SlideShare a Scribd company logo

Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With Docker, Honeypots, & Nagios

Download as ODP, PDF
Nagios
Nagios

Spenser Reinhardt's presentation on Detecting Security Breaches With Docker, Honeypots, & Nagios. The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference

1 of 33
Detecting Security Breaches With Docker, Honeypots, & Nagios Spenser Reinhardt sreinhardt@nagios.com Github: sreinhardt Docker: sreinhardt Personal: Ask Me
Presentation Goals What you talkin' bout Willis? • Basics of Docker containerization virtualization • What is a honeypot? • Why are they valuable to me and my infrastructure? • Where does Nagios fit in? • Demos! • How exactly do I profit from this?
Docker Basics What is “Docker” and why do I care? • Lightweight virtualization • Near instant application service recovery • Block level file system differential snapshots • Heavy isolation between host and guest • Optional instant revert to previous snapshots on guest shutdown • Easy file and network sharing between host and containers
Getting Started With Docker ● Dockerfiles ● Github.com ● Docker.com ● Automatic builds ● Instant differential updates #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] #CMD ["binary-to-start"]
Dockerfiles ● FROM: Base image to use ● MAINTAINER: Who controls the container configuration. ● COPYADD: Add a file from the host or web to the container. ● RUN: Run a command or script in the container. ● EXPOSE: Open port to container to both host and other containers. ● WORKDIR: Change working directory for all future commands. ● ENTRYPOINT: Sets the binary to start by default. Otherwise it is “/bin/sh -c” ● CMD: Arguments needed for the entrypoint binary #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] ENTRYPOINT [“binary/to/start”] CMD ["Arguements", “for”, “binary”]
Github and Docker ● Automated linking of github and bitbucket repositories ● Builds from directory with Dockerfile only ● Automated builds on git push, or on command ● Automated linking and building of linked containers
Github.com – Automated Builds
Docker.com – Automated Builds
Honeypots ● Emulation of operating systems, services, and applications. ● High Interaction – Full OS or applications, must be reverted to a snapshot or reinstalled after an attack. ● Low Interaction – Emulated OS or application, most spawn separate process for attacker, save results and cleanup after session, like most daemons. ● All interactions are suspicious activity
Honeynet Project ● Nepenthes – Low int, many applications and services ● Dionaea – Low int, successor to Nepenthes ● Glastopf – Web application honeypot ● Kippo – SSH emulation and capture ● Thug – Client web browser ● Conpot – ICSSCADA emulation ● Honeybrid – Intelligent firewall, filtering and classification ● Bifrozt – SSH proxy and information collector
Border Honeynets
Internal Honeynets
Docker Honeynet Network
Nagios Monitoring Network
Dynamic Iptables Rules
Putting It All Together (Nagios XI)
Putting It All Together (Nagios Log Monitor)
Putting It All Together (Nagios Network Analyzer)
Nagios XI ● Monitors Docker containers and applications on host ● Event handlers restart, save and restart, or killl containers. ● Event handlers to disconnect and log abusive connections. ● Active view of all parts working in the system ● Notification management
Nagios Network Analyzer ● Collect flow data from: – Host external interface – Honeybrid internal interface ● Trigger abusive and oversized disconnections with filters
Nagios Log Server ● Collect and store all logs. ● Advanced parsing and filtering. ● Deep correlation between systems and events. ● Distributed storage and computation.
Glastopf ● Web application specific honeypot ● Hosts only ports: – 80 – 443 ● Full PHP emulated virtual environment ● Emulated sql backend
Web Attack
Log Server Respnse
Dionaea ● General purpose honeypot ● Expandable through plugins and modules ● Full shellcode emulation ● By default hosts applications on: – 21(ftp), 69(tftp), 135(emap), 445(smb), 1443(mssql), 3306(mysql), 5060-5061(sip), 63001-64000(ftp)
Samba Attack
Log Server Response
Kippo ● SSH specific honeypot ● Full virtual shell emulation ● Daemon attack emulation ● Only port 22/2222
SSH Attack
Log Server Response
Conpot ● Industrial Control Systems(ICS) Supervisory Control and Data Acquisition (SCADA) ● Defaults to building device control system ● Full Shellcode emulation ● Several services available by default – 80(http), 161(snmp), 503(modbus)
Conclusion ● Docker's has some really cool uses! ● Honeynet has some amazing projects! ● Combining these with a little nagios magic, makes for really interesting security! ● https://github.com/sreinhardt/Honeynet ● https://docker.com/sreinhardt/Honeynet
Questions? Spenser Reinhardt sreinhardt@nagios.com Github: sreinhardt Docker: sreinhardt Personal: Ask Me

Recommended

Nagios Conference 2014 - David Josephsen - Alert on What You Draw
Nagios Conference 2014 - David Josephsen - Alert on What You DrawNagios Conference 2014 - David Josephsen - Alert on What You Draw
Nagios Conference 2014 - David Josephsen - Alert on What You DrawNagios
 
Ansible in CI
Ansible in CIAnsible in CI
Ansible in CIDharmit Shah
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleDharmit Shah
 
CI and CD
CI and CDCI and CD
CI and CDLadislav Prskavec
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleKasun Madura Rathnayaka
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case StudiesGreg DeKoenigsberg
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureFaisal Shaikh
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleMukul Malhotra
 

Recommended

Nagios Conference 2014 - David Josephsen - Alert on What You Draw
Nagios Conference 2014 - David Josephsen - Alert on What You DrawNagios Conference 2014 - David Josephsen - Alert on What You Draw
Nagios Conference 2014 - David Josephsen - Alert on What You DrawNagios
 
Ansible in CI
Ansible in CIAnsible in CI
Ansible in CIDharmit Shah
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleDharmit Shah
 
CI and CD
CI and CDCI and CD
CI and CDLadislav Prskavec
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleKasun Madura Rathnayaka
 
Ansible Case Studies
Ansible Case StudiesAnsible Case Studies
Ansible Case StudiesGreg DeKoenigsberg
 
CI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureCI/CD Using Ansible and Jenkins for Infrastructure
CI/CD Using Ansible and Jenkins for InfrastructureFaisal Shaikh
 
Introduction to ansible
Introduction to ansibleIntroduction to ansible
Introduction to ansibleMukul Malhotra
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
Cyansible
CyansibleCyansible
CyansibleAlan Norton
 
CLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsCLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsKarolis Labrencis
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collidem_richardson
 
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDEVCON
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available DrupalBram Vogelaar
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageVishal Uderani
 
Rails after 5 years
Rails after 5 yearsRails after 5 years
Rails after 5 yearsRob Dawson
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanjbminn
 
Everyday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsEveryday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsNikolay Stoitsev
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointBram Vogelaar
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'rmcleay
 
Warsztaty ansible
Warsztaty ansibleWarsztaty ansible
Warsztaty ansiblegnosek
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarJeff Scelza
 
Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Andy Sykes
 
Cncf k8s_network_part1
Cncf k8s_network_part1Cncf k8s_network_part1
Cncf k8s_network_part1Erhwen Kuo
 
Webconf nodejs-production-architecture
Webconf nodejs-production-architectureWebconf nodejs-production-architecture
Webconf nodejs-production-architectureBen Lin
 
Bringing Developers to the Next Level
Bringing Developers to the Next LevelBringing Developers to the Next Level
Bringing Developers to the Next LevelSergejus Barinovas
 
Test Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeTest Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeCybera Inc.
 
Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Matt Bentley
 
Performance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupPerformance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupStijn Polfliet
 

More Related Content

What's hot

Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixDiana Tkachenko
 
CLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsCLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsKarolis Labrencis
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collidem_richardson
 
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDEVCON
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available DrupalBram Vogelaar
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageVishal Uderani
 
Rails after 5 years
Rails after 5 yearsRails after 5 years
Rails after 5 yearsRob Dawson
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanjbminn
 
Everyday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsEveryday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsNikolay Stoitsev
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointBram Vogelaar
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'rmcleay
 
Warsztaty ansible
Warsztaty ansibleWarsztaty ansible
Warsztaty ansiblegnosek
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarJeff Scelza
 
Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Andy Sykes
 
Cncf k8s_network_part1
Cncf k8s_network_part1Cncf k8s_network_part1
Cncf k8s_network_part1Erhwen Kuo
 
Webconf nodejs-production-architecture
Webconf nodejs-production-architectureWebconf nodejs-production-architecture
Webconf nodejs-production-architectureBen Lin
 
Bringing Developers to the Next Level
Bringing Developers to the Next LevelBringing Developers to the Next Level
Bringing Developers to the Next LevelSergejus Barinovas
 
Test Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeTest Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeCybera Inc.
 

