Skip to content

Running MHN in Docker

Jump to bottom
Sean Maloney edited this page Oct 1, 2019 · 2 revisions

Thanks to @epicism for this contribution, source here.

Hello all,

This isn't an issue as much as sharing post. I have hacked my way into configuring MHN on a docker container for simplicity. Because docker doesn't use standard services, I had to hack supervisord to start services at appropriate times.

To start a docker container, use the command

docker run -p 10000:10000 -p 80:80 -p 3000:3000 -p 8089:8089 --name mhn -t -i ubuntu:14.04.2 /bin/bash

*Note: 8089 is if you are using the Splunk forwarder, and you can chose between 80 and 443. You can also make the host OS' port separate from the docker container's port by using [hostport]:[dockerport], which is convenient for honeypots.

Next, create and run the following script:

#!/bin/bash

set -x

apt-get update 
apt-get upgrade -y 
apt-get install git wget gcc supervisor -y 
cd /opt/ 
git clone https://github.com/Pwnlandia/mhn.git 
cd mhn

cat > /etc/supervisor/conf.d/mhntodocker.conf <<EOF
[program:mongod]
command=/usr/bin/mongod
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
autorestart=true
autostart=true

[program:nginx]
command=/usr/sbin/nginx
stdout_events_enabled=true
stderr_events_enabled=true
autostart=true
autorestart=true

EOF

mkdir -p /data/db /var/log/mhn /var/log/supervisor

supervisord &

#Starts the mongod service after installation
echo supervisorctl start mongod >> /opt/mhn/scripts/install_mongo.sh

./install.sh

supervisorctl restart all

I haven't started deploying honeypots yet, which is my next task. Unfortunately, due to the interactive nature of MHN's installation, supervisord is manually running in the background instead of as a started service. To restart the container later use

docker start <containerID> 
docker exec <containerID> supervisord &

Don't forget to reference the host's IP address or Hostname as the MHN server's IP unless you are using Docker's internal networking. You could also pass the script during the docker container creation, but since you have to execute it inside of the container it doesn't really matter.

If there is enough interest in this my hope is that we can create a process to generate a docker image/honeypot images on the fly, perhaps by passing a simple config file to the image on run which configures the server as required.

Cheers. Epic

Clone this wiki locally