Nov 30, 2022

Zero Effort Zero Trust for Blocking Zero Days in Kubernetes


Let's learn the zero trust segmentation for network, process, and file access within K8s cluster with Tracy Walker. 


Threat-Based Controls Zero-Trust Controls
CVEs Automated Learning
DLP Network
Network Attacks Process
OWASP Top 10 WAF File Access
Admission Control Security as Code



The Automated Behavioral-based Zero-Trust covers:

  • Discover mode - identifies apps behavior (learning mode)
  • Monitor mode - alerts to any anomalous app behavior
  • Protect mode - denies on any anomalous app behavior

 

The demo will show how Zero Trust can protect against zero-day attacks as well as exploits such as Log4j and Spring4shell.


Links:

Nov 26, 2022

Docker Network 101

Learn how the docker/container network works.

Different Docker Network Types:

  1. Bridge (default)
  2. User-defined bridge
  3. Host
  4. Mac Vlan
  5. Mac Vlan (802.1q)
  6. IP Vlan (L2)
  7. IP Vlan (L3)
  8. Overlay
  9. None
Interface Description
eth0 VM host network interface
docker0 Virtual bridge interface (switch)

Show the default docker network interface

ubuntu@docker:~$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
e2397b67991e   bridge    bridge    local
f6648d670e10   host      host      local
031ec528726f   none      null      local
ubuntu@docker:~$

Start the first container () with default bridge driver.

ubuntu@docker:~$ docker run -itd --rm --name dnet_bridge busybox
e05bdb96427b458d649c0ca8eb6d800a50dde48c6619df34121f3f6c29b36f6f
ubuntu@docker:~$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED         STATUS         PORTS     NAMES
e05bdb96427b   busybox   "sh"      5 seconds ago   Up 4 seconds             dnet_bridge
ubuntu@docker:~$

By default, the bridge network applies NAT masq for accessing to external but never expose the container to external network. We need to expose the port if we need the external network to access to our docker container.

ubuntu@docker:~$ docker run -itd --rm -p80:80 --name web01 nginx
e83d9abbea4a909f579a0461c9fb04a8247dd42100b7be08cd701cf9740d856c
ubuntu@docker:~$ docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                               NAMES
e83d9abbea4a   nginx     "/docker-entrypoint.…"   4 seconds ago   Up 4 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web01
13f8d2d6f05f   busybox   "sh"                     4 minutes ago   Up 4 minutes                                       dns01
e05bdb96427b   busybox   "sh"                     9 minutes ago   Up 9 minutes                                       dnet_bridge
ubuntu@docker:~$

 

Second. Let's define our own bridge network. This is mainly for segregating (isolation) the containers.

ubuntu@docker:~$ docker network create dmz
71a335a2c869afde71ff4d6debf5155b319e65894c7c83dcea1b1d6e208eb882
ubuntu@docker:~$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
e2397b67991e   bridge    bridge    local
71a335a2c869   dmz       bridge    local
f6648d670e10   host      host      local
031ec528726f   none      null      local

ubuntu@docker:~$ docker run -itd --rm --network dmz -p80:80 --name web01 nginx
9ddc5bd9c13c884237aa7164a4c4f3c17498a68da64c735879eaf479c397a433
ubuntu@docker:~$ docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
9ddc5bd9c13c   nginx     "/docker-entrypoint.…"   9 seconds ago    Up 8 seconds    0.0.0.0:80->80/tcp, :::80->80/tcp   web01
e05bdb96427b   busybox   "sh"                     16 minutes ago   Up 16 minutes                                       dnet_bridge
ubuntu@docker:~$


Third. We call it host network. This makes the container runs on the same network as the VM host.

ubuntu@docker:~$ docker run -itd --rm --network host --name web02 nginx
3022063adc651f94e23edd8755c7c9521f40a7b2df157bfc92c66f21016d3842
ubuntu@docker:~$


Forth. We call it MAC-VLAN (bridge mode).

ubuntu@docker:~$ docker network create -d macvlan --subnet 172.31.112.0/20 --gateway 172.31.112.1 -o parent=eth0 vlan1
373a821c44aefb4030109482f9480008bf87a152ad74a6c714cbeaa57f73e6dc
ubuntu@docker:~$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
e2397b67991e   bridge    bridge    local
71a335a2c869   dmz       bridge    local
f6648d670e10   host      host      local
031ec528726f   none      null      local
373a821c44ae   vlan1     macvlan   local
ubuntu@docker:~$

ubuntu@docker:~$ sudo ip link set eth0 promisc on
ubuntu@docker:~$


Fifth. We call it MAC-VLAN (802.1q mode).

