Skip to content

Dockerizing Lair Framework

June 9, 2016

If you are not familiar with the Lair framework, I highly recommend you check it out. It is a nice GUI to visualize scans and triage them without having to maintain all the information / database elsewhere.

And, with Docker, the best part is that you don’t have to worry about starting the different pieces of the LAIR framework individually like the documentation asks us to here. Just follow me along!

The first thing is to clone the repo from my github – https://github.com/anshumanbh/docker-lair

Once you have the repo locally, change the <IP> value to the external IP wherever your docker daemon is listening. The places where this needs to change are:

  • .env file
  • proxy/Dockerfile
  • rs.initiate command (towards the end of this guide)

DON’T FORGET TO CHANGE THIS!

Also, make sure you have docker and docker-compose installed on your local system.

Next, run “docker-compose build” from the docker-lair directory that has the docker-compose.yml file.

Go grab a beer!! No, seriously do it. The build process will take some time.

Once the docker build process finishes, run “docker images” and you should see the following images:

Screen Shot 2016-06-09 at 8.09.09 PM

Then, as root check if the “db” and “db/_data” folders exists in “/var/lib/docker/volumes/” folder or not. If they don’t, you need to create them:

  • mkdir /var/lib/docker/volumes/db

  • mkdir /var/lib/docker/volumes/db/_data

Moving along, we are now going to start a container from the “dockerlair_mongo” image. We have to do this because we need to initiate a replication set in the mongo database before we could bring the entire environment up. It is something that we have to do to get LAIR up and running. Don’t ask me why! So, the way we do that is:

docker run -d -p 27017:27017 -v db:/data/db dockerlair_mongo /bin/bash -c ‘/usr/bin/mongod –quiet –nounixsocket –replSet rs0’

If you’re familiar with the docker run command, you will notice that we are running the container as a daemon (-d flag), exposing port 27017 (-p flag), associating a data volume with this container (-v flag) and then once the container is started we are running the command “/usr/bin/mongod –quiet –nounixsocket –replSet rs0”. This will basically start the mongo daemon on the server with the replication set. It won’t initiate the replication set. We will do that after this step. Notice that we are creating a persistent data volume for our database so if we need to migrate to a different environment, just copy pasting the “/var/lib/docker/volumes/db” directory in the new environment will help us get our data back. Also, grab the container name that gets started after running the above command.

Next, we need to run

docker exec -it <container_name> /bin/bash

We are now trying to enter into a bash shell inside that mongo db container because like I said above, we need to initiate a replication set. So, once you are inside the bash shell, run

mongo

and you should be able to see the mongodb shell. Type the following commands one after the other in that shell:

use admin

rs.initiate({_id:”rs0″, members: [{_id: 1, host: “<IP>:27017”}]})

rs.status()

The output should look like:

Screen Shot 2016-06-09 at 9.31.52 PM

In this step, we switched to the db admin and then initiated the replication set command. We finally checked the status to make sure everything looks good. You can now quit from the mongodb shell and exit from the root prompt of that container:

quit()

exit

Once you are done with this step, stop and remove the docker container that you started above. Our work is mostly done by now.

We had to do the steps above because we wanted the status of the replication set to propagate in our persistent data volume in the folder /var/lib/docker/volumes/db. If there is an easy way to bootstrap all of this with Docker, please let me know. I am more than happy to avoid these extra steps above.

One good thing about doing the extra steps above is that you only have to do it once when you first start the entire environment of the LAIR framework. You won’t have to do it again unless you move your containers to a new environment and the IP changes. Now, that is a whole different issue that we can dive into later. It is a painful process.

 

Our final step would be to just bring up the entire LAIR environment by typing the below command from the docker-lair directory because our docker-compose.yml file is there, remember?

docker-compose up -d

And, you can browse to your LAIR API at https://<IP&gt;:11013

It will look like:

Screen Shot 2016-06-09 at 9.59.15 PM

So, that’s it folks!!

The section below will have some steps that need to be followed ONLY if you want to migrate your lair database to a new environment.

In order to do this, we need to make sure that the replication set we initiated above in our old environment with the old IP needs to change. The old IP needs to be changed to the new IP. Unfortunately, this is not straightforward either.

You would begin first by copying the entire /var/lib/docker/volumes/db directory into the new environment to make sure you get your data back.

Then, you would need to obviously change the <IP> in all the files accordingly.

After that, you would start the mongo db container again like above and get into the mongo shell. If you do a rs.status() then, you would see that the replication set has already been initiated with the old IP. This is because of the database that we just copied over from the old environment.

So, in order to change this, you have to run the following commands from the mongo shell:

> use local

> cfg = db.system.replset.findOne({_id:”rs0″})

> cfg.members[0].host=”<newIP>:27017″

> db.system.replset.update({_id:”rs0″},cfg)

> use admin

> db.shutdownserver()

We just replaced the old IP with the new one and shutdown the server. Whenever we start the mongodb container again and start the mongod daemon again, this change would be reflected and you would be up and running in the new environment!

Cheers!!

Advertisements
2 Comments
  1. I can’t get past the step where you start the mongo daemon. I determined that some of the syntax for running the docker lair_mongo image was a little off. You specified a relative path for the db folder and I wasn’t in /var/lib/docker/volumes when I ran the command. Even after I adjusted for that the container runs and then exits so I can’t perform the next step to interact with the container so I can initiate the replication set. Is there something I’m missing?

    mbp:docker-lair dum$ docker run -d -p 27017:27017 -v /var/lib/docker/volumes/db:/data/db dockerlair_mongo /bin/bash -c ‘/usr/bin/mongod –quiet –nounixsocket –replSet rs0’
    b17958568c633b10f8093eab6a3f0a284c376b431df3e0687504f27d8787243e
    mbp:docker-lair dum$ docker exec -it b179 /bin/bash
    Error response from daemon: Container b17958568c633b10f8093eab6a3f0a284c376b431df3e0687504f27d8787243e is not running
    mbp:docker-lair dum$ docker ps -a
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    b17958568c63 dockerlair_mongo “/bin/bash -c ‘/usr/b” 32 seconds ago Exited (2) 31 seconds ago silly_hugle

Trackbacks & Pingbacks

  1. Dockerizing Lair Framework – #OpIcarus

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: