class ContainerSSHProcess
Public Instance Methods
check(dockercheck)
click to toggle source
# File lib/dockscan/modules/audit/container-sshd-process.rb, line 7 def check(dockercheck) sp=Dockscan::Scan::Plugin.new si=Dockscan::Scan::Issue.new si.title="Container have SSH server process" si.description="Docker daemon reports it is running SSH daemon inside container.\nThis is not recommended practice as it provides yet another attack surface for attackers and wastes computer resources." si.solution="It is recommended to remove SSH daemon/client from container. It is recommended to use docker exec command to execute commands inside container." si.severity=4 # Low si.risk = { "cvss" => 3.2 } sp.vuln=si sp.output="" if scandata.key?("GetContainersRunning") and not scandata["GetContainersRunning"].obj.empty? sp.state="run" scandata["GetContainersRunning"].obj.each do |container| ps=container.top ps.each do |process| if process["CMD"].include?("ssh") then sp.output << idcontainer(container) << " has SSH process running: " << process["CMD"] << "\n" sp.state="vulnerable" break end end end end return sp end
info()
click to toggle source
# File lib/dockscan/modules/audit/container-sshd-process.rb, line 3 def info return 'This plugin checks if SSH is running inside container' end