ubuntu@docker:~$ docker network create -d macvlan --subnet 192.168.20.0/24 --gateway 192.168.20.1 -o parent=eth0.20 vlan20
3634f36fe849afa8d7dfc65589b71aa0c0902bd6bc1ed294e0d258ffc14e640f
ubuntu@docker:~$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
e2397b67991e   bridge    bridge    local
71a335a2c869   dmz       bridge    local
f6648d670e10   host      host      local
031ec528726f   none      null      local
373a821c44ae   vlan1     macvlan   local
3634f36fe849   vlan20    macvlan   local
ubuntu@docker:~$

ubuntu@docker:~$ docker run -itd --rm --network vlan3 --ip 192.168.94.7 --name dns01 busybox
de504908dc372c0f017a36c4357c70a1f28acd0a7f763bb372642c96e89baef9
ubuntu@docker:~$ docker run -itd --rm --network vlan3 --ip 192.168.94.8 --name dns02 busybox
2dc61bd9a45f828493fe1b55f8786692740baf5079deeddb5cefebe2468aa583
ubuntu@docker:~$ docker run -itd --rm --network vlan3 --ip 192.168.95.9 --name web01 busybox
a1d23a1691d0c2fd33b03d023bc03bb0a282e39a8f254bdf54fbab4d3e46a9de
ubuntu@docker:~$ docker run -itd --rm --network vlan3 --ip 192.168.95.10 --name web02 busybox
9cc2db6492de35f5a2fa230702e5e41ff4bf75bd563eac71bf39d0e7171b0e0f
ubuntu@docker:~$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED              STATUS              PORTS     NAMES
9cc2db6492de   busybox   "sh"      4 seconds ago        Up 3 seconds                  web02
a1d23a1691d0   busybox   "sh"      13 seconds ago       Up 13 seconds                 web01
2dc61bd9a45f   busybox   "sh"      35 seconds ago       Up 35 seconds                 dns02
de504908dc37   busybox   "sh"      About a minute ago   Up About a minute             dns01
ubuntu@docker:~$

 

Sixth. We call it IP-VLAN (L2) - layer_2. This will share the same mac address with the VM host, and must allow 1 mac addr with 20 IP addresses associated on the network.

ubuntu@docker:~$ docker network create -d ipvlan --subnet 172.31.112.0/20 --gateway 172.31.112.1 -o parent=eth0 vlan2
40aadb9f60c3dc889c8b9a30e627d5a314226c204ca48f09375447def53b4ad4
ubuntu@docker:~$


Seventh. We call it IP-VLAN (L3) - layer_3. Everything is connecting to host and host is functioning like router. And we have more control on the traffic.

ubuntu@docker:~$ docker network create -d ipvlan --subnet 192.168.94.0/24 -o parent=eth0 -o ipvlan_mode=l3 --subnet 192.168.95.0/24 vlan3
000b2c4799a4fd62a4435d99eed592ae8fa7ad5b8b797aeb7e06322b477f7ecf
ubuntu@docker:~$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
e2397b67991e   bridge    bridge    local
71a335a2c869   dmz       bridge    local
f6648d670e10   host      host      local
031ec528726f   none      null      local
000b2c4799a4   vlan3     ipvlan    local
ubuntu@docker:~$

 * Need to add static route at the router in order for the network to reach back to vlan3.

 

Eighth. We call it Overlay network. And it is used to link up multiple host, create an overlay network, and create rule to allow the containers (at different host) to talk to each other.

Usually it is used with Docker Swarm.

 

Last (9th) is None network.

ubuntu@docker:~$ docker run -itd --rm --network none --name xnet busybox
0c21ccbb87d1937dd7ce18da696a5bd7ca1530969a4198992e5852e3d0593d14
ubuntu@docker:~$


Links:

Docker Compose 102

Let's follow the steps to create more complex docker images:

  • frontend - wordpress image
  • backend - mysql image


First, we just start a docker images with Multipass.

PS> multipass launch docker -n kiko

Login to docker (kiko) and start creating docker-compose.yaml.

PS> multipass shell kiko

ubuntu@kiko:~$ mkdir blog && cd blog

ubuntu@kiko:~/blog$ vi docker.compose.yaml

---------------------------------------------------

version: "3"
services:
  frontend:
    image: wordpress
    ports:
      - "8089:80"
    depends_on:
      - backend
    environment:
      WORDPRESS_DB_HOST: backend
      WORDPRESS_DB_USER: root
      WORDPRESS_DB_PASSWORD: "coffee"
      WORDPRESS_DB_NAME: wordpress
    networks:
      dmz:
        ipv4_address: "192.168.33.89"
  backend:
    image: "mysql:5.7"
    environment:
      MYSQL_DATABASE: wordpress
      MYSQL_ROOT_PASSWORD: "coffee"
    volumes:
      - ./mysql:/var/lib/mysql
    networks:
      dmz:
        ipv4_address: "192.168.33.90"
networks:
  dmz:
    ipam:
      driver: default
      config:
        - subnet: "192.168.33.0/24"

----------------------------------------------------

ubuntu@kiko:~/blog$ docker-compose up -d 

ubuntu@kiko:~/blog$ docker-compose ps

ubuntu@kiko:~/blog$ docker network ls

ubuntu@kiko:~/blog$ docker inspect blog_dmz

 

http://kiko.mshome.net:8089/


Links:

  • Docker Compose 101

Nov 24, 2022

Docker Compose 101

Let's follow the steps to create first docker images.


