Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.
A detailed writeup of Terrier can be found on the Heroku blog, https://blog.heroku.com/terrier-open-source-identifying-analyzing-containers.
Installation
Via Go
$ go get github.com/heroku/terrier
Via go
$ go build
or
$ make all
Also Read – Nuclei : A Fast Tool For Configurable Targeted Scanning
Usage
$ ./terrier -h
Usage of ./terrier:
-cfg string
Load config from provided yaml file (default “cfg.yml”)
An OCI TAR of the image to be scanned is required, this is provided to Terrier via the “Image” value in the cfg.yml.
The following Docker command can be used to convert a Docker image to a TAR that can be scanned by Terrier.
#docker save imageid -o image.tar
$ ./terrier
[+] Loading config: cfg.yml
[+] Analysing Image
[+] Docker Image Source: image.tar
[*] Inspecting Layer: 05c3c2c60920f68b506d3c66e0f6148b81a8b0831388c2d61be5ef02190bcd1f
[!] All components were identified and verified: (493/493)
Example YML config
Terrier parses YAML, below is an example config.
What it do?
It is a CLI tool that allows you to:
Usage
Terrier is a CLI and makes use of YAML. An example YAML config:
In the example below, Terrier has being instructed via the YAML above to verify multiple files.
Terrier sets its return code depending on the result of the tests, in the case of the test above, the return code will be “0” which indicates a successful test as 1 instance of each provided component was identified and verified.
Terrier is instructed to identify any files in the provided image that match the provided SHA256 hashes. YAML file cfg.yml
Running Terrier.
Terrier is instructed to analyze and verify the contents of the container’s merged contents located at “merged” where merged is possibly located at /var/lib/docker/overlay2/..../merged . An example YAML file for this scenario might look like this:
Integrating with CI
Terrier has been designed to assist in the prevention of supply chain attacks. To utilise Terrier with CI’s such as Github actions or CircleCI, the following example configurations might be useful.
config.yml
Terrier cfg.yml
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…