# Docker security

## Attack vectors

Docker can be attacked on these vectors:

1. OS and kernel attacks
2. Network-based attacks
3. Daemon-based attacks
4. Image-based attacks
5. Application-based attacks.

## Footprinting

### Find out which host has a docker deamon running:

```
ps aux | grep dockerd
```

then output the running containers (-a also exited containers)

```
$ docker ps 
```

### **Find out if a container leaks information in the env config**

AIf the container had been started with docker environment variables, these vars can leak information.

Example:

> ```
> $ docker run -it --rm -e \ USERNAME=user -e PASSWORD=secretpassword ubuntu-nginx sh
> ```

If you have access to docker container, you can read all of its environment variables by typing the env command.

```
# env
HOSTNAME=4aa2989f5194
HOME=/root
PKG_RELEASE=1~buster
TERM=xterm
NGINX_VERSION=1.19.10
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NJS_VERSION=0.5.3
PWD=/
PASSWORD=secretpassword
# 

```

### Find out if memory had been allocated to a container

Verify if a particular container is suspectable for a Denial of service attack. If memory has been allocated, the container might be vulnerable to a DoS attack.

Example:

```
$ docker run --rm -it -m 100mb -d alpine sh
```

Show the memory allocation in the stats:

```
$ docker stats a3cba64a7c7884ca78f5c2a1c4b925fbe0534a233d51537ae44cb3a4b34b47d0
```

```
CONTAINER ID   NAME             CPU %     MEM USAGE / LIMIT   MEM %     NET I/O     BLOCK I/O     PIDS
a3cba64a7c78   focused_cannon   0.00%     532KiB / 100MiB     0.52%     796B / 0B   1.11MB / 0B   1

```

## Attack docker

{% embed url="<https://www.practical-devsecops.com/lesson-4-hacking-containers-like-a-boss/>" %}

{% embed url="<https://www.practical-devsecops.com/lesson-5-hacking-containers-like-a-boss-part-2/>" %}

## Defend docker

{% embed url="<https://www.practical-devsecops.com/lesson-6-defending-container-infrastructure/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mw1po.gitbook.io/devsecops/resources/skills-youll-need/containers/docker-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.