new atomic post testing (#2307)

Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
2023-02-15 12:19:34 -08:00
parent 8da17a40cc
commit 28934201ad
2 changed files with 36 additions and 0 deletions
@@ -0,0 +1,32 @@
+---
+attack_technique: T1613
+display_name: "Container and Resource Discovery"
+atomic_tests:
+- name: Container and ResourceDiscovery
+  description: Adversaries may attempt to discover containers and other resources that are available within a containers environment. 
+  supported_platforms:
+  - containers
+  dependency_executor_name: sh
+  dependencies: 
+  - description: Verify docker is installed.
+    prereq_command: |
+      which docker
+    get_prereq_command: |
+      if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
+  
+  - description: Verify docker service is running.
+    prereq_command: |
+      sudo systemctl status docker  --no-pager
+    get_prereq_command: |
+      sudo systemctl start docker
+  executor:
+    command: |-
+      docker build -t t1613  $PathtoAtomicsFolder/T1613/src/
+      docker run --name t1613_container  -d -t t1613
+      docker ps
+      docker stats --no-stream
+      docker inspect $(docker ps -l -q --filter ancestor=t1613)
+    cleanup_command: |-
+      docker stop t1613_container
+      docker rmi -f t1613_container
+    name: sh
@@ -0,0 +1,4 @@
+FROM ubuntu:20.04
+MAINTAINER Group12
+RUN echo "Group 12"
+ENTRYPOINT ["tail", "-f", "/dev/null"]