Linux Foundation Exam CKS Topic 1 Question 38 Discussion

Actual exam question for Linux Foundation's CKS exam

Question #: 38
Topic #: 1

[All CKS Questions]

Analyze and edit the given Dockerfile

FROM ubuntu:latest

RUN apt-get update -y

RUN apt-install nginx -y

COPY entrypoint.sh /

ENTRYPOINT ["/entrypoint.sh"]

USER ROOT

Fixing two instructions present in the file being prominent security best practice issues

Analyze and edit the deployment manifest file

apiVersion: v1

kind: Pod

metadata:

name: security-context-demo-2

spec:

securityContext:

runAsUser: 1000

containers:

- name: sec-ctx-demo-2

image: gcr.io/google-samples/node-hello:1.0

securityContext:

runAsUser: 0

privileged: True

allowPrivilegeEscalation: false

Fixing two fields present in the file being prominent security best practice issues

Don't add or remove configuration settings; only modify the existing configuration settings

Whenever you need an unprivileged user for any of the tasks, use user test-user with the user id 5487

AExplanation:
FROM debian:latest
MAINTAINER k@bogotobogo.com
# 1 - RUN
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq apt-utils
RUN DEBIAN_FRONTEND=noninteractive apt-get install -yq htop
RUN apt-get clean
# 2 - CMD
#CMD ['htop']
#CMD ['ls', '-l']
# 3 - WORKDIR and ENV
WORKDIR /root
ENV DZ version1
$ docker image build -t bogodevops/demo .
Sending build context to Docker daemon 3.072kB
Step 1/7 : FROM debian:latest
---> be2868bebaba
Step 2/7 : MAINTAINER k@bogotobogo.com
---> Using cache
---> e2eef476b3fd
Step 3/7 : RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq apt-utils
---> Using cache
---> 32fd044c1356
Step 4/7 : RUN DEBIAN_FRONTEND=noninteractive apt-get install -yq htop
---> Using cache
---> 0a5b514a209e
Step 5/7 : RUN apt-get clean
---> Using cache
---> 5d1578a47c17
Step 6/7 : WORKDIR /root
---> Using cache
---> 6b1c70e87675
Step 7/7 : ENV DZ version1
---> Using cache
---> cd195168c5c7
Successfully built cd195168c5c7
Successfully tagged bogodevops/demo:latest

Show Suggested Answer

Suggested Answer: A

by Marjory at Jul 06, 2023, 12:12 PM

Limited Time Offer

25%

Off

Get Premium CKS Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Bette

1 months ago

Well, well, well, looks like someone's got a penchant for playing with fire! 'apt-install' and 'USER ROOT'? Might as well just hand the keys to the kingdom over to the container and call it a day. And the deployment file? Privilege escalation and root access? Might as well just throw the whole server out the window and start over!

upvoted 0 times

Eladia

8 days ago

User 4: Definitely, those need to be fixed asap before any serious security breaches occur.

upvoted 0 times

...

Tuyet

13 days ago

User 3: And in the deployment manifest file, privilege escalation and root access? That's a disaster waiting to happen.

upvoted 0 times

...

Telma

18 days ago

User 2: I know, those are big no-nos. It's like giving full control to the container.

upvoted 0 times

...

Frederic

22 days ago

User 1: Yikes, 'apt-install' and 'USER ROOT' in the Dockerfile? That's a major security risk.

upvoted 0 times

...

Kindra

1 months ago

The Dockerfile needs to be fixed by correcting the 'apt-install' instruction and removing the 'USER ROOT' line. In the deployment manifest, the 'runAsUser: 0' and 'privileged: True' fields should be changed to use a non-root user for better security.

upvoted 0 times

Kasandra

1 days ago

We should also remove the 'USER ROOT' line for security reasons.

upvoted 0 times

...

Hildegarde

20 days ago

Let's change 'apt-install' to 'apt-get install' in the Dockerfile.

upvoted 0 times

...

Allene

2 months ago

Haha, the Dockerfile is a real mess! 'apt-install'? Really? And running as root? Might as well just give the container the keys to the kingdom! As for the deployment file, oh boy, privilege escalation and root access? Might as well just hand over the entire server to the container!

upvoted 0 times

Chauncey

15 days ago

User 3: I agree, running as an unprivileged user with a specific user id is a much better approach.

upvoted 0 times

...

Mohammad

20 days ago

User 2: Absolutely, security best practices are essential. And that deployment manifest file is a disaster too.

upvoted 0 times

...

Helaine

23 days ago

User 1: Yeah, that Dockerfile needs some serious fixing. Running as root is a big no-no.

upvoted 0 times

...

Dianne

2 months ago

The deployment manifest file has some security issues. The 'runAsUser: 0' and 'privileged: True' fields give the container root privileges, which is not recommended for security reasons.

upvoted 0 times

...

Nathalie

2 months ago

I modified the Dockerfile to use debian:latest and added htop installation for better security.

upvoted 0 times

...

Felicidad

2 months ago

The first Dockerfile instruction has a typo in 'apt-install' instead of 'apt-get install'. Also, the 'USER ROOT' instruction is a security risk, it's better to run the container as a non-root user.

upvoted 0 times