- We were tasked by our fictional clients to harden their applications before their deployment on cloud.
- Employee 1337dev0Ps1N7ErN from the company was our point of contact during the audit.
This is an already hardened image. To mount and run it from scratch make sure to remove the applicability of control groups and capabilities and run it. Once the database server is mounted you can delete the images and containers and revert the changes to make sure the hardened application is up and running.
Set the path in the playbook to your source folder.
Delete the highlighted values.
Also, we commented USER MySQL line to set the user to root since, to mount the database initially requires root permissions.
Container-Security project requires ansible installed to run it.
$ sudo apt update
$ sudo apt install ansible
$ git clone https://github.com/nazeefkhan2372/Container-Security.git
The docker image and containers can be run by navigating to the playbook directory and running the following command:
$ ansible-playbook dbstack.yml --ask-vault-pass
When prompted the Vault password enter:
$ Password123!
You should now be able to browse to http://localhost:8080/ to view the web application!
DO NOT FORGET TO ADD THE CAPABILITIES ONCE THE DATABASE IS MOUNTED.
