Testbed (Sicurezza)

All lab exercises are reproducible in a linux testbed implemented as a docker container. You can run it locally in your laptop (runs on Linux,  Windows, Mac) by either installing docker or by running a Linux VM with docker already installed.

Running the testbed with docker

  1. Install Docker CE from here or use the Linux VM with docker already installed
  2. Run the docker image (automatic download)
    $ docker run --rm -it secunive/sec:testbed bash
    Home: /tmp/tmp.bb8xzokM7J
    rookie@dcd7a8da42c7:~$
  3. The above command will start the linux testbed used during the course

Mounting a volume

You can mount a local folder as follows:

$ docker run --rm -it -v /fullpath/MyVolume:/tmp/MyVolume secunive/sec:testbed bash
Home: /tmp/tmp.bb8xzokM7J
rookie@dcd7a8da42c7:~$ ls /tmp/MyVolume
hello.txt
rookie@dcd7a8da42c7:~$

The above command will mount your local folder /fullpath/MyVolume into /tmp/MyVolume in the docker container. In this way you can edit file locally and keep a copy of what you do (files are not preserved when you close the container).

NOTE: replace /fullpath/MyVolume with the path of the local folder you want to mount. Be sure that the folder exists before you start docker! If the folder does not exists, docker will create it as root and you won’t be able to use it.

Accessing with ssh

ssh is supported, you only need to map the port as follows:

docker run -p2223:22 --rm -it  secunive/sec:testbed bash

Then you can access with (password rookie):

ssh rookie@localhost -p2223

Notice that this also work in the  Linux VM with docker already installed and allows for directly connecting to the testbed machine without passing through the alpine linux host. You can also use sshfs to mount the testbed filesystem remotely (requires WSL 2 in Windows 10).

Pulling the latest image

Image might be updated during the semester. If you need to pull the latest one just use the pull command of docker:

$ docker pull secunive/sec:testbed 
testbed: Pulling from secunive/sec
...

gdb in docker

To run gdb in docker you need a customised secure computing mode (seccomp) profile. Download it here and run docker as follows:

docker run --rm -it --security-opt seccomp=./gdb.json secunive/sec:testbed