First, we just start a docker images with Multipass.

PS> multipass launch docker -n kiko

Login to docker (kiko) and start creating docker-compose.yaml.

PS> multipass shell kiko

ubuntu@kiko:~$ mkdir coffee && cd coffee

ubuntu@kiko:~/coffee$ vi docker.compose.yaml

---------------------------------------------------

version: "3"
services:
  website:
    image: nginx
    ports:
      - "8081:80"
    restart: always 

----------------------------------------------------

ubuntu@kiko:~/coffee$ docker-compose up -d 

ubuntu@kiko:~/coffee$ docker-compose ps

Add second image with different network (coffee).

ubuntu@kiko:~/coffee$ vi docker.compose.yaml

---------------------------------------------------

version: "3"
services:
  website:
    image: nginx
    ports:
      - "8081:80"
    restart: always
  website2:
    image: nginx
    ports:
      - "8082:80"
    restart: always
    networks:
      coffee:
        ipv4_address: 192.168.92.22
networks:
  coffee:
    ipam:
      driver: default
      config:
        - subnet: "192.168.92.0/24"

----------------------------------------------------

ubuntu@kiko:~/coffee$ docker-compose up -d 

ubuntu@kiko:~/coffee$ docker network ls 

ubuntu@kiko:~/coffee$ docker inspect coffee_default 

ubuntu@kiko:~/coffee$ docker inspect coffee_coffee


Links:

Nov 23, 2022

Docker Container 101

Virtualization or hypervisor virtualizes hardware; docker container virtualizes OS kernel.

First, we just start a docker images with Multipass.

PS> multipass launch docker -n kiko

Login to docker and start download the images.

PS> multipass shell kiko

ubuntu@kiko:~$ docker pull centos

ubuntu@kiko:~$  docker container run -itd --name cc centos

ubuntu@kiko:~$ docker exec -it cc bash 

[root@a4d5e22b6ef5 /]# cat /etc/os-release

Try download other images.

ubuntu@kiko:~$ docker pull archlinux 

ubuntu@kiko:~$ docker pull ubuntu

ubuntu@kiko:~$ docker pull almalinux

ubuntu@kiko:~$ docker run -itd --name uu ubuntu

Check the utilization and stop the container.

ubuntu@kiko:~$ docker stats

ubuntu@kiko:~$ docker stop uu cc 

 

Why container runs so fast and why use container?

  • share the kernel with hosts (compare to separate guest OS kernel).
  • use control group to define cpu, mem, disk, network namespaces.
  • container is portable.
  • micro-service concept.


Links:

Nov 21, 2022

Redmine on Docker

This is a quick tutorial on setting up a Redmine on Docker container.

 

Overview

Redmine is a flexible project management web application written using Ruby on Rails framework.


Architecture

This is to simulate how to dockerize a production-ready infrastructure on Redmine application using Nginx as reverse proxy.


Prerequisite

I'm using the Multipass to setup my docker platform.

PS> multipass launch docker -n dido

PS> multipass shell dido


Setup

First, create 3 files within an empty folder.

  1. Dockerfile
  2. conf/default.conf
  3. conf/supervisord.conf

~$ mkdir red

~$ cd red

~/red$ cat Dockerfile 

------------------8<-------------------------

FROM redmine:5

RUN apt update && \
    apt install -y \
    supervisor \
    nginx && \
    apt clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

COPY conf/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY conf/default.conf /etc/nginx/sites-available/default

EXPOSE 80

ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

------------------8<------------------------- 

~/red$ cat conf/default.conf

------------------8<------------------------- 

server {
    listen       80;
    server_name  _;

    location / {
        proxy_pass http://127.0.0.1:3000;
    }
}

------------------8<------------------------- 

~/red$ cat conf/supervisord.conf

------------------8<------------------------- 

[supervisord]
nodaemon=true
user=root

[program:nginx]
user=root
command=nginx

[program:redmine]
user=redmine
directory=/usr/src/redmine
command=/docker-entrypoint.sh rails server -b 127.0.0.1

------------------8<-------------------------

 

Build the Docker Image

Next, build the docker image called "redapp".