What's hot (20)

Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Cyansible
CyansibleCyansible
Cyansible
 
CLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.jsCLI utility in ClojureScript running on Node.js
CLI utility in ClojureScript running on Node.js
 
Serverspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collideServerspec and Sensu - Testing and Monitoring collide
Serverspec and Sensu - Testing and Monitoring collide
 
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-TannerDevOps - Infrastructure as Code by Andre Marcelo-Tanner
DevOps - Infrastructure as Code by Andre Marcelo-Tanner
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
 
Rails after 5 years
Rails after 5 yearsRails after 5 years
Rails after 5 years
 
Docker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihanDocker ansible-make-chef-puppet-unnecessary-minnihan
Docker ansible-make-chef-puppet-unnecessary-minnihan
 
Everyday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.jsEveryday tools and tricks for scaling Node.js
Everyday tools and tricks for scaling Node.js
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and Waypoint
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
 
Warsztaty ansible
Warsztaty ansibleWarsztaty ansible
Warsztaty ansible
 
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced OscarPuppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
Puppet Camp Denver 2015: Developing and Testing with Enhanced Oscar
 
Developing and Testing with Enhanced Oscar
Developing and Testing with Enhanced OscarDeveloping and Testing with Enhanced Oscar
Developing and Testing with Enhanced Oscar
 
Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)Stop using Nagios (so it can die peacefully)
Stop using Nagios (so it can die peacefully)
 
Cncf k8s_network_part1
Cncf k8s_network_part1Cncf k8s_network_part1
Cncf k8s_network_part1
 
Webconf nodejs-production-architecture
Webconf nodejs-production-architectureWebconf nodejs-production-architecture
Webconf nodejs-production-architecture
 
Bringing Developers to the Next Level
Bringing Developers to the Next LevelBringing Developers to the Next Level
Bringing Developers to the Next Level
 
Test Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as CodeTest Kitchen and Infrastructure as Code
Test Kitchen and Infrastructure as Code
 

Viewers also liked

Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Matt Bentley
 
Performance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupPerformance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupStijn Polfliet
 
Performance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June MeetupPerformance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June MeetupStijn Polfliet
 
Measuring Micro-services. Richard Rodger
Measuring Micro-services. Richard RodgerMeasuring Micro-services. Richard Rodger
Measuring Micro-services. Richard RodgerFuture Insights
 
Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015Datadog
 
Writing Docker monitoring agent with Go
Writing Docker monitoring agent with GoWriting Docker monitoring agent with Go
Writing Docker monitoring agent with GoNaoki AINOYA
 
Discussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesDiscussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesSteven Grzbielok
 
Monitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsMonitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsAnanth Padmanabhan
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataDamien Toledo
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thingaspyker
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day OrangeMicroservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day Orangeacogoluegnes
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talkaspyker
 
Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes Christian Posta
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
 
What is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios CoreWhat is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios CoreSanjay Willie
 
Real world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShiftReal world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShiftChristian Posta
 

Viewers also liked (20)

Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016Docker Indy Meetup Monitoring 30-Aug-2016
Docker Indy Meetup Monitoring 30-Aug-2016
 
Performance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetupPerformance monitoring for Docker - Lucerne meetup
Performance monitoring for Docker - Lucerne meetup
 
Performance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June MeetupPerformance Monitoring for Docker Environments - Docker Amsterdam June Meetup
Performance Monitoring for Docker Environments - Docker Amsterdam June Meetup
 
cert
certcert
cert
 
Measuring Micro-services. Richard Rodger
Measuring Micro-services. Richard RodgerMeasuring Micro-services. Richard Rodger
Measuring Micro-services. Richard Rodger
 
Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015Monitoring Docker containers - Docker NYC Feb 2015
Monitoring Docker containers - Docker NYC Feb 2015
 
Writing Docker monitoring agent with Go
Writing Docker monitoring agent with GoWriting Docker monitoring agent with Go
Writing Docker monitoring agent with Go
 
Discussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machinesDiscussing the difference between docker dontainers and virtual machines
Discussing the difference between docker dontainers and virtual machines
 
Monitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsMonitoring docker container and dockerized applications
Monitoring docker container and dockerized applications
 
Running Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with NirmataRunning Netflix OSS on Docker with Nirmata
Running Netflix OSS on Docker with Nirmata
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day OrangeMicroservices with Netflix OSS and Spring Cloud - Dev Day Orange
Microservices with Netflix OSS and Spring Cloud - Dev Day Orange
 
ICS security
ICS securityICS security
ICS security
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
 
Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes Microservices with Spring Cloud, Netflix OSS and Kubernetes
Microservices with Spring Cloud, Netflix OSS and Kubernetes
 
Microservices and APIs
Microservices and APIsMicroservices and APIs
Microservices and APIs
 
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
 
What is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios CoreWhat is Nagios XI and how is it different from Nagios Core
What is Nagios XI and how is it different from Nagios Core
 
Real world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShiftReal world #microservices with Apache Camel, Fabric8, and OpenShift
Real world #microservices with Apache Camel, Fabric8, and OpenShift
 

Similar to Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With Docker, Honeypots, & Nagios

DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2Vincent Mercier
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'acorehard_by
 
Killer Docker Workflows for Development
Killer Docker Workflows for DevelopmentKiller Docker Workflows for Development
Killer Docker Workflows for DevelopmentChris Tankersley
 
Docker module 1
Docker module 1Docker module 1
Docker module 1Liang Bo
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned RightScale
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesJérôme Petazzoni
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013dotCloud
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Docker, Inc.
 
Deliver Python Apps with Docker
Deliver Python Apps with DockerDeliver Python Apps with Docker
Deliver Python Apps with DockerAnton Egorov
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016Patrick Chanezon
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniTheFamily
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with DockerPatrick Mizer
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021alinalexandru
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerBob Killen
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to productionmuayyad alsadi
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Jérôme Petazzoni
 

Similar to Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With Docker, Honeypots, & Nagios (20)

DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Killer Docker Workflows for Development
Killer Docker Workflows for DevelopmentKiller Docker Workflows for Development
Killer Docker Workflows for Development
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
 
Deliver Python Apps with Docker
Deliver Python Apps with DockerDeliver Python Apps with Docker
Deliver Python Apps with Docker
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
 
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with Docker
 
Docker+java
Docker+javaDocker+java
Docker+java
 
Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021Warden @ Meet magento Romania 2021
Warden @ Meet magento Romania 2021
 
Pluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and DockerPluggable Infrastructure with CI/CD and Docker
Pluggable Infrastructure with CI/CD and Docker
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
 

More from Nagios

Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best PracticesNagios
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewNagios
 
Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodTrevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodNagios
 
Sean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsSean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsNagios
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionNagios
 
Janice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsJanice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsNagios
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceNagios
 
Mike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksMike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksNagios
 
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationMike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationNagios
 
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Nagios
 
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosMatt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosNagios
 
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Nagios
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosNagios
 
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Nagios
 
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Nagios
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
Nagios Log Server - Features
Nagios Log Server - FeaturesNagios Log Server - Features
Nagios Log Server - FeaturesNagios
 
Nagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios
 
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios
 

More from Nagios (20)

Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture Overview
 
Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodTrevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The Hood
 
Sean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsSean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient Notifications
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
 
Janice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsJanice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios Plugins
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical Experience
 
Mike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksMike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service Checks
 
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationMike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
 
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
 
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosMatt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With Nagios
 
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal Nagios
 
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
 
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson Opening
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
Nagios Log Server - Features
Nagios Log Server - FeaturesNagios Log Server - Features
Nagios Log Server - Features
 
Nagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios Network Analyzer - Features
Nagios Network Analyzer - Features
 
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
 

Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With Docker, Honeypots, & Nagios

