Ok. So far we already know how to prepare a small lab based on docker as well as how to configure it. Today we'll try to find some bugs. Here we go...
Today we'll start here:
Checking this document - in the meantime - I was also looking for some 'open source'-based tools related to 'docker security'. One of them is called Docker Bench for Security:
Basing on our last examples I decided to check it - started against one of the images available on my VM server:
So far, looks good. I decided to use a small look and check all of the docker images available on my host:
Looking for logs:
I wasn't sure about few of the findings so I decided to compare it ith the documentation:
I added OWASP's WebGoat:
Checking again:
Now we can find few more logs to check in the current directory:
At this stage I decided to init swarm mode (just to compare the results of my basic scan):
Now we can see a little bit more:
I was wondering how can it also be used (for example) with (something like our previous) loop:
$ (...); docker run $image exec 'rkhunter -C'; andso; on; #
...but I will leave it for you as an exercise ;)
Brak komentarzy:
Prześlij komentarz