--- tags: 'docker' --- Docker Notes === <i class="fa fa-file-pdf-o" aria-hidden="true"></i> **Docker Notes** <i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan (codeskill) <i class="fa fa-clock-o" aria-hidden="true"></i> 2020-09-08 [TOC] ## Alpine Linux ### Download https://www.alpinelinux.org/downloads/ ![](https://i.imgur.com/ZUPDANC.png) ### Installation `setup-alpine` + keyboard layout `us` + hostname: `docker` + Interface `eth0` + IP address `dhcp` + Network config `n` + Root password `34sy_p@ssw0d` + Timezone `America/Costa_Rica` + Proxy `none` + Mirror `f` + SSH server `openssh` + Disk `vda` + Use `sys` + Erase disk `y` + Reboot ### Install Docker Install `nano` editor. ```bash! apk add nano ``` The Docker package is in the **Community** repository. ```bash! nano /etc/apk/repositories ``` Uncomment the **Community** repository. ```bash! #/media/cdrom/apks http://dl-cdn.alpinelinux.org/alpine/v3.14/main http://dl-cdn.alpinelinux.org/alpine/v3.14/community #http://dl-cdn.alpinelinux.org/alpine/edge/main #http://dl-cdn.alpinelinux.org/alpine/edge/community #http://dl-cdn.alpinelinux.org/alpine/edge/testing ``` Install `docker` and `docker-compose`. ```bash! apk add docker docker-compose ``` Connecting to the Docker daemon through its socket requires you to add yourself to the `docker` group. ```bash! addgroup username docker ``` To start the Docker daemon at boot. ```bash! rc-update add docker boot service docker start ``` ## Portainer ### Install Portainer First, create the volume that Portainer Server will use to store its database: ```bash! docker volume create portainer_data ``` Then, download and install the Portainer Server container: ```bash! docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest ``` ### Upgrade Portainer `nano upgrade_portainer.sh` ```bash! docker stop portainer docker rm portainer docker pull portainer/portainer-ce:latest docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest ``` ## Docker CLI Search Image ```shell docker search [image] ``` Download Image ```shell docker pull [image] ``` Show active containers ```shell docker ps ``` Show all containers ```bash! docker ps -a ``` Stop container ```shell docker stop [container_id] ``` Remove container ```shell docker rm [container_id] ``` Access container shell ```shell docker exec -it [container] /bin/bash ``` Mapear folders ```shell docker exec -v [host_folder]:[container_folder] [container] /bin/bash ``` Instalar contenedor de Splunk ```shell docker pull splunk/splunk Levantar contenedor para pruebas docker run -d --name splunk -p 8000:8000 -e 'SPLUNK_START_ARGS=--accept-license' -e 'SPLUNK_PASSWORD=12345678' splunk/splunk ``` Levantar contenedor para recibir datos ``` docker run -d --name splunk -p 8000:8000,9997:9997 -e 'SPLUNK_START_ARGS=--accept-license' -e 'SPLUNK_PASSWORD=12345678' splunk/splunk ``` Instalar stack Wordpress (Wordpress + MySQL) ``` version: "3.9" services: db: image: mysql:5.7 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: somewordpress MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress wordpress: depends_on: - db image: wordpress:latest volumes: - wordpress_data:/var/www/html ports: - "8000:80" restart: always environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress WORDPRESS_DB_NAME: wordpress volumes: db_data: {} wordpress_data: {} ``` ### Shutdown and cleanup The command `docker-compose down` removes the containers and default network, but preserves your WordPress database. The command `docker-compose down --volumes` removes the containers, default network, and the WordPress database. Instalar stack Wordpress (Wordpress + MySQL + PHPMyAdmin) ``` $ docker-compose up -d # To Tear Down $ docker-compose down --volumes $ docker-compose down ``` ```yaml= version: '3' services: # Database db: image: mysql:5.7 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: password MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress networks: - wpsite # phpmyadmin phpmyadmin: depends_on: - db image: phpmyadmin/phpmyadmin restart: always ports: - '8080:80' environment: PMA_HOST: db MYSQL_ROOT_PASSWORD: password networks: - wpsite # Wordpress wordpress: depends_on: - db image: wordpress:latest ports: - '8000:80' restart: always volumes: ['./:/var/www/html'] environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress networks: - wpsite networks: wpsite: volumes: db_data: ``` Version for MacOSX M1 ```yaml= version: '3' services: # Database db: image: mysql:5.7 platform: linux/x86_64 volumes: - db_data:/var/lib/mysql restart: always environment: MYSQL_ROOT_PASSWORD: password MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress networks: - wpsite # phpmyadmin phpmyadmin: depends_on: - db image: phpmyadmin/phpmyadmin restart: always ports: - '8080:80' environment: PMA_HOST: db MYSQL_ROOT_PASSWORD: password networks: - wpsite # Wordpress wordpress: depends_on: - db image: wordpress:latest ports: - '8000:80' restart: always volumes: ['./:/var/www/html'] environment: WORDPRESS_DB_HOST: db:3306 WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress networks: - wpsite networks: wpsite: volumes: db_data: ``` **Pi-Hole on Docker Swarm** First create macvlan config ``` docker network create --config-only --subnet 10.10.10.0/24 -o parent=eth0 --ip-range 10.10.10.200/32 pihole_macvlan_config ``` Active macvlan on Docker Swarm ``` docker network create -d macvlan --scope swarm --attachable --config-from pihole_macvlan_config pihole_macvlan ``` ```yaml= version: "3" # More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/ services: pihole: container_name: pihole image: pihole/pihole:latest ports: - "53:53/tcp" - "53:53/udp" - "8888:80/tcp" environment: TZ: 'America/Costa_Rica' WEBPASSWORD: 'password' DNSMASQ_LISTENING: 'all' PIHOLE_UID: '1000' PIHOLE_GID: '1000' volumes: - '/home/username/backup/pihole/etc-pihole:/etc/pihole' - '/home/username/backup/pihole/etc-dnsmasq.d:/etc/dnsmasq.d' restart: unless-stopped networks: pihole_macvlan: ipv4_address: 10.10.10.200 networks: pihole_macvlan: external: true ``` https://jpft.win/docker-swarm-macvlan/ https://blog.ivansmirnov.name/set-up-pihole-using-docker-macvlan-network/ https://blog.foureight84.com/swarm-your-pihole/ **Smokeping** mkdir -p {smokeping/config,smokeping/data} ```yaml= version: "3" services: smokeping: image: lscr.io/linuxserver/smokeping:latest container_name: smokeping environment: - PUID=1000 - PGID=1000 - TZ=America/Costa_Rica volumes: - /home/codeskill/backup/smokeping/config:/config - /home/codeskill/backup/smokeping/data:/data ports: - 16000:80 restart: unless-stopped ``` ## Docker Swarm Cluster On manager node ``` docker swarm init --advertise-addr 10.10.10.10 ``` On slave node ``` docker swarm join --token SWMTKN-1-4sf9g772lfl25fz84fc6az1c4pjxps7m6uzdlz8x0gr4sucq7v-botu9fzox9vx2klpazdyh6bgr 10.10.10.10:2377 ``` Install Portainer and Agent on Docker Swarm Cluster ``` curl -L https://downloads.portainer.io/ce2-15/portainer-agent-stack.yml -o portainer-agent-stack.yml ``` ``` docker stack deploy -c portainer-agent-stack.yml portainer ``` Update Docker Swarm service ``` docker service update --image httpd:latest httpd ``` ### References + https://wiki.alpinelinux.org/wiki/Docker + https://techoverflow.net/2021/05/07/how-to-install-docker-docker-compose-on-alpine-linux/ + https://docs.portainer.io/start/install/server/docker/linux + https://gist.github.com/bradtraversy/faa8de544c62eef3f31de406982f1d42 + https://docs.docker.com/samples/wordpress/
Last changed by  
Johnny Pan
377

Read more

Buffer Overflow Workshop

<i class="fa fa-file-pdf-o" aria-hidden="true"></i> Docker como herramienta de entrenamiento y hacking + Labs<i class="fa fa-user-circle-o" aria-hidden="true"></i> Johnny Pan (codeskill)<i class="fa fa-user-circle-o" aria-hidden="true"></i> Fabian Quesada (rocketman)<i class="fa fa-clock-o" aria-hidden="true"></i> 2023-11-04

11/29/2023
Wi-Fi Hacking Lab

Wi-Fi Hacking Lab Johnny Pan 2022-10-08 :::info This lab was created for educational purposes and thinking to improve and to audit the security of the following wireless networks: Wired equivalent privacy (WEP) Wi-Fi Protected Access (WPA) Wi-Fi Protected Access v2 (WPA2)

10/14/2022
ctf.synk.io

ctf.synk.io Johnny Pan 2021-10-05 https://ctf.snyk.io [TOC] magician Analizamos que tipo de hash es

10/8/2021
Brixel CTF Winter Edition

:::info @codeskill 2020-12-26 https://ctf.brixel.space/ ::: [TOC] Programming Are you fast enough?

1/12/2021
Read more from Johnny Pan
Published on HackMD