Build The Next Generation of Cybersecurity Training and Academic Study
Build The Next Generation of Cybersecurity Training and Academic Study
Goodbye to PowerShell, VMWare Cloning and Manual Configuration, and say Hello to Docker, Cassandra, Python and GitHub.
We spent many years building our VMWare ESXi infrastructure (vSoC). Over the years, we kept pushing for investment, and it is now running for 1000s of students. It currently runs for a wide range of modules for our campus and remote students, and includes firewalls, servers (Ubuntu, Kali, Windows 2000, 2003, 2008, etc), hosts (Windows XP, Windows 7, etc) and lots of different networks.
For us, we wanted to create environments which used real-life systems and supported real-life tools. Students have their own environment for every module, and academics can craft their own environment, and then replicate it. We now use it for network security, cryptography, digital forensics, pen testing, Cloud systems, and a wide range of modules.
But now we are stepping up to another level, and aim to build the whole lot using the current state-of-the-art. This will be built with Docker, and scripted from GitHub. We thus aim to script everything about the environment, including username, passwords, server configurations, and so on, and then run this through GitHub.
Why Docker?
The world is moving to a virtualised infrastructure, and towards running our applications within the Cloud. This moves our “thick clients” towards running applications on Cloud-based servers. Our applications have a number of features:
- Thick clients. This is where the application is installed with all the necessary libraries and binaries that it needs to run, and then runs fully on the host.
- Service-oriented. This is where applications bind to network services for their additional code, and thus do not need to be installed for the additional binary code to allow them to run. These services can either be bound at run-time or can be discovered from the network.
- Virtualised applications. This is where applications run within a virtualized environment, either on the host machine or on a server.
- Cloud-based. This is where applications run on Cloud-based servers. The application is then run within a Cloud-based infrastructure.
Our old architecture involves running large-scale apps within operating systems, which consume large amounts of CPU and memory. Docker, though, changed this approach and creates highly optimized Docker container, where applications could be created and deployed in seconds. So with VMware looking to move up the network stack towards applications, we see the release of VMware Photon, which replicates the approach of Docker.
So with VMware looking to move up the network stack towards applications, we see the release of VMware Photon, which replicates the approach of Docker.
Docker
The core of Docker is CoreOS which provides a scaleable computation infrastructure, where the Web infrastructure can grow in a dynamic manner. It includes high-level service which are all contained and packaged into a container, which can be run on one or more CoreOS machines. The containers do not require a Linux kernel or hypervisor to run them, which means there is no performance overhead as the run. This means that fewer machines are required to run the services.
Unlike applications, Docker containers can be easily created and destroyed without any data loss, and any that are damaged can be destroyed and another redeployed. Docker images are basically stateless servers that just run applications and do not require an operating system or hypervisor to exist. The ports that docker uses are defined by the system administrator when configured.
Currently, CoreOS runs on Amazon EC2, VMware and OpenStack, and a Linux container engine — named Docker — as the place where applications run. We aim to evaluate CoreOS and Photon, and find out the best infrastructure in scaling out our cybersecurity infrastructure.
Photon
VMware Photon is competitor to CoreOS, but has the advantage of exposing VMware’s APIs to developers. It is also free and the code can be forked, if required.
The install for Docker on VMware Photon is fairly simple:
- Download the Photon OS image from GitHub.
- Create a virtual machine with Other Linux 3.x 64 Bit Kernel and 8 GB disk and 1.5 GB RAM.
- Attach ISO to VMware Fusion (or equivalent), and install.
