Merge pull request #74 from buildplan/docker_daemon

Updated Docker daemon.json file to be more secure and reliable
2025-12-29 16:14:59 +00:00 · 2025-11-09 19:25:02 +00:00
parent 41f6ca3382 45822ef3cd
commit 39b656ec8f
3 changed files with 27 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -7,9 +7,9 @@

 -----

-**Version:** v0.74
+**Version:** v0.75

-**Last Updated:** 2025-11-06
+**Last Updated:** 2025-11-09

 **Compatible With:**

@@ -87,12 +87,12 @@ sha256sum du_setup.sh

 Compare the output hash to the one below. They must match exactly.

-`af57d62a989e370b153027ebda10350d936bf6d8879d7f470f0f233f3847b138`
+`3ff5b2aa56f7e003fe42a1a61c52680240ce6a004ff12e0a782e44651304bccb`

 Or echo the hash to check, it should output: `du_setup.sh: OK`

 ```bash
-echo af57d62a989e370b153027ebda10350d936bf6d8879d7f470f0f233f3847b138 du_setup.sh | sha256sum --check
+echo 3ff5b2aa56f7e003fe42a1a61c52680240ce6a004ff12e0a782e44651304bccb du_setup.sh | sha256sum --check
 ```

 ### 3. Run the Script
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -1,8 +1,9 @@
 #!/bin/bash

 # Debian and Ubuntu Server Hardening Interactive Script
-# Version: 0.74 | 2025-11-06
+# Version: 0.75 | 2025-11-09
 # Changelog:
+# - v0.75: Updated Docker daemon.json file to be more secure.
 # - v0.74: Add optional dtop (https://github.com/amir20/dtop) after docker installation.
 #.         Update .bashrc
 # - v0.73: Revised/improved logic in .bashrc for memory and system updates.
@@ -79,7 +80,7 @@
 set -euo pipefail

 # --- Update Configuration ---
-CURRENT_VERSION="0.74"
+CURRENT_VERSION="0.75"
 SCRIPT_URL="https://raw.githubusercontent.com/buildplan/du_setup/refs/heads/main/du_setup.sh"
 CHECKSUM_URL="${SCRIPT_URL}.sha256"

@@ -230,7 +231,7 @@ print_header() {
    printf '%s\n' "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
    printf '%s\n' "${CYAN}║                                                                 ║${NC}"
    printf '%s\n' "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    printf '%s\n' "${CYAN}║                      v0.74 | 2025-11-06                         ║${NC}"
+    printf '%s\n' "${CYAN}║                      v0.75 | 2025-11-09                         ║${NC}"
    printf '%s\n' "${CYAN}║                                                                 ║${NC}"
    printf '%s\n' "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
    printf '\n'
@@ -3812,13 +3813,27 @@ install_docker() {
    print_info "Configuring Docker daemon..."
    local NEW_DOCKER_CONFIG
    NEW_DOCKER_CONFIG=$(mktemp)
-    tee "$NEW_DOCKER_CONFIG" > /dev/null <<EOF
+    tee "$NEW_DOCKER_CONFIG" > /dev/null <<DAEMONFILE
 {
  "log-driver": "json-file",
-  "log-opts": { "max-size": "10m", "max-file": "3" },
-  "live-restore": true
+  "log-opts": {
+    "max-size": "10m",
+    "max-file": "3"
+  },
+  "live-restore": true,
+  "dns": ["9.9.9.9", "1.1.1.1", "208.67.222.222"],
+  "userland-proxy": false,
+  "no-new-privileges": true,
+  "icc": false,
+  "default-ulimits": {
+    "nofile": {
+      "Name": "nofile",
+      "Hard": 64000,
+      "Soft": 64000
+    }
+  }
 }
-EOF
+DAEMONFILE
    mkdir -p /etc/docker
    if [[ -f /etc/docker/daemon.json ]] && cmp -s "$NEW_DOCKER_CONFIG" /etc/docker/daemon.json; then
        print_info "Docker daemon configuration already correct. Skipping."
--- a/du_setup.sh.sha256
+++ b/du_setup.sh.sha256
@@ -1 +1 @@
-af57d62a989e370b153027ebda10350d936bf6d8879d7f470f0f233f3847b138  du_setup.sh
+3ff5b2aa56f7e003fe42a1a61c52680240ce6a004ff12e0a782e44651304bccb  du_setup.sh