0%

记录-Centos7 Docker部署漏洞环境

Posted on 2019-02-27 Edited on 2024-04-19 In Dev Views:
Symbols count in article: 4.1k Reading time ≈ 4 mins.

docker安装:

查询可用版本

[root@localhost ~]# yum list docker-ce --showduplicates | sort -r
已加载插件：fastestmirror, langpacks
可安装的软件包
Loading mirror speeds from cached hostfile
docker-ce.x86_64            3:18.09.2-3.el7                     docker-ce-stable
docker-ce.x86_64            3:18.09.1-3.el7                     docker-ce-stable
docker-ce.x86_64            3:18.09.0-3.el7                     docker-ce-stable
docker-ce.x86_64            18.06.3.ce-3.el7                    docker-ce-stable
docker-ce.x86_64            18.06.2.ce-3.el7                    docker-ce-stable
docker-ce.x86_64            18.06.1.ce-3.el7                    docker-ce-stable
docker-ce.x86_64            18.06.0.ce-3.el7                    docker-ce-stable
docker-ce.x86_64            18.03.1.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            18.03.0.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.12.1.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.12.0.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.09.1.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.09.0.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.06.2.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.06.1.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.06.0.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.03.3.ce-1.el7                    docker-ce-stable
docker-ce.x86_64            17.03.2.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.03.1.ce-1.el7.centos             docker-ce-stable
docker-ce.x86_64            17.03.0.ce-1.el7.centos             docker-ce-stable

如果使用yum install docker-ce 下载下来的docker版本是很有可能是第一个3:18.09.2-3.el7,运行的时候会报错,要指定centos的版本下载才能正常运行.

安装指定版本

1	[root@localhost ~]# yum install docker-ce-18.03.1.ce-1.el7.centos

启动docker

1	[root@localhost ~]# systemctl start docker

测试安装结果

[root@localhost ~]# docker run hello-world                       

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

无报错,则正常

漏洞环境下载:

Pre-Built Vulnerable Environments Based on Docker-Compose

根据readme 安装

开机自启:

docker 服务开机自启

1 2	[root@localhost ~]# systemctl enable docker.service Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

漏洞环境容器的开机自启

1 2	# 拉取镜像到本地 [root@localhost ~]# docker pull medicean/vulapps:s_struts2_s2-032

1
2
3

# 启动环境
[root@localhost ~]# docker run -d -p 80:8080 medicean/vulapps:s_struts2_s2-032
6aa16caac712adcc0f5410dbed2aaa14a303ede2378311f0c2222b1901bcef25

# 查看CONTAINER ID 
[root@localhost ~]# docker ps
CONTAINER ID        IMAGE                               COMMAND                  CREATED             STATUS              PORTS                            NAMES
6aa16caac712        medicean/vulapps:s_struts2_s2-032   "/usr/local/tomcat/b…"   22 seconds ago      Up 21 seconds       0.0.0.0:80->8080/tcp             keen_carson
ee8ea1d1acdd        medicean/vulapps:r_redis_1          "/start.sh"              30 minutes ago      Up 4 minutes        22/tcp, 0.0.0.0:6379->6379/tcp   redisvul

1
2
3

# 参数always:始终重启,更新设为开机自启
[root@localhost ~]# docker update --restart=always 6aa16caac712
6aa16caac712

重启机子,后允许docker ps 查看是否自启成功

其他常用命令:

删除容器:

# 查看所有container
root@Linx:~/apache# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                       PORTS               NAMES
e6318265a202        httpd:centos        "/run.sh"           5 minutes ago       Exited (127) 5 minutes ago                       httpd1              
eaf9ee72f448        httpd:centos        "/run.sh"           6 minutes ago                                                        httpd

1
2
3

# "docker rm 容器id"来删除一个终止状态的容器；若要删除一个运行中的容器，需要加-f参数。
root@Linx:~/apache# docker rm e6318265a202
e6318265a202

删除镜像:

# 查看已有的docker镜像
[root@localhost ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              latest              47b19964fb50        3 weeks ago         88.1MB
hello-world         latest              fce289e99eb9        8 weeks ago         1.84kB
centos              latest              1e1148e4cc2c        2 months ago        202MB
medicean/vulapps    s_struts2_s2-048    14cac47d977d        19 months ago       348MB

1 2	# 删除images，通过image的id来指定删除谁 docker rmi <image id>

others:

这样就可以使用一台机子来专门安装漏洞环境,方便poc测试、调试。

refs: