Try   HackMD

Docker Notes

Docker Notes
Johnny Pan (codeskill)
2020-09-08

Alpine Linux

Download

https://www.alpinelinux.org/downloads/

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Installation

setup-alpine

  • keyboard layout us
  • hostname: docker
  • Interface eth0
  • IP address dhcp
  • Network config n
  • Root password 34sy_p@ssw0d
  • Timezone America/Costa_Rica
  • Proxy none
  • Mirror f
  • SSH server openssh
  • Disk vda
  • Use sys
  • Erase disk y
  • Reboot

Install Docker

Install nano editor.

apk add nano

The Docker package is in the Community repository.

nano /etc/apk/repositories

Uncomment the Community repository.

#/media/cdrom/apks
http://dl-cdn.alpinelinux.org/alpine/v3.14/main
http://dl-cdn.alpinelinux.org/alpine/v3.14/community
#http://dl-cdn.alpinelinux.org/alpine/edge/main
#http://dl-cdn.alpinelinux.org/alpine/edge/community
#http://dl-cdn.alpinelinux.org/alpine/edge/testing

Install docker and docker-compose.

apk add docker docker-compose

Connecting to the Docker daemon through its socket requires you to add yourself to the docker group.

addgroup username docker

To start the Docker daemon at boot.

rc-update add docker boot
service docker start

Portainer

Install Portainer

First, create the volume that Portainer Server will use to store its database:

docker volume create portainer_data

Then, download and install the Portainer Server container:

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Upgrade Portainer

nano upgrade_portainer.sh

docker stop portainer
docker rm portainer
docker pull portainer/portainer-ce:latest
docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest

Docker CLI

Search Image

docker search [image]

Download Image

docker pull [image]

Show active containers

docker ps

Show all containers

docker ps -a

Stop container

docker stop [container_id]

Remove container

docker rm [container_id]

Access container shell

docker exec -it [container] /bin/bash

Mapear folders

docker exec -v [host_folder]:[container_folder] [container] /bin/bash

Start Containers when Docker Restart




docker inspect [container] | grep -A1 -i restartpolicy
            "RestartPolicy": {
                "Name": "no",





docker update --restart always [container]
docker inspect [container] | grep -A1 -i restartpolicy
            "RestartPolicy": {
                "Name": "always",

Instalar contenedor de Splunk

docker pull splunk/splunk

Levantar contenedor para pruebas
docker run -d --name splunk -p 8000:8000 -e 'SPLUNK_START_ARGS=--accept-license' -e 'SPLUNK_PASSWORD=12345678' splunk/splunk

Levantar contenedor para recibir datos

docker run -d --name splunk -p 8000:8000,9997:9997 -e 'SPLUNK_START_ARGS=--accept-license' -e 'SPLUNK_PASSWORD=12345678' splunk/splunk

Instalar stack Wordpress (Wordpress + MySQL)

version: "3.9"
    
services:
  db:
    image: mysql:5.7
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: somewordpress
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
    
  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    volumes:
      - wordpress_data:/var/www/html
    ports:
      - "8000:80"
    restart: always
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
      WORDPRESS_DB_NAME: wordpress
volumes:
  db_data: {}
  wordpress_data: {}

Shutdown and cleanup

The command docker-compose down removes the containers and default network, but preserves your WordPress database.

The command docker-compose down --volumes removes the containers, default network, and the WordPress database.

Instalar stack Wordpress (Wordpress + MySQL + PHPMyAdmin)

$ docker-compose up -d

# To Tear Down
$ docker-compose down --volumes
$ docker-compose down

















































version: '3'

services:
  # Database
  db:
    image: mysql:5.7
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: password
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
    networks:
      - wpsite
  # phpmyadmin
  phpmyadmin:
    depends_on:
      - db
    image: phpmyadmin/phpmyadmin
    restart: always
    ports:
      - '8080:80'
    environment:
      PMA_HOST: db
      MYSQL_ROOT_PASSWORD: password 
    networks:
      - wpsite
  # Wordpress
  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    ports:
      - '8000:80'
    restart: always
    volumes: ['./:/var/www/html']
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
    networks:
      - wpsite
networks:
  wpsite:
volumes:
  db_data:

