Docker Bench Lab

Hands-On Lab

 

Photo of John Marx

John Marx

Training Architect

Length

00:30:00

Difficulty

Beginner

This lab allows the student to explore the Docker Bench utility for hardening Docker installations. The student gains access to the lab server via SSH, and clones the Docker Bench repo from github.com. Then the student executes the bench utility, views the report, and then enables auditing of the Docker Daemon. After enabling auditing, the utility is run again and the new report is compared with the old.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Gain access to the EC2 CentOS7 server through the terminal of your choice using ssh to log in as cloud_user.

$ ssh cloud_user@[Public IP Here]

Once you are logged in, verify the version of git installed by typeing the following command:

$ git --version

If Git is installed, then proceed and clone the docker-bench repo from github.com:

$ git clone https://github.com/docker/docker-bench-security.git

Now verify that the repo was cloned by using the ls command to see if it is in your home directory:

$ ls -l

Change your present working directory to docker-bench-security:

$ cd docker-bench-security

Verify that you are in the docker-bench-security directory by using the pwd command:

$ pwd

Using super user permissions execute the docker-bench-security.sh shell script and redirect standard output to a file called /tmp/bench1.out

$ sudo sh docker-bench-security.sh > /tmp/bench1.out

*The sudo command will prompt your for the cloud_user password

Use the more command to look at the first part of the docker bench output:

$ more /tmp/bench1.out

Use the auditctl command to list any auditing rules that are already setup on the system:

$ sudo auditctl -l

Use the auditctl command to add a rule to audit writes from docker:

$ sudo auditctl -w /usr/bin/docker -k docker

Now run the docker bench utility again and direct output to /tmp/bench2.out:

$ sudo sh docker-bench-security.sh > /tmp/bench2.out

Now use the Linux diff command to compare the output from the first run in bench1.out to the second run in bench2.out:

$ diff /tmp/bench1.out /tmp/bench2.out

* This concludes this lab