summaryrefslogtreecommitdiffstats
path: root/base_sdc-kibana/Dockerfile
blob: 9146272a39452c89e4798e5cd623799096f30eed (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
FROM kibana:4.3.3

# Upgrade specific system libraries to fix CVE vulnerabilities
# bash 4.4.18-2+b1
#   For CVE-2016-0634 CVE-2016-7543
# curl 7.58.0-2
#   For CVE-2016-7167 CVE-2016-7141
# krb5 1.16-2
#   For CVE-2018-5709 CVE-2017-15088 CVE-2017-11462
# openssl 1.1.0h-2
#   For CVE-2016-8610 CVE-2017-3731 CVE-2016-6302 CVE-2016-2181 CVE-2016-2179 CVE-2016-2180 CVE-2016-2109 CVE-2016-2106 CVE-2016-2105 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176
# perl 5.26.2-2
#   For CVE-2017-12837 CVE-2017-12883
# systemd 238-4
#   For CVE-2017-1000082 CVE-2017-9445 CVE-2017-9217
# wget 1.19.5-1
#   For CVE-2017-13090 CVE-2017-13089 CVE-2016-7098
# libdb5.3
#   CVE-2016-3418 CVE-2016-0694 CVE-2016-0692 CVE-2016-0689 CVE-2016-0682
# libc-bin libc6 multiarch-support
#   CVE-2018-1000001 CVE-2017-16997 CVE-2017-1000366 CVE-2015-5180 CVE-2016-5417 CVE-2018-6485 CVE-2017-15804 CVE-2017-15670 CVE-2014-9984 CVE-2014-9761 CVE-2015-8983 CVE-2015-8982
# libgnutls30
#   CVE-2017-5335 CVE-2017-5337 CVE-2017-5334
# libgcrypt20
#   CVE-2017-0379
# libtasn1-6
#   CVE-2018-6003 CVE-2017-10790
# libldap-2.4-2
#   CVE-2017-17740
# libpcre3
#   CVE-2015-3217
# passwd
#   CVE-2017-12424
# zlib1g
#   CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840

USER root

RUN sed -i '/deb http:\/\/deb.debian.org\/debian jessie-updates main/d' /etc/apt/sources.list && \
    sed -i '/deb http:\/\/deb.debian.org\/debian jessie-backports main/d' /etc/apt/sources.list && \
    echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" >> /etc/apt/sources.list && \
    echo "deb http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list && \
    echo "deb http://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list && \
    echo "deb http://security.debian.org stretch/updates main" >> /etc/apt/sources.list && \
    echo "deb http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \
    echo "deb http://deb.debian.org/debian buster-updates main" >> /etc/apt/sources.list && \
    echo "deb http://security.debian.org buster/updates main" >> /etc/apt/sources.list && \
    apt-get clean && \
    wget -q https://dl-ssl.google.com/linux/linux_signing_key.pub -O- | apt-key add - && \
    gpg --keyserver keyserver.ubuntu.com --recv-keys AA8E81B4331F7F50 && \
    gpg --export AA8E81B4331F7F50 | apt-key add - && \
    gpg --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC && \
    gpg --export 04EE7237B7D453EC | apt-key add - && \
    gpg --keyserver keyserver.ubuntu.com --recv-keys 112695A0E562B32A && \
    gpg --export 112695A0E562B32A | apt-key add - && \
    gpg --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 && \
    gpg --export 648ACFD622F3D138 | apt-key add - && \
    gpg --keyserver keyserver.ubuntu.com --recv-keys EF0F382A1A7B6500 && \
    gpg --export EF0F382A1A7B6500 | apt-key add - && \
    apt-get -o Acquire::Check-Valid-Until=false update && \
    apt-get -y --no-install-recommends install \
      vim \
      vim-common \
      vim-runtime \
      bash \
      curl \
      libcurl4 \
      krb5-locales \
      libkrb5-3 \
      #openssl=1.1.0h-4 \
      perl-base \
      systemd \
      wget \
      libdb5.3 \
      libc-bin \
      multiarch-support \
      libgnutls30 \
      libgcrypt20 \
      libtasn1-6 \
      libldap-2.4-2 \
      libpcre3 \
      passwd \
      zlib1g && \
    apt-get -y autoremove && \
    curl -L https://omnitruck.chef.io/install.sh | bash -s -- -v 13.8.5