12/27/2021

Install Mongodb Docker Windows

51
Install mongodb docker windows 10

There are instances when you want to create MongoDB instance in Docker to use in production or in local/internal. We came across this requirement where we were using MongoDB Atlas for production but wanted to use MongoDB docker in our local/internal/dev environment. Mongo Atlas uses SSL connection so we want to keep our local consistent with production environment. In this post, I am going to explain the process of creating Mongo Docker instance with valid SSL certificate and replicating same behavior of MongoDB Atlas.

Ssl will contain SSL certificate e.g. CA Root and certificate for MongoDB. Copy CA Root certificate and MongoDB certificate in ssl folder. Create a Dockerfile as following in your project root folder. We are going to use official MongoDB docker container from docker hub. Note: In mongo:3.6.2-jessie, 3.6.2-jessie is tag which I. The installation instructions above install a version of MongoDB that doesn't include a script automatically in /etc/init.d/. If you would like to use the service commands, you can download the init.d script for mongodb from this source, place that manually as a file at this path: /etc/init.d/mongodb and then you can start Mongo as a service. MongoDB is a popularly used NoSQL database. It is widely used for web application development and real-time storage. In this tutorial on MongoDB Installation on Windows, you will walk through the step-by-step installation and setup process of MongoDB. Now that you know what’s in store, continue reading the article, to dive deep into this topic.

Note: You can use same process for your production MongoDB instance as well, if you are not using any cloud solution for MongoDB

Windows

All the code related to this post (except certificates) is available in GitHub Repo for your reference.

Prerequisites

Manage sensitive data with Docker secrets. Estimated reading time: 34 minutes. In terms of Docker Swarm services, a secret is a blob of data, such as a password, SSH private key, SSL certificate, or another piece of data that should not be transmitted over a network or stored unencrypted in a Dockerfile or in your application’s source code. OpenSSL Containers This are Docker Images to generate Root-CA, TLS-Server containers. They are based on OpenSSL PKI Tutorial, and use OpenSSL toolkit. It has pedagogical purposes to follow the PKI part of the Introduction to Cryptography course. # openssl x509 -in ca.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 311914051 (0x8518d2237ad49e43) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=CA, L=Sanfrancisco, O=Docker Inc Validity Not Before: Jan 18 09: GMT Not After: Jan 15 09: GMT Subject: CN=swarm. Overview It is a Docker project that starts from the basic Ubuntu image (version 18.04), specialized to meet the minimum requirements for an SSL/TLS Mutual Authentication system. The basic software.

Step 1. SSL Certificates

If you don’t have valid SSL certificate (not self-signed) issued by Certificate Authority please read and follow Getting Valid SSL Certificate from Let’s Encrypt for LocalHost else skip this step.

Step 2.Docker

Creating Required Files

Openssl Docker Registry

Step 1. Create a project folder and inside that project folder create scripts and ssl folder. scripts folder will contain script to create user in MongoDB and start it. ssl will contain SSL certificate e.g. CA Root and certificate for MongoDB.

Step 2. Copy CA Root certificate and MongoDB certificate in ssl folder.

Step 3. Create a Dockerfile as following in your project root folder. We are going to use official MongoDB docker container from docker hub.

Note: In mongo:3.6.2-jessie, 3.6.2-jessie is tag which I am using. If you want to use latest Mongo container than remove :3.6.2-jessie

Step 4. Create mongod.conf file in the same root folder.

Step 5. Now, Go to scripts folder and create run.sh and setup_user.sh files

Content of run.sh:

Content of setup_user.sh:

Pro Tip: You can create variables for commonly used commands in the file.

Creating Docker Instance

Step 1. Go to project root folder which contains Dockerfile and run it to create docker image

  • mongo:latest is the tag name which we are going to use in next step.

Install Mongodb Docker Windows 7

Step 2. Now, run Docker image to create a container.

Openssl Docker Windows

  • 937a234022eb718edfbffec1d4dd35e31.... is container ID created by command.
  • mongodb and configdb are volumes to keep data on your local so that when you destroy your container you will still have your data. If you don’t want to keep data of previous container, remove --mount option and it’s arguments.
  • mymongo is name of your container which you can use to run any command in that container.

Openssl Docker Linux

Step 3. You can check logs of the container by docker logs -f <CONTAINER ID OR NAME>

Step 4. Create an entry in your /etc/hosts file for the domain name which you have used to obtain your certificate. see this

Openssl Docker-compose

  • ry-dev.herokuapp.com is the domain name I used to get my SSL certificate.

Step 5. Now, you can try connecting to your MongoDB instance in docker

Docker Https Ssl

  • Replace value of <USERNAME>, <PASSWORD> and <DBNAME> with the values which you have used in setup_user.sh file.
  • You should not see any error related to certificate validation and should be connected to MongoDB successfully.
  • You should not need to use command --sslAllowInvalidCertificates option from command line to connect to your MongoDB. If you do get error, please check you have correct CA Root certificate and application certificate.

