nordvpn
System Mechanic® Ultimate Defense™
Start your future with a Data Analysis Certificate.

Do you inspect your containers?

With the increasing adoption of containers and microservices in the enterprises, there are also risks that come along with containers. For example, If any one of the containers breaks out, it can allow unauthorized access across containers, hosts, or data centers, etc., thus affecting all the containers hosted on the Host OS. To mitigate these risks, we have already looked at various approaches to provide secure isolation for containers. In this post, we are going to look at how to inspect the containers.

Introducing  amicontained

Using amicontained tool, we can find out what container runtime, other data points like below:

  1. What data does the container have access to?
  2. What is the composition of your containers during runtime?
  3. What type of system calls is being blocked?
  4. What are the details of the SECCOMP/AppArmor profile that is being used to prevent attacks and preventing others from spreading to the rest of the infrastructure?

#1. Install amicontained

Install binaries are available from Releases Page. Use the below script from the releases page to install amicontained.

# Export the sha256sum for verification.
$ export AMICONTAINED_SHA256="d8c49e2cf44ee9668219acd092ed961fc1aa420a6e036e0822d7a31033776c9f"

# Download and check the sha256sum.
$ curl -fSL "https://github.com/genuinetools/amicontained/releases/download/v0.4.9/amicontained-linux-amd64" -o "/usr/local/bin/amicontained" \
	&& echo "${AMICONTAINED_SHA256}  /usr/local/bin/amicontained" | sha256sum -c - \
	&& chmod a+x "/usr/local/bin/amicontained"

$ echo "amicontained installed!"

# Run it!
$ amicontained -h

Image – amicontained Installation

System Mechanic® Ultimate Defense™

Verify if we have installed correctly by amicontained -h

Image – amicontained command line

Subscribe to Emails

More than 100,000 subscribers across the world trust & read Upnxtblog articles. Subscribe to emails updates!
* indicates required

Now that we have successfully installed, we can try out different scenarios.

Scenario #1: Inspect security configuration

In this scenario, we are going to inspect our containers for the security configuration.

Image – Security Configuration

Generic Category (English)728x90
Security Configuration

Image – Security Configuration

We could see that what are the allowed/blocked syscalls, container runtime, AppArmor profile, capabilities, etc.,

Scenario #2: Inspect PID Namespace

Recover over 700 unique file formats. Fully recover documents, emails, photos, videos, audio files and more. Supports 8 different data lost scenarios: deleted files recovery, recycle bin recovery, formatted drive recovery, lost partition recovery, externa

By default, all containers have the PID namespace enabled. PID namespace provides separation of processes. The PID Namespace removes the view of the system processes and allows process ids to be reused.

In this scenario, we are going to inspect the container with PID namespace as host basically allowing processes within the container to see all of the processes on the system and check the output.

Image – Namespace configuration

nordvpn 3Y deal

Scenario #3: Inspect Container runtime, environment

In this scenario, we are going to run the container with PID namespace as host basically allowing processes within the container to see all of the processes on the system and check the output.

Image – Check container runtime,environment

Congrats! we have learned how to inspect containers using amicontained tool.

Docker container security best practices

Following best practices can help you create a Docker security infrastructure:

  1. Container images act as a foundation for multiple systems, and vulnerable images can cause damage across your enterprise. You need to ensure images are protected by scanning for open source and third-party vendor containers and setting up a trusted registry of base images.
  2. Sensitive information such as passwords and addresses needs to be maintained using Docker secrets.
  3. Monitor your container activity and limit the use of resources. Design errors, software bugs, or malware attacks can often lead to DoS attacks. You can handle the large attack surface by limiting the number of system resources allotted for each container.
  4. SECCOMP provides a default profile that blocks 44 out of the 300+ system calls allowed on Docker containers and lets you manage a whitelist to block additional types of calls. You have the option to use a strict SECCOMP profile to prevent some types of attacks and preventing others from spreading to the rest of the infrastructure.
  5. Monitoring systems like Prometheus can help you identify attacks, send alerts, and even automatically implement fixes. Periodically review log data generated by containers and use it to generate preventive security insights.
  6. Know the composition of your containers during runtime as well as build time.

If you’re looking for Docker Security tools, check out here.

Career Category (English)640x480

Like this post? Don’t forget to share it!

Additional Resources :

 

Summary
Do you inspect your containers?
Article Name
Do you inspect your containers?
Description
In this post, we are going to look at how to inspect the containers using amicontained tool.
Author
Publisher Name
Upnxtblog
Publisher Logo
%d bloggers like this: