Skip to content
July 12, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Data
    • CVE Watchtower
    • Top Exploited CVEs
    • CVE Stats by Vendor
    • Q2 2026 Report
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • Technique
  • Docker Foundation Summary
  • Technique

Docker Foundation Summary

Do Son May 29, 2019 6 minutes read

Docker introduction

  • Docker client and server (daemon)
  • Docker image
  • registry
  • Docker container

Docker container is built on the mirror above, we can understand the image as a defined class, and the container is an instance, a class can instantiate a lot of examples, the same docker can also run on the mirror multiple containers, each The container can be the same or it can be customized. Docker client and server can run on the same host, can also be different.
The registry is used to store the user’s image, which is divided into public and private. Docker company operating public registry called docker hub, the user can docker hub registered account, share and save their own mirror.

Docker install

Docker can run on Linux, Mac, Windows.

Install docker

Go to the official website to download the installation package.
download after the direct installation, the installation is completed after the run docker run hello-world, if no error, indicating a successful installation.

Install docker on Linux

Install docker:

sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

sudo apt-add-repository 'deb https://apt.dockerproject.org/repo ubuntu-xenial main'
sudo apt-get update
apt-cache policy docker-engine
sudo apt-get install -y docker-engine

 

Start the docker daemon:

sudo service docker start

sudo /etc/init.d/docker start

 

 

Docker basic command

The docker base command contains the docker operation, the mirror operation, the container operation, and other related operations. Here are some common commands, please refer to the official documentation, or use the -help command.

Docker operation

View the docker information

$docker info

Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 5
Server Version: 1.12.3
......

 

View the docker version

$docker -v

Docker version 1.12.3, build 6b644ec
$docker version
Client:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 23:26:11 2016
OS/Arch: darwin/amd64
Server:
Version: 1.12.3
API version: 1.24
Go version: go1.6.3
Git commit: 6b644ec
Built: Wed Oct 26 23:26:11 2016
OS/Arch: linux/amd64

 

 

Mirror operation

Local images are stored in the /var/lib/docker directory.
View the local mirror list:

docker images -a

 

Other mirroring operations:

docker search (image-name) 

docker history (image-name)
docker push (image-name)
docker pull image-name:tag pull
docker rmi <image id>
docker rmi $(docker images -q)
docker tag image-id imagename:tag
docker load -i test.tar
docker save image > test.tar

 

Container operation

Create a container:

docker run --rm -ti ubuntu /bin/bash

 

 

  • -rm Once the process exits, the container is deleted
  • -ti Enter interactive mode
  • Ubuntu container based on the mirror name
  • /bin/bash The command to run
docker run -d -p 8000:80 --name test image-name

 

  • -d running in the background
  • -p mapping of the port, the former for the machine, after the container
  • -name custom name

Note: After creating the container, it will return an ID that is generated randomly.

Check container operating status:

docker ps -a

 

View container-specific information:

docker inspect 

 

More detailed than the ps-a command, including network information, configuration information, and other content, you can match with -format, such as:

sudo docker inspect --format '{{ .NetworkSettings.IPAddress }}' c18acd6a8a32

 

View the process inside the container:

docker top container_id

 

Into the container interior:

sudo docker attach container_id

 

Or you can use:

docker exec -ti container_name /bin/bash

 

Exec command can be executed inside the container command, the above code that the container to create a new shell.

Exit container:

[rootq3e1]exit

 

Reboot container:

drocker run —restart=always

 

The restart parameter can set the following:

  • The Docker container is restarted regardless of the code program exiting the container
  • On-failure You can specify an exit code

More container operation:

docker attach container 

docker diff container
dcoker logs ID
docker stop ID
docker start ID
docker restart ID
docker stop ID docker rm ID
docker kill [options] container
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)
docker commit ID new
docker export container > test.tar
docker cp container:path hostpath

 

Container network management:

  • Host mode, the use of dockerrun use -net = host specified (docker used in the network and the host is actually the same, in the container to see the network card ip is the host ip)
  • Container mode, use-net = container: container_id/container_name (multiple containers using a common network, see ip is the same)
  • None mode, specified with -net = none (in this mode, no network is configured)
  • Bridge mode, specified with -net = bridge
  • The default mode, do not specify the default is this network mode. (This mode assigns a separate Network Namespace to each container, similar to VMware’s nat network mode. All containers on the same host will be able to communicate with each other under the same network segment.)

