magnologan/Dockerfile with Bad Security Practices.txt

## Dockerfile with Bad Security Practices.txt
# Dockerfile with Bad Security Practices

# 1. Using a root user to run the container
FROM ubuntu:latest
USER root

# 2. Installing all tools with one command
# This approach often installs more than needed, increasing attack surface
RUN apt-get update && apt-get install -y \
    curl \
    wget \
    vim \
    net-tools

# 3. Copying sensitive data into the image (exposing secrets)
COPY secret.txt /root/secret.txt

# 4. Disabling security mechanisms (here, ASLR is disabled)
RUN echo 0 > /proc/sys/kernel/randomize_va_space

# 5. Opening all network ports
EXPOSE 80 443 22 3306 5432 27017 6379

# 6. Using a default password or environment variables for sensitive data
ENV DATABASE_USER root
ENV DATABASE_PASSWORD root

# 7. Running with extensive privileges (like --privileged in Docker)
CMD ["sh", "-c", "service apache2 start && bash"]
	# Dockerfile with Bad Security Practices

	# 1. Using a root user to run the container
	FROM ubuntu:latest
	USER root

	# 2. Installing all tools with one command
	# This approach often installs more than needed, increasing attack surface
	RUN apt-get update && apt-get install -y \
	curl \
	wget \
	vim \
	net-tools

	# 3. Copying sensitive data into the image (exposing secrets)
	COPY secret.txt /root/secret.txt

	# 4. Disabling security mechanisms (here, ASLR is disabled)
	RUN echo 0 > /proc/sys/kernel/randomize_va_space

	# 5. Opening all network ports
	EXPOSE 80 443 22 3306 5432 27017 6379

	# 6. Using a default password or environment variables for sensitive data
	ENV DATABASE_USER root
	ENV DATABASE_PASSWORD root

	# 7. Running with extensive privileges (like --privileged in Docker)
	CMD ["sh", "-c", "service apache2 start && bash"]