search

JPCERTCC / LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log
Other
2.7k stars 441 forks source link

Docker container won't start, stuck in loop #140

Open luckman212 opened 1 month ago

luckman212 commented 1 month ago

I installed a fresh Debian 12 LXC container with 2GB RAM provisioned and installed Docker on it.

# docker -v
Docker version 27.1.1, build 6312585

docker run hello-world as well as docker run -it ubuntu bash are successful. Host and Container has a valid IP and can ping out etc.

Example (parts chopped out to keep it short):

# docker run -it ubuntu bash
root@053daff23603:/# apt update
root@053daff23603:/# apt install inetutils-ping
root@053daff23603:/# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=58 time=4.631 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=4.693 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=5.993 ms
^C--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.631/5.106/5.993/0.628 ms

I am then executing the following command:

docker run --rm \
-p 7474:7474 \
-p 7687:7687 \
-p 8080:8080 \
-e LTHOSTNAME=localhost \
jpcertcc/docker-logontracer

This is the output -- it just gets stuck in a loop:

2024-07-31 16:26:06,155 INFO spawned: 'logontracer' with pid 2165
2024-07-31 16:26:07,608 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:09,438 WARN exited: neo4j (terminated by SIGKILL; not expected)
2024-07-31 16:26:09,439 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:09,445 INFO spawned: 'logontracer' with pid 2212
2024-07-31 16:26:09,446 INFO spawned: 'neo4j' with pid 2213
2024-07-31 16:26:10,449 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:10,449 INFO success: neo4j entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:12,234 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:12,912 INFO spawned: 'logontracer' with pid 2317
2024-07-31 16:26:13,913 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:15,152 WARN exited: neo4j (terminated by SIGKILL; not expected)
2024-07-31 16:26:15,272 INFO spawned: 'neo4j' with pid 2378
2024-07-31 16:26:15,534 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:16,540 INFO spawned: 'logontracer' with pid 2466
2024-07-31 16:26:16,540 INFO success: neo4j entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:17,744 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:19,019 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:21,752 INFO spawned: 'logontracer' with pid 2536
2024-07-31 16:26:21,779 WARN exited: neo4j (terminated by SIGKILL; not expected)
2024-07-31 16:26:22,782 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:22,783 INFO spawned: 'neo4j' with pid 2542
2024-07-31 16:26:24,447 INFO success: neo4j entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:24,447 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:24,803 INFO spawned: 'logontracer' with pid 2636
2024-07-31 16:26:26,072 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:26,266 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:26,460 INFO spawned: 'logontracer' with pid 2650
2024-07-31 16:26:27,465 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:29,350 WARN exited: neo4j (terminated by SIGKILL; not expected)
2024-07-31 16:26:29,360 INFO spawned: 'neo4j' with pid 2699
2024-07-31 16:26:29,595 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:30,600 INFO spawned: 'logontracer' with pid 2787
2024-07-31 16:26:30,600 INFO success: neo4j entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:31,951 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:34,574 WARN exited: logontracer (exit status 1; not expected)
2024-07-31 16:26:34,609 INFO spawned: 'logontracer' with pid 2835
2024-07-31 16:26:34,610 WARN exited: neo4j (terminated by SIGKILL; not expected)
^C2024-07-31 16:26:35,610 INFO success: logontracer entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-07-31 16:26:35,611 INFO spawned: 'neo4j' with pid 2841
2024-07-31 16:26:35,613 WARN received SIGINT indicating exit request
2024-07-31 16:26:35,616 INFO waiting for logontracer, neo4j to die
2024-07-31 16:26:35,616 WARN stopped: neo4j (terminated by SIGTERM)
2024-07-31 16:26:35,956 WARN stopped: logontracer (terminated by SIGTERM)

I have (re)built this from the ground up 3 times already, not sure what I'm doing wrong.

Any advice?