├── .gitignore ├── Readme.md ├── binaries ├── bane └── iperf-2.0.5-macosx-i686.tgz ├── docker-images ├── io-perf │ ├── Dockerfile │ └── build.sh ├── iperf │ ├── Dockerfile │ └── build.sh ├── metasploit │ ├── Dockerfile │ └── start.sh ├── pg │ ├── Dockerfile │ ├── build.sh │ ├── connect.sh │ ├── create.sh │ └── start.sh ├── redis │ ├── Dockerfile │ ├── build.sh │ └── docker-entrypoint.sh ├── strace-ubuntu │ ├── Dockerfile │ └── build.sh └── strace │ ├── Dockerfile │ └── build.sh ├── images-required.sh └── tutorial ├── 1_Performance ├── 1_network │ ├── 1_iperf │ ├── 2_userland │ ├── 3_weave │ └── 4_custom-network ├── 2_io │ ├── 1_aufs │ ├── 2_overlayfs │ └── 3_tmpfs ├── 3_cpu │ └── 1_hashing └── 4_benchmarks │ ├── 1_redis │ └── 2_pg ├── 2_Security ├── 1_ElasticSearch │ ├── 1_start │ ├── 2_exploit │ ├── 3_elastic_shell.py │ ├── 3_metasploit │ ├── 4_readonly │ └── stop ├── 2_seccomp │ ├── 1_chmod │ ├── 1_chmod.json │ ├── 2_strace │ ├── 3_default │ ├── 4_unconfined │ ├── default.json │ └── shocker.c ├── 3_no-new-privileges │ ├── 0_hints │ ├── 1_Dockerfile │ ├── 1_testnnp │ ├── 1_testnnp.c │ ├── 2_Dockerfile │ ├── 2_setuid │ ├── 2_setuid.c │ ├── 2_suid.sh │ └── 3_ebpf_mapfd_doubleput_exploit │ │ ├── doubleput.c │ │ ├── hello.c │ │ └── suidhelper.c ├── 4_apparmor │ ├── 1_list-caps │ ├── 2_add-cap │ ├── 3_start-with-profile │ ├── 4_docker-nginx │ ├── 5_bane │ ├── 6_start │ ├── docker-default │ ├── docker-nginx │ ├── help │ └── nginx-apparmor.toml ├── 5_buildsecrets │ ├── 1_build-containers │ │ └── Dockerfile │ ├── 2_leaked-creds │ │ ├── Dockerfile │ │ ├── Makefile │ │ └── passwords.txt │ └── 3_onvault │ │ ├── 1_start-onvault │ │ ├── 2_build │ │ ├── 3_inspect │ │ └── Dockerfile-onvault └── 6_secrets-management │ ├── 1_env-leaking │ ├── 2_vault │ ├── 3_libsecret │ └── vault.hcl └── default_boot2docker_profile /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | **/*-cheat 3 | TODO 4 | -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/Readme.md -------------------------------------------------------------------------------- /binaries/bane: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/binaries/bane -------------------------------------------------------------------------------- /binaries/iperf-2.0.5-macosx-i686.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/binaries/iperf-2.0.5-macosx-i686.tgz -------------------------------------------------------------------------------- /docker-images/io-perf/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/io-perf/Dockerfile -------------------------------------------------------------------------------- /docker-images/io-perf/build.sh: -------------------------------------------------------------------------------- 1 | docker build -t benhall/ioperf-example . 2 | -------------------------------------------------------------------------------- /docker-images/iperf/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.3 2 | RUN apk --update add iperf 3 | 4 | EXPOSE 5001 5 | -------------------------------------------------------------------------------- /docker-images/iperf/build.sh: -------------------------------------------------------------------------------- 1 | docker build -t benhall/iperf . 2 | -------------------------------------------------------------------------------- /docker-images/metasploit/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/metasploit/Dockerfile -------------------------------------------------------------------------------- /docker-images/metasploit/start.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/metasploit/start.sh -------------------------------------------------------------------------------- /docker-images/pg/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM postgres:9.4.4 2 | ADD create.sh /docker-entrypoint-initdb.d/ 3 | -------------------------------------------------------------------------------- /docker-images/pg/build.sh: -------------------------------------------------------------------------------- 1 | docker build -t benhall/oscon2016-pg . 2 | -------------------------------------------------------------------------------- /docker-images/pg/connect.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/pg/connect.sh -------------------------------------------------------------------------------- /docker-images/pg/create.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/pg/create.sh -------------------------------------------------------------------------------- /docker-images/pg/start.sh: -------------------------------------------------------------------------------- 1 | docker run --name pg -e POSTGRES_PASSWORD=mysecretpassword -d benhall/oscon2016-pg 2 | -------------------------------------------------------------------------------- /docker-images/redis/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/redis/Dockerfile -------------------------------------------------------------------------------- /docker-images/redis/build.sh: -------------------------------------------------------------------------------- 1 | docker build -t benhall/redis:novol . 2 | -------------------------------------------------------------------------------- /docker-images/redis/docker-entrypoint.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/redis/docker-entrypoint.sh -------------------------------------------------------------------------------- /docker-images/strace-ubuntu/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/docker-images/strace-ubuntu/Dockerfile -------------------------------------------------------------------------------- /docker-images/strace-ubuntu/build.sh: -------------------------------------------------------------------------------- 1 | docker build -t benhall/strace-ubuntu . 