Docker is an open source application container engine, which allows developers to package their applications and dependency packages into a portable container, and then publish them to any popular Linux machine or Windows machine. It can also realize virtualization. The container completely uses the sandbox mechanism, and there will be no interface between them.
If you don't talk too much nonsense, you'll be done
0x01 docker source change
Firstly, dokcer's official warehouse is built abroad, so we need to change the source *Reference blog 🔗** https://blog.csdn.net/doudou_mylove/article/details/105122843 Get exclusive docker acceleration address Why force dns modification? Maybe I just want to analyze faster. Men can't, but they must be fast 🤢
sudo vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://vipxxx.mirror.aliyuncs.com"
],
"dns": [
"223.5.5.5",
"8.8.8.8"
]
}sudo systemctl restart docker docker.service
Mac docker can be modified in docker desktop settings
0x02 docker warehouse and container
docker pulls and pushes the container image
docker pull nginx:latest docker push nginx:latest
The containers created after docker runs are called Apps /Containers
docker run nginx:latest
0x03 docker new container
docker run -it \
--name cs \
-e "passwd=Your password" \
-e "server_ip=Your server IP The address can be an intranet address, such as 10.0.4.6" \
-e "server_port=cs Specify login port" \
-e "aliasname=Bing Wallpaper" \
-e "dname=CN=www.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation,
L=Redmond, S=WA, C=US" \
-p cs Specify login port:cs Specify login port \
-p The cloud function is dedicated and can be any port. The following 443 cannot be changed:443 \
-p Optional port number:Optional port number \
-p cs Specify login port:cs Specify login port/udp \
-p The cloud function is dedicated and can be any port. The following 443 cannot be changed:443/udp \
-p Optional port number:Optional port number/udp \
xrsec/cobaltstrike:noneAre you confused? Don't look here
docker run -it \ # Why add '\'? Convenient multi line input
--name cs \ # --Name specifies the container name
-e "passwd=Your password" \ # Setting the environment variables required by the container is a little troublesome. echo $passwd in the container outputs your password
-e "server_ip=Your server IP The address can be an intranet address, such as 10.0.4.6" \ # Echo $server inside container_ IP output is the IP address you set
-e "server_port=cs Specify login port" \ # Ignore below
-e "aliasname=Bing Wallpaper" \
-e "dname=CN=www.microsoft.com, OU=Microsoft Corporation, O=Microsoft Corporation,
L=Redmond, S=WA, C=US" \
-p cs Specify login port:cs Specify login port \ # -p is to map the port (front) of the external host to the port (back) inside the container
-p The cloud function is dedicated and can be any port. The following 443 cannot be changed:443 \
-p Optional port number:Optional port number \
-p cs Specify login port:cs Specify login port/udp \
-p The cloud function is dedicated and can be any port. The following 443 cannot be changed:443/udp \
-p Optional port number:Optional port number/udp \
xrsec/cobaltstrike:noneIf you want the container to restart automatically, you can set the restart parameter
Restart function
The restart strategy of Docker container is as follows: no, the default policy is not to restart the container when it exits On failure: when the container exits abnormally (the exit status is not 0), the container will be restarted On failure: 3. Restart the container when the container exits abnormally, up to 3 times Always, always restart the container when it exits The container is always restarted when the container exits, but the container that has been stopped when the Docker daemon starts is not considered
docker run -it --name test --restart=always nginx:latest # Always restart
docker run -it --name test --restart=on-failure:3 nginx:latest # Restart up to three times
docker container update --restart=always Container name # Upgrade containers that cannot be automatically restarted to automatically restarted containers
docker inspect -f "{{ .RestartCount }}" Container name # View container restart times
docker inspect -f "{{ .State.StartedAt }}" Container name #View the last start time of the containerAfter talking about new construction, let's talk about basic maintenance
Maintenance container
docker images # View which images exist in the native Docker docker search images # Search images docker pull images # Pull images docker ps # Lists all currently running containers docker ps -a # List all containers docker inspect $CONTAINER_ID(Container ID,Can pass docker ps see) # View information about containers docker rm Container name # Delete container docker restart Container name # Restart container docker stop Container name # Stop container docker start Container name # Start container docker logs Container name # Viewing container logs and reporting errors docker image prune -af # Delete redundant mirror
After mastering these, you will be the boss. If you continue to learn, I will beg for food 🥴
? Take this to test veteran cadres?