~/red$ docker build -t redapp . 

Sending build context to Docker daemon  4.608kB
Step 1/6 : FROM redmine:5
 ---> 7cc28c5d1864
Step 2/6 : RUN apt update &&     apt install -y     supervisor     nginx &&     apt clean &&     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 ---> Using cache
 ---> 03ee1eb12c0a
Step 3/6 : COPY conf/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 ---> Using cache
 ---> bfaee539e7d4
Step 4/6 : COPY conf/default.conf /etc/nginx/sites-available/default
 ---> Using cache
 ---> 8f20ffe3be6a
Step 5/6 : EXPOSE 80
 ---> Using cache
 ---> de69fec60e49
Step 6/6 : ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 ---> Using cache
 ---> 3e9b0eecdfaf
Successfully built 3e9b0eecdfaf
Successfully tagged redapp:latest


Start the Docker image as Container

Next, run the container by exposing the port 80 (external on eth0 interface) with Nginx (internal port 80 on docker0 interface)

~/red$ docker run -p 80:80 -d redapp 

4851a3266f50ebd3ee7c3c69e87bc2e4697e74e699839b21f566119c39e5665f


Access the Redmine Application

Last, point the browser to the URL at http://172.18.238.107/login (where 172.18.238.107 is the IP address at my eth0 interface).

http://172.18.238.107/login

Links:

Nov 7, 2022

Weather at CmdLine

Check or curl your weather at cmdline with :

$ curl -s wttr.in/Melbourne?format="%l:%c+%C+%t/%f+%h+%w+%m+UV:%u/12+%P"
Melbourne:⛅️  Partly cloudy +15°C/+14°C 59% ↑31km/h 🌗 UV:3/12 1016hPa

$ curl -s wttr.in/New+York?format="%l:%c+%C+%t/%f+%h+%w+%m+UV:%u/12+%P"
New+York:☀️   Clear +1°C/-3°C 56% ↓15km/h 🌗 UV:1/12 1022hPa

PS> Invoke-RestMEthod  'https://wttr.in/New+York?format="%l:%c+%C+%t/%f+%h+%w+%m+UV:%u/12+%P"'
New+York:☀️   Clear +1°C/-3°C 56% ↓15km/h 🌗 UV:1/12 1022hPa


Links:

Nov 5, 2022

Windows Commands

This set of documentation describes the Windows Commands you can use to automate tasks by using scripts or scripting tools.

All supported versions of Windows and Windows Server have a set of Win32 console commands built in.

 

Links:

Nov 3, 2022

MS Teams Dev Mode

 

 

Microsoft Teams is power by Electron, SlimCore, Chromium, Node.js, and V8 Javascript engine. (No wonder it sucks up all your memory)

To check your MS Teams version, you have to enter the Dev Mode with the following steps:

  1. Minimize your MS Teams, and you should see the small icon at taskbar (beside datetime).
  2. Continuously (left) click on the icon for 7 times.
  3. Right click the icon and you should see the hidden menu.
  4. Click "Get Electron/SlimCore version".

 


Nov 2, 2022

Firefox Tuning

Once again, I need to tune my new Firefox browser settings.


Change settings with about:config:

Description Settings Values Default
To disable disk cache browser.cache.disk.enable false true
To disable disk cache on SSL browser.cache.disk_cache_ssl false true
To enable RAM cache browser.cache.memory.enable true true
To set RAM cache capacity based on 2GB physical memory browser.cache.memory.capacity 24576 -1


To view current memory cache usage, put about:cache?device=memory in the Location Bar.


Links:

Nov 1, 2022

Debugging Windows 11

I was installing my printer driver to my new Windows 11.

And I need a debugger to troubleshoot my printer driver. It is time to get a Windows Debugger for the new OS.

The Windows Debugger (WinDbg) can be used to debug kernel-mode and user-mode code, analyze crash dumps, and examine the CPU registers while the code executes. 

Before get start with Windows debugging, we need to complete 2 things.

Seem like the easiest way to get Windows symbols is to use the Microsoft public symbol server. The symbol server makes symbols available to your debugging tools as needed and make it easier to debug your code. 

After a symbol file is downloaded from the symbol server it is cached on the local computer for quick access. And Microsoft no longer publishing the offline symbol packages for Windows.

While looking for WinDBG, I also found WinDbg Preview (at MS Store).

WinDbg Preview is the latest version of WinDbg with more modern visuals, faster windows, a full-fledged scripting experience, built with the extensible debugger data model front and center. In short, simply more user friendly.

And the best part is, WinDbg Preview is available in MS Store. Simply run the cmdline below to install it.

C:\> winget install WinDbg --source msstore

Links: