How can I connect snort and snorby in docker environment? - docker

I'm going to have simple presentation showing the concept of IDS/IPS
To deploy as soon, comfortable as possible, I was trying to take advantage of container - docker.
So, I chose two docker images - polinux/snorby and million12/mariadb.
As manual image maintainer provided, I tried.
Finally, I could make login page show up, but couldn't go further.
Cannot login, just stuck this page.
command I used is :
docker run -d --name snorby-db -p 3306:3306 --env="MARIADB_USER=snorbyuser" --env="MARIADB_PASS=password" million12/mariadb && \
docker run -d --name snorby -p 80:80 --env="DB_ADDRESS=127.0.0.1:3306" --env="DB_USER=snorbyuser" --env="DB_PASS=password" polinux/snorby -e development -p 80
How can I login and see the logs collected by snort daemon?
At least, where can I have reference to fix this up?
Thank you.

Use this command to connect into a container:
docker exec -it <container name> bash
The default password for Snorby:
Username: snorby#snorby.org
Password: snorby
or
user : snorby#example.com
password :snorby

Related

How to configure feature flags in Rabbitmq when using docker image?

I am trying to create a docker container with a rabbitMQ image, and then join that instance to an existing cluster.
However I get the error incompatible_feature_flags
It looks like the created image automatically enables some feature flags that are not enabled and cannot be enabled in the existing cluster.
I am running the container using the following code:
docker run -d --hostname xxx.yyy.com.co --name rabbit -p 15672:15672 -p 5672:5672 -p 4369:4369 --add-host='rabbit1:xxx.xxx.xx.xxx' --network=host -e RABBITMQ_DEFAULT_USER=admin -e RABBITMQ_DEFAULT_PASS=admin -e RABBITMQ_ERLANG_COOKIE='xxxxxxxx' -e ERL_EPMD_PORT=4369 rabbitmq:latest
I think that I can enable/disable feature flags as parameters when starting the container, but I have not been able to find anything in the documentation.
I would appreciate any help
It may be caused by the different version between the tow RabbitMQ applications.
eg: one is 3.7.x, but the another is 3.8.x .

Docker container running SQL Server seems to crash every time

I created a Docker container:
sudo docker pull microsoft/mssql-server-linux:2017-latest
Then I ran it:
sudo docker run -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=root' -p 1401:1433
--name sqlserver1 -d microsoft/mssql-server-linux:2017-latest
I ran:
docker start sqlserver1
After about 3 seconds docker ps returns empty - making me think the container is shutting down.
I'm new to Docker - is this really shutting down automatically? If so, how do I prevent that?
I gave this a shot, and it looks as if your problem is not a Docker problem...it's simply a MSSQL problem. If you look at the logs for your container, you'll see:
ERROR: Unable to set system administrator password: Password validation failed.
The password does not meet SQL Server password policy requirements because it is
too short. The password must be at least 8 characters.
It looks as if MSSQL enforces password complexity requirements, which include length and number of character classes. The following seems to work fine:
docker run -it -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=r00t.R00T' -p 1401:1433 --name sqlserver1 microsoft/mssql-server-linux:2017-latest

Set user and password for rabbitmq on docker container

I am trying to create a rabbitmq docker container with default user and password but when I try to enter to the management plugin those credentials doesn't work
This is how I create the container:
docker run -d -P --hostname rabbit -p 5009:5672 -p 5010:15672 --name rabbitmq -e RABBITMQ_DEFAULT_USER=user -e RABBITMQ_DEFAULT_PASS=pass -v /home/desarrollo/rabbitmq/data:/var/lib/rabbitmq rabbitmq:3.6.10-management
What am I doing wrong?,
Thanks in advance
The default user is created only if the database does not exist. Therefore the environment variables have no effect if the volume already exists.
I had the same problem when trying to access in Chrome. Firefox worked fine. The culprit turned out to be a deprecated JS method that was no longer allowed by Chrome.

Link docker containers (Drupal and MariaDB)

To start I built a docker container from the MariaDB docker image.
After that I loaded a database dumpfile in the running container.
[MariaDB status][1]
Everything goes fine.
When I want to run/link the Drupal image:
docker run --name drupaldocker --link mariadbdocker:mariadb -p 8089:80 -d drupal
I can reach the drupal installation page, but when I want to load the database I always have the same errors:
-host, pass or dbname is wrong.
But I'm pretty sure my credentials are right.
It seems that my drupal container can't find the mariadb image.
Docker links is a deprecated feature and should be avoided: https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/
I assume you have a container named mariadbdocker running.
If you gain bash access inside drupaldocker container, you should be able to ping mariadb alias like this:
docker run --name drupaldocker --link mariadbdocker:mariadb -p 8089:80 -it drupal /bin/bash
If ping succeeds then you probably still have credentials issue.

Forced logout when i run a docker container

When i run a new docker container (or when i start a stopped one), the system logs me out. When i login again the container is up 'n running and i can use it without any problems.
I am currently using Fedora 24.
Example:
alekos#alekos-pc:~$ docker run -d --name somename -t -p 80:80 someimage
At this point it logs me out
When I log in again I run:
alekos#alekos-pc:~$ docker ps -a
and my "somename" container is running without any further problems.
I can live with these logouts/logins but it is a bit annoying. Does anybody have any idea what is causing the problem?

Resources