2 | -------------------------------------------------------------------------------- /docker-images/strace/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.3 2 | RUN apk --update add strace 3 | -------------------------------------------------------------------------------- /docker-images/strace/build.sh: -------------------------------------------------------------------------------- 1 | docker build -t benhall/strace . 2 | -------------------------------------------------------------------------------- /images-required.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/images-required.sh -------------------------------------------------------------------------------- /tutorial/1_Performance/1_network/1_iperf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/1_network/1_iperf -------------------------------------------------------------------------------- /tutorial/1_Performance/1_network/2_userland: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/1_network/2_userland -------------------------------------------------------------------------------- /tutorial/1_Performance/1_network/3_weave: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/1_network/3_weave -------------------------------------------------------------------------------- /tutorial/1_Performance/1_network/4_custom-network: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/1_network/4_custom-network -------------------------------------------------------------------------------- /tutorial/1_Performance/2_io/1_aufs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/2_io/1_aufs -------------------------------------------------------------------------------- /tutorial/1_Performance/2_io/2_overlayfs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/2_io/2_overlayfs -------------------------------------------------------------------------------- /tutorial/1_Performance/2_io/3_tmpfs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/2_io/3_tmpfs -------------------------------------------------------------------------------- /tutorial/1_Performance/3_cpu/1_hashing: -------------------------------------------------------------------------------- 1 | # https://romanrm.net/dd-benchmark 2 | 3 | dd if=/dev/zero bs=1M count=256 | md5sum 4 | -------------------------------------------------------------------------------- /tutorial/1_Performance/4_benchmarks/1_redis: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/4_benchmarks/1_redis -------------------------------------------------------------------------------- /tutorial/1_Performance/4_benchmarks/2_pg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/1_Performance/4_benchmarks/2_pg -------------------------------------------------------------------------------- /tutorial/2_Security/1_ElasticSearch/1_start: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/1_ElasticSearch/1_start -------------------------------------------------------------------------------- /tutorial/2_Security/1_ElasticSearch/2_exploit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/1_ElasticSearch/2_exploit -------------------------------------------------------------------------------- /tutorial/2_Security/1_ElasticSearch/3_elastic_shell.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/1_ElasticSearch/3_elastic_shell.py -------------------------------------------------------------------------------- /tutorial/2_Security/1_ElasticSearch/3_metasploit: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/1_ElasticSearch/3_metasploit -------------------------------------------------------------------------------- /tutorial/2_Security/1_ElasticSearch/4_readonly: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/1_ElasticSearch/4_readonly -------------------------------------------------------------------------------- /tutorial/2_Security/1_ElasticSearch/stop: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/1_ElasticSearch/stop -------------------------------------------------------------------------------- /tutorial/2_Security/2_seccomp/1_chmod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/2_seccomp/1_chmod -------------------------------------------------------------------------------- /tutorial/2_Security/2_seccomp/1_chmod.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/2_seccomp/1_chmod.json -------------------------------------------------------------------------------- /tutorial/2_Security/2_seccomp/2_strace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/2_seccomp/2_strace -------------------------------------------------------------------------------- /tutorial/2_Security/2_seccomp/3_default: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/2_seccomp/3_default -------------------------------------------------------------------------------- /tutorial/2_Security/2_seccomp/4_unconfined: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/2_seccomp/4_unconfined -------------------------------------------------------------------------------- /tutorial/2_Security/2_seccomp/default.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/2_seccomp/default.json -------------------------------------------------------------------------------- /tutorial/2_Security/2_seccomp/shocker.