docker Timeline - FediScanner

10.09.2025 09:37
labrafa (@labrafa@mastodon.world)

Tengo publicado en YouTube un tutorial que explica como instalar la base de datos H2 en #Docker.
H2 es una base de datos ligera y fácil de usar.

https://youtu.be/JDEEVXi4U04

#Tutorial #Gratis #SiguemeYTeSigo #Followback

Nota: imagen generada con IA generativa.

Show Original Post

Report

10.09.2025 08:55
reynardsec (@reynardsec@infosec.exchange)

devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is...
devops1: Sounds like some another security BS. What's "rootless" supposed to do?

ItSec: Relax. Rootless mode runs the Docker daemon and containers as a regular, unprivileged user [1]. It uses a user namespace, so both the daemon and your containers live in "user space", not as root. That shrinks the blast radius if the daemon or a app in container is compromised, because a breakout wouldn't hand out root on the host.

devops1: Fine. If it's "not hard" to implement, we can consider this.

ItSec: Deal.

Note: this mode does have some limitations. You can review them in docs [2].

First, let's check which user the Docker daemon is currently running as.

ps -C dockerd -o pid,user,group,cmd --no-headers

You should see something like:

9250 root     root     /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Here's a clean, minimal path that matches the current docs. First, stop the rootful daemon.

sudo systemctl disable --now docker.service docker.socket

Then install the uid/gid mapping tools. On Ubuntu it's uidmap.

sudo apt update && sudo apt install -y uidmap

Docker provides a setup tool. If you installed official DEB/RPM packages, it's already in /usr/bin. Run it as your normal user.

dockerd-rootless-setuptool.sh install

If that command doesn't exist, install the extras package or use the official rootless script.

sudo apt-get install -y docker-ce-rootless-extras
# or, without package manager access:
curl -fsSL https://get.docker.com/rootless | sh

The tool creates a per-user systemd service, a "rootless" CLI context, and prints environment hints. You usually want your client to talk to the user-scoped socket permanently, so export DOCKER_HOST and persist it in your shell profile.

export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
echo 'export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock' >> ~/.bashrc

Enable auto-start for your user session and let services run even after logout ("linger").

systemctl --user enable docker
sudo loginctl enable-linger $(whoami)

Point the CLI at the new context and sanity-check.

docker context use rootless

Once more, check which privileges the Docker daemon is running with:

ps -C dockerd -o pid,user,group,cmd --no-headers

Now you will see something like:

10728 ubuntu   ubuntu   dockerd

[1] https://docs.docker.com/engine/security/rootless/
[2] https://docs.docker.com/engine/security/rootless/troubleshoot/

For more grumpy stories visit:
1) https://infosec.exchange/@reynardsec/115093791930794699
2) https://infosec.exchange/@reynardsec/115048607028444198
3) https://infosec.exchange/@reynardsec/115014440095793678
4) https://infosec.exchange/@reynardsec/114912792051851956
5) https://infosec.exchange/@reynardsec/115133293060285123

#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity #infosec #cloud #hacking #sysadmin #sysops

Show Original Post

Report

10.09.2025 08:04
inw (@inw@mastodon.social)

When using the official #postgres #docker image, did you anyone having a shell in the container can log in your database without a password?

All access is set to 'trust' in 'pg_hba.conf'. This can be changed and set to another value to enforce authentication from inside the docker container as well.

Somone already wrote an article about hardening the setup: https://pankajconnect.medium.com/container-security-tips-for-securing-postgresql-instances-in-docker-9de5d2a932fb

#security

Show Original Post

Report

10.09.2025 06:47
nicolafioretti (@nicolafioretti@mastodon.uno)

Scoperta una nuova minaccia: gli hacker sfruttano le #API #Docker esposte per nascondere la loro identità dietro #Tor. 🕵️‍♂️ Questo non è più solo un attacco di #cryptomining, ma una minaccia multi-fase che crea #backdoor persistenti e prepara le macchine per una #botnet. Proteggete i vostri #container! #cybersecurity #infosec

https://www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/

@linux @sicurezza

Show Original Post

Report

10.09.2025 05:31
techbot (@techbot@social.raytec.co)

Malware Exploits Exposed Docker APIs to Secure Persistent SSH Root Access

Pulse ID: 68c0ef70a37ab2ae24ae8a31
Pulse Link: https://otx.alienvault.com/pulse/68c0ef70a37ab2ae24ae8a31
Pulse Author: cryptocti
Created: 2025-09-10 03:24:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Docker #InfoSec #Malware #OTX #OpenThreatExchange #SSH #bot #cryptocti

Show Original Post

Report

10.09.2025 03:14
bayo (@bayo@me.dm)

Ready to build your own fleet platform?

Like/Repost if you're following along! 🔁

#Docker #Kafka #MLOps #OpenSource #FleetTech

Show Original Post

Report

10.09.2025 02:31
ngate (@ngate@mastodon.social)

🚀🔥 Oh joy, another tool claiming to simplify #Docker with a sprinkle of #microVM magic! Bottlefire: for those who think turning container images into cumbersome, zero-dependency Linux executables is the pinnacle of #innovation. 🐢⚙️ Because nothing screams 'progress' like shuffling dependencies into convoluted bash scripts.
https://bottlefire.dev/ #Simplification #ContainerTools #BashScripts #HackerNews #ngated