DockerENT is an open source tool created by r0hi7. It is a runtime security tool which is used to scan for misconfigurations in docker containers and docker networks.

Although, there are various security measures implemented during the build and deployment phase of containers, it is important that we scan and audit the running containers, in case of any malicious activities that could have been performed after the containers were deployed.

Installation and usage :-

Step 1 :-

 Clone the DockerENT repository on your host machine and run the following commands. The repository can be found here.

git clone https://github.com/r0hi7/DockerENT.git

cd DockerENT

make venv

source venv/bin/activate

Step 2 :-

We can scan the containers using the CLI or a web interface. We prefer the web version over CLI since it is much cleaner for this writeup. To start the web interface use the following command.

source venv/bin/activate

python3 -m DockerENT -w

Step 3 :-

Now, to scan the containers, we can either scan an individual container or scan all of the running ones.  Also, we can even select plugins and choose to perform specific scans.

The plugins include various individual scans such as network scans, file system scans, scanning for files with SUID set, Scanning for the user info and also security profiles implemented on the container.

 Here, we choose to scan all the plugins for all containers. We are running 4 containers which include the following services 

  • ubuntu, nginx, redis and postgresql

Step 4 :-

In this case, we will select the ‘Audit Docker Results’ to get the audit report.

 Once we click on start, it may take some time depending upon the number of containers.

Once completed  we get the Scan report as well as the Audit report in JSON format.

Some important misconfigurations that it finds are :-

  • Open ports
  • Writable files
  • SUID/SGID files
  • Plain text passwords
  • Security profiles

Conclusions:-

  • The application does an impressive work of finding common misconfigurations. 
  • However, the output produced is quite bulky and unclean. 
  • It is built using the streamlit framework, which provides data visualization capabilities. We can use that to generate a much cleaner output.
  • There are various tools already available at the build and deployment phases to scan for these misconfigurations. 

Thank you for reading! – Siddarth Tanna and Setu Parimi

Sign up for the blog directly here.

Check out our professional services here.

Feedback is welcome! For professional services, fan mail, hate mail, or whatever else, contact [email protected]


0 Comments

Leave a Reply

%d bloggers like this: