Lab
Cybersecurity Lab Setup with Docker
This guide will walk you through setting up a complete cybersecurity lab using Docker. It includes a Kali Linux container, vulnerable web apps, and other services like Metasploitable and DVWA. We'll also cover network isolation, reverse proxy, and logging using the ELK Stack.
1️⃣ Prerequisites: Install Docker & Docker Compose
Install Docker
Ensure that Docker and Docker Compose are installed on your machine. Run the following commands:
sudo apt update && sudo apt install docker.io docker-compose -yVerify your installation by checking the versions:
docker --version
docker-compose --version2️⃣ Set Up a Docker Network
To allow communication between the containers, we need to set up a custom network.
docker network create cyberlab3️⃣ Create a docker-compose.yml File
docker-compose.yml FileWe’ll define the services in a docker-compose.yml file. This file will define containers like Kali Linux, DVWA, Metasploitable, and Juice Shop.
Create a cyberlab folder and open the docker-compose.yml file:
mkdir ~/cyberlab && cd ~/cyberlab
nano docker-compose.ymlPaste the following content into the file:
yamlCopyversion: '3.8'
services:
kali:
image: kalilinux/kali-rolling
container_name: kali
command: tail -f /dev/null # Keeps container running
tty: true
stdin_open: true
networks:
- cyberlab
dvwa:
image: vulnerables/web-dvwa
container_name: dvwa
ports:
- "8080:80"
restart: always
networks:
- cyberlab
metasploitable:
image: tleemcjr/metasploitable2
container_name: metasploitable
ports:
- "2222:22" # SSH
- "3389:3389" # RDP
networks:
- cyberlab
juice-shop:
image: bkimminich/juice-shop
container_name: juice-shop
ports:
- "3000:3000"
restart: always
networks:
- cyberlab
networks:
cyberlab:
driver: bridgeThis setup defines four containers:
Kali Linux for penetration testing.
DVWA (Damn Vulnerable Web App) for web app security practice.
Metasploitable2 for exploiting known vulnerabilities.
OWASP Juice Shop for web application security practice.
4️⃣ Start the Lab
Run the following command to start all containers:
docker-compose up -dThis will start all containers in detached mode.
5️⃣ Access Containers
Here’s how you can access each container:
Kali Linux Shell
To access Kali Linux's interactive shell, run:
docker exec -it kali /bin/bashDVWA (Damn Vulnerable Web App)
Open http://localhost:8080 in your browser. Login with:
Username:
adminPassword:
password
Metasploitable SSH
SSH into Metasploitable:
ssh msfadmin@localhost -p 2222Password: msfadmin
OWASP Juice Shop
Open http://localhost:3000 in your browser.
6️⃣ Enhance Your Cybersecurity Lab
Reverse Proxy (Traefik or NGINX)
To manage multiple services via a single entry point, you can use a reverse proxy like Traefik or NGINX.
Using Traefik
Traefik dynamically discovers services via Docker labels. Here's how you can configure it in docker-compose.yml:
yamlCopyservices:
traefik:
image: traefik:v2.9
container_name: traefik
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080" # Traefik Dashboard
networks:
cyberlab:
ipv4_address: 192.168.100.2
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
dvwa:
image: vulnerables/web-dvwa
container_name: dvwa
networks:
cyberlab:
ipv4_address: 192.168.100.10
labels:
- "traefik.enable=true"
- "traefik.http.routers.dvwa.rule=Host(`dvwa.local`)"Then, modify your /etc/hosts file to access dvwa.local locally:
192.168.100.10 dvwa.localStart the services:
docker-compose up -dYou can now access DVWA at http://dvwa.local and the Traefik Dashboard at http://localhost:8080.
Using NGINX
If you prefer NGINX for reverse proxy, use the following configuration for nginx.conf:
nginxCopyserver {
listen 80;
server_name dvwa.local;
location / {
proxy_pass http://192.168.100.10;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}Run NGINX with:
docker run -d --name nginx -p 80:80 -v $(pwd)/nginx.conf:/etc/nginx/nginx.conf:ro nginx7️⃣ Set Up Logging & Monitoring with the ELK Stack
To monitor logs from your containers, you can use the ELK Stack (Elasticsearch, Logstash, Kibana).
Add ELK to docker-compose.yml
docker-compose.ymlyamlCopyservices:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.5.0
environment:
- discovery.type=single-node
ports:
- "9200:9200"
networks:
cyberlab:
ipv4_address: 192.168.100.20
logstash:
image: docker.elastic.co/logstash/logstash:8.5.0
volumes:
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
depends_on:
- elasticsearch
networks:
cyberlab:
ipv4_address: 192.168.100.21
kibana:
image: docker.elastic.co/kibana/kibana:8.5.0
depends_on:
- elasticsearch
ports:
- "5601:5601"
networks:
cyberlab:
ipv4_address: 192.168.100.22Configure Logstash (logstash.conf)
logstash.conf)Create the logstash.conf file to specify how logs are processed:
input {
file {
path => "/var/log/nginx/access.log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["http://192.168.100.20:9200"]
}
}Run the ELK Stack:
docker-compose up -dAccess Kibana
You can access Kibana at http://localhost:5601 and start analyzing logs from your containers.
8️⃣ Set Up a Dedicated Subnet
To enhance your network setup, assign static IP addresses within a custom subnet.
Create a Custom Network
docker network create --subnet=192.168.100.0/24 cyberlabAssign Static IPs in docker-compose.yml
docker-compose.ymlEach container can be assigned a static IP address like this:
yamlCopynetworks:
cyberlab:
ipv4_address: 192.168.100.109️⃣ Running Vulnerable Containers
Metasploitable 2
Run Metasploitable 2 for vulnerability exploitation:
docker run -d --name metasploitable -p 2222:22 -p 80:80 tleemcjr/metasploitable2SSH:
msfadmin:msfadminWeb:
http://localhost:80
DVWA (Damn Vulnerable Web App)
Run DVWA:
docker run -d --name dvwa -p 8080:80 vulnerables/web-dvwaLogin:
admin:passwordAccess:
http://localhost:8080
Conclusion
You now have a fully functional cybersecurity lab with Docker. You can access vulnerable applications like DVWA, Juice Shop, and Metasploitable, all while monitoring logs with ELK and managing services with Traefik or NGINX. Use this environment for penetration testing, vulnerability discovery, and more!
Last updated