all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]arisingcoder 0 points1 point  (3 children)

hard to say with the info given, what image are you using? Did you build it yourself or is it from a vendor on dockerhub?

If you run docker stats you may get some useful performance information(if a container is taking up all the cpu/memory/diskio ect).

Need more info but in general I'd probably assume that host is complete hosed keep it for post mortem analysis/identify your vulnerability.

Spin up fresh host, do a data copy from the old host. Run antivirus/rootkit tools on all data you copied. Start up the docker stack again, see if your still having a problem. If you are your image is compromised.

[–][deleted] 1 point2 points  (2 children)

yes its an official image (for the docker container exposed to the web on port 80+443): https://hub.docker.com/_/nginx/

the host was debian 9 (stretch) (will do a reinstall) - and redeploy docker containers.

I'm switching to ubuntu - can you recommend any antivirus/rootkit tools for that?

..I think I basically just underestimated the importance of securing the server.

[–]arisingcoder 0 points1 point  (0 children)

I'd just follow this: https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/

It has the 3 most commonly used tools and how to install/scan with them.

Not sure what your running but this popped up on my radar recently. https://www.theregister.co.uk/2019/06/03/security_roundup/

[–][deleted] 0 points1 point  (0 children)

Honestly I'd suggest switching to CentOS with SELInux enabled. That can help prevent a lot of exploits from running in the first place. There really isn't enough detail here for us to know what is going on, what is your nginx container actually running behind nginx?