 --- a/Dockerfiles/web-nginx-mysql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/centos/Dockerfile @@ -64,7 +64,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/ol/Dockerfile b/Dockerfiles/web-nginx-mysql/ol/Dockerfile index 62f3fccdd..8470ad6c7 100644 --- a/Dockerfiles/web-nginx-mysql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ol/Dockerfile @@ -65,7 +65,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index 3f71cc3e2..274ec91fe 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -96,7 +96,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile index ef462bc17..dd171a730 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile @@ -82,7 +82,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile index f4fce6c30..f669084ac 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile @@ -73,7 +73,6 @@ RUN set -eux && \ --shell /sbin/nologin \ --home /var/lib/zabbix/ \ zabbix && \ - adduser zabbix root && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ mkdir -p /etc/zabbix/web/certs && \ diff --git a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile index e30f90309..339446c96 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile @@ -63,7 +63,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile index 5dc947a11..1bf6ebf88 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile @@ -64,7 +64,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \ diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile index dec555bf9..c9fce4014 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile @@ -82,7 +82,6 @@ RUN set -eux && \ --system \ --comment "Zabbix monitoring system" \ -g zabbix \ - -G root \ --uid 1997 \ --shell /sbin/nologin \ --home-dir /var/lib/zabbix/ \