Apuntes1 Docker
resumen en portada
Indice:
1)
2)
3)
4)
5)
6)
7)
8)
9) https://clients.inceptionhosting.com/index.php?rp=/knowledgebase/33/Docker-extra-options.html
10)
Requisitos: Antes de nada
La version del kernel tiene que ser > 3.8
Compruebalo con uname -a
Alvunas VPS openvz todavia no soportan docker.
Preparativos.
Es posible que necesites tener instalados algunos paquetes antes de instalar docker.
apt-get install apt-transport-https lsb-release ca-certificates software-properties-common curl -y
Tambien necesitarar las fuentes jessie-backports.
echo "deb http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list
apt-get -o Acquire::Check-Valid-Until=false update -y
apt-get -o Acquire::Check-Valid-Until=false upgrade -y
Instalacion (docker.io)
apt-get install -y docker.io
jejo@medion:~$ sudo apt-get -y install docker.io Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ...
Nota: si al ejecutar docker info
da error TLS.
Instala: apt-get install apt-transport-https ca-certificates
Informacion
jejo@medion:~$ sudo docker info Containers: 0 Images: 0 Storage Driver: overlay Backing Filesystem: extfs Execution Driver: native-0.2 Kernel Version: 3.16.0 Operating System: Debian GNU/Linux 8 (jessie) CPUs: 2 Total Memory: 2 GiB
Primer docker “hello word”
sudo docker run hello-world
em50l@jejo.es$ sudo docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from hello-world 65b27d3bd74d: Pull complete 9f5834b25059: Pull complete Digest: sha256:fb158b7ad66f4d58aa66c4455858230cd2eab4cdf29b13e5c3628a6bfc2e9f05 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/
Mostrar imagenes instaladas
jejo@medion:~$ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE cowrie/cowrie latest 38a8f4447afd 7 months ago 386MB alpine latest caf27325b298 7 months ago 5.53MB hello-world latest fce289e99eb9 8 months ago 1.84kB nodered/node-red-docker slim-v8 e86354aed607 8 months ago 115MB
jejo@medion:~$ sudo docker volume ls DRIVER VOLUME NAME local 34a97fd1247c67622359bc31455bce604514a48b273079c6889e298c72442208 local 16138a7e6a6c807d14dce5f3ca6d78283d88ea2795955476d5b79878a417fb77 local 026309ffda5bf1810c789e9bcace112aeeb60de007b9c8b2ddf96013142ebd49
segundo docker honeypot cowrie
jejo@medion:~$ sudo docker run cowrie/cowrie Join the Cowrie community at: http://bit.ly/cowrieslack Using default Python virtual environment "/cowrie/cowrie-env" Starting cowrie: [twistd --umask=0022 --pidfile= -l - cowrie -n]... 2019-09-09T21:36:14+0000 [-] Python Version 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516] 2019-09-09T21:36:14+0000 [-] Twisted Version 18.9.0 2019-09-09T21:36:14+0000 [-] Loaded output engine: jsonlog 2019-09-09T21:36:14+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 18.9.0 (/cowrie/cowrie-env/bin/python3 3.5.3) starting up. 2019-09-09T21:36:14+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor. 2019-09-09T21:36:14+0000 [-] CowrieSSHFactory starting on 2222 2019-09-09T21:36:14+0000 [cowrie.ssh.factory.CowrieSSHFactory#info] Starting factory <cowrie.ssh.factory.CowrieSSHFactory object at 0x7f896ef7bc50> 2019-09-09T21:36:14+0000 [-] Generating new RSA keypair... 2019-09-09T21:36:15+0000 [-] Generating new DSA keypair... 2019-09-09T21:36:15+0000 [-] Ready to accept SSH connections
** Abrir un puerto desde docker al anfitrion**
jejo@medion:~$ sudo docker run -d --name hp -p 2222:2222 cowrie/cowrie 671966588c41bf32ed62a40716e440934b1eec3663a7bf54cfd8b70c5637dabc
jejo@medion:~$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 671966588c41 cowrie/cowrie "cowrie start -n" 8 sec ago Up 7secs 0.0.0.0:2222->2222/tcp, 2223/tcp hp
jejo@medion:~$ ssh pp@localhost -p 2222 debug1: Connecting to localhost [127.0.0.1] port 2222. debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2 debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* compat 0x04000000 debug1: Authenticating to localhost:2222 as 'pp' Password:
Ejecucion en segundo plano
jejo@medion:~$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 671966588c41 cowrie/cowrie "cowrie start -n" 11 min ago Up 11 min 0.0.0.0:2222->2222/tcp, 2223/tcp hp
Parar un contenedor
jejo@medion:~$ sudo docker stop hp hp
jejo@medion:~$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Configurar usuario uso docker
jejo@medion:~$ sudo adduser jejo docker [sudo] contraseña para jejo: Añadiendo al usuario `jejo' al grupo `docker' ... Añadiendo al usuario jejo al grupo docker Hecho.
