ubuntu

Managing Docker on Ubuntu 15.04 Vivid

There were some big changes introduced on Ubuntu 15.04. Systemd is now the default system manager tool instead of UpStart like in previous Ubuntu releases.
There is a good comparison in the Ubuntu wiki.

So how does that affect Docker?

  1. Configuring Docker
  2. Accessing Logs
  3. Managing the service

Configuring Docker

With UpStart the file /etc/default/docker had to be modified to configure settings for the docker demon. Now with Systemd the file /lib/systemd/system/docker.service needs to be modified instead.

Example
/lib/systemd/system/docker.service

[Unit]
Description=Docker Application Container Engine  
Documentation=https://docs.docker.com  
After=network.target docker.socket  
Requires=docker.socket

[Service]
Type=notify  
ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --bip=172.17.0.1/16 --dns=172.17.0.1  
MountFlags=slave  
LimitNOFILE=1048576  
LimitNPROC=1048576  
LimitCORE=infinity

[Install]
WantedBy=multi-user.target  

To enable the remote API just modify the ExecStart attribute under the service category to ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock

Just as a note you might also find the file /etc/systemd/system/multi-user.target.wants/docker.service However, it gets overwritten with the settings in the /lib/systemd/system/docker.service

Note: Make sure you reload the service daemon so the changes can take effect: systemctl daemon-reload

Accessing Logs

With UpStart all the Docker daemon logs were stored at /var/log/upstart/docker.log
Now with Sytemd you need to use journalctl

  • To dump all the logs: journalctl -u docker.service
  • To follow the logs: journalctl -u docker.service -f

Managing the service

With UpStart to manage the Docker service the service tool would allow to get the status, start, stop and restart Docker. To enable Docker to start on boot the update-rc.d tool would manage its settings.

Now with Systemd we need to use the systemctl tools instead

  • Get status of the Docker service: systemctl status docker
  • Enable Docker service to start on boot: systemctl enable docker

Installing Build Essentials on CentOS 7 and Ubuntu 14.03

Installing build essentials on Ubuntu
apt-get install -y build-essential  

Which will install the following packages:

  • The following extra packages will be installed:
    • binutils cpp cpp-4.8 dpkg-dev fakeroot g++ g++-4.8 gcc gcc-4.8
    • libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl
    • libasan0 libatomic1 libc-dev-bin libc6-dev libcloog-isl4 libdpkg-perl
    • libfakeroot libfile-fcntllock-perl libgcc-4.8-dev libgmp10 libgomp1 libisl10
    • libitm1 libmpc3 libmpfr4 libquadmath0 libstdc++-4.8-dev libtimedate-perl
    • libtsan0 linux-libc-dev make manpages manpages-dev patch xz-utils
  • Suggested packages:
    • binutils-doc cpp-doc gcc-4.8-locales debian-keyring g++-multilib
    • g++-4.8-multilib gcc-4.8-doc libstdc++6-4.8-dbg gcc-multilib autoconf
    • automake1.9 libtool flex bison gdb gcc-doc gcc-4.8-multilib libgcc1-dbg
    • libgomp1-dbg libitm1-dbg libatomic1-dbg libasan0-dbg libtsan0-dbg
    • libquadmath0-dbg glibc-doc libstdc++-4.8-doc make-doc man-browser ed
    • diffutils-doc
  • The following NEW packages will be installed:
    • binutils build-essential cpp cpp-4.8 dpkg-dev fakeroot g++ g++-4.8 gcc
    • gcc-4.8 libalgorithm-diff-perl libalgorithm-diff-xs-perl
    • libalgorithm-merge-perl libasan0 libatomic1 libc-dev-bin libc6-dev
    • libcloog-isl4 libdpkg-perl libfakeroot libfile-fcntllock-perl libgcc-4.8-dev
    • libgmp10 libgomp1 libisl10 libitm1 libmpc3 libmpfr4 libquadmath0
    • libstdc++-4.8-dev libtimedate-perl libtsan0 linux-libc-dev make manpages
    • manpages-dev patch xz-utils
Installing build essentials on CentOS
yum groupinstall "Development Tools"  
  • Installing for group install "Development Tools":
    • autoconf
    • automake
    • bison
    • byacc
    • cscope
    • ctags
    • diffstat
    • doxygen
    • elfutils
    • flex
    • gcc
    • gcc-c++
    • gcc-gfortran
    • gettext
    • git
    • indent
    • intltool
    • libtool
    • make
    • patch
    • patchutils
    • rcs
    • redhat-rpm-config
    • rpm-build
    • rpm-sign
    • subversion
    • swig
    • systemtap
  • Installing for dependencies:
    • apr
    • apr-util
    • avahi-libs
    • boost-system
    • boost-thread
    • bzip2
    • cpp
    • dwz
    • dyninst
    • emacs-filesystem
    • fipscheck
    • fipscheck-lib
    • gdb
    • gettext-common-devel
    • gettext-devel
    • gettext-libs
    • glibc-devel
    • glibc-headers
    • gnutls
    • kernel-devel
    • kernel-headers
    • libdwarf
    • libedit
    • libgfortran
    • libgnome-keyring
    • libmodman
    • libmpc
    • libproxy
    • libquadmath
    • libquadmath-devel
    • libstdc++-devel
    • m4
    • mokutil
    • mpfr
    • neon
    • nettle
    • openssh
    • openssh-clients
    • pakchois
    • perl
    • perl-Carp
    • perl-Data-Dumper
    • perl-Encode
    • perl-Error
    • perl-Exporter
    • perl-File-Path
    • perl-File-Temp
    • perl-Filter
    • perl-Getopt-Long
    • perl-Git
    • perl-HTTP-Tiny
    • perl-PathTools
    • perl-Pod-Escapes
    • perl-Pod-Perldoc
    • perl-Pod-Simple
    • perl-Pod-Usage
    • perl-Scalar-List-Utils
    • perl-Socket
    • perl-Storable
    • perl-TermReadKey
    • perl-Test-Harness
    • perl-Text-ParseWords
    • perl-Thread-Queue
    • perl-Time-HiRes
    • perl-Time-Local
    • perl-XML-Parser
    • perl-constant
    • perl-libs
    • perl-macros
    • perl-parent
    • perl-podlators
    • perl-srpm-macros
    • perl-threads
    • perl-threads-shared
    • rsync
    • subversion-libs
    • systemtap-client
    • systemtap-devel
    • systemtap-runtime
    • trousers
    • unzip
    • zip
    • base

The minimal build essentials installation on CentOS:

yum install -y gcc g++ kernel-devel  

Diving into Metasploit - Configuring local environment

This semester I have a great excuse to learn the Metasploit framework since it is a required topic for the course on Penetration Testing I’m taking at Seneca.

I want to document the steps of being introduced to metasploit from a software developer’s point of view.
I've never used metasploit before and the goal by the end of the semester if to be fairly fluent with the framework.

To get started I want to cover the environment installation.

1. Choosing virtualization tool

My dev machine is a mac, I’m running Mavericks.
There are a few options to virtualize an OS on a mac.
You could use Paralles, VMWare or VirtualBox. There is also the possibility of running containers but that’s the topic of another post.
So between the main three virtualization tools, hands down VirtualBox is the best  if you plan to run linux OS. It comes with pointer integration and drag and drop out of the box while Paralles and VMWare don’t. Also we can’t forget the fact that VirtualBox is free which makes even easier to get started with.

VirtualBox website

2. Planning network architecture

Once I had the tools in place to virtualize my environment it was time to plan out the network configuration.
I’m sticking with a very basic setup:
network: 10.10.0.0/24
static pool: 10.10.0.1-100
dhcp pool: 10.10.0.101-254
domain: dpi902.shogun
hosts: {osName}{number}

To create a network on VirtualBox is very simple, only a few steps required:
Screen Shot 2014-01-28 at 9.39.31 PM

Screen Shot 2014-01-28 at 9.39.27 PM

Screen Shot 2014-01-28 at 9.39.19 PM

To get more information on the network types supported by VirtualBox check out their manual:https://www.virtualbox.org/manual/ch06.html

3. Configure Interfaces

With the host-only network created, the next step is to configure the network interfaces of the VMs you’ll be using. I’m starting with Kali and Metasploitable-2

I like to set up as the eth0 the host-only network I’ll be configuring the static IPs.
eth2 I leave for the bridge interface where I’ll get internet connection whenever needed.
Screen Shot 2014-01-28 at 9.44.14 PM

Screen Shot 2014-01-28 at 9.44.08 PM
Since Kali and Metasploitable are debian base we can set static ips the same way we do it on ubuntu:

vim /etc/network/interfaces

 
 $: vim /etc/network/interfaces

 auto eth0  
 iface eth0 inet static  
 address 10.10.0.22  
 gateway 10.10.0.1  
 brodcast 10.10.0.255  
 netmask 255.255.255.0

auto eth1  
 iface eth1 inet dhcp

post-up route add default gw 10.0.0.1 metric 2  
 pre-down route del default gw 10.0.0.1  

