Docker Export and Save Difference

-pull docker image
# docker pull busybox
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox                       latest              8ac48589692a        12 days ago         1.15MB

-make changes to a container
# docker run busybox mkdir /home/test

# docker ps -a
CONTAINER ID        IMAGE                         COMMAND                  CREATED              STATUS                          PORTS                  NAMES
87fa2f411346        busybox                       “mkdir /home/test”       About a minute ago   Exited (0) About a minute ago                          festive_spence

-commit this changed container and create a new image called busybox-1
# docker commit 87fa2f411346 busybox-1
sha256:4ac0618d96c9f1a5cc6fef88e8310bdd32f4af7da84bf77f712c36e439b2abae

-should see the image busybox and busybox-1
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1                     latest              4ac0618d96c9        16 seconds ago      1.15MB
busybox                       latest              8ac48589692a        12 days ago         1.15MB

-to see the difference between both images
# docker run busybox [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory not found
# docker run busybox-1 [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory found

# docker ps -a
CONTAINER ID        IMAGE                         COMMAND                  CREATED             STATUS                      PORTS                  NAMES
66db57b1054b        busybox-1                     “[ -d /home/test ]”      4 minutes ago       Exited (0) 4 minutes ago                           suspicious_pike
2f6107852442        busybox                       “[ -d /home/test ]”      4 minutes ago       Exited (1) 4 minutes ago                           infallible_euclid

-Export is used to persist a container (not an image)
NOTE: you can export while container running
# docker export 2f6107852442 > /tmp/export.tar
The result is a TAR-file which should be slightly smaller than the one from save

-Save is used to persist an image (not a container)
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1                     latest              4ac0618d96c9        8 minutes ago       1.15MB
busybox                       latest              8ac48589692a        12 days ago         1.15MB

# docker save busybox-1 > /tmp/save.tar
The result is a TAR-file which should be slightly bigger than the one from export

-we clean up a little bit – we remove all containers and images we have right now
# docker rmi busybox busybox-1
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE

-restore an export.tar
# cat /tmp/export.tar | sudo docker import – busybox-1-export:latest
# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1-export              latest              4ca587fe5d23        13 seconds ago      1.15MB

# sudo docker run busybox-1-export [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory not found

-restore a save.tar
# docker load < /tmp/save.tar
0314be9edf00: Loading layer   1.36MB/1.36MB
7b125480d284: Loading layer  2.048kB/2.048kB
Loaded image: busybox-1:latest

# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox-1-export              latest              4ca587fe5d23        5 minutes ago       1.15MB
busybox-1                     latest              4ac0618d96c9        About an hour ago   1.15MB
# docker run busybox-1 [ -d /home/test ] && echo ‘Directory found’ || echo ‘Directory not found’
Directory found

So what’s the difference between both?
Well, as we saw the exported version is slightly smaller. That is because it is flattened, which means it lost its history and meta-data.
We can see this by the following command:
# docker history busybox-1-export
IMAGE               CREATED             CREATED BY          SIZE                COMMENT
4ca587fe5d23        8 minutes ago                           1.15MB              Imported from –

# docker history busybox-1
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
4ac0618d96c9        About an hour ago   mkdir /home/test                                0B
<missing>           12 days ago         /bin/sh -c #(nop)  CMD [“sh”]                   0B
<missing>           12 days ago         /bin/sh -c #(nop) ADD file:c94ab8f861446c74e…   1.15MB
Advertisements

Kali linux on Docker Installation

# docker pull kalilinux/kali-linux-docker
# docker run -ti kalilinux/kali-linux-docker bash
# apt full-upgrade -y

-above installation is for base installation only. There are other tools packages need to be installed
For examples:
* kali-linux 1.5GB
The kali-linux metapackage is a completely bare-bones installation of Kali Linux and includes various network services such as Apache and SSH, the Kali kernel, and a number of version control applications like git, svn, etc. All of the other metapackages listed below also contain kali-linux.
* kali-linux-all 15GB
In order to keep our ISO sizes reasonable, we are unable to include every single tool that we package for Kali and there are a number of tools that are not able to be used depending on hardware, such as various GPU tools. If you want to install every available Kali Linux package, you can install the kali-linux-all metapackage.
* kali-linux-forensic 3.1GB
If you are doing forensics work, you don’t want your analysis system to contain a bunch of unnecessary tools. To the rescue comes the kali-linux-forensic metapackage, which only contains the forensics tools in Kali.
* kali-linux-full 9GB
When you download a Kali Linux ISO, you are essentially downloading an installation that has the kali-linux-fullmetapackage installed. This package includes all of the tools you are familiar with in Kali.
* kali-linux-gpu 4.8GB
GPU utilities are very powerful but need special hardware in order to function correctly. For this reason, they are not included in the default Kali Linux installation but you can install them all at once with kali-linux-gpu and get cracking.
* kali-linux-pwtools 6GB
The kali-linux-pwtools metapackage contains over 40 different password cracking utilities as well as the GPU tools contained in kali-linux-gpu.
* kali-linux-rfid 1.5GB
For our users who are doing RFID research and exploitation, we have the kali-linux-rfid metapackage containing all of the RFID tools available in Kali Linux.
* kali-linux-sdr 2.4GB
The kali-linux-sdr metapackage contains a large selection of tools for your Software Defined Radio hacking needs.
* kali-linux-top10 3.5GB
In Kali Linux, we have a sub-menu called “Top 10 Security Tools”. The kali-linux-top10 metapackage will install all of these tools for you in one fell swoop.
* kali-linux-voip 1.8GB
Many people have told us they use Kali Linux to conduct VoIP testing and research so they will be happy to know we now have a dedicated kali-linux-voip metapackage with 20+ tools.
* kali-linux-web 4.9GB
Web application assessments are very common in the field of penetration testing and for this reason, Kali includes the kali-linux-web metapackage containing dozens of tools related to web application hacking.
* kali-linux-wireless 6.6GB
Like web applications, many penetration testing assessments are targeted towards wireless networks. The kali-linux-wireless metapackage contains all the tools you’ll need in one easy to install package.

