Monday, April 29, 2019

Security Onion Docker Images NOT Affected by Recent Docker Hub Data Exposure

In Security Onion 16.04, our Elastic components are delivered via Docker images stored on Docker Hub.  Docker recently announced unauthorized access to a single Docker Hub database:

From the article:
Q: How do I know if I was impacted by this unauthorized access?
If you directly received an email from Docker about this incident, you may have been impacted. If you have received a password reset link, your password hash was potentially exposed. We have invalidated it and sent you a password reset link as a precaution. If you are using autobuilds and your GitHub or Bitbucket repositories have been unlinked from Docker Hub, you will need to relink those repositories for autobuilds to work correctly.
Security Onion does NOT use autobuilds and did NOT receive an email from Docker, so we don't have any reason to believe that our Docker accounts or images were impacted.  However, to err on the side of caution, we have verified our Docker images and reset our passwords.  Finally, please note that our images are digitally signed using Docker Content Trust:

No comments: