Closed abitrolly closed 5 years ago
Next is a killer feature that struck me (yeas)today after a sleep session.
After nmap we will have a list of ports described by docker-compose.yml
and with a little more effort list of ports actually served by described configuration. Then we can build a list of ports serviced by the system. Then the list of port serviced by system on all local interfaces. Then we can have combined sorted list of those ports. And then.. we can save this combined list and.. later make a diff of it. A diff on a different system. See what extra services are there, what is missing and... apply this diff to bring missing network services
to those ports using any available logic or preference. It may happen that from a user perspective it doesn't matter if there is Nginx or Envoy or Apache on port 80 as long as it gets there with a configuration to serve static content.
Unfortunately, Nmap detection did go well - https://gist.github.com/abitrolly/5af0045efb9a853263f0bb19f10b0b19 - probably because user use automated scripts that lack the interface to report services like MongoDB and NSQ to Nmap DB.
There is nothing that could be done to advance the idea. Filling Nmap tables manually is not an option.
docker service
- name indocker-compose.yml
network service
- common API name, such as HTTP, XML-RPC etc.Development environment quite often use
docker-compose.yml
. It specifies ports for services -expose
for access them from internal Docker network andports
for accessing them from host interfaces (this includes accessing Docker services from the network).However, one service can provide multiple ports and it is not clear from the definition what these ports are. To make this task done:
docker-compose
, extract name, ip and ports for each servicenetwork service
namesdocker services
, their ports and detectednetwork service
names