infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #8310, run msfconsole as non root user in docker

bug/bundler_fix
Brent Cook 2017-05-05 17:26:39 -05:00
parent 01c726089a eb525840cd
commit 082ce7acb8
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.yml
View File

@ -12,7 +12,7 @@ services:
ports:
- 4444:4444
volumes:
- $HOME/.msf4:/root/.msf4
- $HOME/.msf4:/home/msf/.msf4
db:
image: postgres:9.6

15
docker/Dockerfile
View File

@ -3,6 +3,7 @@ MAINTAINER Rapid7
ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
ENV APP_HOME /usr/src/metasploit-framework/
ENV MSF_USER msf
WORKDIR $APP_HOME
COPY Gemfile* m* Rakefile $APP_HOME
@ -16,6 +17,7 @@ RUN apk update && \
# needed as long as metasploit-framework.gemspec contains a 'git ls'
git \
ncurses \
libcap \
&& apk add --virtual .ruby-builddeps \
autoconf \
bison \
@ -32,12 +34,21 @@ RUN apk update && \
yaml-dev \
zlib-dev \
ncurses-dev \
bison \
autoconf \
&& echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
&& bundle install --system $BUNDLER_ARGS \
&& apk del .ruby-builddeps \
&& rm -rf /var/cache/apk/*
# fix for robots gem not readable (known bug)
# https://github.com/rapid7/metasploit-framework/issues/6068
RUN chmod o+r /usr/local/bundle/gems/robots-*/lib/robots.rb
RUN adduser -g msfconsole -D $MSF_USER
RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
USER $MSF_USER
ADD ./ $APP_HOME
CMD ["./msfconsole", "-r", "docker/msfconsole.rc"]