  • 1. Detecting Security Breaches With Docker, Honeypots, & Nagios Spenser Reinhardt sreinhardt@nagios.com Github: sreinhardt Docker: sreinhardt Personal: Ask Me
  • 2. Presentation Goals What you talkin' bout Willis? • Basics of Docker containerization virtualization • What is a honeypot? • Why are they valuable to me and my infrastructure? • Where does Nagios fit in? • Demos! • How exactly do I profit from this?
  • 3. Docker Basics What is “Docker” and why do I care? • Lightweight virtualization • Near instant application service recovery • Block level file system differential snapshots • Heavy isolation between host and guest • Optional instant revert to previous snapshots on guest shutdown • Easy file and network sharing between host and containers
  • 4. Getting Started With Docker ● Dockerfiles ● Github.com ● Docker.com ● Automatic builds ● Instant differential updates #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] #CMD ["binary-to-start"]
  • 5. Dockerfiles ● FROM: Base image to use ● MAINTAINER: Who controls the container configuration. ● COPYADD: Add a file from the host or web to the container. ● RUN: Run a command or script in the container. ● EXPOSE: Open port to container to both host and other containers. ● WORKDIR: Change working directory for all future commands. ● ENTRYPOINT: Sets the binary to start by default. Otherwise it is “/bin/sh -c” ● CMD: Arguments needed for the entrypoint binary #start with ubuntu FROM ubuntu:latest MAINTAINER Spenser Reinhardt ENV DEBIAN_FRONTEND noninteractive #copy and build COPY ./install.sh ./install.sh RUN chmod +x ./install.sh RUN ./install.sh #cleanup RUN mv /install.log /opt/[project]/install.log && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /install.sh #Post-build docker info EXPOSE [ports] WORKDIR /opt/[project] ENTRYPOINT [“binary/to/start”] CMD ["Arguements", “for”, “binary”]
  • 6. Github and Docker ● Automated linking of github and bitbucket repositories ● Builds from directory with Dockerfile only ● Automated builds on git push, or on command ● Automated linking and building of linked containers
  • 9. Honeypots ● Emulation of operating systems, services, and applications. ● High Interaction – Full OS or applications, must be reverted to a snapshot or reinstalled after an attack. ● Low Interaction – Emulated OS or application, most spawn separate process for attacker, save results and cleanup after session, like most daemons. ● All interactions are suspicious activity
  • 10. Honeynet Project ● Nepenthes – Low int, many applications and services ● Dionaea – Low int, successor to Nepenthes ● Glastopf – Web application honeypot ● Kippo – SSH emulation and capture ● Thug – Client web browser ● Conpot – ICSSCADA emulation ● Honeybrid – Intelligent firewall, filtering and classification ● Bifrozt – SSH proxy and information collector
  • 16. Putting It All Together (Nagios XI)
  • 17. Putting It All Together (Nagios Log Monitor)
  • 18. Putting It All Together (Nagios Network Analyzer)
  • 19. Nagios XI ● Monitors Docker containers and applications on host ● Event handlers restart, save and restart, or killl containers. ● Event handlers to disconnect and log abusive connections. ● Active view of all parts working in the system ● Notification management
  • 20. Nagios Network Analyzer ● Collect flow data from: – Host external interface – Honeybrid internal interface ● Trigger abusive and oversized disconnections with filters
  • 21. Nagios Log Server ● Collect and store all logs. ● Advanced parsing and filtering. ● Deep correlation between systems and events. ● Distributed storage and computation.
  • 22. Glastopf ● Web application specific honeypot ● Hosts only ports: – 80 – 443 ● Full PHP emulated virtual environment ● Emulated sql backend
  • 25. Dionaea ● General purpose honeypot ● Expandable through plugins and modules ● Full shellcode emulation ● By default hosts applications on: – 21(ftp), 69(tftp), 135(emap), 445(smb), 1443(mssql), 3306(mysql), 5060-5061(sip), 63001-64000(ftp)
  • 28. Kippo ● SSH specific honeypot ● Full virtual shell emulation ● Daemon attack emulation ● Only port 22/2222
  • 31. Conpot ● Industrial Control Systems(ICS) Supervisory Control and Data Acquisition (SCADA) ● Defaults to building device control system ● Full Shellcode emulation ● Several services available by default – 80(http), 161(snmp), 503(modbus)
  • 32. Conclusion ● Docker's has some really cool uses! ● Honeynet has some amazing projects! ● Combining these with a little nagios magic, makes for really interesting security! ● https://github.com/sreinhardt/Honeynet ● https://docker.com/sreinhardt/Honeynet
  • 33. Questions? Spenser Reinhardt sreinhardt@nagios.com Github: sreinhardt Docker: sreinhardt Personal: Ask Me