Add some todos

Dockerfile

@@ -179,8 +179,8 @@ RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \
     chown -R ${NETALERTX_USER}:${NETALERTX_GROUP} ${READ_WRITE_FOLDERS} && \
     chmod -R 600 ${READ_WRITE_FOLDERS} && \
     find ${READ_WRITE_FOLDERS} -type d -exec chmod 700 {} + && \
-    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt && \
+    chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /opt /opt/venv && \
-    chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app && \
+    chmod 005 /entrypoint.sh ${SYSTEM_SERVICES}/*.sh /app /opt /opt/venv && \
     apk del apk-tools && \
     rm -Rf /var /etc/sudoers.d/* /etc/shadow /etc/gshadow /etc/sudoers \
     /lib/apk /lib/firmware /lib/modules-load.d /lib/sysctl.d /mnt /home/ /root \

install/production-filesystem/entrypoint.sh

@@ -1,23 +1,28 @@
 #!/bin/sh
-echo '
+
+# entrypoint.sh - Main container entrypoint script for NetAlertX
+
+#make this red
+
+printf '
+\033[1;31m
  _   _      _    ___  _           _  __   __
 | \ | |    | |  / _ \| |         | | \ \ / /
 |  \| | ___| |_/ /_\ \ | ___ _ __| |_ \ V / 
 | .   |/ _ \ __|  _  | |/ _ \  __| __|/   \ 
 | |\  |  __/ |_| | | | |  __/ |  | |_/ /^\ \
 \_| \_/\___|\__\_| |_/_|\___|_|   \__\/   \/
+\033[0m
    Network intruder and presence detector. 
    https://netalertx.com
 '
 
 set -u
 
-bash /services/check-root.sh
+# Run all checks at container startup.
-bash /services/check-cap.sh
+for script in /services/check-*.sh; do
-bash /services/check-ramdisk.sh
+	bash "$script"
-bash /services/check-first-run-config.sh
+done
-bash /services/check-first-run-db.sh
-bash /services/check-app.sh
 
 
 
@@ -140,7 +145,6 @@ while [ -n "${SERVICES}" ]; do
 
     done
     sleep 10
-    ps -a
 done
 
 if [ "${FAILED_STATUS}" -eq 0 ] && [ "${FAILED_NAME}" != "signal" ]; then

install/production-filesystem/services/check-permissions.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# TODO Add sanity checks here to ensure we can read from
+# ${NETALERTX_APP}
+# ${NETALERTX_SERVER}
+# ${NETALERTX_FRONT}
+# ${SYSTEM_SERVICES_CONFIG}
+# ${VIRTUAL_ENV}
+
+# And read/write tempdirs
+# ${NETALERTX_API}
+# ${NETALERTX_LOGS}
+# ${SYSTEM_SERVICES_RUN}
+

install/production-filesystem/services/check-storage.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# TODO Sanity checks for storage paths
+
+# Ensure we can read/write to
+# ${NETALERTX_CONFIG}
+# ${NETALERTX_DB}

install/production-filesystem/services/config/php/php-fpm.d/www.conf

@@ -464,10 +464,10 @@ pm.max_spare_servers = 3
 ; the current environment.
 ; Default Value: clean env
 ;env[HOSTNAME] = $HOSTNAME
-;env[PATH] = /usr/local/bin:/usr/bin:/bin
+env[PATH] = /opt/venv:/usr/local/bin:/usr/bin:/bin
-;env[TMP] = /tmp
+env[TMP] = /services/run/tmp
-;env[TMPDIR] = /tmp
+env[TMPDIR] = /services/run/tmp
-;env[TEMP] = /tmp
+env[TEMP] = /services/run/tmp
 
 ; Additional php.ini defines, specific to this pool of workers. These settings
 ; overwrite the values previously defined in the php.ini. The directives are the
@@ -489,7 +489,11 @@ pm.max_spare_servers = 3
 ; Default Value: nothing is defined by default except the values in php.ini and
 ;                specified at startup with the -d argument
 ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-;php_flag[display_errors] = off
+php_admin_value[sys_temp_dir] = /services/run/tmp
-;php_admin_value[error_log] = /var/log/php83/$pool.error.log
+php_admin_value[upload_tmp_dir] = /services/run/tmp
-;php_admin_flag[log_errors] = on
+php_admin_value[session.save_path] = /services/run/tmp
-;php_admin_value[memory_limit] = 32M
+php_admin_value[output_buffering] = 262144
+php_admin_flag[implicit_flush] = off
+php_admin_value[realpath_cache_size] = 4096K
+php_admin_value[realpath_cache_ttl] = 600
+php_admin_value[memory_limit] = 256M