Run Docker Containers in EVE-NG | Why You NEED EVE-NG Pro

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
this is it this is the one that i have been dying to show y'all because this is the reason you go with even g especially even g pro this is how we can actually leverage docker containers to run all sorts of additional features within even g and here's here's the big spoiler here's the big secret you can run any docker container within even g so by the end of this video we'll understand the baked in docker containers that come with even g pro that make it so amazing and so powerful but then we'll actually pull down one of the docker containers from the open web docker hub called open vaz a vulnerability and assessment tool that i think is going to blow you away this is not something that comes back to even g but even she is so powerful we can pull it down and start using it immediately let's get going i'm not kidding when i say that one of the number one features if not the number one feature that made me go from even g community to even g pro is those docker containers and here's the kicker even g pro comes with some built-in docker containers we do have to run one command to install them though then i'll show you what those docker containers can really do for you but there's another real big catch that you'll really want to watch this video for the end here look at me in the eyes right here right here down here on the screen you want to watch this because what even g can really do is it can pull any docker container available on the docker hub down and use it within even g and i'll show you an example of one by the end of this video and i think you're going to realize whoa even g pro and those docker containers that's worth it let's check it out so i mentioned that the first thing that we have to do is we have to install even g so using secure crt here i've already got my even g environment ready to rock and roll so that i can ssh right in but what you want to do using secure crt or putty or whatever your ssh client is you want to get ssh into even g's console it looks something like this now to get the even g docker containers actually installed and up and running for us all we have to do is give it a pseudo apt install eve hyphen ng hyphen dockers that's it app to install even g dockers i'll press enter and here's the thing i already have it installed right here the newest version but when you press that button it's going to go through all of the installation processes for you now what did that really do just one command that runs some installations but what is really going on under the hood and what makes these docker containers so valuable how do we even use them in a topology let me show you that real quick jumping back into my even g environment i'm just going to add a new lab real quick and i'll call this docker demo i'll save this and we'll get started from this docker demo i'm going to add a couple nodes real quick onto my screen the first one is going to be a router so i'll just call this r1 and hit save and the second one is going to be under cisco iol i'm just going to add a switch i'll call this switch one beyond that i'll actually change the logo here so that it actually you know looks like a switch how about that using the little ethernet cable here i'll just drag to connect these two together and click save and when those two ready to rock and roll i'm gonna highlight them both right click and turn them on now while those two images are coming to life i want to show you some additional things that came with that docker containers that we just installed so if i right click and i add a node now i see i have docker.io so when i click on that it gives me a few different types of dockers that i can use and you'll see them right here this is the list where we choose the different containers that we can work with and immediately your eyes should be drawn to that wireshark going hey wait a minute that's cool that's wireshark like the actual wireshark yep that's right i'm going to click save to add the wireshark container here in fact what i'm going to do is i'm going to edit this real quick to actually rename it to be wireshark and save and i'll connect this into my switch i'll right click one more time add the node again and go to docker.io and now i'll change the dropdown here where wireshark was and i'll choose firefox yup that's right we can actually use firefox i'll change the name to firefox we can actually have a built-in web browser functionality built into even g so there we go we'll do that and arguably the coolest one we'll add this node real quick under docker.io choosing the drop down we'll choose the gui server and i'll click save here to add that too oh let me rename that real quick too i'll call it gui server and save and i'll drag that and connect it to the switch as well one more thing i'm going to note before i turn these on an astute observer who may be looking in the nodes here in docker if you click on this drop down you may have seen something called ostinato here i have a video dedicated to ostinato that we're going to put in this playlist ostonato what it does is it generates packets but specific payloads of packets into your network and it sends a stream of those packets in so for instance maybe you want to send a stream of sip packets into your network to simulate a voice workload that's what ostinato does and it's a bigger setup process so i have a video dedicated to just working with hostinato so i'm going to click cancel here and with all these three docker containers set up and r1 and switch one up and running i'm going to hold control click on firefox the gui server and wireshark right click and start so these docker containers start coming to life and at this point firefox the gui server and wireshark should all be up and running so let's see it in action i'm gonna click on wireshark first and it'll launch the wireshark console just like this using guacamole we're gonna leave this set to ethernet and click ok and do you see what's happening here i now have wireshark running contained within my environment and that's really cool that i have a standalone wireshark little application that i can run but you know what's even cooler let me stop the capture here and exit out of this watch this i can right click on r1 go down to capture and choose the specific ethernet interface that i want to capture on and now it'll launch the wireshark container but already capturing a specific interface that i want to capture on so what this is doing is when i click the ok button here it's now running this capture directly on e00 on r1 that's one of the huge benefits to even g pro is now i have a baked in wireshark container that i can use to capture any of the interfaces within my environment the flip side goes for the switches over here so maybe i want to capture e03 on my switch let me move this out of the way i can jump to capture and e03 it launches a new container i'll choose ethernet and there it goes now we're capturing on e03 pretty