SlideShare a Scribd company logo

Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With Docker, Honeypots, & Nagios

Download as ODP, PDF
Nagios
Nagios

Spenser Reinhardt's presentation on Detecting Security Breaches With Docker, Honeypots, & Nagios. The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference

1 of 33
Downloaded 14 times
Detecting Security Breaches With Docker, Honeypots, & Nagios Spenser Reinhardt sreinhardt@nagios.com Github: sreinhardt Docker: sreinhardt Personal: Ask Me
Presentation Goals What you talkin' bout Willis? • Basics of Docker containerization virtualization • What is a honeypot? • Why are they valuable to me and my infrastructure? • Where does Nagios fit in? • Demos! • How exactly do I profit from this?
Docker Basics What is “Docker” and why do I care? • Lightweight virtualization • Near instant application service recovery • Block level file system differential snapshots • Heavy isolation between host and guest • Optional instant revert to previous snapshots on guest shutdown • Easy file and network sharing between host and containers
Getting Started With Docker ● Dockerfiles ● Github.com ● Docker.com ● Automatic builds ● Instant differential updates #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] #CMD ["binary-to-start"]
Dockerfiles ● FROM: Base image to use ● MAINTAINER: Who controls the container configuration. ● COPYADD: Add a file from the host or web to the container. ● RUN: Run a command or script in the container. ● EXPOSE: Open port to container to both host and other containers. ● WORKDIR: Change working directory for all future commands. ● ENTRYPOINT: Sets the binary to start by default. Otherwise it is “/bin/sh -c” ● CMD: Arguments needed for the entrypoint binary #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] ENTRYPOINT [“binary/to/start”] CMD ["Arguements", “for”, “binary”]
Github and Docker ● Automated linking of github and bitbucket repositories ● Builds from directory with Dockerfile only ● Automated builds on git push, or on command ● Automated linking and building of linked containers
Github.com – Automated Builds
Docker.com – Automated Builds
Honeypots ● Emulation of operating systems, services, and applications. ● High Interaction – Full OS or applications, must be reverted to a snapshot or reinstalled after an attack. ● Low Interaction – Emulated OS or application, most spawn separate process for attacker, save results and cleanup after session, like most daemons. ● All interactions are suspicious activity
Honeynet Project ● Nepenthes – Low int, many applications and services ● Dionaea – Low int, successor to Nepenthes ● Glastopf – Web application honeypot ● Kippo – SSH emulation and capture ● Thug – Client web browser ● Conpot – ICSSCADA emulation ● Honeybrid – Intelligent firewall, filtering and classification ● Bifrozt – SSH proxy and information collector
Border Honeynets
Internal Honeynets
Docker Honeynet Network
Nagios Monitoring Network
Dynamic Iptables Rules
Putting It All Together (Nagios XI)
Putting It All Together (Nagios Log Monitor)
Putting It All Together (Nagios Network Analyzer)
Nagios XI ● Monitors Docker containers and applications on host ● Event handlers restart, save and restart, or killl containers. ● Event handlers to disconnect and log abusive connections. ● Active view of all parts working in the system ● Notification management
Nagios Network Analyzer ● Collect flow data from: – Host external interface – Honeybrid internal interface ● Trigger abusive and oversized disconnections with filters
Nagios Log Server ● Collect and store all logs. ● Advanced parsing and filtering. ● Deep correlation between systems and events. ● Distributed storage and computation.
Glastopf ● Web application specific honeypot ● Hosts only ports: – 80 – 443 ● Full PHP emulated virtual environment ● Emulated sql backend
Web Attack
Log Server Respnse
Dionaea ● General purpose honeypot ● Expandable through plugins and modules ● Full shellcode emulation ● By default hosts applications on: – 21(ftp), 69(tftp), 135(emap), 445(smb), 1443(mssql), 3306(mysql), 5060-5061(sip), 63001-64000(ftp)
Samba Attack
Log Server Response
Kippo ● SSH specific honeypot ● Full virtual shell emulation ● Daemon attack emulation ● Only port 22/2222
SSH Attack
Log Server Response
Conpot ● Industrial Control Systems(ICS) Supervisory Control and Data Acquisition (SCADA) ● Defaults to building device control system ● Full Shellcode emulation ● Several services available by default – 80(http), 161(snmp), 503(modbus)
Conclusion ● Docker's has some really cool uses! ● Honeynet has some amazing projects! ● Combining these with a little nagios magic, makes for really interesting security! ● https://github.com/sreinhardt/Honeynet ● https://docker.com/sreinhardt/Honeynet
Questions? Spenser Reinhardt sreinhardt@nagios.com Github: sreinhardt Docker: sreinhardt Personal: Ask Me
Ad

