# Docker

## Install Docker & Docker Compose
- GitHub Codespaces already has docker and docker-compose installed and the docker daemon running
- if you download and use SEED VM Ubuntu 20.04 from https://seedsecuritylabs.org/labs.html, you already have docker installed and configured
- if you use your own Ubuntu/Kali, follow the instructions from the following link:
     - https://www.kali.org/docs/containers/installing-docker-on-kali/#installing-docker-ce-on-kali-linux
- `$ sudo apt install -y docker-compose`

## Docker Documentations
- Docker Manual from SEEDLabs
- [https://github.com/seed-labs/seed-labs/blob/master/manuals/docker/SEEDManual-Container.md](https://github.com/seed-labs/seed-labs/blob/master/manuals/docker/SEEDManual-Container.md)
- https://docs.docker.com/get-started/
- https://docs.docker.com/manuals/

## Docker Hub Account and CLI Authentication

- Create an account on [https://hub.docker.com/](https://hub.docker.com/)
- Create Access Token
     - Go to Account Settings -> Create Access Token
     - Save the taken safely somewhere private (Google Drive or OneDrive)
- Rename existing `~/.docker/config.json` file as a backup
- Log in from a Terminal using the Access Token
- Note you only have to do this once per system

```bash
$ docker login -u <username>
```

In [1]:
! echo kali | sudo -S apt install -y docker-compose

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
docker-compose is already the newest version (1.29.2-6).
The following packages were automatically installed and are no longer required:
  fonts-noto-color-emoji libabsl20220623 libaio1 libatk-adaptor libbabeltrace1
  libboost-dev libboost1.83-dev libc6-dbg libdebuginfod-common libipt2
  libnsl-dev libopenblas-dev libopenblas-pthread-dev libopenblas0
  libpython3-all-dev libpython3.12-dev libsource-highlight-common
  libsource-highlight4t64 libtirpc-dev libxsimd-dev python3-all-dev
  python3-anyjson python3-beniget python3-gast python3-pyatspi python3-pypdf2
  python3-pyppeteer python3-pyrsistent python3-pythran python3.12-dev xtl-dev
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 1327 not upgraded.


## Push Docker Image to Docker Hub

- images can be built and push to Docker hub for others to access publicly or to share privately
- Build and Push First Image - [https://docs.docker.com/get-started/introduction/build-and-push-first-image/](https://docs.docker.com/get-started/introduction/build-and-push-first-image/)

```
$ docker build -t <username>/image_name:tag .
$ docker push <username>/image_name:tag
```

## Docker Scout
- See this - [https://docs.docker.com/scout/](https://docs.docker.com/scout/)
- See Quickstart page and go over it step by step!

## Docker Attestation
- Docker Attestation is a security feature that allows you to verify the integrity and origin of your Docker images.
- helps ensure that the images you use in your environment are from trusted sources and have not been tampered with.
- See this - https://docs.docker.com/engine/security/trust/

### Build Docker with Provenance and SBOM attestation

- Enable the containerd image store:
- For Docker Desktop: Navigate to Docker Desktop settings and enable the `containerd` image store option.
- For Docker Engine standalone: 
    - Edit the file: sudo nano /etc/docker/daemon.json
    - include/add {"features": {"containerd-snapshotter": true}} 
    - restart the Docker daemon

    ```bash
    sudo systemctl stop docker
    sudo systemctl start docker
    ```

- build the docker container
    ```
    docker build --push --sbom=true --provenance=true -t <your-image-name>:<tag> .
    ```

## Docker Networks Demo

- see `demos/docker/networks/docker-compose.yml` file for two private networks demo
-

## Important Docker Commands

- `$ docker build <new-image-name> .`
- `$ docker run <image-name> -p <host-port>:<container-port>`
- `$ docker push <image-name>`
- `$ docker ps`
- `$ docker exec -it <container-name/id> <bash command; e.g. /bin/bash>`
- `$ docker image ls`
- `$ docker image rm <image-id>`
- `$ docker network ls`
- `$ docker network rm <network-id>`