Ndakhala ndikugwira ntchito mu IT kwa zaka zopitilira 20, koma mwanjira ina sindinapezeko zotengera. Mwachidziwitso, ndimamvetsetsa momwe adapangidwira komanso momwe amagwirira ntchito. Koma popeza ndinali ndisanakumanepo nawo muzochita, sindinkadziwa kuti magiya omwe anali pansi pa hood yawo adatembenukira bwanji ndikutembenukira.
Komanso, sindinkadziwa kuti chitetezo chawo chinali bwanji. Koma kachiwiri, chiphunzitsocho chimamveka bwino, ndipo nyimbo yakale "pamene chitetezo chikuwonjezeka, kugwiritsidwa ntchito kumachepa" kunakhazikika m'mutu mwanga. Chifukwa chake ndimaganiza kuti popeza zonse ndizosavuta kuchita ndi zotengera, ndiye kuti chitetezo chili pansipa. Monga momwe zinakhalira, ndinali wolondola.
Kuti ndiyambe mwamsanga, ndinalembetsa maphunziro 2020 mutu wakuti "".
Maphunzirowa, ophunzitsidwa ndi Sheila A. Berta ndi Sol Ozzan, adayamba nthawi yomweyo kufotokoza momwe makontena a Docker amagwirira ntchito komanso ulendo womwe amayenda akatumizidwa ku Kubernetes. Ili linali kalasi lamanja - ophunzira amayenera kukhazikitsa Docker ndi microk8s pamakina awo pamaso pa kalasi - njira yabwino yowonera momwe zida zimagwirira ntchito, kupeza zofooka ndipo, koposa zonse, kuyesa kuziletsa.
Tsoka ilo, ngakhale kuti maphunzirowo adalonjeza kukhala "kalonga" patatha masiku awiri, ndinamva kuti zonse zinali zikuyamba, ndipo ndinali ndi zambiri zoti ndiphunzire.
Ndisanadumphire m'malingaliro anga apamwamba, ndikofunika kufotokoza chomwe chidebe chiri. M'dziko lachitukuko, zimawonedwa ngati zachilendo kuti code yolembedwa pamakina anu azigwira bwino ntchito, koma mukayesa kuyiyendetsa pa seva penapake, sizigwira ntchito. Zotengera zimayesa kuthana ndi vutoli popereka makina okhazikika omwe mungathe kusuntha mosavuta kuchokera ku seva imodzi kupita ku ina, podziwa kuti azigwira ntchito nthawi zonse. Monga momwe dzinalo likusonyezera, ali ndi code, malaibulale, ndi mapulogalamu ena ofunikira kuti ntchitoyi ithe. Kubernetes, kumbali ina, ndi . M'malo mwake, itha kugwiritsidwa ntchito kuyang'anira mazana kapena masauzande amitundu yosiyanasiyana.
Pansipa pali zina zomwe ndapeza kuchokera kumagulu ofiira ndi abuluu.
Red Team
Zambiri zamakina zimayenda ngati mizu: Izi zikutanthauza kuti ngati chidebecho chasokonezedwa, mudzakhala ndi mwayi wofikira ku chidebecho. Izi zimapangitsa masitepe otsatirawa kukhala osavuta.
Kuyika docker.sock mkati mwa chidebe ndikoopsa: Ngati muli ndi mizu mkati mwa chidebe ndikuyikanso Docker mkati mwa chidebe chomwe chili ndi socket ya Docker (/var/run/docker.sock), muli ndi mwayi wofufuza gulu lonse, kuphatikizapo mwayi wopita ku chidebe china chilichonse. Kupeza koteroko sikungalepheretsedwe ndi intaneti yokhayokha kapena njira zina.
Zosintha zachilengedwe nthawi zambiri zimakhala ndi data yachinsinsi: Nthawi zambiri, anthu amatumiza mawu achinsinsi ku chidebe pogwiritsa ntchito zosintha zanthawi zonse. Chifukwa chake ngati muli ndi mwayi wogwiritsa ntchito akauntiyo, mutha kuzonda zosintha zachilengedwezi kuti muwonjezere mphamvu zanu.
Docker API imatha kupereka zambiri: Docker API, ikakonzedwa mwachisawawa, imayenda popanda chilolezo ndipo imatha kutulutsa zidziwitso zambiri. Pogwiritsa ntchito Shodan, mutha kupeza mosavuta mndandanda wamadoko otseguka, kenako dziwani zambiri za gululo - ndikupitiliza kugwidwa kwathunthu. TrendMicro adalemba za izi .
Team Blue
Osayendetsa zomwe zili m'chidebe ngati mizu: Ngakhale ndikosavuta kuthamanga ngati mizu, simuyenera kutero. M'malo mwake, yendetsani mapulogalamu ndi zilolezo zokonzanso powonetsa uid, pogwiritsa ntchito --user option pamene mukuchokera ku CLI, kapena ponena za USER mu Dockerfile.
Musalole kuti mapulogalamu ayikidwe muzotengera: Pafupifupi kuukira kulikonse kumayamba ndi kubzala china chake. Kuchokera ku nmap kupita ku ifconfig kupita ku Docker yokha (mkati mwa chidebe), kukhazikitsa chilichonse mumtsuko kwakhala kofala. Pachifukwa chomwechi, nthawi zonse muyenera kuletsa madoko onse osagwiritsidwa ntchito. Izi zimathandizanso kuletsa malamulo owongolera kuti asapatsidwe makina anu akadwala. Kuphatikiza pa kuletsa kuyika kwa mapulogalamu, ndikofunikira kuwonetsetsa kuti kuchuluka kwa mapulogalamu omwe amafunikira kuti amalize ntchitoyi ayikidwa mu chidebe chomwe.
Tetezani docker.sock: Iyenera kutetezedwa chifukwa kulumikizana pakati pa chidebe ndi masango kumakonzedwa kudzera mu socket iyi. Popeza sindikufuna kulowa mwatsatanetsatane m'nkhaniyi, werengani , zomwe zingachitike, komanso momwe mungaletsere zonsezi.
Gwiritsani ntchito zinsinsi za Docker m'malo mosintha chilengedwe: Pali zinsinsi . Ngakhale izi sizotetezedwa, ndizabwinoko kusiyana ndi zosintha zapamalo popereka zinsinsi ku chidebe.
Ngati nkhaniyi yakopa chidwi chanu muzotengera, mutha kukhazikitsa Docker kapena microk8s mosavuta (kagulu kakang'ono ka Kubernetes). pali malangizo oyika Docker ya Linux ndi MacOS, ndi - malangizo oyika ma microk8s a Windows, Linux ndi MacOS.
Pambuyo kukhazikitsa mukhoza kupita kuchokera ku Docker, njira yofananira ndi microk8s.
Ngati mukufuna kapena mukufuna kuchita maphunziro athunthu pa Docker, momwe oyankhula ogwira ntchito amawunika zida zake zonse: kuyambira pazoyambira mpaka pamaneti, ma nuances ogwirira ntchito ndi machitidwe osiyanasiyana ndi zilankhulo zamapulogalamu, ndiye yesani "" Mudzadziwa ukadaulo ndikumvetsetsa komwe mungagwiritse ntchito Docker komanso momwe mungagwiritsire ntchito bwino. Ndipo panthawi imodzimodziyo, pezani zochitika zabwino kwambiri - ndibwino kuti muphunzire mosamala komanso mothandizidwa ndi akatswiri kuchokera ku nkhani za ma rakes kusiyana ndi zomwe zili ndi ma reki omwe ali ndi zogwirira.
Source: www.habr.com