Homework answers / question archive / Spring 2022: Vulnerability Assessment of MongoDB in Linux Containers Project Outline: In order to implement the initial prototype, this project uses a local Linux based computing node or virtual Ubuntu Linux environment that is connected to any wired or wireless network with latest Ubuntu Linux O/S (18

Spring 2022: Vulnerability Assessment of MongoDB in Linux Containers Project Outline: In order to implement the initial prototype, this project uses a local Linux based computing node or virtual Ubuntu Linux environment that is connected to any wired or wireless network with latest Ubuntu Linux O/S (18

Computer Science

Share With

Spring 2022: Vulnerability Assessment of MongoDB in Linux Containers

Project Outline:

In order to implement the initial prototype, this project uses a local Linux based computing node or virtual Ubuntu Linux environment that is connected to any wired or wireless network with latest Ubuntu Linux O/S (18.04 or latest) as host computing environment. The whole process is involved four major steps as shown below in brief and Step-4 describes in detail that the implementation of the test bed with MongoDB (3.4 Community Edition) application.

Step-1. Install Ubuntu 18.04 on Host Machine (If not available use VirtualBox/VMware)
Step-2. Install Docker Engine (https://www.docker.com/)
Step-3. Install Singularity Engine (http://singularity.lbl.gov/)
Step-4. Find Vulnerability analysis tool for Application/Host/Network vulnerabilities
Step-5. Find the Docker or Singularity images of those tools found in Step-4. (If, for some of the tools, container images are not available try to make an image by yourself)
Step-6. Shortlist total number of tools to at least 3 and study the capabilities of the tool to find Application/Host/network vulnerabilities and load the loots into the testbed.
Step-7. Make the Test Bed
Step-8. Make the Experiments to find Application/Host/Network vulnerabilities
Step-9. Generate Results as a list of vulnerabilities for Application/Host/Network and determine the level of risk of each vulnerabilities (High/Medium/Low).
Step-10. Organize your results into table and charts and try to get some insights, conclusions and if possible find the root causes.

Even though the main focus of this project is based on singularity LXCs, Docker container images are also compatible with singularity; it is always better to install Docker engine too to verify and make sure some compatibility issues of Docker images with singularity.

Step-2. Install Docker Engine

The Docker installation package available in the official Ubuntu repository may not be the latest version. To ensure we get the latest version, we'll install Docker from the official Docker repository. To do that, we'll add a new package source, add the GPG key from Docker to ensure the downloads are valid, and then install the package.

First, update your existing list of packages:

sudo apt update

Next, install a few prerequisite packages which let apt use packages over HTTPS:

sudo apt install apt-transport-https ca-certificates curl software-properties-common

Then add the GPG key for the official Docker repository to your system:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –

Add the Docker repository to APT sources:

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"

Next, update the package database with the Docker packages from the newly added repo:

sudo apt update

Make sure you are about to install from the Docker repo instead of the default Ubuntu repo:

apt-cache policy docker-ce

You'll see output like this, although the version number for Docker may be different:

Output of: apt-cache policy docker-ce

docker-ce:

Installed: (none)

Candidate: 18.03.1~ce~3-0~ubuntu

Version table:

18.03.1~ce~3-0~ubuntu 500

500 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages

Notice that docker-ce is not installed, but the candidate for installation is from the Docker repository for Ubuntu 18.04 (bionic).

Finally, install Docker:

sudo apt install docker-ce

Docker should now be installed, the daemon started, and the process enabled to start on boot. Check that it's running:

sudo systemctl status docker

The output should be similar to the following, showing that the service is active and running:

? docker.service - Docker Application Container Engine

Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)

Active: active (running) since Thu 2018-07-05 15:08:39 UTC; 2min 55s ago

Docs: https://docs.docker.com

Main PID: 10096 (dockerd)

Tasks: 16

CGroup: /system.slice/docker.service

??10096 /usr/bin/dockerd -H fd://

??10113 docker-containerd --config /var/run/docker/containerd/containerd.toml

Installing Docker now gives you not just the Docker service (daemon) but also the docker command line utility, or the Docker client.

Please follow the following tutorial for more information about the Docker usage:

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04

Step-3. Install Singularity Engine (Adding the Mirror and Installing)

A. You should first enable the NeuroDebian repository following instructions on the NeuroDebian site. This means using the dropdown menus to find the correct mirror for your operating system and location. For example, after selecting Ubuntu 16.04 and selecting a mirror in CA, I am instructed to add these lists:

sudo wget -O- http://neuro.debian.net/lists/xenial.us-ca.full | sudo tee /etc/apt/sources.list.d/neurodebian.sources.list

sudo apt-key adv --recv-keys --keyserver hkp://pool.sks-keyservers.net:80 0xA5D32F012649A5A9

B. And then update

sudo apt-get update

C. Then singularity can be installed as follows:

sudo apt-get install -y singularity-container

Step-7.A. Setup the MongoDB Server

Get the singularity compatible MongoDB image from Docker hub and start the MongoDB server

root@akalanka:~# singularity shell docker://sam1211/mongoimage

Singularity mongoimage:~> mongod

Step-7.B. Setup the MongoDB Client

Get the singularity compatible MongoDB image from Docker hub and start the MongoDB client

root@akalanka:~# singularity shell docker://sam1211/mongoimage

Singularity mongoimage:~> mongo

Step-7.C. Add Vulnerability Analyzing Tools

1. OpenVAS

Get singularity compatible OpenVas image from Docker/Singularity hub & start OpenVas server

root@akalanka:~# singularity run docker://mikesplain/openvas:latest

Verify, by using the log file that OpenVas sever is started and listening on the relevant port until the frond-end web application is started. See below for real a log file.

==> /var/log/openvas/openvassd.messages <==

[Mon Jul 9 23:35:21 2018][897] openvassd 5.1.2 started

[Mon Jul 9 23:37:29 2018][1352] Client not present

[Mon Jul 9 23:37:30 2018][897] Received the Terminated signal

[Tue Jul 17 16:47:57 2018][4681] openvassd 5.1.2 started

[Tue Jul 17 16:50:51 2018][4754] Client not present

gsad main:MESSAGE:2018-07-17 16h52.42 UTC:4717: Authentication success for 'admin' from 127.0.0.1

Load the web browser in your host machine and place the URL “https://localhost/443” which prompts you to enter the application credentials given when the image is being created. After finishing all above sub steps OpenVAS tool is ready to find the vulnerabilities of a given system.

Report Outline:

Make a comprehensive report including the followings:

1. First page must include title and names.

2. Second page, Table of Content.

3. Problem statement. (What you did?)

4. Organization/Flow. (How did you do? – Include Methods)

5. Results. (Include tables and graphs)

6. Conclusions/Findings.

7. References.

***During any point that you need to title a label, use “IA612 Spring 2022 – P1”

References:

[1]. http://singularity.lbl.gov/