Lab Notes - HackMD

# Lab Notes ## Docker - Two APIs - Rate Limit - Both APIs has a rate-limit to 100 requests per 6 hours (200 if you registered) - https://www.docker.com/pricing - > Docker Hub counts every GET request sent to registry manifest URLs (/v2/*/manifests/\*) against your quota. > In plain English, every docker pull command execution counts against your quota regardless if the requested image is up to date or not. - https://container-registry.com/posts/overcome-docker-hub-rate-limit/ - [Docker Hub API](https://docs.docker.com/docker-hub/api/latest/) - [Docker Registry API](https://docs.docker.com/registry/spec/api/) - Docker will not list the full `_catalog` (https://stackoverflow.com/questions/37082826/insufficient-scope-when-attempting-to-get-docker-hub-catalog) - Images does have multiple tags, but contain the same content (e.g.: `ubuntu:xenial` & `ubuntu:xenial-20210804` with same `digest` and `size`) --- - create Docker network: https://stackoverflow.com/questions/27937185/assign-static-ip-to-docker-container ## CVEs & Exploits - Tools do not find every vulnerability - E.g. bruteforce vulnerability in DVWA Webapp is not detected. - E.g. SSH-Enumusers is identified by CVE-2016-6210 & CVE-2018-15473 but SSH-login (brutforce) (CVE-1999-0502) is not, but still possible. ## Tools - The tools are different in speed - Scanner restriction for `slim` Images: https://www.youtube.com/watch?v=PaMnzeHBa8M - Programs have to be installed with package manager, otherwies the tools are not able to detect the correct version (e.g old Open-SSH manuel vs. apt-install) ## Security Solutions - https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet/?utm_feeditemid=&utm_device=m&utm_term=docker%20security%20scanning&utm_source=google&utm_medium=ppc&utm_campaign=&hsa_cam=11356199924&hsa_grp=126968678856&hsa_mt=p&hsa_src=g&hsa_ad=542416438683&hsa_acc=5867098142&hsa_net=adwords&hsa_kw=docker%20security%20scanning&hsa_tgt=kwd-382797202689&hsa_ver=3&utm_adgroupid=126968678856&utm_source=google&utm_medium=cpc&utm_campaign=11356199924&utm_term=docker%20security%20scanning&hsa_acc=5867098142&hsa_cam=11356199924&hsa_grp=126968678856&hsa_ad=542416438683&hsa_src=g&hsa_tgt=kwd-382797202689&hsa_kw=docker%20security%20scanning&hsa_mt=p&hsa_net=adwords&hsa_ver=3&gclid=Cj0KCQjw-4SLBhCVARIsACrhWLUSXes6-xyYQ7nqYtkIaZ64LBcJKgdCVdggdObiTdJlhuc1l93NRHgaAlZVEALw_wcB - https://docs.docker.com/engine/scan/