How risky is it to expose Docker REST APIs?
Many of us might be surprised to know that we can also access docker engine through REST APIs.
In this post I will show you how easily you can expose these APIs and start interacting through your favourite POSTMAN or cURL tools. At the same time, you would also realise how risky it would be to leave them unsecured while giving public access to it.
Any hacker can easily grab the access and can perform search, add and delete operations on your images which can damage the reputation of the organisation as well as business loss.
I have used free pen test tool(https://apisec-inc.github.io/pentest/)to scan and find 18 vulnerabilities for the docker API.
How to expose Docker REST APIs?
Pre-Requisite:
∙ An Ubuntu installed on one of VM instances
∙ Docker installed
Once you have installed pre-requisite softwares, create a directory (docker.service.d) and a file(options.conf) as given below and add the content to options.conf file.
Create the directory to store the configuration file.
sudo mkdir -p /etc/systemd/system/docker.service.d
Create a new file to store the daemon options.
sudo nano /etc/systemd/system/docker.service.d/options.conf
I have used a nano editor but you are free to use any editor of your choice.
Now update options.conf file with the content given below.
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H unix:// -H tcp://0.0.0.0:2375
Now, reload the systemd daemon and restart the docker service:
Reload the systemd daemon.
sudo systemctl daemon-reload
Restart Docker.
sudo systemctl restart docker
Access the REST API Endpoint to confirm the configurations we have done are correct.
Eg:
GET https://localhost:2375/images/json
The above command would list out all the docker images. We can also try to delete images and can perform many more operations.
To get full list of endpoints, please refer to https://docs.docker.com/engine/api/
Please like and comment to share your thoughts.
Top comments (0)