Docker-Security-Analysis

This repository is to contain my work for a Technical Report (ENGR 411) at Concordia University during the Fall 2018 Semester

Does weakening host affect image scans?

11 Nov 2018 - Christopher McArthur

Mission:

I am trying to validate that whether altering the state of the host ( ie installing vulnerabilities ) will be caught by the security scan

Test 1

for this I have selected ffmpeg library as my test subject. it was at the top of the home page for this online database im looking at.

original test image ID: ea4c82dcd15a33e3e9c4c37050def20476856a08e59526fbe533cc4e98387e39
after force adding: ea4c82dcd15a33e3e9c4c37050def20476856a08e59526fbe533cc4e98387e39

So i am re scanning the same image !

New scan took 2 minutes …………………… No new vulnerabilities… perhaps this one is not in my DB locally

Test 2

Found the list of vulnerabilities affecting ubuntu 18.04 here and up next i am trying to introduce this vulnerability seen from firefoze < 60 hot to install version 45 … No new vulnerabilities found in the scan

Test 3

Im still not convience my test vector is old enough. Up next this one from 2017. Surpise Surprise ! It’s already installed =D

cmcarthur@docker-engine-one:~$ apt-cache policy apport
apport:
  Installed: 2.20.1-0ubuntu2.10
  Candidate: 2.20.1-0ubuntu2.18
  Version table:
     2.20.1-0ubuntu2.18 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages
 *** 2.20.1-0ubuntu2.10 100
        100 /var/lib/dpkg/status
     2.20.1-0ubuntu2 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages

So is looks like there may have been an issue in my original of the ubuntu image, perhaps my “noobs” mislead me on the first attempt.

Update ( 2018-11-12 )

Finally got Vuls working. Thid tool is much more powerful allowing me to even scan my host not just images! My host had 800+ CVE vulnerabilities while my ubuntu images had only 37. This supports the idea that my original test my have been flawed