We help IT Professionals succeed at work.






Docker is a computer program used to run software packages called containers in an operating-system-level virtualization process called containerization. It’s developed by Docker, Inc. and was first released in 2013.

hello Team

I am using a GLPI container( docker image)  i tried to setup every thing but during the install i have an error  I even changed the image and i having the same error

I have a Debian 10 server with a phpmyadmin/phpmyadmin Docker container on it which points to a Amazon RDS database. Currently whenever I log in to the phpmyadmin website it is using port 80 and it is unsecure. Is there a way when I pull the phpmyadmin/phpmyadmin to have it use a secure connection from my computer to my phymyadmin website? I'm sure I can change the port to 8080:443 but won't I need a certificate?

Current command to pull:
sudo docker run --name phpmyadminone -d -e PMA_HOST=myrdsdatabaseserverxxxxxxxxxxxx.com -p 8080:80 phpmyadmin/phpmyadmin

Open in new window

DockerHub Link phpmyadmin/phpmyadmin
I am new to Cloud Server Hosting and would like your option on the best and most cost effective Cloud Server Hosting site. I will be running a Debian 10 server with MySql. The total size will around 4 GB. I will have around 5 or so people accessing the server. In addition, has anyone used Docker on a Cloud Server before (is it even possible)?

Please see https://www.experts-exchange.com/questions/29170630/Powershell-get-cve-score-specific-soft-version-via-cve-api.html

I could also use Docker to run on my Windows 2016 labserver and install the  CVE stuff on it: https://github.com/cve-search/cve-search

Just wonder: howto do this? When it is there, how can I scan for a CVE score, f.e. Firefox 60.1, what is its CVE score (preferrably Powershell based (run a ssh session or other options?)?

This one is really getting to me. I would like to run most of my docker containers by connecting them to a vlan on my Ubiquiti network but cant seem to get it working. although admittedly I don't know much about docker and I'm still very new to it.

I have tried creating a macvlan for one of the networks and that seems to be alright but I cant seem to get my containers connected to it.

I would like to connect to my vlan at just doing that with an nginx container or something would be a great example for me to go by.

Thanks in advance for your help.

I have an ESXi Server in which I have a VM that I would like to utilize a USB device from a remote location from the server although it is still on the same LAN.

I have read that there are USB over IP devices available that would achieve what I am after. Can someone make a recommendation.

The VM is running linux and there is a possibility I could run it in docker as well. Is this still possible with Docker?
I am running a CentOS 7 server running Samba 4.9.1

I have a fileshare on a Win 2008 R2 (soon to be upgraded) server that I want to right to from the CentOS sever.

I have installed 'samba-clent' and 'cifs-utils'. I have added a line to [/etc/fstab] to create a mount point to a folder in the root called 'output' (i.e.  '/output') and passed credentials of a special windows user from a text file (username, password and domain).

On the Windows side I have granted the share folder 'Full control' to the windows user AND shared the folder with them.

This all works well and the two servers are now linked so that if I create a text file from CentOS in the folder '/output' it appears in the Windows share. I can list the share's contents. create folders, delete files and delete folders.

HOWEVER I when I run a shell script that runs a docker program (third-party that I can't upload) it returns 'Permission denied' when it tries to generate a database backup in that location.

The exact same setup worked under Ubuntu 16.04 so I am confused as to what is missing here.

I have even run '# semanage fcontext -a -t samba_share_t '/output(/.*)?' and then '# restorcon -v /output' to stop SELinux from blocking the Samba communication.

  1. What could I be missing ?
  2. Do I need to create a Samba user just to access this share ? I didn't under Ubuntu 16.04
  3. How can I further manually test the share to see if I am missing permissions
kindly please suggest

I injected below lines in tomcat catalina.policy,

grant codeBase "file:/<path_to_directory>/-" {
permission java.security.AllPermission;
permission java.io.FilePermission "", "read,write,execute";
permission java.util.PropertyPermission "", "read";
permission java.lang.RuntimePermission "getenv.*";

Open in new window

But I still get
Error in Full Agent Registration Info Resolver reading environment variable/system property 
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.")

