7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# File 'lib/dockscan/modules/audit/container-sshd-process.rb', line 7
def check(dockercheck)
sp=Dockscan::Scan::Plugin.new
si=Dockscan::Scan::Issue.new
si.title="Container have SSH server process"
si.description="Docker daemon reports it is running SSH daemon inside container.\nThis is not recommended practice as it provides yet another attack surface for attackers and wastes computer resources."
si.solution="It is recommended to remove SSH daemon/client from container. It is recommended to use docker exec command to execute commands inside container."
si.severity=4 si.risk = { "cvss" => 3.2 }
sp.vuln=si
sp.output=""
if scandata.key?("GetContainersRunning") and not scandata["GetContainersRunning"].obj.empty?
sp.state="run"
scandata["GetContainersRunning"].obj.each do |container|
ps=container.top
ps.each do |process|
if process["CMD"].include?("ssh") then
sp.output << idcontainer(container) << " has SSH process running: " << process["CMD"] << "\n"
sp.state="vulnerable"
break
end
end
end
end
return sp
end
|