Recommended

Nagios Conference 2014 - David Josephsen - Alert on What You Draw
Nagios Conference 2014 - David Josephsen - Alert on What You DrawNagios Conference 2014 - David Josephsen - Alert on What You Draw
Nagios Conference 2014 - David Josephsen - Alert on What You Draw
Nagios
 
Ansible in CI
Ansible in CIAnsible in CI
Ansible in CI
Dharmit Shah
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
Dharmit Shah
 
CI and CD
CI and CDCI and CD
CI and CD
Ladislav Prskavec
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
Kasun Madura Rathnayaka
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case Studies
Greg DeKoenigsberg
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for Infrastructure
Faisal Shaikh
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansible
Mukul Malhotra
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
Diana Tkachenko
 
Cyansible
CyansibleCyansible
Cyansible
Alan Norton
 
CLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsCLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.js
Karolis Labrencis
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collide
m_richardson
 
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DEVCON
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
Bram Vogelaar
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
Vishal Uderani
 
Rails after 5 years
Rails after 5 yearsRails after 5 years
Rails after 5 years
Rob Dawson
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihan
jbminn
 
Everyday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsEveryday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.js
Nikolay Stoitsev
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and Waypoint
Bram Vogelaar
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
Warsztaty ansible
Warsztaty ansibleWarsztaty ansible
Warsztaty ansible
gnosek
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced Oscar
Jeff Scelza
 
Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)
Andy Sykes
 
Cncf k8s_network_part1
Cncf k8s_network_part1Cncf k8s_network_part1
Cncf k8s_network_part1
Erhwen Kuo
 
Webconf nodejs-production-architecture
Webconf nodejs-production-architectureWebconf nodejs-production-architecture
Webconf nodejs-production-architecture
Ben Lin
 
Bringing Developers to the Next Level
Bringing Developers to the Next LevelBringing Developers to the Next Level
Bringing Developers to the Next Level
Sergejus Barinovas
 
Test Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeTest Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as Code
Cybera Inc.
 
Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016
Matt Bentley
 
Performance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupPerformance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetup
Stijn Polfliet
 
Ad

More Related Content

What's hot (20)

Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
Diana Tkachenko
 
Cyansible
CyansibleCyansible
Cyansible
Alan Norton
 
CLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsCLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.js
Karolis Labrencis
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collide
m_richardson
 
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DEVCON
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
Bram Vogelaar
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
Vishal Uderani
 
Rails after 5 years
Rails after 5 yearsRails after 5 years
Rails after 5 years
Rob Dawson
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihan
jbminn
 
Everyday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsEveryday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.js
Nikolay Stoitsev
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and Waypoint
Bram Vogelaar
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
Warsztaty ansible
Warsztaty ansibleWarsztaty ansible
Warsztaty ansible
gnosek
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced Oscar
Jeff Scelza
 
Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)
Andy Sykes
 
Cncf k8s_network_part1
Cncf k8s_network_part1Cncf k8s_network_part1
Cncf k8s_network_part1
Erhwen Kuo
 
Webconf nodejs-production-architecture
Webconf nodejs-production-architectureWebconf nodejs-production-architecture
Webconf nodejs-production-architecture
Ben Lin
 
Bringing Developers to the Next Level
Bringing Developers to the Next LevelBringing Developers to the Next Level
Bringing Developers to the Next Level
Sergejus Barinovas
 
Test Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeTest Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as Code
Cybera Inc.
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
Diana Tkachenko
 
Cyansible
CyansibleCyansible
Cyansible
Alan Norton
 
CLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsCLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.js
Karolis Labrencis
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collide
m_richardson
 
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DEVCON
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
Bram Vogelaar
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
Vishal Uderani
 
Rails after 5 years
Rails after 5 yearsRails after 5 years
Rails after 5 years
Rob Dawson
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihan
jbminn
 
Everyday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsEveryday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.js
Nikolay Stoitsev
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and Waypoint
Bram Vogelaar
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
Warsztaty ansible
Warsztaty ansibleWarsztaty ansible
Warsztaty ansible
gnosek
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced Oscar
Jeff Scelza
 
Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)
Andy Sykes
 
Cncf k8s_network_part1
Cncf k8s_network_part1Cncf k8s_network_part1
Cncf k8s_network_part1
Erhwen Kuo
 
Webconf nodejs-production-architecture
Webconf nodejs-production-architectureWebconf nodejs-production-architecture
Webconf nodejs-production-architecture
Ben Lin
 
Bringing Developers to the Next Level
Bringing Developers to the Next LevelBringing Developers to the Next Level
Bringing Developers to the Next Level
Sergejus Barinovas
 
Test Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeTest Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as Code
Cybera Inc.
 

Viewers also liked (20)

Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016
Matt Bentley
 
Performance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupPerformance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetup
Stijn Polfliet
 
Performance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June MeetupPerformance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Stijn Polfliet
 
cert
certcert
cert
Jonathan Hunt
 
Measuring Micro-services. Richard Rodger
Measuring Micro-services. Richard RodgerMeasuring Micro-services. Richard Rodger
Measuring Micro-services. Richard Rodger
Future Insights
 
Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015
Datadog
 
Writing Docker monitoring agent with Go
Writing Docker monitoring agent with GoWriting Docker monitoring agent with Go
Writing Docker monitoring agent with Go
Naoki AINOYA
 
Discussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesDiscussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machines
Steven Grzbielok
 
Monitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsMonitoring docker container and dockerized applications
Monitoring docker container and dockerized applications
Ananth Padmanabhan
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with Nirmata
Damien Toledo
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
aspyker
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
pgmaynard
 
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day OrangeMicroservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
acogoluegnes
 
ICS security
ICS securityICS security
ICS security
Ahmed Shitta
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
aspyker
 
Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes
Christian Posta
 
Microservices and APIs
Microservices and APIsMicroservices and APIs
Microservices and APIs
Christian Posta
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
 
What is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios CoreWhat is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios Core
Sanjay Willie
 
Real world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShiftReal world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShift
Christian Posta
 
Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016
Matt Bentley
 
Performance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupPerformance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetup
Stijn Polfliet
 
Performance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June MeetupPerformance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Stijn Polfliet
 
cert
certcert
cert
Jonathan Hunt
 
Measuring Micro-services. Richard Rodger
Measuring Micro-services. Richard RodgerMeasuring Micro-services. Richard Rodger
Measuring Micro-services. Richard Rodger
Future Insights
 
Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015
Datadog
 
Writing Docker monitoring agent with Go
Writing Docker monitoring agent with GoWriting Docker monitoring agent with Go
Writing Docker monitoring agent with Go
Naoki AINOYA
 
Discussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesDiscussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machines
Steven Grzbielok
 
Monitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsMonitoring docker container and dockerized applications
Monitoring docker container and dockerized applications
Ananth Padmanabhan
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with Nirmata
Damien Toledo
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
aspyker
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
pgmaynard
 
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day OrangeMicroservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
acogoluegnes
 
ICS security
ICS securityICS security
ICS security
Ahmed Shitta
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
aspyker
 
Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes
Christian Posta
 
Microservices and APIs
Microservices and APIsMicroservices and APIs
Microservices and APIs
Christian Posta
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
 
What is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios CoreWhat is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios Core
Sanjay Willie
 
Real world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShiftReal world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShift
Christian Posta
 
Ad

Similar to Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With Docker, Honeypots, & Nagios (20)

DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
Vincent Mercier
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
corehard_by
 
Killer Docker Workflows for Development
Killer Docker Workflows for DevelopmentKiller Docker Workflows for Development
Killer Docker Workflows for Development
Chris Tankersley
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
Liang Bo
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Docker, Inc.
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
dotCloud
 
Deliver Python Apps with Docker
Deliver Python Apps with DockerDeliver Python Apps with Docker
Deliver Python Apps with Docker
Anton Egorov
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
Fabio Fumarola
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Patrick Chanezon
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with Docker
Patrick Mizer
 
Docker+java
Docker+javaDocker+java
Docker+java
DPC Consulting Ltd
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
alinalexandru
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
Bob Killen
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
muayyad alsadi
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
Jordan Open Source Association
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Jérôme Petazzoni
 
DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
Vincent Mercier
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
corehard_by
 
Killer Docker Workflows for Development
Killer Docker Workflows for DevelopmentKiller Docker Workflows for Development
Killer Docker Workflows for Development
Chris Tankersley
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
Liang Bo
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Docker, Inc.
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
dotCloud
 
Deliver Python Apps with Docker
Deliver Python Apps with DockerDeliver Python Apps with Docker
Deliver Python Apps with Docker
Anton Egorov
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
Fabio Fumarola
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Patrick Chanezon
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with Docker
Patrick Mizer
 
Docker+java
Docker+javaDocker+java
Docker+java
DPC Consulting Ltd
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
alinalexandru
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
Bob Killen
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
muayyad alsadi
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
Jordan Open Source Association
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Jérôme Petazzoni
 
Ad

More from Nagios (20)

Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
Nagios
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture Overview
Nagios
 
Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodTrevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The Hood
Nagios
 
Sean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsSean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient Notifications
Nagios
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Nagios
 
Janice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsJanice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios Plugins
Nagios
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical Experience
Nagios
 
Mike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksMike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service Checks
Nagios
 
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationMike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Nagios
 
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Nagios
 
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosMatt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Nagios
 
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Nagios
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal Nagios
Nagios
 
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Nagios
 
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Nagios
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nagios
 
Nagios Log Server - Features
Nagios Log Server - FeaturesNagios Log Server - Features
Nagios Log Server - Features
Nagios
 
Nagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios Network Analyzer - Features
Nagios Network Analyzer - Features
Nagios
 
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios
 
Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
Nagios
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture Overview
Nagios
 
Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodTrevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The Hood
Nagios
 
Sean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsSean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient Notifications
Nagios
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Nagios
 
Janice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsJanice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios Plugins
Nagios
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical Experience
Nagios
 
Mike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksMike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service Checks
Nagios
 
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationMike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Nagios
 
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Nagios
 
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosMatt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Nagios
 
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Nagios
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal Nagios
Nagios
 
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Nagios
 
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Nagios
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nagios
 
Nagios Log Server - Features
Nagios Log Server - FeaturesNagios Log Server - Features
Nagios Log Server - Features
Nagios
 
Nagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios Network Analyzer - Features
Nagios Network Analyzer - Features
Nagios
 
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios
 

Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With Docker, Honeypots, & Nagios

