On writing dockerfiles

I came across an email yesterday before I went home in our internal Docker mailing list. The author was looking for a Tomcat container written using SLES as a base-image. I didn’t remember coming across anything like that so I checked dockerhub. There were several there, but most of them, including the official one from Apache, were build on Debian or Ubuntu. I found one¬†that uses a binary package in a tarball created by Apache. I created a plain container shell:

docker run -it sles12sp2 /bin/bash

Then I went through the dockerfile line by line making sure it worked. It didn’t right away. Suse products tend to put things into their own paths rather than the ones that Ubuntu/Debian uses and I fixed the dockerfile accordingly. It only took 20 minutes or so to test, build, and get it running.

I published the final version here using OpenSUSE instead of SLES. It’s also on dockerhub as: jsevans/tomcat-opensuse. This is how I use open source software. I take what others¬† who are smarter than I am have made, build on it to make something better or at least different, and then give back to the community. Maybe my little hack will help someone else also.

One more thing.

Why didn’t I just add “zypper in tomcat” to my dockerfile? I tried that at first. However, like many Linux distros that moved to SystemD, services like Tomcat will not start without a real instance of SystemD running already. Some distros include that into their images like Ubuntu. Others like SLES/OpenSUSE and CentOS/Fedora don’t so you have to find alternative ways to install some applications.

That leads be to ask, will we see a day soon when applications are created to be “container ready”? The applications could be included in a container as is without needing to worry about dependencies to system processes like SystemD.

How can I get Malware?

I received an email this morning. I’m actually expecting a package that has been held for some time and when I saw it, it seems potentially legit at first. But then I realized that I don’t use my work email for personal things like that. When I saw that it came from someone who didn’t have a UPS email address, and there is a .zip attachment. I don’t know for sure that this attachment has a virus or any kind of malware, but I won’t take the chance on company hardware.

In the past few months ransomware such as WannaCry has been a big thing in IT news. It is a program that encrypts (locks) your documents and files so that you can’t use them until you pay someone a ransom. Like a virus, then often move from machine to machine on a network. How do these things start? They usually start with emails like this one. Someone opens an attachment that they think is legitimate and then they find that they can’t use their data anymore and if they don’t have backups, then they might be out a lot of money. If it happens on a corporate network, they could be out millions.

How can you be safe?

  • Don’t open attachments that you aren’t expecting.
  • Be smart about email. If you don’t know who the email is from, never open an attachment.
  • Report suspicious email like this to your Information Security team or Email administrator so they can be blocked in the future.

Malware attacks happen, but they don’t have to happen to you. A bit of savvy about how these things works can save a lot of headaches.