Inspecting docker images using dive
A tool for exploring each layer in a docker image. For example, we can explore the following image which adds and copies files as such:
We can use dive to explore the image itself and explore its contents as such:
$ dive ofuxas3/malicious:v1.0.1
Image Source: docker://ofuxas3/malicious:v1.0.1
Extracting image from docker-engine... (this can take a while for large images)
The image is not available locally. Trying to pull 'ofuxas3/malicious:v1.0.1'...
v1.0.1: Pulling from ofuxas3/malicious
3b65ec22a9e9: Pull complete
fa53e38c2304: Pull complete
67743037115e: Pull complete
76c5930a9058: Pull complete
957b8391adc0: Pull complete
aa21f505d1cc: Pull complete
Digest: sha256:2f09156f5da24b8606823f061d5e4611bd8d4290d6c60d5dd3460d1544ff6856
Status: Downloaded newer image for ofuxas3/malicious:v1.0.1
docker.io/ofuxas3/malicious:v1.0.1
Analyzing image...
Building cache...We can see each layer and explore what files have been added, removed or modified which can help us identify changes that might otherwise have been hidden:
Migrating docker volume from one server to another
Using docker run + tar (Manual Backup & Restore)**
- Stop the container (if running):
docker stop <container_name>- Create a backup of the volume on the source host:
docker run --rm -v <volume_name>:/volume -v $(pwd):/backup busybox tar czf /backup/<backup_file>.tar.gz -C /volume ./This creates a compressed .tar.gz file with all volume data.
- Transfer the backup file to the new host using
scp,rsync, or any file transfer method
scp <backup_file>.tar.gz user@new_host:/path/to/backup/- Restore the volume on the destination host:
docker volume create <new_volume_name>
docker run --rm -v <new_volume_name>:/volume -v $(pwd):/backup busybox sh -c "tar xzf /backup/<backup_file>.tar.gz -C /volume"This extracts the backup into a new volume.
- Start your container with the new volume:
docker run -v <new_volume_name>:/path/in/container ...