Once setup, Docker is started at boot time. In the following we setup ssh to be able to connect to Photon, and then configure some containers:
Some of the commands used are:
~$ ssh [email protected]
Password:
Last login: Sat Jan 16 21:58:30 2016 from 172.16.121.1
root [ ~ ]# systemctl enable docker
root [ ~ ]# systemctl start docker
root [ ~ ]# docker version
Client:
Version: 1.8.1
API version: 1.20
Go version: go1.4.2
Git commit: d12ea79
Built: Thu Aug 13 02:49:29 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.8.1
API version: 1.20
Go version: go1.4.2
Git commit: d12ea79
Built: Thu Aug 13 02:49:29 UTC 2015
OS/Arch: linux/amd64
root [ ~ ]# nano /etc/ssh/sshd_config
root [ ~ ]# docker pull vmwarecna/nginx
Using default tag: latest
latest: Pulling from vmwarecna/nginx
511136ea3c5a: Already exists
e977d53b9210: Already exists
c9fa20ecce88: Already exists
184d60f5cc4f: Already exists
96d31e36bd8a: Already exists
fd2224b9a216: Already exists
7f3a2bd1e995: Already exists
4c4851e85e94: Already exists
560d74bc7ae1: Already exists
07f0aa77ae76: Already exists
126105e511b8: Already exists
775024331ffa: Already exists
db26ae25be15: Already exists
6d36a12c92d5: Already exists
Digest: sha256:f73bbae0f31823c06478b1fa5efb4957bc25239802fd5ea94e4442c0a6090d23
Status: Image is up to date for vmwarecna/nginx:latest
root [ ~ ]# docker run -d -p 80:80 vmwarecna/nginx
d0d057f3d94079163cce858a1121149959b51aff3ca83a14bad447e2f8a0fd5c
root [ ~ ]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b6755f21c222 vmwarecna/nginx "nginx -g 'daemon off" 2 hours ago Up 2 hours 0.0.0.0:80->80/tcp, 443/tcp compassionate_hopper
root [ ~ ]# docker kill b6755f21c222
b6755f21c222
root [ ~ ]# docker run -d -p 80:80 vmwarecna/nginx
6fdb3eef28638fd0659cbb2d10ceaf48bfd0ff6b65c3b64ca70f027b631d3c36
root [ ~ ]# docker pull docker/whalesay
Using default tag: latest
latest: Pulling from docker/whalesay
e9e06b06e14c: Already exists
a82efea989f9: Already exists
37bea4ee0c81: Already exists
07f8e8c5e660: Already exists
676c4a1897e6: Already exists
5b74edbcaa5b: Already exists
1722f41ddcb5: Already exists
99da72cfe067: Already exists
5d5bd9951e26: Already exists
fb434121fc77: Already exists
Digest: sha256:178598e51a26abbc958b8a2e48825c90bc22e641de3d31e18aaf55f3258ba93b
Status: Image is up to date for docker/whalesay:latest
root [ ~ ]# docker run docker/whalesay cowsay boo1
______
< boo1 >
------
\
\
\
## .
## ## ## ==
## ## ## ## ===
/""""""""""""""""___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\______/
root [ ~ ]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
bill/hello latest 7e15628c6f51 4 hours ago 187.9 MB
bill/minecraft latest e32bddb527d5 6 hours ago 324.8 MB
ubuntu 14.04 af88597ec24b 12 days ago 187.9 MB
ubuntu latest af88597ec24b 12 days ago 187.9 MB
docker/whalesay latest fb434121fc77 7 months ago 247 MB
vmwarecna/nginx latest 6d36a12c92d5 9 months ago 93.48 MB
root [ ~ ]# docker search docker.io
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
wnameless/mysql-phpmyadmin MySQL + phpMyAdmin https://index.docker.io... 25 [OK]
dscho/docker-desktop A full desktop accessible via Xpra (http:/... 5 [OK]
wnameless/cas-mysql CAS single sign-on server + MySQL https://... 5 [OK]
chilijung/docker-opencv This is a fork from https://index.docker.i... 4 [OK]
wnameless/postgresql-phppgadmin postgresql + phpPgAdmin https://index.dock... 4 [OK]
lukasz/docker-puppet-openssl-nginx This image is derived from https://index.d... 1 [OK]
tianon/dind curl https://get.docker.io/ | sh 1 [OK]
dockerimages/ubuntu-apt-cache UBUNTU base image even with docker.io/ubun... 1 [OK]
