search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.36k stars 161 forks source link

VECTR - Docker - Redhat #125

Closed roelstorms closed 3 years ago

roelstorms commented 3 years ago

Trying to run VECTR using docker-compose on redhat.

All containers seem to come up correctly. But when trying to reach the tomcat container on port 8081, we get a reset from Tomcat.

docker logs shows the following problem:

Caused by: com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {typ
e=UNKNOWN, servers=[{address=vectr-mongo:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exce
ption opening socket}, caused by {java.net.SocketTimeoutException: connect timed out}}]

So I try troubleshooting and go into a netshoot container attached to the same bridged network:

docker run -it --net vectr-sandbox1_vectr_bridge nicolaka/netshoot

Run ping:

ping vectr-mongo 
PING vectr-mongo (10.0.27.3) 56 (84) bytes of data.

This shows that is can resolve vectr-mongo to the correct IP but pinging the containers receives no response.

ping vectr-sandbox1_tomcat_1 (name of my tomcat container) gives the same.

wget http://vectr-sandbox1_tomcat_1:8443
Connecting to vectr-sandbox1_tomcat_1:8443 (10.0.27.6:8443)

So no connection. Same on port 8081 instead of 8443.

It seems like a docker networking issue to me since Tomcat can't find MongoDB and netshoot can resolve container names but can't ping and can't reach the HTTP service running on Tomcat.

Also tried this stackoverflow suggestion which believe docker0 interface needs to be added to the trusted zone of the firewalld. However, the problem persists and when restarting docker I get an error that docker can't set the zone for docker0 since the zone is already set to be trusted. So docker daemon won't restart.

I even STOPPED firewalld, restarted docker, docker-compose up. Same issue, can't reach mongodb from Tomcat.

My next debugging step is to change the bridge network to a host network since I assume FirewallD - Iptables - SELinux causing some trouble.

SRAPSpencer commented 3 years ago

What version of RHEL are you using?

There's a long running disagreement between Red Hat and Docker that looks to be worsening. Since this is basically a Docker issue I'm not sure how much support we can provide other than telling you you're not alone. This sounds related to this issue here? https://github.com/moby/moby/issues/32138

Another thing to check might be the IPv6 support. I did hear from someone recently that their RHEL instance defaulted to IPv6 which was causing issues with the docker networking.

Let me know if you have any other questions.

Paul

roelstorms commented 3 years ago

Should check RHEL version in the morning. Just wanted to list it here as possible problem but indeed seems like a docker-RHEL problem rather than VECTR. I looked at that Github resource as well. Probably only way to figure this out is dive into Iptables.

Maybe you guys knew it as something else.