Run Container docker/whalesay Running Test 1 docker run docker/whalesay cowsay hello! Get Shell 1 docker run -it --rm docker/whalesay /bin/sh Get Seccomp Value with PID PID 1 ps -ef 1 2 3 UID PID PPID C STIME TTY TIME CMD root 1 0 0 12:01 pts/0 00:00:00 /bin/sh root 9 1 0 12:01 pts/0 00:00:00 ps -ef Check Configured Seccomp Mode 1 grep Seccomp /proc/1/status 1 2 Seccomp: 2 Seccomp_filters: 1 Seccomp Mode Mode Description 0 Disabled 1 Strict 2 Filtered Restrict SYSCALLS Value Descriptions Value Description SCMP_ACT_ERRNO Return Error SCMP_ACT_ALLOW Execute the commands whitelist.
Tracee Tracee Runtime Security and Forensics using eBPF. Command Options Binding Mount Mode Description /lib/modules/ Read Only Kernel Headers /usr/src Read Only Kernel Headers /tmp/tracee Default Default workspace Additional Capability Capabiltity --privileged Command Examples Standard Output(Default) 1 docker run --name tracee --rm --privileged -v /lib/modules/:/lib/modules/:ro -v /usr/src:/usr/src:ro -v /tmp/tracee:/tmp/tracee -it aquasec/tracee:latest
Check Exist 1 which strace 1 /usr/bin/strace Tracing SYSCALLS with Running Command 1 strace echo 111 1 2 3 4 5 execve("/usr/bin/echo", ["echo", "111"], 0x7ffc891d5818 /* 8 vars */) = 0 . . . [Output Truncated] Value Description /usr/bin/echo Command path [“echo”, “111”] Command and parameters 0x7ffc891d5818 /* 8 vars */) Environment values (env | wc -l is 8) Tracing SYSCALLS with Running Process Find Process ID 1 pidof etcd 1 3569 Trace with Process ID 1 strace -p 3569 With Option 1 strace -c echo 111 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 24.
Check Listening Ports 1 netstat -an | grep -w LISTEN Service with Port 1 cat /etc/services | grep -w 53
Load Module 1 modprobe pcspkr Module List 1 lsmod Blacklist Modules 1 vi /etc/modprobe.d/blacklist.conf 1 2 blacklist sctp blacklist dccp 1 shutdown -r now 1 2 lsmod | grep sctp lsmod | grep dccp
Check Services 1 systemctl list-units --type service Stop Service 1 systemctl stop apache2 Disable Service 1 systemctl disable apache2 Check Installed Packages 1 apt list --installed Remove Package 1 apt remove apache2
CozyFex