Open in new window

Hi Docker Experts,

I have a vendor provided docker image. Which I have it in my docker registry.

I have simple Docker File which uses this image as a BASE image.

1. Would like to copy a file from the docker image to host
2. update the copied file on the host
3. Copy updated file back to docker in the same location
4. build docker with new tag

please help

Simple Dockerifle
FROM xxxxxxxx.dkr.ecr.ap-southeast-2.amazonaws.com/busybox1

RUN echo foo > bar
COPY /tmp/test.txt /tmp/test_upd.txt

Open in new window

For me even simple COPY is failing
lstat tmp/test.txt: no such file or directory
On my RHEL7 VM, the reboot took about 30-40 mins to boot up
(was told by colleague who supports it, it's about 20 times longer).

 At the console, I could see
"dracut Warning: Cannot umount /oldroot
 dracut Warning: Blocking umount of /oldroot [14015]
 dracut Warning: lrwxrwxrwx.  1  root  0  0 ...
   /proc/14015/exe-> /oldroot/usr/lib/systemd/systemd-shutdown

A few links suggest to disable firewalld but after it boots up, can't
   see that firewalld is running:
$ firewall-cmd --list-all |more
FirewallD is not running

is the dracut message on the console the cause of the slow booting
up or this long booting up is caused by another issue?  How can I
fix this?
I've added the following settings in /etc/sysctl.conf  as well as
issued 'sysctl -w ...'  to make it effective as part of hardening.

My apps colleague rebooted the RHEL 7 VMs & now
the docker gave the error '503 Service Unavailable'.

How should I reverse them back: just by removing
those lines from sysctl.conf & reboot (sysctl.conf was
quite empty initially)
re-issue "sysctl -w ..." with the  alternate value (ie if
it's 0, set it to 1 & if it's 1, set it to 0)?  But this doesn't
seem right as we don't know what's the default
value initially.  So how do we know what's the
initial default value before the change??

sysctl -w fs.suid_dumpable=0
sysctl -w kernel.randomize_va_space=2
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.all.secure_redirects=0
sysctl -w net.ipv4.conf.default.secure_redirects=0
sysctl -w net.ipv4.conf.all.rp_filter=1
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.ip_forward=0
sysctl -w net.ipv4.conf.all.send_redirects=0
sysctl -w net.ipv4.conf.default.send_redirects=0
sysctl -w net.ipv4.conf.all.accept_source_route=0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.all.log_martians=1
sysctl -w net.ipv4.conf.default.log_martians=1
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w …
refer to attached list of group/world writable folders:
many of them are under docker dir & some are owned by ftp.

is it ok to remove  group writable  permission?

Those files owned by ftp: can we amend to be owned by root?
During hardening, found the following group or world writable files.
Any harm if I do  'chmod g-w  or o-w'  on them:

rw-rw-r--. 1 root utmp 1920 Nov 15 15:26 /run/utmp
-rw-rw-rw-. 1 root root 0 Nov  8 20:47 /sys/fs/selinux/member
-rw-rw-rw-. 1 root root 0 Nov  8 20:47 /sys/fs/selinux/user
-rw-rw-rw-. 1 root root 0 Nov  8 20:47 /sys/fs/selinux/relabel
-rw-rw-rw-. 1 root root 0 Nov  8 20:47 /sys/fs/selinux/create
-rw-rw-rw-. 1 root root 0 Nov  8 20:47 /sys/fs/selinux/access
-rw-rw-rw-. 1 root root 0 Nov  8 20:47 /sys/fs/selinux/context
--w--w--w-. 1 root root 0 Nov 12 22:18 /sys/fs/cgroup/blkio/docker/09445bf1ebac906fb92c97d9140a42710796b2dd34bb3474c71794b131f4741b/cgroup.event_control
--w--w--w-. 1 root root 0 Nov 11 18:29 /sys/fs/cgroup/blkio/docker/e760f8367ab29e50ea04629d2d1466013a0d19510052470e0617bb169993e652/cgroup.event_control
--w--w--w-. 1 root root 0 Nov  8 21:05 /sys/fs/cgroup/blkio/docker/5370fc625a376632a22e470e0d490e11a1e10ce7b142d87f5854ea258a2a5567/cgroup.event_control
--w--w--w-. 1 root root 0 Nov  8 21:05 /sys/fs/cgroup/blkio/docker/cadac22712699622cc1554a6ced7f662fdc8dd62b5793516096dea0f9d268548/cgroup.event_control
--w--w--w-. 1 root root 0 Nov  8 21:05 /sys/fs/cgroup/blkio/docker/ffd11120a3e494232e67bb4517bcf358c5d2e1690935455b37db9bcd169e9320/cgroup.event_control
--w--w--w-. 1 root root 0 Nov  8 21:05 /sys/fs/cgroup/blkio/docker/0d93b13bbc417a4d59cc89c5e28160217c844d702f80ea29bb7740df86e1ef3d/cgroup.event_control
--w--w--w-. 1 root root 0…
When verifying for RHEL7 CIS benchmark compliance item 1.2.1
"Ensure package manager repositories are configured", got the
message below:  is this an NC & what should be done to rectify?

All the CIS doc says is "Configure your package manager repositories
according to site policy" but currently we don't have one:

$ yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
repo id                                                     repo name                                         status
!docker-ee-stable-17.06/x86_64         Docker EE Stable 17.06 - x86_64     19
repolist: 19

I have Pihole running. Sometimes I look for something and I get
https://www.googleadservices.com/pagead/ ... then a link

but the googleadservices page is blocked and then I cannot ge to the final page.
How can I solve this?

Please advise.

I'm using PiHole on a Synology NAS in Docker container.
When I go to the PiHole site, it says:
Pi-hole Version v4.3.1 (Update available!) Web Interface Version v4.3 (Update available!) FTL Version v4.3.1

How do I update this Docker container quick & straight forward without losing all my configuration?

Please advise.
I recently took away users local admin privileges from all the end users computers.  The people who seem to be affected by this the most are the programmers. They have issues with running docker which needs to be run with elevated privileges (Just one example so far ).  I would be interested in hearing what other sys admins are doing with the more technical end users to let them work properly?

Thank you.
Our apps architect recommends  Alpine Linux for our
microservices/container environment.

Some time back, a patch management vendor told us
that patching for Alpine can't be managed by Satellite
or BigFix  ie we have to manually download & patch.

is the above true or is there something like 'yum' in
RHEL to patch Alpine.

Also, there's no CIS hardening benchmark nor any
docs that standardize what to harden for Alpine.

Architect further points out that Alpine is the most
secure & efficient Linux to use for microservices;
is this true?  Does Alpine has good development
team that constantly check for vulnerabilities &
release advisories/patches (at least like RHEL)?


Where can I view past Alpine's CVEs/vulnerabilities
list & how can we assess how good are support
for Alpine?  Don't want a case where we log a
case for support & there's lack of response &
no solution
Trying to run Docker and I'm getting this error:

$ bash bin/development.sh
Building express-mongoose-es6-rest-api
Step 1/9 : FROM node:8.10.0
 ---> 41a1f5b81103
Step 2/9 : MAINTAINER Kunal Kapadia <kunalkapadia12@gmail.com>
Service 'express-mongoose-es6-rest-api' failed to build: failed to start service utility VM (createreadwrite): hcsshim::CreateComputeSystem 7be3d4b1e2c0b1026873e49e7b782f851fde4296ed082a0942ddee02bbb9f688_svm: The virtual machine could not be started because a required feature is not installed.
(extra info: {"SystemType":"container","Name":"7be3d4b1e2c0b1026873e49e7b782f851fde4296ed082a0942ddee02bbb9f688_svm","Layers":null,"HvPartition":true,"HvRuntime":{"ImagePath":"C:\\Program Files\\Linux Containers","LinuxInitrdFile":"initrd.img","LinuxKernelFile":"kernel"},"ContainerType":"linux","TerminateOnLastHandleClosed":true})

When I'm looking at that, I'm seeing what I have in bold. I'm google-ing this stuff now, but if there's anybody out there who's been down this road who can tell me what I need to do to make this work, I'm all ears!

