All lab exercises are reproducible in a linux testbed implemented as a docker container. You can run it locally in your laptop (runs on Linux, Windows, Mac) by either installing docker or by running a Linux VM with docker already installed.
Running the testbed with docker
- Install Docker CE from here or use the Linux VM with docker already installed
- Run the docker image (automatic download)
$ docker run --rm -it secunive/sec:testbed bash Home: /tmp/tmp.bb8xzokM7J rookie@dcd7a8da42c7:~$
- The above command will start the linux testbed used during the course
Mounting a volume
You can mount a local folder as follows:
$ docker run --rm -it -v /fullpath/MyVolume:/tmp/MyVolume secunive/sec:testbed bash Home: /tmp/tmp.bb8xzokM7J rookie@dcd7a8da42c7:~$ ls /tmp/MyVolume hello.txt rookie@dcd7a8da42c7:~$
The above command will mount your local folder
/tmp/MyVolume in the docker container. In this way you can edit file locally and keep a copy of what you do (files are not preserved when you close the container).
/fullpath/MyVolume with the path of the local folder you want to mount. Be sure that the folder exists before you start docker! If the folder does not exists, docker will create it as root and you won’t be able to use it.
To use jupyter notebook you have to map port 8888 locally as follows:
docker run --rm -it -p 8888:8888 secunive/sec:testbed
Then move to your preferred folder and start the jupyter notebook server as follows:
jupyter notebook --ip 0.0.0.0
The last line of the output will report the url that you can copy-and-paste in your browser (copy also the token value):
If you want to be able to use the terminal it is enough to start the server in the background using
jupyter notebook --ip 0.0.0.0 &
Accessing with ssh
ssh is supported, you only need to map the port as follows:
docker run -p2223:22 --rm -it secunive/sec:testbed bash
Then you can access with (password
ssh rookie@localhost -p2223
Notice that this also work in the Linux VM with docker already installed and allows for directly connecting to the testbed machine without passing through the alpine linux host. You can also use
sshfs to mount the testbed filesystem remotely (requires WSL 2 in Windows 10).
Pulling the latest image
Image might be updated during the semester. If you need to pull the latest one just use the pull command of docker:
$ docker pull secunive/sec:testbed testbed: Pulling from secunive/sec ...
gdb in docker
UPDATE 2023: with the latest version of docker the profile below is not necessary to run gdb. So it is enough to run docker as
docker run --rm -it secunive/sec:testbed bash
For previous docker versions, to run gdb in docker you need a customised secure computing mode (seccomp) profile. Download it here and run docker as follows:
docker run --rm -it --security-opt seccomp=./gdb.json secunive/sec:testbed