CNA430/530: Firewall and Penetration Testing
St. Cloud State University
PROJECT-01: Vulnerability Assessment of MongoDB in Linux Containers
Project Outline:
Copyright By PowCoder代写 加微信 powcoder
In order to implement the initial prototype, this project uses a local Linux based computing node or virtual Ubuntu Linux environment that is connected to any wired or wireless network with latest Ubuntu Linux O/S (18.04) as host computing environment. The whole process is involved four major steps as shown below in brief and Step-4 describes in detail that the implementation of the test bed with MongoDB (3.4 Community Edition) application.
· Step-1. Install Ubuntu 18.04 on Host Machine (If not available use VirtualBox/VMware)
· Step-2. Install Docker Engine (https://www.docker.com/)
· Step-3. Install Singularity Engine (http://singularity.lbl.gov/)
· Step-4. Find Vulnerability analysis tool for Application/Host/Network vulnerabilities
· Step-5. Find the Docker or Singularity images of those tools found in Step-4. (If, for some of the tools, container images are not available try to make an image by yourself OR install directly to the host operating system)
· Step-6. Shortlist total number of tools to at least 3 and study the capabilities of the tool to find Application/Host/network vulnerabilities and load the loots into the testbed.
· Step-7. Make the Test Bed
· Step-8. Make the Experiments to find Application/Host/Network vulnerabilities
· Step-9. Generate Results as a list of vulnerabilities for Application/Host/Network and determine the level of risk of each vulnerabilities (High/Medium/Low).
· Step-10. Organize your results into table and charts and try to get some insights, conclusions and if possible find the root causes.
Even though the main focus of this project is based on singularity LXCs, Docker container images are also compatible with singularity; it is always better to install Docker engine too to verify and make sure some compatibility issues of Docker images with singularity.
Step-2. Install Docker Engine
The Docker installation package available in the official Ubuntu repository may not be the latest version. To ensure we get the latest version, we’ll install Docker from the official Docker repository. To do that, we’ll add a new package source, add the GPG key from Docker to ensure the downloads are valid, and then install the package.
First, update your existing list of packages:
· sudo apt update
Next, install a few prerequisite packages which let apt use packages over HTTPS:
· sudo apt install apt-transport-https ca-certificates curl software-properties-common
Then add the GPG key for the official Docker repository to your system:
· curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –
Add the Docker repository to APT sources:
· sudo add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable”
Next, update the package database with the Docker packages from the newly added repo:
· sudo apt update
Make sure you are about to install from the Docker repo instead of the default Ubuntu repo:
· apt-cache policy docker-ce
You’ll see output like this, although the version number for Docker may be different:
Output of: apt-cache policy docker-ce
docker-ce:
Installed: (none)
Candidate: 18.03.1~ce~3-0~ubuntu
Version table:
18.03.1~ce~3-0~ubuntu 500
500 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
Notice that docker-ce is not installed, but the candidate for installation is from the Docker repository for Ubuntu 18.04 (bionic).
Finally, install Docker:
· sudo apt install docker-ce
Docker should now be installed, the daemon started, and the process enabled to start on boot. Check that it’s running:
· sudo systemctl status docker
The output should be similar to the following, showing that the service is active and running:
● docker.service – Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-07-05 15:08:39 UTC; 2min 55s ago
Docs: https://docs.docker.com
Main PID: 10096 (dockerd)
CGroup: /system.slice/docker.service
├─10096 /usr/bin/dockerd -H fd://
└─10113 docker-containerd –config /var/run/docker/containerd/containerd.toml
Installing Docker now gives you not just the Docker service (daemon) but also the docker command line utility, or the Docker client.
Please follow the following tutorial for more information about the Docker usage:
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
Step-3. Install Singularity Engine (Adding the Mirror and Installing)
A. You should first enable the NeuroDebian repository following instructions on the NeuroDebian site. This means using the dropdown menus to find the correct mirror for your operating system and location. For example, after selecting Ubuntu 16.04 and selecting a mirror in CA, I am instructed to add these lists:
· sudo wget -O- http://neuro.debian.net/lists/xenial.us-ca.full | sudo tee /etc/apt/sources.list.d/neurodebian.sources.list
· sudo apt-key adv –recv-keys –keyserver hkp://pool.sks-keyservers.net:80 0xA5D32F012649A5A9
B. And then update
· sudo apt-get update
C. Then singularity can be installed as follows:
· sudo apt-get install -y singularity-container
Step-7.A. Setup the MongoDB Server
Get the singularity compatible MongoDB image from Docker hub and start the MongoDB server
singularity shell docker://sam1211/mongoimage
Singularity mongoimage:~> mongod
Step-7.B. Setup the MongoDB Client
Get the singularity compatible MongoDB image from Docker hub and start the MongoDB client
singularity shell docker://sam1211/mongoimage
Singularity mongoimage:~> mongo
Step-7.C. Add Vulnerability Analyzing Tools
1. OpenVAS
Get singularity compatible OpenVas image from Docker/Singularity hub & start OpenVas server
singularity run docker://mikesplain/openvas:latest
Verify, by using the log file that OpenVas sever is started and listening on the relevant port until the frond-end web application is started. See below for real a log file.
==> /var/log/openvas/openvassd.messages <== [Mon Jul 9 23:35:21 2018][897] openvassd 5.1.2 started [Mon Jul 9 23:37:29 2018][1352] Client not present [Mon Jul 9 23:37:30 2018][897] Received the Terminated signal [Tue Jul 17 16:47:57 2018][4681] openvassd 5.1.2 started [Tue Jul 17 16:50:51 2018][4754] Client not present gsad main:MESSAGE:2018-07-17 16h52.42 UTC:4717: Authentication success for 'admin' from 127.0.0.1 Load the web browser in your host machine and place the URL “https://localhost/443” which prompts you to enter the application credentials given when the image is being created. After finishing all above sub steps OpenVAS tool is ready to find the vulnerabilities of a given system. Report Outline: Make a comprehensive report including the followings: 1. First page must include, Title, Group number and Member’s names. 2. Second page, Table of Content. 3. Problem statement. (What you did?) 4. Organization/Flow. (How did you do? – Include Methods) 5. Results. (Include tables and graphs) 6. Conclusions/Findings. 7. References. Submission Instruction: 1. Complete all the tasks assigned in the project. 2. Submit your report to the D2L “Project-01” drop-box by only one member of each group within four weeks from the assigned date. NOTE-1: Please add, 1.All group member’s names (LAST_NAME, FIRST_NAME), 2.Group number, and 3.Page numbers of the report. NOTE-2: Please add all group member’s contributions to complete and submit this lab as a percentage as shown below at the end of the report. (Before submitting to D2L all of the group members must know or aware their reported contribution as a percentage in the lab report) Member-01: 100% Member-02: 75% Member-03: 100% Member-04: 50% References: [1]. http://singularity.lbl.gov/ [2]. https://www.docker.com/ [3]. https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04 [4]. Docker Hub: https://hub.docker.com/ [5]. Singularity Hub: https://singularity-hub.org/ [6]. Docker Get Started: https://docs.docker.com/get-started/ [7]. A Docker Tutorial for Beginners: https://docker-curriculum.com/ [8]. Creating a new blank Singularity container image: https://singularity.lbl.gov/docs-create [9]. Build a Container with Singularity: https://singularity.lbl.gov/docs-build-container [10]. Docker2singularity: https://github.com/singularityware/docker2singularity [11]. Introduction to Singularity: https://cyverse-container-camp-workshop-2018.readthedocs-hosted.com/en/latest/singularity/singularityintro.html © , Mailewa 程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com