FreeBuf|Terrier:一款功能强大的镜像&容器安全分析工具( 二 )
场景3Terrier可以用来在运行时对容器组件进行验证 , 并分析其中内容 。mode: containerverbose:true# veryverbose:true# image: latestgo13.tarpath: mergedfiles:- name:'/usr/local/bin/analysis.sh'hashes:- hash:'9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105'- name:'/usr/local/go/bin/go'hashes:- hash:'23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495'- name:'/usr/local/bin/staticcheck'hashes:- hash:'73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2'- name:'/usr/local/bin/gosec'hashes:- hash:'e7cb8304e032ccde8e342a7f85ba0ba5cb0b8383a09a77ca282793ad7e9f8c1f'- name:'/usr/local/bin/errcheck'hashes:- hash:'41f725d7a872cad4ce1f403938937822572e0a38a51e8a1b29707f5884a2f0d7'- name:'/var/lib/dpkg/info/apt.postrm'hashes:- hash:'6a8f9af3abcfb8c6e35887d11d41a83782***f5766d42bd1e32a38781cba0b1c'工具使用样例1Terrier提供了一个命令行接口 , 并使用了YAML 。 样本YAML配置如下: mode: image# verbose:true# veryverbose: trueimage: alpinetest.tarfiles:- name:'/usr/local/go/bin/go'hashes:- hash:'8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'- hash:'22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aaa'- hash:'60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aaa'- hash:'8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'- name:'/usr/bin/delpart'hashes:- hash:'9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96aaa'- name:'/usr/bin/stdbuf'hashes:- hash:- hash:'22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aa'- hash:'60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aa'在下面的样例中 , 我们通过上述YAML来让Terrier验证多个文件是否存在: $./terrier [+] Loading config: cfg.yml[+] Analysing Image[+] Docker Image Source: alpinetest.tar[*] Inspecting Layer:05c3c2c60920f68***6d3c66e0f6148b81a8b0831388c2d61be5ef02190bcd1f[*] Inspecting Layer:09c25a178d8a6f8b984f3e72ca5ec966215b24a700ed135dc062ad925aa5eb23[*] Inspecting Layer:36351e8e1da92268d40245cfbcd499a1173eeacc23be428386c8fc0a16f0b10a[*] Inspecting Layer:7224ca1e886eeb7e63a9e978b1a811ed52f4a53ccb65f7c510fa04a0d1103fdf[*] Inspecting Layer:7a2e464d80c7a1d89dab4321145491fb94865099c59975cfc840c2b8e7065014[*] Inspecting Layer:88a583fe02f250344f89242f88309c666671042b032411630de870a111bea971[*] Inspecting Layer:8db14b6fdd2cf8b4c122824531a4d85e07f1fecd6f7f43eab7f2d0a90d8c4bf2[*] Inspecting Layer:9196e3376d1ed69a647e728a444662c10ed21feed4ef7aaca0d10f452240a09a[*] Inspecting Layer:92db9b9e59a64cdf486203189d02acff79c3360788b62214a49d2263874ee811[*] Inspecting Layer: bc4bb4a45da628724c9f93400a9149b2dd8a5d437272cb4e572cfaec64512d98[*] Inspecting Layer: be7d600e4e8ed3000e342ef6482211350069d935a14aeff4d9fc3289e1426ed3[*] Inspecting Layer: c4cec85dfa44f0a8856064922cff1c39b872***6dd002e33664d11a80f75a149[*] Inspecting Layer: c998d6f023b7b9e3c186af19bcd1c2574f0d01b943077281ac5bd32e02dc57a5[!] All components were identified and verified: (493/493)样例2验证镜像中是否存在任意文件 , 需提供目标文件的SHA256哈希:
推荐阅读
![[刀口谈兵]美国此举引猜测,急令全球美国人立即返回](https://imgcdn.toutiaoyule.com/20200405/20200405190242218652a_t.jpeg)
- 苹果手机|从8316来到2449,苹果第一款刘海屏旗舰彻底沦陷,256G真香!
- 大哥大短讯|手机界让人惊艳的四大品牌,两款如日中天,其中一款无人听说
- NASA|NASA第一款登月漫游车曝光!或与日本丰田汽车联合开发制造
- |400元以下儿童早教机,第一款早教机的口碑达到99%
- 荣耀手机,5G|为讨好消费者!一款全能中端机挺身而出,力挽狂澜全凭硬实力
- FreeBuf|“黑球”攻击仍在行动:从检测杀软到安装挖矿
- 华为手机|华为麦芒9又一款新机入网工信部,麦芒8在角落瑟瑟发抖
- 硬盘|硬盘盒也玩创意设计,Yottamaster硬盘盒,一款半透明的硬盘盒
- 古风徽韵|硬盘盒也玩创意设计,Yottamaster硬盘盒,一款半透明的硬盘盒
- FreeBuf|管中窥豹之工控设备解密