Useful Docker Commands

Openssl Docker Install

  • Check status of your container by docker ps -a
  • Check logs of the container by docker logs -f <CONTAINER ID OR NAME>
  • Remove any container docker rm <CONTAINER ID OR NAME>
  • Get shell in container docker exec -it <CONTAINER ID OR NAME> bash

In this blog post I will be covering how to setup and utilize MITRE’s new tool called Caldera. Caldera is a cyber adversary emulation system that operates on a server/agent model. On the server you can create adversary campaigns that are deployed to your agents. Your agents will periodically call back with their results and progress. Let’s begin!

Deploy Caldera with Ansible – prod

Docker
  1. git clone https://github.com/Benster900/BlogProjects.git
  2. cd BlogProjects/CalderaMitre
  3. vim hosts and set [caldera]
  4. mv group_vars/all.example group_vars/all
  5. vim group_vars/all and set:
    1. base_domain
    2. caldera_pass
    3. cert info
  6. ansible-playbook -i hosts deploy_caldera.yml -u
  7. Browse to “https://<IP addr of Caldera server>” and login
    1. user: admin
    2. pass: {{ caldera_pass }}

Deploy Caldera with Docker – dev

  1. git clone https://github.com/Benster900/BlogProjects.git
  2. cd BlogProjects/CalderaMitre
  3. docker build -t caldera .
  4. docker run -d -p 8888:8888 –hostname=<FQDN> caldera
    1. A DNS entry MUST be made to point at the host running the Docker container. Caldera uses the hostname of the Docker container which is only accessible within the Docker network but “–hostname” flag corrects that.
    2. MongoDB is built into the docker container so this means the data will NOT persist.
  5. Browse to “https://127.0.0.1:8888” and login
    1. user: admin
    2. pass: caldera

Deploy Caldera agents to Windows clients

  1. vim hosts and set [win_agents]
  2. mv group_vars/windows.example group_vars/windows
  3. vim group_vars/windows and set:
    1. ansible_user: <Windows username>
    2. ansible_password: <Windows user password>
  4. ansible-playbook -i hosts deploy_windows_agents.yml
  5. Browse to “https://127.0.0.1:8888” and login
  6. Select “Debug” then “Connected agents”

Creating an adversary

To perform an Operation, CALDERA needs an Adversary to emulate. In CALDERA, an Adversary represents a real adversary’s tactics and techniques. When we create our operation we will select an Adversary to use which will dictate what techniques CALDERA performs during the operation.

Install Mongodb Docker Windows 10

  1. Select “Threat” then “Create adversary”
    1. Enter “test_adversary” as the name
    2. Select different adversary tactics from the steps drop down menu
      1. get_computers
      2. get_domain
      3. get_local_profiles
    3. Select “http” for exfil method
    4. Leave exfil address as default
    5. Enter “8889” for exfil port
    6. Select “Submit”

Creating a network

Networks are just collections of host. They are a simple way for CALDERA to organize and group together computers.

Install Mongodb Docker Windows

  1. Select “Networks” then “Create network”
    1. Enter “test_network” for name
    2. If you connected to a domain select the domain but this computer is NOT part of a domain
    3. Select the hosts you want to participate in the simulation
    4. Select “Submit”

Creating an operation

Install Mongodb Docker Windows 10

  1. Select “Operations” then “Create operation”
    1. Enter “test_op” for name
    2. Select “test_adversay” for adversary
    3. Select “test_network” for network
    4. Select a starting host
      1. I only have one host for this demo
    5. Select “bootstrap rat” for start method
    6. Leave start path blank
    7. Select “active user” as the starting user
    8. Enter “explorer.exe” for parent process
    9. UNcheck “Auto-cleanup”
      1. I want to leave the artifacts behind for future posts 🙂
    10. Enter a desired command delay
    11. Enter a desired jitter
    12. Select “Submit”

Watch operation

In the Operation view, you can view the progress that CALDERA has made working on an operation. The operation’s status is displayed at the top of the screen next to the Operation’s name. Below the status, colored bubbles indicate the number of hosts and credentials that have been compromised during this operation.

MITRE has created a really awesome tool here for defenders. This tool can help you evaluate your security team’s effectiveness at detecting different red team tactics. Cyb3rWard0g provides a scoring system for tactics outlined in the MITRE ATT&CK framework. His scoring system starts at none(no detection) too excellent(automated detection).

In the coming months, I will be taking advantage of Cyb3rWardog’s scale and this tool for my threat hunting and incident response projects. A majority of my projects require an adversary and I want to quantify my progress at detecting various techniques. As my projects and skills progress, this tool provides the capability to reproduce an attack to accurately measure my effectiveness. Additionally, this tool provides the ability to extend the adversarial tactics and capabilities. Personally, I think it would be awesome to combine the Powershell Empire API and this tool :).

  • Most Viewed News