Security Improvement

Author: Javier-RSP

Dockerfile

@@ -1,7 +1,9 @@
-FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
 
-RUN sed -i "s|MinProtocol = TLSv1.2|MinProtocol = TLSv1|g" /etc/ssl/openssl.cnf && \
-    sed -i 's|CipherString = DEFAULT@SECLEVEL=2|CipherString = DEFAULT@SECLEVEL=1|g' /etc/ssl/openssl.cnf
+RUN sed -i 's/\[openssl_init\]/# [openssl_init]/' /etc/ssl/openssl.cnf &&\
+    printf "\n\n[openssl_init]\nssl_conf = ssl_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_sect]\nsystem_default = ssl_default_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_default_sect]\nMinProtocol = TLSv1\nCipherString = DEFAULT@SECLEVEL=0\n" >> /etc/ssl/openssl.cnf
 
 RUN apt-get update && apt-get install -y --no-install-recommends curl
 
@@ -15,15 +17,22 @@ COPY . ./
 
 RUN dotnet publish Gnoss.BackgroundTask.CacheRefresh/Gnoss.BackgroundTask.CacheRefresh.csproj -c Release -o out
 
-FROM mcr.microsoft.com/dotnet/aspnet:6.0
+FROM mcr.microsoft.com/dotnet/aspnet:8.0
 
-RUN sed -i "s|MinProtocol = TLSv1.2|MinProtocol = TLSv1|g" /etc/ssl/openssl.cnf && \
-    sed -i 's|CipherString = DEFAULT@SECLEVEL=2|CipherString = DEFAULT@SECLEVEL=1|g' /etc/ssl/openssl.cnf
+RUN sed -i 's/\[openssl_init\]/# [openssl_init]/' /etc/ssl/openssl.cnf &&\
+    printf "\n\n[openssl_init]\nssl_conf = ssl_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_sect]\nsystem_default = ssl_default_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_default_sect]\nMinProtocol = TLSv1\nCipherString = DEFAULT@SECLEVEL=0\n" >> /etc/ssl/openssl.cnf
 
 RUN apt-get update && apt-get install -y --no-install-recommends curl
 
 WORKDIR /app
+RUN groupadd -g 2000 gnoss && useradd -u 2000 -g 2000 gnoss &&\
+	mkdir -p logs trazas &&\
+	chown -R gnoss:gnoss logs trazas && chmod -R 777 logs trazas
+	
+USER gnoss
 
 COPY --from=build-env /app/out .
 
-ENTRYPOINT ["dotnet", "Gnoss.BackgroundTask.CacheRefresh.dll"]
+ENTRYPOINT ["dotnet", "Gnoss.BackgroundTask.CacheRefresh.dll"]