如何在 Docker 上创建示例安全问题?
[英]How do I create sample security issues on Docker?
问题描述
I'm trying to create an assignment for students to do that contains the following:
我正在尝试为学生创建一个包含以下内容的作业:
- A docker image with issues that have to be scanned and remedied.一张 docker 图像,其中包含必须扫描和修复的问题。 (using an opensource scanner in kube.netes) (在 kube.netes 中使用开源扫描器)
- (Maybe) A sample attack scenario that can exploit those vulnerabilities. (可能)可以利用这些漏洞的示例攻击场景。
The problem arises when I try to find a suitable vulnerable image or create one.当我试图找到合适的易受攻击的图像或创建一个时,问题就出现了。 I cannot find a base of security issues at all.我根本找不到安全问题的基础。 I really bend my back thinking of a suitable phrase in Google but everything leads merely to some blog posts about how-to scan an image.我真的竭尽全力想在谷歌中找到一个合适的短语,但一切都只会导致一些关于如何扫描图像的博客文章。 I expected a database that might contain multiple sec issues and what causes them.我期望一个数据库可能包含多个 sec 问题以及导致它们的原因。 I'd also expect some way to discern which are the most popular ones.我还希望有某种方法可以辨别哪些是最受欢迎的。
Do you have the source I require?你有我需要的来源吗? Maybe you can just offer me 3-4 common security issues that are good to know and educational when having your first brush with docker?也许您可以向我提供 3-4 个常见的安全问题,这些问题在您第一次使用 docker 时需要了解并具有教育意义? (And how to create those issues?) (以及如何制造这些问题?)
The whole situation would have been probably easier if I myself would have been an expert in the field, but the thing I do is also my assignment as a student.如果我自己是该领域的专家,整个情况可能会更容易,但我所做的事情也是我作为学生的作业。 (So as students we design assignments for each other. ) (所以作为学生,我们为彼此设计作业。)
1 个解决方案
解决方案1
1 2022-12-02 04:45:58
Looks like you are looking for the Container security hardening and Kube.netes security options maybe.看起来您可能正在寻找Container 安全强化和 Kube.netes 安全选项。
You can use some tools like您可以使用一些工具,例如
- kubesec - Security risk analysis for Kube.netes resources kubesec - Kube.netes 资源的安全风险分析
- checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open-source packages checkov - 防止云配置错误,并在构建时以代码、容器镜像和开源包的形式在基础设施中发现漏洞
- Trivy - vulnerabilities, misconfigurations, secrets, SBOM in containers, Kube.netes, code repositories, clouds and more Trivy - 漏洞、错误配置、秘密、容器中的 SBOM、Kube.netes、代码存储库、云等等
If you are looking for some questions you can set like, this is CKS (Certified Kube.netes Security) exam question如果您正在寻找一些可以设置的问题,这是 CKS(Certified Kube.netes Security)考试问题
- There are a number of pods/container running in the "spectacle" namespace.在“spectacle”命名空间中运行着许多 pod/容器。 Identify and delete the pods which have CRITICAL vulnerabilities.识别并删除具有 CRITICAL 漏洞的 pod。
For this trivy opensource tools comes into the picture to scan the image that you will be using in the deployment of Kube.netes or docker对于这种琐碎的开源工具,可以扫描您将在部署 Kube.netes 或 docker 中使用的图像
trivy image --severity CRITICAL nginx:1.16 (Image running in container)
List of few questions you can create lab out of it: https://github.com/moabukar/CKS-Exercises-Certified-Kube.netes-Security-Specialist/tree/main/7-mock-exam-questions您可以从中创建实验室的几个问题列表: https://github.com/moabukar/CKS-Exercises-Certified-Kube.netes-Security-Specialist/tree/main/7-mock-exam-questions
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.