Scribd Logo
Upload

Welcome to Scribd!

  • Analyzing A Dockerfile For Security Best Practices

    Uploaded by

    akdenizerdem
    2 views2 pages
    The document provides instructions for analyzing Dockerfiles for security best practices. It asks the security specialist to log in to a server and check three Dockerfiles - securi-api, securi-webserver, and securi-users - correcting issues in each by deleting or modifying certain lines. Correcting the issues will help improve the security of the container applications built from the Dockerfiles.

    Original Description:

    docker file

    Original Title

    Analyzing a Dockerfile for Security Best Practices

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides instructions for analyzing Dockerfiles for security best practices. It asks the security specialist to log in to a server and check three Dockerfiles - securi-api, securi-webserver, and securi-users - correcting issues in each by deleting or modifying certain lines. Correcting the issues will help improve the security of the container applications built from the Dockerfiles.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views2 pages

    Analyzing A Dockerfile For Security Best Practices

    Uploaded by

    akdenizerdem
    The document provides instructions for analyzing Dockerfiles for security best practices. It asks the security specialist to log in to a server and check three Dockerfiles - securi-api, securi-webserver, and securi-users - correcting issues in each by deleting or modifying certain lines. Correcting the issues will help improve the security of the container applications built from the Dockerfiles.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Analyzing a Dockerfile for Security Best

    Practices
    Introduction
    Your company, SecuriCorp, is using Kubernetes to run a variety of applications. Your
    developers are developing some container applications, and they have created some
    Dockerfiles to build container images.

    As the local security specialist, you have been asked to look over these Dockerfiles to locate
    and correct any bad security practices. Each Dockerfile has at least one security issue. Edit the
    Dockerfiles to correct the issue(s).

    Solution
    Log in to the server using the credentials provided:

    ssh cloud_user@<PUBLIC_IP_ADDRESS>

    Check the securi-api Dockerfile

    1. Check the securi-api Dockerfile:

    vi securi-api/Dockerfile

    2. Delete the first line RUN apt-get update && apt-get install -y mathblasters.
    3. To save and exit the file, press Escape, type :wq, and hit Enter.
    Check the securi-webserver Dockerfile

    1. Check the securi-webserver Dockerfile:

    vi securi-webserver/Dockerfile

    2. On the final USER directive, replace the root user with nginxuser.
    3. To save and exit the file, press Escape, type :wq, and hit Enter.

    Check the securi-users Dockerfile

    1. Check the securi-users Dockerfile:

    vi securi-users/Dockerfile

    2. Delete the line ENV db_password=hunter2 to remove the password from the image.
    3. To save and exit the file, press Escape, type :wq, and hit Enter.

    Conclusion

    You might also like