Listar contenedores
jejo@medion:~$ sudo docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3b79de3577a1 hello-world "/hello" 44 min ago Exited (0) 44 min ago sharp_boyd 60eb1ac44436 alpine "/bin/sh" 8 days ago Exited (0) 8 days ago agitated_shamir 671966588c41 cowrie/cowrie "cowrie start -n" 5 days ago Exited (0) 5 days ago hp 062a1459de56 cowrie/cowrie "cowrie -p 2222:2222" 5 days ago Exited (1) 5 days ago wizardly_ritchie
Informacion de un contenedor
jejo@medion:~$ sudo docker inspect hello-world [ { "Id": "sha256:618e43431df9635eee9cf7224aa92c8d6f74aa36cd3b2359604389ca36e79380", "RepoTags": [ "hello-world:latest" .....
Rearrancar un contenedor.
Si usamos continuamente docker star imagen
Crearemos un monton de contenedores con la misma imagen.
En su lugar es mejor rearrancar contenedores ya creados.
En este caso rearrancaremos un contenedor de alipne
llamado agitated_shamir
jejo@medion:~$ docker start agitated_shamir agitated_shamir
Ejecutar comandos en un contenedor
jejo@medion:~$ docker attach agitated_shamir / #
Borrar contenedores
jejo@medion:~$ sudo docker rm cd1ef8777edd 9134be6419c1 cd1ef8777edd 9134be6419c1
La Red Interna de Docker
Docker crea una red interna para comunicar la maquina principal (anfitrion) con los conetnedores.
jejo@medion:~$ ip a |grep global inet 192.168.43.124/24 brd 192.168.43.255 scope global dynamic noprefixroute wlo2 inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
Como se ve la red de docker es la 172.17.0.1/16
.
Si hago un nmap. vere las ips de los contenedores arrancados.
jejo@medion:~$ nmap -sn 172.17.0.1/24 Starting Nmap 7.60 ( https://nmap.org ) at 2019-09-25 23:41 CEST Nmap scan report for 172.17.0.1 Host is up (0.00067s latency). Nmap scan report for 172.17.0.2 Host is up (0.00051s latency). Nmap scan report for 172.17.0.3 Host is up (0.00039s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 2.88 seconds
Apendice docker CE en debian
https://docs.docker.com/v17.09/engine/installation/linux/docker-ce/debian/#install-docker-ce-1
Apendice Docker en Raspberry pi
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
echo 'deb [arch=armhf] https://download.docker.com/linux/debian buster stable' > /etc/apt/sources.list.d/docker.list
sudo apt-get remove docker docker-engine docker.io containerd runc
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
apt-get install docker-ce
docker run hello-world
Y para bustar contenedores https://hub.docker.com/search?q=raspberry&type=image&sort=updated_at&order=desc
Apendice Posibles Fallos
root@ld:~# docker info FATA[0000] Get http:///var/run/docker.sock/v1.18/info: dial unix /var/run/docker.sock: no such file or directory. Are you trying to connect to a TLS-enabled daemon without TLS?
root@ld:~# docker -d INFO[0000] +job init_networkdriver() INFO[0000] +job serveapi(unix:///var/run/docker.sock) INFO[0000] Listening for HTTP on unix (/var/run/docker.sock) Unable to enable network bridge NAT: iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.42.1/16 ! -o docker0 -j MASQUERADE: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. (exit status 3) INFO[0000] -job init_networkdriver() = ERR (1) FATA[0000] Shutting down daemon due to errors: (exit status 3)
!!!Falla iptables!!!
root@ld:~# iptables --wait -t nat -I POSTROUTING -s 172.17.42.1/16 ! -o docker0 -j MASQUERADE iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
iptables -L -t nat
https://clients.inceptionhosting.com/knowledgebase.php?action=displayarticle&id=36
When I execute
iptables -L -t nat
in new vps. (for example in New UK-LONDON-256MB-NAT)
I return the error:
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
https://stackoverflow.com/questions/27528337/am-i-trying-to-connect-to-a-tls-enabled-daemon-without-tls https://stackoverflow.com/questions/21983554/iptables-v1-4-14-cant-initialize-iptables-table-nat-table-does-not-exist-d https://clients.inceptionhosting.com/index.php?rp=/knowledgebase/33/Docker-extra-options.html
Apendice Webgoat en docker
http://blog.michalszalkowski.com/other/webgoat-and-docker/
Referencias
https://docs.docker.com/get-started/ http://containertutorials.com/ http://containertutorials.com/get_started/index.html https://www.juanluramirez.com/primeros-pasos-docker/
https://www.ionos.mx/digitalguide/servidores/configuracion/tutorial-docker-instalacion-y-primeros-pasos/ https://guiadev.com/introduccion-a-docker/ https://guiadev.com/introduccion-a-docker-parte-2/
RaspBerryPi https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe https://blog.hypriot.com/getting-started-with-docker-on-your-arm-device/ https://github.com/raspberrypi/documentation/blob/master/hardware/raspberrypi/bootmodes/msd.md https://www.balena.io/blog/docker-on-raspberry-pi/