Yellow - Containers

Container Management

CLI Tools

  • gvisor - container runtime sandbox.

  • ctop - top-like interface for container metrics.

Web Tools

  • Moby - a collaborative project for the container ecosystem to assemble container-based system.

  • Traefik - open source reverse proxy/load balancer provides easier integration with Docker and Let's encrypt.

  • kong - The Cloud-Native API Gateway.

  • rancher - complete container management platform.

Logging and Monitoring

Container logging and analysis revolves around 3 areas:

  • Container Service Logs - Service daemons record key events

    • Daemon events - Errors, status, and general events

    • Remote calls to APIs

    • Creation/Modification/Deletion of containers

  • Host operating system/platform logs

    • Amazon EKS offers logging events to Cloudwatch

  • Service logs

Logging Methods

  • Persistent data volume or bind mount - Log data is sent to a persistent location outside of the container. Often with syslog directly to the host OS

  • Application inside container - If the application itself has logging capabilities, they can be logged to locations outside of the container

  • Monitoring container (Sidecar) - A container for collecting logs from other containers

  • Daemon log drivers - Captures stdout and stderr of containers

Container Defense

Tools

  • Security Auditing and Vulnerability Scanners

    • Clair - Vulnerability Static Analysis for Containers

    • WhaleScan - Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container

    • Trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

    • SecretScanner - Find secrets and passwords in container images and file systems

    • sandbox-attacksurface-analysis-tools - Set of tools to analyze Windows sandboxes for exposed attack surface.

  • DFIR

  • Container Management

    • rancher - Complete container management platform

    • portainer - Making Docker and Kubernetes management easy.

Container Pen Testing

Docker

Docker - A Docker container is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.

Tools

Resources

Last updated