From 5702896f77df60689e86a148101bf55a5c6a7650 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 10:06:18 +0300 Subject: [PATCH 01/13] events --- .github/workflows/docker-forensics-bash-workflow.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index 4c56f0c..86ad81c 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -27,7 +27,13 @@ jobs: #run on the background docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta & docker image ls - docker container ls + docker container ls + docker history ubuntu/apache2:2.4-21.10_beta + docker events --filter 'ubuntu/apache2:2.4-21.10_beta' + docker events --since '2021-01-12' + docker top apache2-container # processes of container + docker port apache2-container # show all mapped ports of container + docker logs apache2-container # apt list --installed | grep netstat # sudo netstat -plan | grep ":8080" # netstat -plan From a030955573b7de8b69e28cf1fa48c5b188a8f844 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 10:09:40 +0300 Subject: [PATCH 02/13] port --- .github/workflows/docker-forensics-bash-workflow.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index 86ad81c..301722a 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -28,9 +28,9 @@ jobs: docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta & docker image ls docker container ls - docker history ubuntu/apache2:2.4-21.10_beta - docker events --filter 'ubuntu/apache2:2.4-21.10_beta' - docker events --since '2021-01-12' + # docker history ubuntu/apache2:2.4-21.10_beta + # docker events --filter 'ubuntu/apache2:2.4-21.10_beta' + # docker events --since '2021-01-12' docker top apache2-container # processes of container docker port apache2-container # show all mapped ports of container docker logs apache2-container From d9b779b38eb4bfb09b4afb667dc9af0006cef317 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 10:16:23 +0300 Subject: [PATCH 03/13] abbreviate --- .github/workflows/docker-forensics-bash-workflow.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index 301722a..a6b7357 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -31,9 +31,9 @@ jobs: # docker history ubuntu/apache2:2.4-21.10_beta # docker events --filter 'ubuntu/apache2:2.4-21.10_beta' # docker events --since '2021-01-12' - docker top apache2-container # processes of container - docker port apache2-container # show all mapped ports of container - docker logs apache2-container + # docker top apache2-container # processes of container + # docker port apache2-container # show all mapped ports of container + # docker logs apache2-container # apt list --installed | grep netstat # sudo netstat -plan | grep ":8080" # netstat -plan From c82be51c42552cd3afb8bbcc2d65a6116b16a11b Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 10:19:55 +0300 Subject: [PATCH 04/13] abruptly --- .github/workflows/docker-forensics-bash-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index a6b7357..70fde24 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -26,7 +26,7 @@ jobs: run: | #run on the background docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta & - docker image ls + # docker image ls docker container ls # docker history ubuntu/apache2:2.4-21.10_beta # docker events --filter 'ubuntu/apache2:2.4-21.10_beta' From 1f06c48c54f9b73c77ea6cada37c8379b1815415 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 10:23:44 +0300 Subject: [PATCH 05/13] absolute --- .github/workflows/docker-forensics-bash-workflow.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index 70fde24..64b17ac 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -27,7 +27,10 @@ jobs: #run on the background docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta & # docker image ls + echo "###############################" docker container ls + docker ps -a + echo "###############################" # docker history ubuntu/apache2:2.4-21.10_beta # docker events --filter 'ubuntu/apache2:2.4-21.10_beta' # docker events --since '2021-01-12' From 4521a21e150bf73735a12f6a024a35a6bf54ef2c Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 10:26:53 +0300 Subject: [PATCH 06/13] absorb --- .github/workflows/docker-forensics-bash-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index 64b17ac..b711eaa 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -25,7 +25,7 @@ jobs: - name: "apache2 image" run: | #run on the background - docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta & + docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta # docker image ls echo "###############################" docker container ls From 599e1a1b8a304e6215196130a4b3b4181cbc74f5 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 10:37:07 +0300 Subject: [PATCH 07/13] abundant --- .../docker-forensics-bash-workflow.