神刀安全网

容器漏洞的静态分析 – 介绍CoreOS 的最新出版的 第一个稳定版Clair

最近coreos 发布了第一个稳定版的 Clair。 Clair 是用于静态分析容器漏洞的。

项目地址: https://github.com/coreos/clair

安装说明: https://github.com/coreos/clai … ME.md

api使用说明: https://github.com/coreos/clai … ME.md

说明里有些不到位的地方,我自己整理了一下:

Clair的安装:

Clair 仓库里的文档不是很全,我用下面的命令在docker 安装的

$ docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d postgres
$ mkdir $HOME/clair_config
$ curl -L https://raw.githubusercontent.com/coreos/clair/master/config.example.yaml -o $HOME/clair_config/config.yaml
$ $EDITOR $HOME/clair_config/config.yaml # Add the URI for your postgres database

这行: source: postgresql://postgres:mysecretpassword@postgres:5432?sslmode=disable

$ docker run -d --link some-postgres:postgres -p 6060-6061:6060-6061 -v $HOME/clair_config:/config quay.io/coreos/clair -config=/config/config.yaml

需要运行一段时间,namespaces会自动增加的。

$ http GET http://192.168.99.100:6060/v1/namespaces
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Length: 139
Content-Type: application/json;charset=utf-8
Date: Wed, 23 Mar 2016 13:40:29 GMT
Server: clair

{
"Namespaces": [
{
"Name": "debian:9"
},
{
"Name": "debian:7"
},
{
"Name": "debian:unstable"
},
{
"Name": "debian:8"
},
{
"Name": "debian:6"
},
{
"Name": "ubuntu:15.04"
},
{
"Name": "ubuntu:14.04"
},
{
"Name": "ubuntu:14.10"
},
{
"Name": "ubuntu:12.04"
},
{
"Name": "ubuntu:15.10"
},
{
"Name": "ubuntu:12.10"
},
{
"Name": "ubuntu:13.04"
},
{
"Name": "centos:6"
},
{
"Name": "centos:7"
},
{
"Name": "alpine:3.3.1"
}
]

}

找出docker 的地址:

安装后,会有个6060端口和6061 端口开放,如果你是在Mac OSX 里运行的话,需要找到docker-machine 的IP 地址:

$ docker-machine ip default
192.168.99.100

安装httpie

另外建议下载httpie 来方便的运行 API 命令, 安装指南在这里: https://github.com/jkbrzt/httpie

安装 analyze-local-images 工具

$ export GOPATH=~/go
$ go get -u github.com/coreos/clair/contrib/analyze-local-images

查验镜像漏洞

$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
alpine 3.3 sha256:90239 4 weeks ago 4.794 MB
python 2.7-alpine sha256:dd22f 4 days ago 72.59 MB

$ ~/go/bin/analyze-local-images -endpoint "http://192.168.99.100:6060" -my-address "192.168.99.1" sha256:bdeba

2016-03-24 00:51:46.402394 I | Saving sha256:dd22f to local disk (this may take some time)
2016-03-24 00:51:50.790207 I | Retrieving image history
2016-03-24 00:51:50.790498 I | Setting up HTTP server (allowing: 192.168.99.100)
2016-03-24 00:51:50.993039 I | Analyzing 7 layers...
2016-03-24 00:51:50.993078 I | Analyzing 061232993debe19e048a5d9c774c5d338548ecfbb0239ee4163126dae0140dd6
2016-03-24 00:51:50.996947 I | Analyzing 1c65a9822da53a4a95961435f56ef33f4477ca1565eb9c1d58a5070016859282
2016-03-24 00:51:51.000084 I | Analyzing 4390cef4f59e1f151361d40db43d4960f23625eca66ebb774bfa37893cf680ae
2016-03-24 00:51:51.002810 I | Analyzing bb00ffee73d2d2be09d5b5aef31741e5dc126d8df016b74e0fe00db64dd9b84b
2016-03-24 00:51:51.023537 I | Analyzing fbafe5adf71025904c4b57092474acd0fb4f23e3f3ad47e2b096ae3098655974
2016-03-24 00:51:51.038989 I | Analyzing 0a58753f8a1d1e69295cf09a7903683c4ef938443cc54eef97ae12c5b430e929
2016-03-24 00:51:51.042544 I | Analyzing cf539c4370716f1d668d8c6dd3e0a511b0bf59ce70eb6fe8970e57c1b6a7b8ee
2016-03-24 00:51:51.047216 I | Retrieving image's vulnerabilities
Clair report for image sha256:dd22f (2016-03-23 13:51:51.075386919 +0000 UTC)
NOTE: No features have been detected in the image. This usually means that the image isn't supported by Clair.

endpoint 就是docker 的IP, my-address 就是你和clair容器通讯时的IP。sha256:dd22f 是镜像的 ID

最后,我运行了几个镜像,一直是说没有监测到问题。大家有建议的话,请回复。

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 容器漏洞的静态分析 – 介绍CoreOS 的最新出版的 第一个稳定版Clair

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