Part 1: Generate and exercise the stub image
Step 1.1: Pull the Debian Docker image
docker pull debian:latest
Step 1.2: Generate a stub image
rfstub debian:latest
Step 1.3: Run the stub image
docker run --rm -dt --name=rf-test --cap-add=SYS_PTRACE debian:latest-rfstub
Step 1.4: Test the stub image
Executing this command in the stub image will ensure that ‘ls -lrta’ is preserved, so we can use it to verify files in our hardened image later.
docker exec -it rf-test bash -c "ls -lrta; echo testing"
Step 1.5: Stop the running instance
docker stop rf-test
Step 2.2: Harden with --keep-pkgs-coherent
rfharden --keep-pkgs-coherent debian:latest-rfstub
Step 2.3: Verify package files in hardened image
Follow the User Interface to Packages>In Use. Since at least 1 file from ‘libpcre 2-8-0’ was used, keeping packages coherent will have kept all of its files. Run the following to verify that this package has had its files preserved.
docker run --rm -it debian:latest-rfhardened bash -c "ls -lrta usr/share/doc/libpcre2-8-0/copyright"
This should return usr/share/doc/libpcre2-8-0/copyright.
Step 3.1: Harden without --keep-pkgs-coherent
rfharden debian:latest-rfstub
Run the following to verify that the libpcre2-8-0 package has had some of its files removed.
docker run --rm -it debian:latest-rfhardened bash -c "ls -lrta usr/share/doc/libpcre2-8-0/copyright"
This should return No such file or directory.
Run the following to verify that the libpcre2-8.so.0.10.1 package has had some of its files preserved.
docker run --rm -it debian:latest-rfhardened bash -c "ls -lrta /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.1"
This should return /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.10.1.