From 5415af7a110d6d8e851e9333e499e23eea956e87 Mon Sep 17 00:00:00 2001
From: Nate Fugal <nfugal@gmail.com>
Date: Wed, 29 Sep 2021 17:21:37 -0600
Subject: [PATCH] Re-re-enabled harden.sh. Tweaked it some. Could probably use
 some more hardness.

---
 Dockerfile | 2 +-
 harden.sh  | 8 +++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index af5cdf5..3d32ddb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,7 @@ RUN rm /etc/ssh/sshd_config
 
 RUN chmod a+r /etc/ssh/ssh_*
 
-RUN adduser -D dev && passwd -d dev && mkdir /home/dev/.ssh && chown dev:nogroup /home/dev/.ssh && chmod 700 /home/dev/.ssh
+RUN adduser --shell /bin/busybox -D dev && passwd -d dev && mkdir /home/dev/.ssh && chown dev:nogroup /home/dev/.ssh && chmod 700 /home/dev/.ssh
 
 VOLUME /home/dev/.ssh
 
diff --git a/harden.sh b/harden.sh
index 72bcc5b..2f80b5a 100644
--- a/harden.sh
+++ b/harden.sh
@@ -78,12 +78,14 @@ rm -fr /root
 # Remove fstab since we do not need it.
 rm -f /etc/fstab
 
+# Remove terminfo(s)
+rm -rf /etc/terminfo/[a-y]*
+
 # Remove broken symlinks (because we removed the targets above).
 find $sysdirs -xdev -type l -exec test ! -e {} \; -delete
 
 # Remove all but a handful of admin commands.
 find /usr/bin /bin ! -type d \
-  -a ! -name sh \
-  -a ! -name ssh \
-  -a ! -name busybox \
+  -a ! -wholename "/usr/bin/ssh" \
+  -a ! -wholename "/bin/busybox" \
   -delete