<a href="https://colab.research.google.com/github/Kolawole-a2/Kola_Projects/blob/main/ContainerAssignment.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [1]:
import os
import json
import yaml

# Simulated file system in Colab
os.makedirs("/content/etc/docker", exist_ok=True)
DAEMON_JSON_PATH = '/content/etc/docker/daemon.json'
DOCKERFILE_PATH = '/content/Dockerfile'
DOCKER_COMPOSE_PATH = '/content/docker-compose.yml'

# Create dummy files to simulate a real environment
with open(DAEMON_JSON_PATH, 'w') as f:
    json.dump({}, f)
with open(DOCKERFILE_PATH, 'w') as f:
    f.write("FROM python:3.8\nCMD python app.py\n")
with open(DOCKER_COMPOSE_PATH, 'w') as f:
    yaml.dump({"services": {"web": {"image": "myapp", "ports": ["0.0.0.0:5000:5000"]}}}, f)

# Original functions from your script
def update_daemon_json():
    settings = {
        "icc": False,
        "userns-remap": "default",
        "live-restore": True,
        "userland-proxy": False
    }
    if os.path.exists(DAEMON_JSON_PATH):
        with open(DAEMON_JSON_PATH, 'r') as f:
            current_settings = json.load(f)
        current_settings.update(settings)
    else:
        current_settings = settings
    with open(DAEMON_JSON_PATH, 'w') as f:
        json.dump(current_settings, f, indent=4)
    print(f"Updated {DAEMON_JSON_PATH} with security settings.")

def update_dockerfile():
    with open(DOCKERFILE_PATH, 'r') as f:
        lines = f.readlines()
    if not any('RUN adduser -D appuser' in line for line in lines):
        lines.insert(1, 'RUN adduser -D appuser\n')
    if not any('HEALTHCHECK' in line for line in lines):
        lines.insert(-1, 'HEALTHCHECK --interval=30s --timeout=10s CMD curl -f http://localhost:5000/ || exit 1\n')
    if not any('USER appuser' in line for line in lines):
        lines.insert(-1, 'USER appuser\n')
    with open(DOCKERFILE_PATH, 'w') as f:
        f.writelines(lines)
    print(f"Updated {DOCKERFILE_PATH} with non-root user and health check.")

def update_docker_compose():
    with open(DOCKER_COMPOSE_PATH, 'r') as f:
        compose_data = yaml.safe_load(f)
    for service in compose_data.get('services', {}).values():
        service['mem_limit'] = '512m'
        service['read_only'] = True
        service['security_opt'] = ['no-new-privileges:true']
        service['pids_limit'] = 100
        if 'ports' in service:
            for i, port in enumerate(service['ports']):
                if port.startswith('0.0.0.0'):
                    service['ports'][i] = port.replace('0.0.0.0', '127.0.0.1')
    with open(DOCKER_COMPOSE_PATH, 'w') as f:
        yaml.dump(compose_data, f)
    print(f"Updated {DOCKER_COMPOSE_PATH} with security settings.")

def main():
    print("Applying Docker security fixes...")
    update_daemon_json()
    update_dockerfile()
    update_docker_compose()
    print("Security fixes applied.")

main()


Applying Docker security fixes...
Updated /content/etc/docker/daemon.json with security settings.
Updated /content/Dockerfile with non-root user and health check.
Updated /content/docker-compose.yml with security settings.
Security fixes applied.
