konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

copy and paste is not a design pattern

Browse Source
This commit is contained in:
konsthol
2024-03-02 19:50:34 +02:00
parent 259370ff9d
commit f795412d84
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
harden
View File

@@ -389,7 +389,7 @@ EOF
# For portainer (and watchtower), we will be using the --runtime=runc option to run it with runc because # For portainer (and watchtower), we will be using the --runtime=runc option to run it with runc because
# it doesn't work with runsc as it is not exposing the docker socket to the container # it doesn't work with runsc as it is not exposing the docker socket to the container
# but containers downloaded from it will still use runsc # but containers downloaded from it will still use runsc
# Note: If a new install of Portainer is not configured within 5 minutes, # Note: If a new install of Portainer is not configured within 5 minutes,
# it shuts down internally for security reasons but that does not matter since # it shuts down internally for security reasons but that does not matter since
# we reboot after the script is done. # we reboot after the script is done.
sudo -E runuser - secdep -c 'docker run --runtime=runc -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /run/user/$UID/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce' sudo -E runuser - secdep -c 'docker run --runtime=runc -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /run/user/$UID/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce'
@@ -728,7 +728,7 @@ function main {
# If the username is not secdep, reboot the system in 1 minute # If the username is not secdep, reboot the system in 1 minute
# We reboot just in case there are any updates that need to be applied # We reboot just in case there are any updates that need to be applied
# It was not the original intention of the script to reboot the system but it is better to be safe than sorry # It was not the original intention of the script to reboot the system but it is better to be safe than sorry
# We also wait (for 1 or 3 minutes depending on the user running it) so that the script can finish as we # We also wait (for 1 or 3 minutes depending on the user running it) so that the script can finish as we
# want to see the exit code. # want to see the exit code.
if [[ "$USER" != "secdep" ]]; then if [[ "$USER" != "secdep" ]]; then
sudo shutdown -r +3 sudo shutdown -r +3