Posted on Leave a comment

Run docker commands inside docker container

Considering that you have a docker container that runs an operating system, you could install docker inside it in order to use docker commands. Lets take for example the below Dockerfile. This will use the windows server core image and will install docker on it.

FROM mcr.microsoft.com/dotnet/framework/sdk:4.8-windowsservercore-ltsc2022
RUN Invoke-WebRequest -UseBasicParsing https://download.docker.com/win/static/stable/x86_64/docker-20.10.18.zip -OutFile docker.zip; `
Expand-Archive -Force docker.zip -DestinationPath $Env:ProgramFiles; `
Remove-Item -Force docker.zip

As a result the administrator could execute docker commands by taking a prompt on the container. However not all commands will work if you do not perform the below volume binding. When you spin up a new container using the image that you created with the Dockerfile you should also use the below command. This way you could use docker commands like docker build, docker push etc. 

-v \\.\pipe\docker_engine:\\.\pipe\docker_engine
Posted on Leave a comment

Log commands for all users on Linux – Redhat auditd

As security is one of the most important things on your infrastructure, you should enable logging for all commands and actions that a user performs (logins included).

In this article I will explain the procedure using auditd which comes preinstalled with many Linux distributions.

First things first, check if auditd is already installed and started on your system.

Then go to the rules file and open it with your favorite editor.

vi /etc/audit/rules.d/audit.rules

Add the below two rules to the end of the file.

-a exit,always -F arch=b32 -S execve -k auditcmd
-a exit,always -F arch=b64 -S execve -k auditcmd

Then execute on terminal:

augenrules 

You should then restart the service. Trying to do so with systemctl you may encounter the below error:

Execute auditd stop and start using the below commands:

service auditd stop
service auditd start

Verify existing rules:

auditctl -l

You are now ready and you can test the logging functionality. Perform a sudo action with a non root user.

Locate the action from logs.