revisions of isolation-check
This commit is contained in:
Doc
@@ -13,7 +13,7 @@ jobs:
|
|||||||
apt-get update -y
|
apt-get update -y
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
||||||
curl iproute2 net-tools util-linux procps coreutils \
|
curl iproute2 net-tools util-linux procps coreutils \
|
||||||
iputils-ping dnsutils libcap2-bin
|
iputils-ping dnsutils libcap2-bin traceroute
|
||||||
|
|
||||||
- name: Basic system info
|
- name: Basic system info
|
||||||
run: |
|
run: |
|
||||||
@@ -26,6 +26,7 @@ jobs:
|
|||||||
df -h
|
df -h
|
||||||
|
|
||||||
- name: Dumping environment variables
|
- name: Dumping environment variables
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "--- Check for parent variables ---"
|
echo "--- Check for parent variables ---"
|
||||||
printenv | grep -Pi 'GITEA_RUNNER_REGISTRATION_FILE|GITEA_RUNNER_REGISTRATION_TOKEN_FILE|GITEA_RUNNER_REGISTRATION_TOKEN'
|
printenv | grep -Pi 'GITEA_RUNNER_REGISTRATION_FILE|GITEA_RUNNER_REGISTRATION_TOKEN_FILE|GITEA_RUNNER_REGISTRATION_TOKEN'
|
||||||
@@ -42,6 +43,7 @@ jobs:
|
|||||||
cat /etc/resolv.conf
|
cat /etc/resolv.conf
|
||||||
|
|
||||||
- name: LAN reachability test
|
- name: LAN reachability test
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== LAN REACHABILITY ==="
|
echo "=== LAN REACHABILITY ==="
|
||||||
for subnet in 192.168.0.1 192.168.1.1 10.0.0.1 172.16.0.1 172.17.0.1 \
|
for subnet in 192.168.0.1 192.168.1.1 10.0.0.1 172.16.0.1 172.17.0.1 \
|
||||||
@@ -58,21 +60,25 @@ jobs:
|
|||||||
|| echo "No direct LAN route found."
|
|| echo "No direct LAN route found."
|
||||||
|
|
||||||
- name: Check external IP
|
- name: Check external IP
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "--- Checking external IP (https://ifconfig.me)"
|
echo "--- Checking external IP (https://ifconfig.me)"
|
||||||
curl -s https://ifconfig.me
|
curl -s https://ifconfig.me
|
||||||
|
|
||||||
- name: Host reachability sanity check
|
- name: Host reachability sanity check
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== OUTBOUND TEST ==="
|
echo "=== OUTBOUND TEST ==="
|
||||||
curl -fsSL https://google.com >/dev/null && echo "Internet access OK" || echo "No internet access?"
|
curl -fsSL https://google.com >/dev/null && echo "Internet access OK" || echo "No internet access?"
|
||||||
|
|
||||||
- name: Traceroute to google.com
|
- name: Traceroute to google.com
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== Traceroute to google ==="
|
echo "=== Traceroute to google ==="
|
||||||
traceroute -4 -n google.com
|
traceroute -4 -n google.com
|
||||||
|
|
||||||
- name: Process visibility
|
- name: Process visibility
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== PROCESS VISIBILITY ==="
|
echo "=== PROCESS VISIBILITY ==="
|
||||||
ps aux | head -20
|
ps aux | head -20
|
||||||
@@ -81,6 +87,7 @@ jobs:
|
|||||||
|| echo "Looks isolated."
|
|| echo "Looks isolated."
|
||||||
|
|
||||||
- name: Privilege and device access
|
- name: Privilege and device access
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== PRIVILEGE CHECK ==="
|
echo "=== PRIVILEGE CHECK ==="
|
||||||
id -Gn
|
id -Gn
|
||||||
@@ -91,6 +98,7 @@ jobs:
|
|||||||
|| echo "No docker.sock (good)"
|
|| echo "No docker.sock (good)"
|
||||||
|
|
||||||
- name: File system sanity check
|
- name: File system sanity check
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== FILESYSTEM ==="
|
echo "=== FILESYSTEM ==="
|
||||||
ls -1 /
|
ls -1 /
|
||||||
@@ -99,12 +107,14 @@ jobs:
|
|||||||
head -n 3 /etc/passwd
|
head -n 3 /etc/passwd
|
||||||
|
|
||||||
- name: Capability check
|
- name: Capability check
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== CAPABILITIES ==="
|
echo "=== CAPABILITIES ==="
|
||||||
capsh --print 2>/dev/null || echo "capsh not available"
|
capsh --print 2>/dev/null || echo "capsh not available"
|
||||||
dmesg 2>&1 | head -5 && echo "!! dmesg readable !!" || echo "dmesg not accessible (good)"
|
dmesg 2>&1 | head -5 && echo "!! dmesg readable !!" || echo "dmesg not accessible (good)"
|
||||||
|
|
||||||
- name: Mount Info
|
- name: Mount Info
|
||||||
|
continue-on-error: true
|
||||||
run: |
|
run: |
|
||||||
echo "=== Mount Info ==="
|
echo "=== Mount Info ==="
|
||||||
findmnt -a
|
findmnt -a
|
||||||
|
|||||||
Reference in New Issue
Block a user