A couple of things to note:

  1. By simply adding a virtual interface to VirtualBox doesn’t mean that it will be brought up by default by the network service, it needs to be brought up manually or configure in the interfaces file.
  2. I guess since I’m bridging eth1 the default gateway being used is from eth0, which doesn’t have internet connection. To circumvent the problem I just set the default gateway manually when the network service gets started. One issue I foresee with this is when I use a network with a segment different than 10.0.0.0. I’ll need to do some more readings on this topic but I’m thinking of configuring the gateway dynamically or setting the bridge interface on eth0. We’ll see.

So that’s pretty much it.
An environment to play around with metasploit

TODO:
Use the virtualbox api in conjunction with puppet to orchestrate the deployment/config of VMs in a test environment.

VMware Fusion MacBook Pro 2012 3D Acceleration Bug

After a couple of hours trying to figure it out why every time I tried to log in to my Ubuntu VM using VMware Fusion on a mac the vm would crash and restart itself, I came up with a thread in the VMware Communities forum explaining the reason + possible solution for the problem.

Basically what happened was that the Ubuntu would start just as expected, but after logging in it would popup this message:
Screen Shot 2013-01-20 at 9.31.51 PM

Quoting their explanation:

…If you are running a mid-2012 MacBook Pro with the latest Apple updates, you’ll likely encounter crashes unless you disable 3D graphics: With your VM powered off, go into Virtual Machine > Settings, then choose Display, and turn off the Accelerate 3D Graphics option.
For others encountering the same problem: if you only run Windows VMs, you would also have the option of reverting to Fusion 5.0.1 to avoid this issue.

Indeed, after disabling 3D acceleration support everything came back to normal.
vmware-fusion-3d-bug

Creating an Ubuntu Live-CD Image

Recently I had the need to re-image some machines a few times in just a period of a week.
When re-imaging just one machine the process of installing the OS, all the updates and extra software is not that bad.
However, when that becomes a routine it can take up some time.

For most of the time I’m having to deal only with Ubuntu, so to solve that problem I installed the OS and all the updates available and also a few extra software packages that I normally use from the get go to create a baseline installation.

So whenever the need arises to re-image a machine or install a fresh copy of Ubuntu, instead of going through the same tedious process all over again, all it takes is to plug-in the pre-built disc image containing the baseline installation of the OS

The steps to create an ISO of the OS to be used as a distro or simple as a backup can be done through the software Remastersys.
In their website they have a short guide explaining the process:

The Synaptic Method:

  1. In Firefox, go to :

http://www.remastersys.com/ubuntu/remastersys.gpg.key

save file as text someplace where you can find it.

  1. In synaptic, go to Settings/Repositories; select “Authentication” tab and “Import Key File” just downloaded.

  2. Still in synaptic, go to “Other Software” tab and click “Add”, then enter the apt line and replace oneiric with either lucid, maverick, or natty to match your Ubuntu version:

    deb http://www.remastersys.com/ubuntu precise main

    or if you are using quantal

    deb http://www.remastersys.com/ubuntu quantal main

  3. Leave the repositories tab and “Reload”.

  4. Search for “remastersys” and select the packages you want to install. Edit/Apply Marked Changes.

The Manual Method

As root – issue ‘sudo su’ in the terminal window prior to the following command.

Download and apply the repository gpg key.

sudo su
wget -O – http://www.remastersys.com/ubuntu/remastersys.gpg.key | apt-key add –

Add the following line that corresponds to your version of Ubuntu to your /etc/apt/sources.list

Remastersys Precise

deb http://www.remastersys.com/ubuntu precise main

Remastersys Quantal

deb http://www.remastersys.com/ubuntu quantal main

Now just apt-get update or reload in Synaptic to have the new Remastersys signed repository ready to use!

The main package you will need to install at the very least is “remastersys”. This is the base package with the cli version of remastersys.

If you want the official remastersys gui, install “remastersys-gui” as well which will provide you with a gui that has more features and a menu item for it.

There is also an alternate gui written in python called “remastersys-gtk” that is available.

Both will provide you with a gui that makes it much easier to use remastersys.

Links:
Link of the tutorial above
Creating custom distros with Remastersys