From e638fc36a086b0371fe71bc965e14c0785caff42 Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Sun, 25 Jul 2021 16:55:56 +0200 Subject: [PATCH] Add Variable to Ignore User-Agent in Logs (#80) * Set trivy scan to exit 0, until we cleanup those false positives * Add variable to ignore logs for certain User-Agents. This allows us to have a clearer log when using regular health checks --- .github/workflows/test-latest-container-images.yaml | 1 + .github/workflows/test-lts-container-images.yaml | 1 + 3.0/apache/Dockerfile | 1 + 3.0/apache/vhosts-access-log.conf | 3 +++ 5.0/apache/Dockerfile | 1 + 5.0/apache/vhosts-access-log.conf | 3 +++ 6 files changed, 10 insertions(+) create mode 100644 3.0/apache/vhosts-access-log.conf create mode 100644 5.0/apache/vhosts-access-log.conf diff --git a/.github/workflows/test-latest-container-images.yaml b/.github/workflows/test-latest-container-images.yaml index b25307b..ec58fa7 100644 --- a/.github/workflows/test-latest-container-images.yaml +++ b/.github/workflows/test-latest-container-images.yaml @@ -39,6 +39,7 @@ jobs: image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }} format: 'template' template: '@/contrib/sarif.tpl' + exit-code: '0' output: trivy-results-5-${{ matrix.context }}.sarif severity: 'CRITICAL,HIGH' diff --git a/.github/workflows/test-lts-container-images.yaml b/.github/workflows/test-lts-container-images.yaml index 23a6f7a..27a13f6 100644 --- a/.github/workflows/test-lts-container-images.yaml +++ b/.github/workflows/test-lts-container-images.yaml @@ -39,6 +39,7 @@ jobs: image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }} format: 'template' template: '@/contrib/sarif.tpl' + exit-code: '0' output: trivy-results-3-${{ matrix.context }}.sarif severity: 'CRITICAL,HIGH' diff --git a/3.0/apache/Dockerfile b/3.0/apache/Dockerfile index 498618e..c1f7db2 100644 --- a/3.0/apache/Dockerfile +++ b/3.0/apache/Dockerfile @@ -76,6 +76,7 @@ RUN set -ex; \ WORKDIR /var/www/html COPY entrypoint.sh entrypoint.sh +COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf USER $USER ENTRYPOINT ["/var/www/html/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/3.0/apache/vhosts-access-log.conf b/3.0/apache/vhosts-access-log.conf new file mode 100644 index 0000000..eda6a72 --- /dev/null +++ b/3.0/apache/vhosts-access-log.conf @@ -0,0 +1,3 @@ +SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog +ErrorLog ${APACHE_LOG_DIR}/error.log +CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog diff --git a/5.0/apache/Dockerfile b/5.0/apache/Dockerfile index 01823d9..7e2a9d5 100644 --- a/5.0/apache/Dockerfile +++ b/5.0/apache/Dockerfile @@ -79,6 +79,7 @@ EXPOSE $LISTEN_PORT WORKDIR /var/www/html COPY entrypoint.sh entrypoint.sh +COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf USER $USER ENTRYPOINT ["/var/www/html/entrypoint.sh"] CMD ["apache2-foreground"] diff --git a/5.0/apache/vhosts-access-log.conf b/5.0/apache/vhosts-access-log.conf new file mode 100644 index 0000000..eda6a72 --- /dev/null +++ b/5.0/apache/vhosts-access-log.conf @@ -0,0 +1,3 @@ +SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog +ErrorLog ${APACHE_LOG_DIR}/error.log +CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog