There are instances when you want to create MongoDB instance in Docker to use in production or in local/internal. We came across this requirement where we were using MongoDB Atlas for production but wanted to use MongoDB docker in our local/internal/dev environment. Mongo Atlas uses SSL connection so we want to keep our local consistent with production environment. In this post, I am going to explain the process of creating Mongo Docker instance with valid SSL certificate and replicating same behavior of MongoDB Atlas.
Ssl will contain SSL certificate e.g. CA Root and certificate for MongoDB. Copy CA Root certificate and MongoDB certificate in ssl folder. Create a Dockerfile as following in your project root folder. We are going to use official MongoDB docker container from docker hub. Note: In mongo:3.6.2-jessie, 3.6.2-jessie is tag which I. The installation instructions above install a version of MongoDB that doesn't include a script automatically in /etc/init.d/. If you would like to use the service commands, you can download the init.d script for mongodb from this source, place that manually as a file at this path: /etc/init.d/mongodb and then you can start Mongo as a service. MongoDB is a popularly used NoSQL database. It is widely used for web application development and real-time storage. In this tutorial on MongoDB Installation on Windows, you will walk through the step-by-step installation and setup process of MongoDB. Now that you know what’s in store, continue reading the article, to dive deep into this topic.
Note: You can use same process for your production MongoDB instance as well, if you are not using any cloud solution for MongoDB
All the code related to this post (except certificates) is available in GitHub Repo for your reference.
Manage sensitive data with Docker secrets. Estimated reading time: 34 minutes. In terms of Docker Swarm services, a secret is a blob of data, such as a password, SSH private key, SSL certificate, or another piece of data that should not be transmitted over a network or stored unencrypted in a Dockerfile or in your application’s source code. OpenSSL Containers This are Docker Images to generate Root-CA, TLS-Server containers. They are based on OpenSSL PKI Tutorial, and use OpenSSL toolkit. It has pedagogical purposes to follow the PKI part of the Introduction to Cryptography course. # openssl x509 -in ca.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 311914051 (0x8518d2237ad49e43) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=CA, L=Sanfrancisco, O=Docker Inc Validity Not Before: Jan 18 09: GMT Not After: Jan 15 09: GMT Subject: CN=swarm. Overview It is a Docker project that starts from the basic Ubuntu image (version 18.04), specialized to meet the minimum requirements for an SSL/TLS Mutual Authentication system. The basic software.
Step 1. SSL Certificates
If you don’t have valid SSL certificate (not self-signed) issued by Certificate Authority please read and follow Getting Valid SSL Certificate from Let’s Encrypt for LocalHost else skip this step.
Step 1. Create a project folder and inside that project folder create
scripts folder will contain script to create user in MongoDB and start it.
ssl will contain SSL certificate e.g. CA Root and certificate for MongoDB.
Step 2. Copy CA Root certificate and MongoDB certificate in
Step 3. Create a
Dockerfile as following in your project root folder. We are going to use official MongoDB docker container from docker hub.
mongo:3.6.2-jessie, 3.6.2-jessie is tag which I am using. If you want to use latest Mongo container than remove
Step 4. Create
mongod.conf file in the same root folder.
Step 5. Now, Go to
scripts folder and create
Content of run.sh:
Content of setup_user.sh:
Pro Tip: You can create variables for commonly used commands in the file.
Step 1. Go to project root folder which contains
Dockerfile and run it to create docker image
mongo:latestis the tag name which we are going to use in next step.
Step 2. Now, run Docker image to create a container.
937a234022eb718edfbffec1d4dd35e31....is container ID created by command.
configdbare volumes to keep data on your local so that when you destroy your container you will still have your data. If you don’t want to keep data of previous container, remove
--mountoption and it’s arguments.
mymongois name of your container which you can use to run any command in that container.
Step 3. You can check logs of the container by
docker logs -f <CONTAINER ID OR NAME>
Step 4. Create an entry in your
/etc/hosts file for the domain name which you have used to obtain your certificate. see this
ry-dev.herokuapp.comis the domain name I used to get my SSL certificate.
Step 5. Now, you can try connecting to your MongoDB instance in docker
<DBNAME>with the values which you have used in setup_user.sh file.
--sslAllowInvalidCertificatesoption from command line to connect to your MongoDB. If you do get error, please check you have correct CA Root certificate and application certificate.
docker ps -a
docker logs -f <CONTAINER ID OR NAME>
docker rm <CONTAINER ID OR NAME>
docker exec -it <CONTAINER ID OR NAME> bash
In this blog post I will be covering how to setup and utilize MITRE’s new tool called Caldera. Caldera is a cyber adversary emulation system that operates on a server/agent model. On the server you can create adversary campaigns that are deployed to your agents. Your agents will periodically call back with their results and progress. Let’s begin!
To perform an Operation, CALDERA needs an Adversary to emulate. In CALDERA, an Adversary represents a real adversary’s tactics and techniques. When we create our operation we will select an Adversary to use which will dictate what techniques CALDERA performs during the operation.
Networks are just collections of host. They are a simple way for CALDERA to organize and group together computers.
In the Operation view, you can view the progress that CALDERA has made working on an operation. The operation’s status is displayed at the top of the screen next to the Operation’s name. Below the status, colored bubbles indicate the number of hosts and credentials that have been compromised during this operation.
MITRE has created a really awesome tool here for defenders. This tool can help you evaluate your security team’s effectiveness at detecting different red team tactics. Cyb3rWard0g provides a scoring system for tactics outlined in the MITRE ATT&CK framework. His scoring system starts at none(no detection) too excellent(automated detection).
In the coming months, I will be taking advantage of Cyb3rWardog’s scale and this tool for my threat hunting and incident response projects. A majority of my projects require an adversary and I want to quantify my progress at detecting various techniques. As my projects and skills progress, this tool provides the capability to reproduce an attack to accurately measure my effectiveness. Additionally, this tool provides the ability to extend the adversarial tactics and capabilities. Personally, I think it would be awesome to combine the Powershell Empire API and this tool :).