[英]How do I create sample security issues on Docker?
I'm trying to create an assignment for students to do that contains the following:我正在尝试为学生创建一个包含以下内容的作业:
The problem arises when I try to find a suitable vulnerable image or create one.当我试图找到合适的易受攻击的图像或创建一个时,问题就出现了。 I cannot find a base of security issues at all.
我根本找不到安全问题的基础。 I really bend my back thinking of a suitable phrase in Google but everything leads merely to some blog posts about how-to scan an image.
我真的竭尽全力想在谷歌中找到一个合适的短语,但一切都只会导致一些关于如何扫描图像的博客文章。 I expected a database that might contain multiple sec issues and what causes them.
我期望一个数据库可能包含多个 sec 问题以及导致它们的原因。 I'd also expect some way to discern which are the most popular ones.
我还希望有某种方法可以辨别哪些是最受欢迎的。
Do you have the source I require?你有我需要的来源吗? Maybe you can just offer me 3-4 common security issues that are good to know and educational when having your first brush with docker?
也许您可以向我提供 3-4 个常见的安全问题,这些问题在您第一次使用 docker 时需要了解并具有教育意义? (And how to create those issues?)
(以及如何制造这些问题?)
The whole situation would have been probably easier if I myself would have been an expert in the field, but the thing I do is also my assignment as a student.如果我自己是该领域的专家,整个情况可能会更容易,但我所做的事情也是我作为学生的作业。 (So as students we design assignments for each other. )
(所以作为学生,我们为彼此设计作业。)
Looks like you are looking for the Container security hardening and Kube.netes security options maybe.看起来您可能正在寻找Container 安全强化和 Kube.netes 安全选项。
You can use some tools like您可以使用一些工具,例如
If you are looking for some questions you can set like, this is CKS (Certified Kube.netes Security) exam question如果您正在寻找一些可以设置的问题,这是 CKS(Certified Kube.netes Security)考试问题
For this trivy opensource tools comes into the picture to scan the image that you will be using in the deployment of Kube.netes or docker对于这种琐碎的开源工具,可以扫描您将在部署 Kube.netes 或 docker 中使用的图像
trivy image --severity CRITICAL nginx:1.16 (Image running in container)
List of few questions you can create lab out of it: https://github.com/moabukar/CKS-Exercises-Certified-Kube.netes-Security-Specialist/tree/main/7-mock-exam-questions您可以从中创建实验室的几个问题列表: https://github.com/moabukar/CKS-Exercises-Certified-Kube.netes-Security-Specialist/tree/main/7-mock-exam-questions
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.