Yellow - Containers

Yellow - Containers

Container Management

CLI Tools

  • gvisor - container runtime sandbox.

  • ctop - top-like interface for container metrics.

Web Tools

  • Moby - a collaborative project for the container ecosystem to assemble container-based system.

  • Traefik - open source reverse proxy/load balancer provides easier integration with Docker and Let's encrypt.

  • kong - The Cloud-Native API Gateway.

  • rancher - complete container management platform.

Logging and Monitoring

Container logging and analysis revolves around 3 areas:

  • Container Service Logs - Service daemons record key events

    • Daemon events - Errors, status, and general events

    • Remote calls to APIs

    • Creation/Modification/Deletion of containers

  • Host operating system/platform logs

    • Amazon EKS offers logging events to Cloudwatch

  • Service logs

Logging Methods

  • Persistent data volume or bind mount - Log data is sent to a persistent location outside of the container. Often with syslog directly to the host OS

  • Application inside container - If the application itself has logging capabilities, they can be logged to locations outside of the container

  • Monitoring container (Sidecar) - A container for collecting logs from other containers

  • Daemon log drivers - Captures stdout and stderr of containers

Container Defense

Tools

  • Security Auditing and Vulnerability Scanners

    • Clair - Vulnerability Static Analysis for Containers

    • WhaleScan - Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container

    • Trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

    • SecretScanner - Find secrets and passwords in container images and file systems

  • DFIR

    • sysdig-inspect - A powerful opensource interface for container troubleshooting and security investigation

  • Container Management

    • rancher - Complete container management platform

    • portainer - Making Docker and Kubernetes management easy.

Container Pen Testing

  • Container Escapes

    • Container Breakout - PTFM: Container Breakout - pg. 145

  • Tools

    • kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

Docker

Docker - A Docker container is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.

  • Operator Handbook: Docker Commands - pg. 61

  • Offensive Testing

    • deepce - Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

    • Operator Handbook: Docker Exploit- pg. 64

  • Defense and Hardening

    • docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

    • Anchore - A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

  • Misc

    • Whaler - Program to reverse Docker images into Docker files

Tools

  • Container Management

    • KubeCTL Kubernetes command line tool

      • Operator Handbook: KubeCTL- pg. 111

    • kubebox - Terminal and Web console for Kubernetes

    • kubernetes-the-hard-way - bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.

    • kubernetes-the-easy-way - bootstrap Kubernetes the easy way on Google Cloud Platform. No scripts.

    • Hubble is a Network, Service & Security Observability for Kubernetes using eBPF.

  • Offensive tools

    • peirates - a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It automates known techniques to steal and collect service accounts, obtain further code execution, and gain control of the cluster.

    • Kubestroyer - Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests

  • Security auditing

    • kubesec - Security risk analysis for Kubernetes resources

    • netassert - This is a security testing framework for fast, safe iteration on firewall, routing, and NACL rules for Kubernetes (Network Policies, services) and non-containerised hosts (cloud provider instances, VMs, bare metal).

    • KubiScan - A tool to scan Kubernetes cluster for risky permissions

    • rbac-police - Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego

Resources

PreviousYellow - CloudNextYellow - Code and CLI

Last updated 1 year ago

PreviousYellow - Code and CLINextYellow - AI, Machine Learning, and FOSS