steeef/sensu-centos Sensu server on CentOS 6.x Forked from htt... 1 [OK]
wnameless/tomcat7 Tomcat7 + Java7 + tomcat-manager https://i... 1 [OK]
venki306/docker.io 0
gkchinna/docker.io 0
gzlock/php-with-mongodb docker.io/php:5.6.12-fpm with mongodb exte... 0 [OK]
wnameless/tomcat6 Tomcat6 + Java6 + tomcat-manager https://i... 0 [OK]
udzura/munin-master fork of https://index.docker.io/u/arcus/mu... 0 [OK]
Installing Wordpress into Docker
First we pull the latest version of Wordpress and MySQL for containers:
root [ ~ ]# docker pull wordpress:latest
root [ ~ ]# docker pull mysql:latest
root [ ~ ]# docker run --name mysqlwpbill -e MYSQL_ROOT_PASSWORD=dockerRootMySQL \
-e MYSQL_DATABASE=wordpress \
-e MYSQL_USER=wordpress \
-e MYSQL_PASSWORD=wordpresspwd \
-d mysql
e4949e6fb0382dad25cc9112983d464688c4666433f67b367fb66bfd7e1e0dd0
Next we can run Wordpress with the MySql container on access it on port 8090:
root [ ~ ]# docker run --name wordpressbill --link mysqlwpbill:mysql -p 172.16.121.246:8090:80 \
-e WORDPRESS_DB_NAME=wordpress \
-e WORDPRESS_DB_USER=wordpress \
-e WORDPRESS_DB_PASSWORD=wordpresspwd \
-d wordpress
e7472c064f13ac25e58ad80acca789eb8f455be41b31f008c3f3d89b307d17ed
We can then navigate to http://172.16.121.246:8090 to get:
If we examine the running containers we get:
root [ ~ ]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7472c064f13 wordpress "/entrypoint.sh apach" About a minute ago Up About minute 172.16.121.246:8090->80/tcp wordpressbill
e4949e6fb038 mysql "/entrypoint.sh mysql" 4 minutes ago Up 4 minutes 3306/tcp mysqlwpbill
We can look at the images we have:
root [ ~ ]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
wordpress latest be1b51191d97 5 days ago 516.1 MB
docker latest d4a95b4b249b 9 days ago 36.9 MB
mysql latest daf7dc2e61dc 9 days ago 360.3 MB
ubuntu 14.04 af88597ec24b 12 days ago 187.9 MB
ubuntu latest af88597ec24b 12 days ago 187.9 MB
docker/whalesay latest fb434121fc77 7 months ago 247 MB
vmwarecna/nginx latest 6d36a12c92d5 9 months ago 93.48 MB
A useful command to get rid of the containers:
docker rm `docker ps -a -q`
The demo of installing Wordpress is here:
Installing Kali as a container
We can download and run Linux Kali as a container:
root [ ~ ]# docker pull kalilinux/kali-linux-docker
Using default tag: latest
latest: Pulling from kalilinux/kali-linux-docker
e1bfb89993bf: Pull complete
b4be4f2256bf: Pull complete
93d580d5b6d4: Pull complete
799ca175e184: Pull complete
599d44c109d4: Pull complete
d97a4e8cedc9: Pull complete
35e347722e9f: Pull complete
8c9a4099d037: Pull complete
Digest: sha256:28512afdf8d45574d9ab0670ae92a1f2532a9c64ec2e664e96c870f8b981f4ca
Status: Downloaded newer image for kalilinux/kali-linux-docker:latest
root [ ~ ]# docker run -t -i kalilinux/kali-linux-docker /bin/bash
root@5f683c35a62c:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@5f683c35a62c:/# exit
Conclusion
Imagine as an academic that you can simply define your whole lab within a GitHub, and then with the press of a button create it for 100s (or 1000s) for students. You can then collapse and update it, and roll-out again. I’m setting things up, and will have lots of demo in the next few months, so we’ll setup a workshop in the next few months to gain feedback in what we have built.
If you are interested in collaborating, why not come and join us in building the next generation of cyber security training and academic study. While PowerShell has been useful in VMWare ESXi, it is not a patch on running the infrastructure around Docker.