1. Install Docker.
$ apt-get update
$ sudo apt-get install apt-transport-https ca-certificates
$ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
$ vim /etc/apt/sources.list.d
----paste-----
deb https://apt.dockerproject.org/repo ubuntu-trusty main
----
$ apt-get update
$ apt-get purge lxc-docker
$ apt-cache policy docker-engine
$ sudo apt-get install linux-image-extra-$(uname -r)
$ sudo apt-get install apparmor
$ sudo apt-get install docker-engine
$ sudo service docker start
$ docker ps
2. Verify successful installation: $ sudo docker run hello-world+
3. Allow Specified username to utilize Docker: $ sudo usermod -aG docker <username>
4. Configure Docker Images DNS Settings.
$ sudo vim /etc/default/docker
----paste-----
DOCKER_OPTS="--dns 208.67.220.220 --dns 208.67.222.222"
-----
$ sudo restart docker
5. Upgrade Docker (periodically): $ sudo apt-get upgrade docker-engine
6. Deploy Docker images.
a. Create an Docker Hub account at https://hub.docker.com
b. Once account verification completes, login and select "Explore Respositories" under the "Respositories" tab.
c. Locate a desired docker image and note its "Pull Command", e.g. "docker pull busybox". I also recommend annotating the command used to access its shell, "docker run -it --rm busybox"
d. Deploy Docker image and verify installation: $ sudo docker images
$ docker pull ubuntu
$ docker images
$ docker run -it --rm ubuntu
e. Note: Do NOT forget to change the 'root' account's password and update the Docker host! I also recommend reviewing the output of "# cat /etc/shadow" to ensure there aren't any rogue accounts.
7. Docker addressing.
a. Docker creates its own interface "docker0": $ ifconfig |grep docker
b. You can query the docker image's IP address by name: $ docker inspect <docker_name> |grep IPAddress
c. Docker has its own 172.17.0.0 route: $ netstat -rn
d. Add a route to the Docker IP on any remote host that needs connectivity with the Docker image: $ sudo route add -net 172.17.0.0 netmask 255.255.255.0 <docker_host_IP>
e. Verify a path from the remote host to the Docker image: $ traceroute 172.17.0.2
8. Other images of interest...
a. CentOS
$ docker pull centos
# passwd root
# yum -y update && yum -y upgrade
# exit
b. Python: $ docker pull python
c. BusyBox: $ docker pull busybox
d. SecurityOnion: $ docker pull danielguerra/security-onion
e. Kali Linux:
$ docker pull kalilinux/kali-linux-docker
$ docker run -it --rm kalilinux/kali-linux-docker
# passwd root
# apt-get -y update && apt-get -y install kali-linux-all
f. Snort:
$ docker pull opennsm/snort
$ ./containnsm run -I snort:2.9.8.0 -- snort --version
g. Docker Bench for Security
$ docker pull docker/docker-bench-security
$ docker run -it --net host --pid host --cap-add audit_control -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock -v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker_bench_security --rm docker/docker-bench-security
h. PEScanner
$ docker pull remnux/pescanner
$ sudo docker run --rm -it -v ~/workdir:/home/nonroot/workdir remnux/pescanner bash
i. Squid Web Proxy
$ docker pull sameersbn/squid:3.3.8-10
$ docker run -it --rm sameersbn/squid:3.3.8-10
# vim /etc/squid3/squid.conf
j. Also, check out https://hub.docker.com/u/honeynet/
No comments:
Post a Comment