MHN Docker Container #169

Epicism · 2015-06-10T21:06:14Z

Hello all,

This isn't an issue as much as sharing post. I have hacked my way into configuring MHN on a docker container for simplicity. Because docker doesn't use standard services, I had to hack supervisord to start services at appropriate times.

To start a docker container, use the command

docker run -p 10000:10000 -p 80:80 -p 3000:3000 -p 8089:8089 --restart unless-stopped --name mhn -t -i ubuntu:14.04.2 /bin/bash

*Note: 8089 is if you are using the Splunk forwarder, and you can chose between 80 and 443. You can also make the host OS' port separate from the docker container's port by using [hostport]:[dockerport], which is convenient for honeypots.

Next, create and run the following script:

#!/bin/bash

set -x

apt-get update 
apt-get upgrade -y 
apt-get install git wget gcc supervisor -y 
cd /opt/ 
git clone https://github.com/threatstream/mhn.git 
cd mhn

cat > /etc/supervisor/conf.d/mhntodocker.conf <<EOF
[program:mongod]
command=/usr/bin/mongod
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
autostart=true

[program:nginx]
command=/usr/sbin/nginx
stdout_events_enabled=true
stderr_events_enabled=true
autostart=true
autorestart=true

EOF

mkdir -p /data/db /var/log/mhn /var/log/supervisor

supervisord &

#Starts the mongod service after installation
echo supervisorctl start mongod >> /opt/mhn/scripts/install_mongo.sh

./install.sh

supervisorctl restart all

I haven't started deploying honeypots yet, which is my next task. Unfortunately, due to the interactive nature of MHN's installation, supervisord is manually running in the background instead of as a started service. To restart the container later use

docker start <containerID> 
docker exec <containerID> supervisord &

Don't forget to reference the host's IP address or Hostname as the MHN server's IP unless you are using Docker's internal networking. You could also pass the script during the docker container creation, but since you have to execute it inside of the container it doesn't really matter.

If there is enough interest in this my hope is that we can create a process to generate a docker image/honeypot images on the fly, perhaps by passing a simple config file to the image on run which configures the server as required.

Cheers.
Epic

The text was updated successfully, but these errors were encountered:

jatrost · 2015-06-11T00:50:38Z

Thats awesome. Thanks for Sharing!

cloughrm · 2016-01-15T18:24:29Z

Thank you @Epicism! I have added this to the wiki here: https://github.com/threatstream/mhn/wiki/Running-MHN-in-Docker

Epicism · 2016-01-15T19:11:33Z

My pleasure :)

On Fri, Jan 15, 2016 at 1:24 PM, Ryan Clough [email protected]
wrote:

Thank you @Epicism https://github.com/Epicism! I have added this to the
wiki here: https://github.com/threatstream/mhn/wiki/Running-MHN-in-Docker

—
Reply to this email directly or view it on GitHub
https://github.com/threatstream/mhn/issues/169#issuecomment-172042971.

Epicism · 2017-02-04T03:39:13Z

Hello all,

I had to rebuild my MHN server and I thought that I would complete the instructions towards how to install the remaining containers. The container setup is based on my environment configuration so please feel free to modify it to your requirements.

#Create the Kippo container:
docker run -p 2222:22 --restart unless-stopped --name kippo -h kippo.domain.local -t -i ubuntu:14.04.5 /bin/bash