Why is Docker randomly pulling the allinurl/goaccess image and starting a container on my Linux VM?

Question

I am running into scenarios on a Linux VM, where I'll notice that a random Docker container will be running. The image is always allinurl/goaccess.

The image hasn't been pulled and the container hasn't been started by any users.

Any ideas what could cause this or what could be happening here?

I've had a look at command history for machine users and can't seem to find anything. I don't have any explanation for this behaviour or know what to check from here.

Answer 1

• It could be possible that the container is being run by a script or a service that is running on the VM.
• Check if there is any process on the VM is leading to run the container.
• Mainly, check the Docker logs to know the detailed information about how the container getting started/running.

• Run the below command to know the currently running containers on Linux VM.

• Run the command to Stop the container if it is running.

If you see the container still running, try removing the container and the image from the VM and check the status.

Monitor the containers running on your VM and ensure that they are not being used for suspicious purposes.