Testbed (Sicurezza)

All lab exercises are reproducible in a linux testbed implemented as a docker container. You can run it locally in your laptop (runs on Linux,  Windows, Mac) by either installing docker or by running a Linux VM with docker already installed.

Running the testbed with docker

  1. Install Docker CE from here or use the Linux VM with docker already installed
  2. Run the docker image (automatic download)
    $ docker run --rm -it secunive/sec:testbed bash
    Home: /tmp/tmp.bb8xzokM7J
    rookie@dcd7a8da42c7:~$
  3. The above command will start the linux testbed used during the course

Mounting a volume

You can mount a local folder as follows:

$ docker run --rm -it -v /fullpath/MyVolume:/tmp/MyVolume secunive/sec:testbed bash
Home: /tmp/tmp.bb8xzokM7J
rookie@dcd7a8da42c7:~$ ls /tmp/MyVolume
hello.txt
rookie@dcd7a8da42c7:~$

The above command will mount your local folder /fullpath/MyVolume into /tmp/MyVolume in the docker container. In this way you can edit file locally and keep a copy of what you do (files are not preserved when you close the container).

NOTE: replace /fullpath/MyVolume with the path of the local folder you want to mount. Be sure that the folder exists before you start docker! If the folder does not exists, docker will create it as root and you won’t be able to use it.

Jupyter notebook

To use jupyter notebook you have to map port 8888 locally as follows:

docker run --rm -it -p 8888:8888 secunive/sec:testbed

Then move to your preferred folder and start the jupyter notebook server as follows:

cd Python
jupyter notebook --ip 0.0.0.0

The last line of the output will report the url that you can copy-and-paste in your browser (copy also the token value):

...
http://127.0.0.1:8888/?token=...

If you want to be able to use the terminal it is enough to start the server in the background using &:

jupyter notebook --ip 0.0.0.0 &

Accessing with ssh

ssh is supported, you only need to map the port as follows:

docker run -p2223:22 --rm -it  secunive/sec:testbed bash

Then you can access with (password rookie):

ssh rookie@localhost -p2223

Notice that this also work in the  Linux VM with docker already installed and allows for directly connecting to the testbed machine without passing through the alpine linux host. You can also use sshfs to mount the testbed filesystem remotely (requires WSL 2 in Windows 10).

Pulling the latest image

Image might be updated during the semester. If you need to pull the latest one just use the pull command of docker:

$ docker pull secunive/sec:testbed 
testbed: Pulling from secunive/sec
...

gdb in docker

UPDATE 2023: with the latest version of docker the profile below is not necessary to run gdb. So it is enough to run docker as 

docker run --rm -it secunive/sec:testbed bash

For previous docker versions, to run gdb in docker you need a customised secure computing mode (seccomp) profile. Download it here and run docker as follows:

docker run --rm -it --security-opt seccomp=./gdb.json secunive/sec:testbed