  • 1. Detecting Security Breaches With Docker, Honeypots, & Nagios Spenser Reinhardt [email protected] Github: sreinhardt Docker: sreinhardt Personal: Ask Me
  • 2. Presentation Goals What you talkin' bout Willis? • Basics of Docker containerization virtualization • What is a honeypot? • Why are they valuable to me and my infrastructure? • Where does Nagios fit in? • Demos! • How exactly do I profit from this?
  • 3. Docker Basics What is “Docker” and why do I care? • Lightweight virtualization • Near instant application service recovery • Block level file system differential snapshots • Heavy isolation between host and guest • Optional instant revert to previous snapshots on guest shutdown • Easy file and network sharing between host and containers
  • 4. Getting Started With Docker ● Dockerfiles ● Github.com ● Docker.com ● Automatic builds ● Instant differential updates #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] #CMD ["binary-to-start"]
  • 5. Dockerfiles ● FROM: Base image to use ● MAINTAINER: Who controls the container configuration. ● COPYADD: Add a file from the host or web to the container. ● RUN: Run a command or script in the container. ● EXPOSE: Open port to container to both host and other containers. ● WORKDIR: Change working directory for all future commands. ● ENTRYPOINT: Sets the binary to start by default. Otherwise it is “/bin/sh -c” ● CMD: Arguments needed for the entrypoint binary #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] ENTRYPOINT [“binary/to/start”] CMD ["Arguements", “for”, “binary”]
  • 6. Github and Docker ● Automated linking of github and bitbucket repositories ● Builds from directory with Dockerfile only ● Automated builds on git push, or on command ● Automated linking and building of linked containers
  • 9. Honeypots ● Emulation of operating systems, services, and applications. ● High Interaction – Full OS or applications, must be reverted to a snapshot or reinstalled after an attack. ● Low Interaction – Emulated OS or application, most spawn separate process for attacker, save results and cleanup after session, like most daemons. ● All interactions are suspicious activity
  • 10. Honeynet Project ● Nepenthes – Low int, many applications and services ● Dionaea – Low int, successor to Nepenthes ● Glastopf – Web application honeypot ● Kippo – SSH emulation and capture ● Thug – Client web browser ● Conpot – ICSSCADA emulation ● Honeybrid – Intelligent firewall, filtering and classification ● Bifrozt – SSH proxy and information collector
  • 16. Putting It All Together (Nagios XI)
  • 17. Putting It All Together (Nagios Log Monitor)
  • 18. Putting It All Together (Nagios Network Analyzer)
  • 19. Nagios XI ● Monitors Docker containers and applications on host ● Event handlers restart, save and restart, or killl containers. ● Event handlers to disconnect and log abusive connections. ● Active view of all parts working in the system ● Notification management
  • 20. Nagios Network Analyzer ● Collect flow data from: – Host external interface – Honeybrid internal interface ● Trigger abusive and oversized disconnections with filters
  • 21. Nagios Log Server ● Collect and store all logs. ● Advanced parsing and filtering. ● Deep correlation between systems and events. ● Distributed storage and computation.
  • 22. Glastopf ● Web application specific honeypot ● Hosts only ports: – 80 – 443 ● Full PHP emulated virtual environment ● Emulated sql backend
  • 25. Dionaea ● General purpose honeypot ● Expandable through plugins and modules ● Full shellcode emulation ● By default hosts applications on: – 21(ftp), 69(tftp), 135(emap), 445(smb), 1443(mssql), 3306(mysql), 5060-5061(sip), 63001-64000(ftp)
  • 28. Kippo ● SSH specific honeypot ● Full virtual shell emulation ● Daemon attack emulation ● Only port 22/2222
  • 31. Conpot ● Industrial Control Systems(ICS) Supervisory Control and Data Acquisition (SCADA) ● Defaults to building device control system ● Full Shellcode emulation ● Several services available by default – 80(http), 161(snmp), 503(modbus)
  • 32. Conclusion ● Docker's has some really cool uses! ● Honeynet has some amazing projects! ● Combining these with a little nagios magic, makes for really interesting security! ● https://github.com/sreinhardt/Honeynet ● https://docker.com/sreinhardt/Honeynet
  • 33. Questions? Spenser Reinhardt [email protected] Github: sreinhardt Docker: sreinhardt Personal: Ask Me