I've got Docker installed and I've downloaded a boilerplate from https://github.com/kunalkapadia/express-mongoose-es6-rest-api

Everything's installed including "yarn" - all good.

But when I run this: $ bash bin/development.sh, which, from what I understand is instantiating the docker dynamic, it just hangs on "3.4: Pulling from library/mongo."

Here's what it looks like:

I am poised on the threshold of greatness! I've got my Node syntax proofed and ready! All I've got to do is drop it into the Boilerplate and wrap it in a Docker image and I will be done!

But I can't get past this thing and I'm stuck!

Is there any hardening guide for RHEL 8?
If there's none, can I assume it's very close to RHEL 7's hardenings?
Then I'll ask vendors to harden RHEL 8 as per CIS RHEL7's benchmark.

We're hosting docker/microservices in an RHEL host: previously the
vendor tested using RHEL7: can I safely say it makes no difference/
impact to the services/app whether we use RHEL 7 or 8?

at the VMs level is there any difference/impact?  The docker
instances is spinned from the various Ubuntu, Debian images,
so I'm guessing it doesn't matter which version of RHEL runs
on the VMs
i have a very little script which is running when i use   $ ./check_dock
docker -com.... ok cpuuerc 0.xx%
 when i used in $ ./check_nrp -H "ip/localhost/" -c check_dock
return:  NRPE: Unable to read output
all other command i defined in nrpe is running.
What i missing here?

my check_dock scripts is:
#!/bin/bash -el
# Author: Bahman Sharzad
# Mail: bshmsn.sharzad@process-factory.dk

alias direc="cd /usr/local/nagios/libexec"
# . check docker container
statu=$((sudo /usr/local/nagios/libexec/check_docker -n $1 -c 80,90) | awk '{print $2}')
#echo $statu
all=$(sudo /usr/local/nagios/libexec/check_docker -n $1 -c 80,90)
#echo $all
if [ $statu = 'WARN' ]; then
        echo $all
elif [ $statu = 'CRIT' ]; then
        echo $all
elif [ $statu = 'OK' ]; then
        echo $all

and command in nrpe is
command[check_dock]=/usr/local/nagios/libexec/check_dock docker-compose_mongodb_1
i run command :  $ sudo ./check_nrpe -H -c check_dock
NRPE: Unable to read output
i have a ubuntu lxd container (on ubuntu 18.04).
i add a domain group in visudo. and run lxc set security.priviliged true on my lxd docker.
i try to update ubuntu 16 as domain user in sudores group:
return error : sudo apt update
sudo: unable to resolve host “my-host”
sudo: no tty present and no askpass program specified.
Is there any method to check status for docker container in nagios core 4?

reading this :


what is  Docker Swarm ?

it say

"MaxScale Clustering with Docker Swarm
With Docker Swarm, we can create a group of MaxScale instances via Swarm service with more than one replica together with Swarm Configs."

so what is that ?

also in here:


it say:

Query Rewriting
Query rewrite is a feature that, depending on the queries running against the database server, quickly allows to isolate and correct problematic queries and improve performance.

Open in new window

I dont' understand what it means ?

and this one :

uery rewriting can be done via regexfilter. This filter can match or exclude incoming statements using regular expressions and replace them with another statement. Every rule is defined in its own section and include the section name in the corresponding service to activate it.

Open in new window

this means if we see a bad query we use maxsale to replace any string ?






Docker is a computer program used to run software packages called containers in an operating-system-level virtualization process called containerization. It’s developed by Docker, Inc. and was first released in 2013.

Top Experts In