Class: ContainerSSHProcess

Inherits:

Dockscan::Modules::AuditModule

• Object
• Dockscan::Modules::GenericModule
• Dockscan::Modules::AuditModule
• ContainerSSHProcess

Defined in:

lib/dockscan/modules/audit/container-sshd-process.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary

• #check(dockercheck) ⇒ Object
• #info ⇒ Object

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object

# File 'lib/dockscan/modules/audit/container-sshd-process.rb', line 7

def check(dockercheck)
	sp=Dockscan::Scan::Plugin.new
	si=Dockscan::Scan::Issue.new
	si.title="Container have SSH server process"
	si.description="Docker daemon reports it is running SSH daemon inside container.\nThis is not recommended practice as it provides yet another attack surface for attackers and wastes computer resources."
	si.solution="It is recommended to remove SSH daemon/client from container. It is recommended to use docker exec command to execute commands inside container."
	si.severity=4 # Low
	si.risk = { "cvss" => 3.2 } 
	sp.vuln=si	
	sp.output=""
	if scandata.key?("GetContainersRunning") and not scandata["GetContainersRunning"].obj.empty?
		sp.state="run"
		scandata["GetContainersRunning"].obj.each do |container|
			ps=container.top
			ps.each do |process|
				if process["CMD"].include?("ssh") then
					sp.output << idcontainer(container) << " has SSH process running: " << process["CMD"] << "\n"
					sp.state="vulnerable"
					break
				end
			end
		end
	end
	return sp
end

#info ⇒ Object

# File 'lib/dockscan/modules/audit/container-sshd-process.rb', line 3

def info
	return 'This plugin checks if SSH is running inside container'
end