Docker
0 0
Disclosure: This page uses affiliate links.When you click an affliate link,we get a small compensation at no cost to you.Thanks for your support!Learn more
Read Time:3 Minute, 49 Second

With the increasing adoption of containers and microservices in the enterprises, there are also risks that come along with containers. For example, If any one of the containers breaks out, it can allow unauthorized access across containers, hosts, or data centers, etc., thus affecting all the containers hosted on the Host OS. To mitigate these risks, we have already looked at various approaches to provide secure isolation for containers. In this post, we are going to look at how to inspect the containers.

Introducing  amicontained

Using amicontained tool, we can find out what container runtime, other data points like below:

  1. What data does the container have access to?
  2. What is the composition of your containers during runtime?
  3. What type of system calls is being blocked?
  4. What are the details of the SECCOMP/AppArmor profile that is being used to prevent attacks and preventing others from spreading to the rest of the infrastructure?

#1. Install amicontained

Install binaries are available from Releases Page. Use the below script from the releases page to install amicontained.

# Export the sha256sum for verification.
$ export AMICONTAINED_SHA256="d8c49e2cf44ee9668219acd092ed961fc1aa420a6e036e0822d7a31033776c9f"

# Download and check the sha256sum.
$ curl -fSL "https://github.com/genuinetools/amicontained/releases/download/v0.4.9/amicontained-linux-amd64" -o "/usr/local/bin/amicontained" \
	&& echo "${AMICONTAINED_SHA256}  /usr/local/bin/amicontained" | sha256sum -c - \
	&& chmod a+x "/usr/local/bin/amicontained"

$ echo "amicontained installed!"

# Run it!
$ amicontained -h

Image – amicontained Installation

Verify if we have installed correctly by amicontained -h

Image – amicontained command line

Now that we have successfully installed, we can try out different scenarios.

Scenario #1: Inspect security configuration

In this scenario, we are going to inspect our containers for the security configuration.

Subscribe to Emails

More than 100,000 subscribers across the world trust & read Upnxtblog articles. Subscribe to emails updates!
* indicates required
Image – Security Configuration
Security Configuration
Image – Security Configuration

We could see that what are the allowed/blocked syscalls, container runtime, AppArmor profile, capabilities, etc.,

Scenario #2: Inspect PID Namespace

By default, all containers have the PID namespace enabled. PID namespace provides separation of processes. The PID Namespace removes the view of the system processes and allows process ids to be reused.

In this scenario, we are going to inspect the container with PID namespace as host basically allowing processes within the container to see all of the processes on the system and check the output.

Top online courses in Office Productivity
Image – Namespace configuration

Scenario #3: Inspect Container runtime, environment

In this scenario, we are going to run the container with PID namespace as host basically allowing processes within the container to see all of the processes on the system and check the output.

Image – Check container runtime,environment

Congrats! we have learned how to inspect containers using amicontained tool.

Docker container security best practices

Recover over 700 unique file formats. Fully recover documents, emails, photos, videos, audio files and more. Supports 8 different data lost scenarios: deleted files recovery, recycle bin recovery, formatted drive recovery, lost partition recovery, externa

Following best practices can help you create a Docker security infrastructure:

  1. Container images act as a foundation for multiple systems, and vulnerable images can cause damage across your enterprise. You need to ensure images are protected by scanning for open source and third-party vendor containers and setting up a trusted registry of base images.
  2. Sensitive information such as passwords and addresses needs to be maintained using Docker secrets.
  3. Monitor your container activity and limit the use of resources. Design errors, software bugs, or malware attacks can often lead to DoS attacks. You can handle the large attack surface by limiting the number of system resources allotted for each container.
  4. SECCOMP provides a default profile that blocks 44 out of the 300+ system calls allowed on Docker containers and lets you manage a whitelist to block additional types of calls. You have the option to use a strict SECCOMP profile to prevent some types of attacks and preventing others from spreading to the rest of the infrastructure.
  5. Monitoring systems like Prometheus can help you identify attacks, send alerts, and even automatically implement fixes. Periodically review log data generated by containers and use it to generate preventive security insights.
  6. Know the composition of your containers during runtime as well as build time.

If you’re looking for Docker Security tools, check out here.

Like this post? Don’t forget to share it!

Additional Resources :

 

About Post Author

Karthik

Allo! My name is Karthik,experienced IT professional.Upnxtblog covers key technology trends that impacts technology industry.This includes Cloud computing,Blockchain,Machine learning & AI,Best mobile apps, Best tools/open source libs etc.,I hope you would love it and you can be sure that each post is fantastic and will be worth your time.
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Summary
Do you inspect your containers?
Article Name
Do you inspect your containers?
Description
In this post, we are going to look at how to inspect the containers using amicontained tool.
Author
Publisher Name
Upnxtblog
Publisher Logo

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.