Version for MacOSX M1


















































version: '3'

services:
  # Database
  db:
    image: mysql:5.7
    platform: linux/x86_64
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: password
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: wordpress
    networks:
      - wpsite
  # phpmyadmin
  phpmyadmin:
    depends_on:
      - db
    image: phpmyadmin/phpmyadmin
    restart: always
    ports:
      - '8080:80'
    environment:
      PMA_HOST: db
      MYSQL_ROOT_PASSWORD: password 
    networks:
      - wpsite
  # Wordpress
  wordpress:
    depends_on:
      - db
    image: wordpress:latest
    ports:
      - '8000:80'
    restart: always
    volumes: ['./:/var/www/html']
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: wordpress
    networks:
      - wpsite
networks:
  wpsite:
volumes:
  db_data:

Pi-Hole on Docker Swarm

First create macvlan config

docker network create --config-only --subnet 10.10.10.0/24 -o parent=eth0 --ip-range 10.10.10.200/32 pihole_macvlan_config

Active macvlan on Docker Swarm

docker network create -d macvlan --scope swarm --attachable --config-from pihole_macvlan_config pihole_macvlan





























version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "8888:80/tcp"
    environment:
      TZ: 'America/Costa_Rica'
      WEBPASSWORD: 'password'
      DNSMASQ_LISTENING: 'all'
      PIHOLE_UID: '1000'
      PIHOLE_GID: '1000'      
    volumes:
      - '/home/username/backup/pihole/etc-pihole:/etc/pihole'
      - '/home/username/backup/pihole/etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped
    networks: 
      pihole_macvlan:
        ipv4_address: 10.10.10.200
        
networks:
  pihole_macvlan:  
    external: true

https://jpft.win/docker-swarm-macvlan/
https://blog.ivansmirnov.name/set-up-pihole-using-docker-macvlan-network/
https://blog.foureight84.com/swarm-your-pihole/

Smokeping

mkdir -p {smokeping/config,smokeping/data}
















version: "3"
services:
  smokeping:
    image: lscr.io/linuxserver/smokeping:latest
    container_name: smokeping
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Costa_Rica
    volumes:
      - /home/codeskill/backup/smokeping/config:/config
      - /home/codeskill/backup/smokeping/data:/data
    ports:
      - 16000:80
    restart: unless-stopped

Docker Swarm Cluster

On manager node

docker swarm init --advertise-addr 10.10.10.10

On slave node

docker swarm join --token SWMTKN-1-4sf9g772lfl25fz84fc6az1c4pjxps7m6uzdlz8x0gr4sucq7v-botu9fzox9vx2klpazdyh6bgr 10.10.10.10:2377

Install Portainer and Agent on Docker Swarm Cluster

curl -L https://downloads.portainer.io/ce2-15/portainer-agent-stack.yml -o portainer-agent-stack.yml

docker stack deploy -c portainer-agent-stack.yml portainer

Update Docker Swarm service

docker service update --image httpd:latest httpd

References

Last changed by 
Johnny Pan
0
523

Read more

Workshop | Buffer Overflow

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Docker como herramienta de entrenamiento y hacking + Labs<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan (codeskill)<i class="fa fa-user-circle-o" aria-hidden="true"></i> Fabian Quesada (rocketman)<i class="fa fa-clock-o" aria-hidden="true"></i> 2023-11-04

Jul 29, 2024
Workshop | Wi-Fi Hacking Lab

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Wi-Fi Hacking Lab<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan<i class="fa fa-clock-o" aria-hidden="true"></i> 2022-10-08<i class="fa fa-external-link" aria-hidden="true"></i>

Jul 29, 2024
ctf.synk.io

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> ctf.synk.io<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan<i class="fa fa-clock-o" aria-hidden="true"></i> 2021-10-05<i class="fa fa-external-link" aria-hidden="true"></i> https://ctf.snyk.io

Oct 8, 2021
Brixel CTF Winter Edition

<i class="fa fa-user-circle-o" aria-hidden="true"></i> @codeskill<i class="fa fa-clock-o" aria-hidden="true"></i> 2020-12-26<i class="fa fa-external-link" aria-hidden="true"></i> https://ctf.brixel.space/

Jan 12, 2021
Read more from Johnny Pan
Published on HackMD