# apt install kali-linux-top10 man-db exploitdb -y

To see the list of tools included in a metapackage, you can use simple apt commands. For example, to list all the tools included in the kali-linux-web metapackage, we could:
# apt-cache show kali-linux-top10 man-db |grep Depends
Depends: kali-linux, aircrack-ng, burpsuite, hydra, john, maltego, maltego-teeth, metasploit-framework, nmap, zaproxy, sqlmap, wireshark
Depends: bsdmainutils, debconf (>= 1.2.0) | debconf-2.0, groff-base (>= 1.18.1.1-15), libc6 (>= 2.17), libgdbm5 (>= 1.12), libpipeline1 (>= 1.5.0), libseccomp2 (>= 2.1.0), zlib1g (>= 1:1.1.4)
Pre-Depends: dpkg (>= 1.16.1~)

Installing Mvance/Unbound Docker

-download unbound docker
-remove unneeded files
# rm -rf 1.5*
# rm -rf 1.6*
# cd 1.7.0
-modify A and PTR records
# cat a-records.conf
# A Record
local-data: “wwwngtrain.com. A 10.0.10.80″
# PTR Record
local-data-ptr: “10.0.10.80 www.ngtrain.com.”

-run unbound docker
# docker run –name unbound -d -p 53:53/udp -v $(pwd)/a-records.conf:/opt/unbound/etc/unbound/a-records.conf:ro –restart=always mvance/unbound:latest

# ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:4c:11:0b:8e
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:4cff:fe11:b8e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:71 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7296 (7.2 KB)  TX bytes:32517 (32.5 KB)
eth0      Link encap:Ethernet  HWaddr 00:0c:29:bb:8b:8e
          inet addr:10.0.10.131  Bcast:10.0.10.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:febb:8b8e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:104709 errors:0 dropped:0 overruns:0 frame:0
          TX packets:51577 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:138032839 (138.0 MB)  TX bytes:4026802 (4.0 MB)

# nslookup
> server 10.0.10.131
Default server: 10.0.10.131
Address: 10.0.10.131#53
Server:         10.0.10.131
Address:        10.0.10.131#53
Name:   vc.ngtrain.com
Address: 10.0.10.80
> exit

Docker Installation

LINUX:
Ubuntu
# apt-get update
# apt-get install apt-transport-https ca-certificates curl software-properties-common
# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –
Verify that you now have the key with the fingerprint9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88, by searching for the last 8 characters of the fingerprint.
# apt-key fingerprint 0EBFCD88
pub   4096R/0EBFCD88 2017-02-22
      Key fingerprint = 9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid                  Docker Release (CE deb) <docker@docker.com>
sub   4096R/F273FCD8 2017-02-22
# add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) edge”
# apt-get update
# apt-get install docker-ce

Note:
https://askubuntu.com/questions/505506/how-to-get-bash-or-ssh-into-a-running-container-in-background-mode
From the security standpoint better using sudo than docker group

-add your current user to docker group
$ sudo usermod -aG docker $USER
-test docker can run
# docker info
# docker version
# docker ps

# docker run hello-world

MAC:
I choose Edge because it has Kubernetes
-click 2x Docker.img

drag Docker into Applications

-open Terminal
$ docker ps

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

$ docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.03.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.87-linuxkit-aufs
Operating System: Docker for Mac
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.952GiB
Name: linuxkit-025000000001
ID: 7S3J:6MMM:ZCYZ:W2FP:Q5ER:WLAC:IN4J:C5IP:3ADB:OIIC:BDPX:U5DS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 21
 Goroutines: 39
 System Time: 2018-04-15T09:00:17.847990624Z
 EventsListeners: 2
HTTP Proxy: docker.for.mac.http.internal:3128
HTTPS Proxy: docker.for.mac.http.internal:3129
Labels:
Experimental: true
Insecure Registries:
 127.0.0.0/8

Live Restore Enabled: false

$ docker version
Client:
 Version:     18.04.0-ce
 API version:        1.37
 Go version:         go1.9.4
 Git commit:        3d479c0
 Built:Tue Apr 10 18:13:16 2018
 OS/Arch:   darwin/amd64
 Experimental:     false
 Orchestrator:     swarm
Server:
 Engine:
  Version:    18.03.0-ce
  API version:       1.37 (minimum version 1.12)
  Go version:        go1.9.4
  Git commit:       0520e24
  Built:         Wed Mar 21 23:14:32 2018
  OS/Arch:  linux/amd64

  Experimental:    true

WINDOWS:
NOTE:

-VMware Workstation vm won’t run if Hyper-V installed on Windows

click 2x Docker for Windows Installer.exe
-on Configuration prompt
tick Add shortcut to desktop

click OK

click Close and Logout
Login back
-on “Hyper-V and Containers features are not enabled. Do you want to enable them for Docker to be able to work properly? Your computer will restart automatically. Note: VirtualBox will no longer work.” prompt
click OK
-run Powershell ISE
> docker version
> docker info
> docker ps