Mount cifs/samba share inside container

#Dockerfile
FROM ubuntu
RUN apt update -y
RUN apt install  cifs-utils -y

docker build -t cifs .
docker run -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH   -cap-add NET_BIND_SERVICE cifs bash
#centos with privileged (working)

docker run --privileged -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH --cap-add NET_BIND_SERVICE centos bash
mount -t cifs -o username=a,password=a //192.168.0.228/public /mnt
mount -t cifs -o username=a,password=a //192.168.0.228/public /mnt
mount -t cifs -o username=a,password=a,ro,domain=WORKGROUP //192.168.0.228/public /a -v

ELK on docker-compose

version: '2.2'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.12.0
    container_name: elasticsearch
    environment:
      discovery.type: "single-node"
    volumes:
      - /root/elasticsearch:/usr/share/elasticsearch/data
    ports:
      - 9200:9200

  kibana:
    image: docker.elastic.co/kibana/kibana:7.12.0
    container_name: kibana
    environment:
      elasticsearch.hosts: "elasticsearch:9200"
    ports:
      - 5601:5601

Rabbitmq docker-compose

version: '3'
services:
  rabbitmq:
    image: rabbitmq:3-management
    restart: always
    container_name: rabbitmq
    environment:
      TZ: "Asia/Kolkata"
      RABBITMQ_DEFAULT_USER: username
      RABBITMQ_DEFAULT_PASS: password
    volumes:
      - /opt/rabbitmq/data:/var/lib/rabbitmq
    ports:
      - 5671:5671
      - 5672:5672
      - 15672:15672

Docker command :

dodocker run -d -p 5671:5671 -p 5672:5672 -p 15672:15672 -v /opt/rabbitmq/data:/var/lib/rabbitmq -e RABBITMQ_DEFAULT_USER=user -e RABBITMQ_DEFAULT_PASS=password  -e TZ="Asia/Kolkata" --restart unless-stopped rabbitmq:3-management

cloudcustodian ec2 start/stop rule

start-policy.yml

policies:
  - name: start-policy
    resource: aws.ec2
    query:
      - instance-state-name: stopped
    filters:
      - "tag:owner": present
    actions:
      - start

stop-policy.yml

policies:
  - name: stop-policy
    resource: aws.ec2
    filters:
      - "tag:owner": present
    actions:
      - stop

custodian run --cache-period 0 start-policy.yml -s output
custodian run --cache-period 0 stop-policy.yml -s output

https://cloudcustodian.io/docs/aws/gettingstarted.html

Deregister aws ami older than 30 days:

policies:
  - name: ebs-delete-old-ebs-snapshots
    resource: ami
    filters:
        - type: image-age
          days: 30
          op: ge
    actions:
        - deregister

Delete aws snapshot older than 30 days:

policies:
  - name: ebs-delete-old-ebs-snapshots
    resource: ebs-snapshot
    filters:
        - type: age
          days: 30
          op: ge
    actions:
        - delete

Docker CloudCustodian

docker run -it -v $(pwd)/output:/opt/custodian/output -v $(pwd):/opt/custodian/ --env-file <(env | grep "^AWS\|^AZURE\|^GOOGLE|^kubeconfig") cloudcustodian/c7n run -v -s /opt/custodian/output /opt/custodian/policy.yml

docker run -it --entrypoint=/bin/bash -v $(pwd)/output:/opt/custodian/output -v $(pwd):/opt/custodian/ --env-file <(env | grep "^AWS\|^AZURE\|^GOOGLE|^kubeconfig") cloudcustodian/c7n

capture TLS/HTTPS traffic via tcpdump

only TLS traffic

tcpdump -ni eth0 "(tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"

TLS traffic with port

tcpdump -ni eth0 "tcp port 443 and (tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"

TLS traffic with host ip

tcpdump -ni eth0 "tcp host 10.10.10.10 and (tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"

Capture packets for wireshark

tcpdump -vvvv -A -i weave '((dst port 80) and (net 10.36.0.15))' -w app2.cap


sudo tcpdump -vvvv -A -i etho -w app2.cap

More : https://stackoverflow.com/questions/39624745/capture-only-ssl-handshake-with-tcpdump

https://www.wireshark.org/docs/wsug_html_chunked/AppToolstcpdump.html

Openport using NC:

nc -l 8888

Listen port:

nc -l localhost 8888

Send packet using bash:

echo -n "hello" >/dev/tcp/localhost/8888