Docker

Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, dependencies, libraries and configuration files. Data that is passed to and from the containers is only allowed through well-defined channels. Because all of the containers share the services of a single operating system kernel, they use fewer resources than virtual machines. The nature of the virtualization can have many security benefits, when wielded Correctly.

Docker packages are distributed as flat inert images. These images are used by the Docker Engine to generate the aforementioned containers, which is where the package's binaries actually run from. When the container is no longer needed, it can be destroyed. When the container is needed again, it can be quickly regenerated from the original image. You can even spawn multiple containers from a single image.

Another summary, from the official documentation:

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker's methodologies for shipping, testing, and deploying code, you can significantly reduce the delay between writing code and running it in production.

Docker isn't a single piece of software, but rather several components packaged together. We are not going to go in-depth to all the components here, but there are a few basic ones you should have a working knowledge of.

First, is the Docker Engine, which is the most integral part of the service. It includes:

• The dockerd daemon, which is the service that runs in the background. The daemon handles the deployment of containers. When you first install Docker, you should make sure the daemon is running in rootless mode for security purposes.
• APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.
• The command-line interface docker, which is how you will be controlling Docker and your containers.

The most basic way to launch a container from an image is with the docker run command. This is fine if you are running a single stock container, but quickly becomes cumbersome as you start adding flags and more containers. You can make things easier by using Docker Compose, which spawns containers from images by reading the settings defined in preconfigured YAML files.

To build your own Docker images, you will be using Docker Build. docker build reads instructions from a special type of config file called a Dockerfile to generate images. You can then spawn containers from these images with docker run or docker compose.

Finally there is Docker Hub, which is the biggest repository of Docker images. They are oftentimes distributed on other sites as well, such as GitHub. Be wary what images you choose to download, as many Docker images are not maintained very well, and are riddled with unpatched security exploits!

There is a desktop app, but skip it. With just a handful of commands, you will master the basics of this software much faster, with less overhead to keep track of. For most casual Docker users, the following commands may very well be the only ones you will ever use.

For a complete list of commands, consult the CLI reference docs. You can also run docker help and man docker to bring up the documentation in your terminal window, without having to open a web browser.

List running containers:

$ docker ps

• -a - Lists all containers
• -l - Show most recently spawned container

Delete a container:

$ docker rm CONTAINERNAME

List saved images:

$ docker images -a

Delete an image:

$ docker rmi IMAGENAME

Spawn a container from an image. If the image does not exist, it will be downloaded automatically from Docker Hub:

$ docker run IMAGENAME

Spawn a container from an image defined in a compose.yaml file:

$ docker compose -f /path/to/compose.yaml up -d

Restart a container:

$ docker restart CONTAINERNAME

Stop a container:

$ docker stop CONTAINERNAME

Start a stopped container:

$ docker start CONTAINERNAME

Kill a container process entirely:

$ docker kill CONTAINERNAME

Download a container image from Docker Hub without running it:

$ docker pull IMAGENAME

Build a container image from a Dockerfile (Do not specify the Dockerfile itself like you would with the aforementioned docker compose command and compose.yaml! Only specify the directory the Dockerfile is stored in):

$ docker build /path/to/dockerfile/ -t 

Execute a command inside a running container:

$ docker exec -d CONTAINERNAME COMMANDSTRING

Open an interactive shell session inside a running container:

$ docker exec -it CONTAINERNAME sh

List port mappings for a container:

$ docker port CONTAINERNAME

• You can use HumphreyBoaGart/vmask to deploy compartmentalized browser environments. This package is mainly for sockpuppetry. However, you can also use it to quickly spin up disposable browsers for visiting questionable websites, and impeding the lateral movements of trackers and other scripts.