Docker

Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, dependencies, libraries and configuration files. Data that is passed to and from the containers is only allowed through well-defined channels. Because all of the containers share the services of a single operating system kernel, they use fewer resources than virtual machines.

Docker packages are typically distributed as flat inert images. These images are used by the Docker engine to generate the aforementioned containers, which is where the package's binaries actually run from. When the container is no longer needed, it can be shut down or destroyed. When the container is needed again, it can be quickly regenerated from the original image. The nature of the virtualization can have many security benefits, when wielded Correctly.

Another summary, from the documentation:

Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker's methodologies for shipping, testing, and deploying code, you can significantly reduce the delay between writing code and running it in production.

Docker isn't a single piece of software, but rather several components packaged together. We are not going to go in-depth to all the components here, but there are a few basic ones you should have a working knowledge of.

First, is the Docker Engine, which is the most integral part of the service. It includes:

• The Docker Daemon, dockerd which is the service that runs in the background. The daemon handles the deployment of containers. When you first install Docker, you should make sure the daemon is running in rootless mode.
• APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon.
• The command-line interface docker, which is how you will be controlling Docker and your containers.

The most basic way to launch containers from images is with the docker run command. However, you can make things easier by using Docker Compose, which launches containers by reading the settings defined in preconfigured YAML files.

To build your own Docker images, you will be using Docker Build. docker build reads instructions from a special type of config file called Dockerfiles to generate images. These images you can then launch with docker run or docker compose.

Finally there is Docker Hub, which is the biggest repository of Docker images, though they are oftentimes distributed on other sites as well, such as GitHub.

There is a desktop app, but skip it. With just a handful of commands, you will master the basics of this software much faster, with less overhead to keep track of. For a complete list of commands, consult the CLI reference docs.

You can also run docker help and man docker to bring up the documentation in your terminal window, without having to open a web browser.

List running containers:

$ docker ps

• -a - Lists all containers
• -l - Show most recently spawned container

List saved images:

$ docker images -a

Delete a container:

$ docker rm CONTAINERNAME

Delete an image:

$ docker rmi IMAGENAME

Execute a command inside a running container:

$ docker exec -d CONTAINERNAME COMMANDSTRING

Open an interactive shell session inside a running container:

$ docker exec -it CONTAINERNAME sh

• You can use HumphreyBoaGart/vmask to deploy compartmentalized browser environments. This package is mainly for sockpuppetry. However, you can also use it to quickly spin up disposable browsers for visiting questionable websites, and impeding the lateral movements of trackers and other scripts.