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index b711eaa..b07bed2 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -26,17 +26,14 @@ jobs: run: | #run on the background docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta - # docker image ls - echo "###############################" + docker image ls docker container ls - docker ps -a - echo "###############################" - # docker history ubuntu/apache2:2.4-21.10_beta - # docker events --filter 'ubuntu/apache2:2.4-21.10_beta' - # docker events --since '2021-01-12' - # docker top apache2-container # processes of container - # docker port apache2-container # show all mapped ports of container - # docker logs apache2-container + docker history ubuntu/apache2:2.4-21.10_beta + docker events --filter 'ubuntu/apache2:2.4-21.10_beta' + docker events --since '2021-01-12' + docker top apache2-container # processes of container + docker port apache2-container # show all mapped ports of container + docker logs apache2-container # apt list --installed | grep netstat # sudo netstat -plan | grep ":8080" # netstat -plan From 769d8386bdd7fa28861c4f0f8c01b1ad5c53a73c Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 14:40:41 +0300 Subject: [PATCH 08/13] accompany --- .github/workflows/docker-forensics-bash-workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index b07bed2..ce9a959 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -29,7 +29,7 @@ jobs: docker image ls docker container ls docker history ubuntu/apache2:2.4-21.10_beta - docker events --filter 'ubuntu/apache2:2.4-21.10_beta' + docker events --filter 'image=ubuntu/apache2:2.4-21.10_beta' docker events --since '2021-01-12' docker top apache2-container # processes of container docker port apache2-container # show all mapped ports of container From 94645cc3387766ff6a5ce661d8c0d69121c117ab Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 14:56:00 +0300 Subject: [PATCH 09/13] acknowledgement --- .github/workflows/docker-forensics-bash-workflow.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index ce9a959..baed5f2 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -30,10 +30,10 @@ jobs: docker container ls docker history ubuntu/apache2:2.4-21.10_beta docker events --filter 'image=ubuntu/apache2:2.4-21.10_beta' - docker events --since '2021-01-12' - docker top apache2-container # processes of container - docker port apache2-container # show all mapped ports of container - docker logs apache2-container + # docker events --since '2021-01-12' + # # docker top apache2-container # processes of container + # docker port apache2-container # show all mapped ports of container + # docker logs apache2-container # apt list --installed | grep netstat # sudo netstat -plan | grep ":8080" # netstat -plan From 70f2c3d8709b775170c55b9e0b51cbd8a5fa8fa0 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 15:50:24 +0300 Subject: [PATCH 10/13] adequate --- .github/workflows/docker-forensics-bash-workflow.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index baed5f2..cbe2cdd 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -22,6 +22,14 @@ jobs: cat /etc/issue cat /etc/os-release sudo apt-get install -y neofetch && neofetch + sudo apt-get install -y neofetch && neofetch + - name: "image history" + run: | + #run on the background + docker run -d --name test alpine:latest ls + docker container ls + docker ps -a + docker history alpine:latest - name: "apache2 image" run: | #run on the background From 1543f5999d431a04b7b00f3a981c165dc5f98716 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 1 Dec 2021 16:15:42 +0300 Subject: [PATCH 11/13] events --- .../docker-forensics-bash-workflow.yml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-forensics-bash-workflow.yml b/.github/workflows/docker-forensics-bash-workflow.yml