Other operation

docker import http://example.com/example.tar  

docker login [options][server]
docker inspect container/image
docker wait container

 

Dockerfile

Dockerfile can be used to dynamically generate a new image, for example, we pull a basic centos mirror, now need to install some of the software in this mirror, so that we can run the project code we prepared, then you can use the following two options:

Option 1: (manual)

In the centos mirror to create a container, enter the container interactive interface, manually install some of the necessary software, configure the environment. After doing all the changes, use the docker commit container-id newimagename to create a new image. Then use the new image to create the container, run our project code.

Option 2: (automatic)

The so-called automation, that is, do not need to enter the container manually enter the command to configure, everything is automatically handled when the container is running, then it will use the dockerfile. Dockerfile is simply a configuration file, docker container at run time will handle the contents of the file, such as the installation of software, modify the environment variables, run the program. The advantage of using dockerfile is that you can easily modify the contents of the configuration file to achieve the effect of creating dynamic images.

Create a dockerfile

We need to create a directory to store Dockerfile file, the directory name can be arbitrarily taken in the directory to create Dockerfile file. Here I am going to create a base based on centos mirror, the container will automatically open a python webserver (local monitor 8080 port) example.

Write a dockerfile

In the Dockerfile file to write:

# Version 0.1

FROM centos:latest
MAINTAINER https://securityonline.info
RUN apt-get install wget
CMD python -m SimpleHTTPServer 8080

 

The dockerfile syntax is similar to MakeDown, based on the following:

  • FROM based on the base mirror name
  • MAINTAINER maintainer information
  • RUN run command (install software, etc.)
  • CMD command to run the container (can only write one)

Grammar more than these, more content, you can refer to the official documents.

Generate dockerfile image

Into the directory where the Dockerfile file is located, run:

docker build -t centos_test:01 .

docker build -t centos_test:01 git@github:......

 

At this point, run docker images-a view, will find more than one image, named centos_test, tag 01 If dockerfile write a problem, in the build will be given, then you can docker run container id into the final state of the container to debug.

Use dockerfile to mirror

Run the container on this image:

docker run -d -p 80:8080 centos_test:0.1

 

At this point, open the machine 127.0.0.1:80

Dockerfile rules

Each instruction must be in uppercase letters, such as FROM, RUN, and followed by content, docker file will be from the top down the order of the implementation of these content.

WORKDIR

Role: set the working directory, similar to cd

WORKDIR /root/

RUN apt-get install pip
WORKDIR /root/test
......

 

You can override the container working directory with the -w parameter

docker run -w /root/nmasktools ......

 

ENV

Action: Set the environment variable
in the container to be overridden with -e.

USER

Role: Specify what kind of user to run the container

USER ddos

 

You can use the docker-u to cover it.

ADD, COPY

Add and copy are used to add a file to the mirror, the difference is that copy can only copy the file, but no decompression function.

Share this article:

Facebook Post LinkedIn Telegram
Tags: docker

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-1207CVSS 5.4
    An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on...
    Admin intel📅 Updated: Jul 10, 2026
  • CVE-2026-48939CVSS 10.0
    A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-56291CVSS 10.0
    The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files...
    CISA KEV📅 Added to KEV: Jul 10, 2026
  • CVE-2026-55255CVSS 8.4
    Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-48908
    A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-56290
    The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable...
    CISA KEV📅 Added to KEV: Jul 7, 2026
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intelCISA KEV📅 Added to KEV: Jul 7, 2026📅 Updated: Jul 3, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-61447CVSS 10.0
    PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that...
  • CVE-2026-61445CVSS 9.9
    PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in...
  • CVE-2026-60090CVSS 9.8
    PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the...
  • CVE-2026-57827CVSS 10.0
    The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload...
  • CVE-2026-57828CVSS 9.0
    The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file...
  • CVE-2026-14480CVSS 9.9
    OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the...
  • CVE-2026-20744CVSS 9.8
    The charging station websocket endpoint accepts connections without proper authentication, which could...
  • CVE-2026-57807CVSS 9.8
    Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security...
  • CVE-2026-55879CVSS 9.3
    OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the...
  • CVE-2026-12761CVSS 9.8
    The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Top Exploited CVEs
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • Disclaimer
    • DCMA
    • Privacy Policy
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • CVE Watchtower
    • CVE Statistics by Vendor 2026
    • Q2 2026 Report
    • Top Exploited CVEs
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.