Create a new image
It's relatively simple
FROM ubuntu:18.04 #
LABEL maintainer="xrsec" #
LABEL mail="troy@zygd.site" # Container settings information
RUN mkdir /awvs # When creating a new image, you need to ask the development engineer to create a folder into the new image
COPY awvs.sh /awvs # When creating a new image, let the development engineer who built the image copy awvs SH to the new image and the new awvs folder
COPY Dockerfile /awvs # It means that when creating a new image, the development engineer needs to copy the Dockerfile to the new image and the new awvs folder
COPY xaa /awvs #
COPY xab /awvs #
COPY xac /awvs #
COPY xad /awvs #
COPY xae /awvs #
COPY xaf /awvs #
COPY awvs_listen.zip /awvs # Similar above
# init
# RUN cp /etc/apt/sources.list /etc/apt/sources.list.bak \
# && sed -i "s/archive.ubuntu/mirrors.aliyun/g" /etc/apt/sources.list \
# && sed -i "s/security.ubuntu/mirrors.aliyun/g" /etc/apt/sources.list \
# && apt update -y \ # I'm afraid you can't download the software because of network problems
RUN apt update -y \
&& apt upgrade -y \
&& apt-get install wget libxdamage1 libgtk-3-0 libasound2 libnss3 libxss1 libx11-xcb-dev sudo libgbm-dev curl ncurses-bin unzip -y # When creating a new image, you need to ask the development engineer to run such a command to install the software into the new image
# && apt-get install wget libxdamage1 libgtk-3-0 libasound2 libnss3 libxss1 libx11-xcb-dev sudo libgbm-dev curl ncurses-bin unzip -y \
# && mv /etc/apt/sources.list.bak /etc/apt/sources.list #
# init_install
RUN cat /awvs/xaa /awvs/xab /awvs/xac /awvs/xad /awvs/xae /awvs/xaf > /awvs/awvs_x86.sh \ # When creating a new image, you need to ask the development engineer when building the image to run such a command to merge the file into the new awvs folder of the new image and save it as awvs_x86.sh
&& chmod 777 /awvs/awvs_x86.sh \ # When creating a new image, you need to ask the development engineer to run such a command to change the file permissions. I'm afraid that the script file can't be run when the new image runs a new container
&& sed -i "s/read -r dummy/#read -r dummy/g" /awvs/awvs_x86.sh \ # Replace awvs_ x86. Some contents in Sh
&& sed -i "s/pager=\"more\"/pager=\"cat\"/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/read -r ans/ans=yes/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/read -p \" Hostname \[\$host_name\]:\" hn/hn=awvs/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/host_name=\$(hostname)/host_name=awvs/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/read -p \" Hostname \[\$host_name\]:\" hn/awvs/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/read -p ' Email: ' master_user/master_user=awvs@awvs.com/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/read -sp ' Password: ' master_password/master_password=Awvs@awvs.com/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/read -sp ' Password again: ' master_password2/master_password2=Awvs@awvs.com/g" /awvs/awvs_x86.sh \ #
&& sed -i "s/systemctl/\# systemctl/g" /awvs/awvs_x86.sh \ #
&& /bin/bash /awvs/awvs_x86.sh # Initialize the configuration file, because if awvs does not run, it cannot be activated after the file is not generated
# init_listen
RUN chmod 777 /awvs/awvs.sh \ #
&& unzip -d /awvs/awvs_listen /awvs/awvs_listen.zip \ #
&& chmod 444 /awvs/awvs_listen/license_info.json \ #
&& cp /awvs/awvs_listen/wvsc /home/acunetix/.acunetix/v_210628104/scanner/ \ #
&& cp /awvs/awvs_listen/license_info.json /home/acunetix/.acunetix/data/license/ \ #
&& cp /awvs/awvs_listen/wa_data.dat /home/acunetix/.acunetix/data/license/ \ #
&& chown acunetix:acunetix /home/acunetix/.acunetix/data/license/wa_data.dat # A set of operation is as fierce as a tiger
ENTRYPOINT [ "/awvs/awvs.sh"] # The first thing to do when setting the image to run as a container
EXPOSE 3443 Tell the brothers behind to remember to open port 3443
# ENV TZ='Asia/Shanghai' # Set the time zone to avoid time problems
# ENV LANG 'zh_CN.UTF-8' # Set Chinese to avoid garbled code
STOPSIGNAL SIGQUIT # I don't know, whining
CMD ["/awvs/awvs.sh"] # The first thing to do when setting the image to run as a container