index cbe2cdd..da9016a 100644 --- a/.github/workflows/docker-forensics-bash-workflow.yml +++ b/.github/workflows/docker-forensics-bash-workflow.yml @@ -23,21 +23,33 @@ jobs: cat /etc/os-release sudo apt-get install -y neofetch && neofetch sudo apt-get install -y neofetch && neofetch - - name: "image history" + - name: "docker image history" run: | #run on the background docker run -d --name test alpine:latest ls docker container ls docker ps -a docker history alpine:latest + - name: "docker events" + run: | + #run on the background + docker events --filter 'image=alpine' > alpine_events.txt & + docker run -d --name test1 alpine:latest ls + docker image ls + docker container ls + docker ps -a + docker container stop test1 + cat alpine_events.txt + sudo docker container start test1 + cat alpine_events.txt - name: "apache2 image" run: | #run on the background docker run -d --name apache2-container -e TZ=UTC -p 8080:80 ubuntu/apache2:2.4-21.10_beta docker image ls docker container ls - docker history ubuntu/apache2:2.4-21.10_beta - docker events --filter 'image=ubuntu/apache2:2.4-21.10_beta' + # docker history ubuntu/apache2:2.4-21.10_beta + # docker events --filter 'image=ubuntu/apache2:2.4-21.10_beta' # docker events --since '2021-01-12' # # docker top apache2-container # processes of container # docker port apache2-container # show all mapped ports of container From 8509ee89275e220035bd3c12faceaa64fc23052c Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 31 Jan 2022 16:14:51 +0300 Subject: [PATCH 12/13] brew --- .github/workflows/dockerslim-wf.yml | 63 +++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/workflows/dockerslim-wf.yml diff --git a/.github/workflows/dockerslim-wf.yml b/.github/workflows/dockerslim-wf.yml new file mode 100644 index 0000000..f50b734 --- /dev/null +++ b/.github/workflows/dockerslim-wf.yml @@ -0,0 +1,63 @@ +name: "dockerslim CI workflow" + + +on: + push: + branches: [ test ] + + +jobs: + + + ubuntu-latest-dockerslim-job: + name: "dockerslim ubuntu latest" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinting" + run: | + hostnamectl status + lsb_release -a + lsb_release -d + cat /etc/lsb-release + cat /etc/issue + cat /etc/os-release + sudo apt-get install -y neofetch && neofetch + - name: "dockerslim" + run: | + #https://github.com/docker-slim/docker-slim + curl -L -o ds.tar.gz https://downloads.dockerslim.com/releases/1.37.3/dist_linux.tar.gz + tar -xvf ds.tar.gz + mv dist_linux/docker-slim /usr/local/bin/ + mv dist_linux/docker-slim-sensor /usr/local/bin/ + - name: "dockerslim Scripted Install" + run: | + #https://github.com/docker-slim/docker-slim + curl -sL https://raw.githubusercontent.com/docker-slim/docker-slim/master/scripts/install-dockerslim.sh | sudo -E bash - + - name: "dockerslim docker" + run: | + #https://github.com/docker-slim/docker-slim + docker pull dslim/docker-slim + + + macos-latest-dockerslim-job: + name: "dockerslim macos latest" + runs-on: macos-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinting" + - name: "dockerslim" + run: | + #https://github.com/docker-slim/docker-slim + curl -L -o ds.zip https://downloads.dockerslim.com/releases/1.37.3/dist_mac.zip + unzip ds.zip + mv dist_mac/docker-slim /usr/local/bin/ + mv dist_mac/docker-slim-sensor /usr/local/bin/ + - name: "dockerslim Scripted Install" + run: | + #https://github.com/docker-slim/docker-slim + curl -sL https://raw.githubusercontent.com/docker-slim/docker-slim/master/scripts/install-dockerslim.sh | sudo -E bash - + - name: "dockerslim brew" + run: | + #https://github.com/docker-slim/docker-slim + brew install docker-slim \ No newline at end of file From d3d2e122273952bae47bbe5177757a97134af366 Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 31 Jan 2022 16:15:37 +0300 Subject: [PATCH 13/13] run --- .github/workflows/dockerslim-wf.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/dockerslim-wf.yml b/.github/workflows/dockerslim-wf.yml index f50b734..2f96c07 100644 --- a/.github/workflows/dockerslim-wf.yml +++ b/.github/workflows/dockerslim-wf.yml @@ -45,7 +45,6 @@ jobs: runs-on: macos-latest steps: - uses: actions/checkout@v2 - - name: "os fingerprinting" - name: "dockerslim" run: | #https://github.com/docker-slim/docker-slim