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/2_seccomp/shocker.c -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/0_hints: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/0_hints -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/1_Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/1_Dockerfile -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/1_testnnp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/1_testnnp -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/1_testnnp.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/1_testnnp.c -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/2_Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/2_Dockerfile -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/2_setuid: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/2_setuid -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/2_setuid.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/2_setuid.c -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/2_suid.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/2_suid.sh -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/3_ebpf_mapfd_doubleput_exploit/doubleput.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/3_ebpf_mapfd_doubleput_exploit/doubleput.c -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/3_ebpf_mapfd_doubleput_exploit/hello.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/3_ebpf_mapfd_doubleput_exploit/hello.c -------------------------------------------------------------------------------- /tutorial/2_Security/3_no-new-privileges/3_ebpf_mapfd_doubleput_exploit/suidhelper.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/3_no-new-privileges/3_ebpf_mapfd_doubleput_exploit/suidhelper.c -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/1_list-caps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/1_list-caps -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/2_add-cap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/2_add-cap -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/3_start-with-profile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/3_start-with-profile -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/4_docker-nginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/4_docker-nginx -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/5_bane: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/5_bane -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/6_start: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/6_start -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/docker-default: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/docker-default -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/docker-nginx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/docker-nginx -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/help: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/help -------------------------------------------------------------------------------- /tutorial/2_Security/4_apparmor/nginx-apparmor.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/4_apparmor/nginx-apparmor.toml -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/1_build-containers/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/5_buildsecrets/1_build-containers/Dockerfile -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/2_leaked-creds/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/5_buildsecrets/2_leaked-creds/Dockerfile -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/2_leaked-creds/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/5_buildsecrets/2_leaked-creds/Makefile -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/2_leaked-creds/passwords.txt: -------------------------------------------------------------------------------- 1 | admin:password 2 | -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/3_onvault/1_start-onvault: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/5_buildsecrets/3_onvault/1_start-onvault -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/3_onvault/2_build: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/5_buildsecrets/3_onvault/2_build -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/3_onvault/3_inspect: -------------------------------------------------------------------------------- 1 | docker run -it onvault-test ls ~/.ssh 2 | -------------------------------------------------------------------------------- /tutorial/2_Security/5_buildsecrets/3_onvault/Dockerfile-onvault: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/5_buildsecrets/3_onvault/Dockerfile-onvault -------------------------------------------------------------------------------- /tutorial/2_Security/6_secrets-management/1_env-leaking: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/6_secrets-management/1_env-leaking -------------------------------------------------------------------------------- /tutorial/2_Security/6_secrets-management/2_vault: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/6_secrets-management/2_vault -------------------------------------------------------------------------------- /tutorial/2_Security/6_secrets-management/3_libsecret: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/6_secrets-management/3_libsecret -------------------------------------------------------------------------------- /tutorial/2_Security/6_secrets-management/vault.hcl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/2_Security/6_secrets-management/vault.hcl -------------------------------------------------------------------------------- /tutorial/default_boot2docker_profile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/katacoda/oscon2016-docker-perf-sec/HEAD/tutorial/default_boot2docker_profile --------------------------------------------------------------------------------