fascinating right we can also talk about the firefox instance here yep there it is there's a firefox web browser contained within an environment so as long as my firefox browser has an ip address it should be able to access any other web-based services that i'm running within my environment or if i've bridged it out to the lan the last container we're going to talk about here is the gui server let me bring this up and show you why this thing is so incredibly cool yeah the reason why is because it's a gui server that's right this is a full-blown linux based gui server and it comes with all of the amazing tools that you would absolutely expect with this there's the terminal there's firefox it comes with vlc media player so you could actually do multicast labs ask me about that because i've done it before and it's a blast to do text editors it comes with openssl it's got wireshark built into it an rdp client the oracle webstar client guess what that's for that's for asdm whenever you want to connect to your asas there's firefox there's filezilla for ftp transfers beyond that this device itself is actually running in genex as a web server see look at that i just promised myself and this machine is already running a web service within this environment but here's the kicker without ip addresses these docker containers don't work very well so what we need to do is we actually need to give them ip addresses so real quick what i'll do just so that we can verify this is working on r1 i'm going to give it an ip address on its e00 interface and that way when i give the gui server an ip address it should be able to communicate through the switch straight through to the router so let's go into config terminal interface e00 let's say ip address 1001 255 255 255.00 no shut and end copy run start just for fun so now what i may want to have is i may want my gui server to have the ip address 1002 and that way it can communicate to the router we could even set the gui server to have the router be its default gateway too so let's make that configuration come to life the first thing i'm going to do is i'm going to turn my gui server off that way we can adjust its configuration the next time it boots up it'll have the correct nic configurations now the gui server is turned off over here on the left hand side we're going to start messing with the startup configs section so let's click on this and this is where we can tell our devices they should boot up with a specific startup config so here's my gui server and when i click on the gui server this is where i can paste or type in whatever config commands i wanted to run so when i paste it in you can kind of see the syntax and the commands that are going on here but pause this if you want to type this in on your own we've got ip address we're adding an ip address 1002 24 for the device ethernet 0 and it has to be double piped to true then we're adding a default static route this is going to be an iprout add this is going to be our default route via r1 the router that we just created 1001 again double pipe to true now if i also want to add the functionality to actually be able to do dns resolution i can type these three lines right here you don't need these if you don't need dns resolution or if you want to change the dns server you can specify it here but this is just for good measure so that you have first of all an ip address then a default route and then dns services running so with these typed in here i'm going to click save that saves the default command but notice it's turned off for this particular server so if i were to try to boot the server right now it wouldn't boot with these configs we have to click it to switch it to on and now whenever this device turns on it's going to boot from this default configuration so let's close out of that right click on our gui server and click start this time it should boot up with an ip address 1002 and it should be able to ping its default gateway r1 let's check it out i'll go to system tools and then make terminal i'll say ipaddr and i see the ip address right there 1002. if i give it a ping 10.0.0. look at that we've got round trip traffic going from my gui server now destined towards r1 isn't that cool these are the three containers that come with even g pro whenever you run the apt install even g dockers command but didn't i say that there was more there absolutely is openvas is a docker container that's used for network vulnerability assessment and scanning this is one of the most powerful open source vulnerability scanners and network monitoring tools that is in existence today and it's been containerized by a few different people most notably this atomic corp so what we can do from our console into evg is we will simply run dc pull atoma corp forward slash open vas i'll press enter and it's going to take its time and do all the downloads and installations that it needs to do so what we're going to do is we're going to let this run for a couple minutes while it gets done installing all of these items and come back to it when it's done check it out from the even g front end all right it's a big one but we see it finally got done this should have installed it should have taken close to one gig or more to actually pull download and install openvas but now let's see if we can actually just use this keep in mind again this wasn't something that was built for even g this wasn't an apt install command this was coming directly from docker hub this is just any old docker container that's out there in the world and really what it comes down to as long as it's got a telnet console even g can pull it off the docker hub and use it so now back in my environment i'm going to go back to add a node we're going to choose docker.io and now i see openvas is here so let's call this openvas and save i'm going to drag this into switch 1 and just like before oh no my switch one has ran out of interfaces here let's just delete wireshark real quick i could also shut down my switch and just add more interfaces to it but this is just easier this way so we see that we're going to be altering e0 so before we boot up openvas we need to make sure it has an ip address we can do just like we did before with the startup configs i'm going to go into the gui server copy this go to openvas and paste here i'm going to change my ip address real quick to be 1003 and save i'm going to turn the startup config on and exit out so at this point we should be able to boot up openvas let's let it boot it may take several minutes for openvas to come to life because again it is a very large container usually cranking in around one gig or more so give it about 10 minutes to come to life and then we'll jump on that gui server and see if we can access open baz so i've let it sit for a few minutes here i'm kind of moving it around let's actually rescale this just for a second you can see i've got open vas up and running the gui server is up and running let's actually bring up my web browser here i'm going to go to https colon colon 10.0.0.3 forward slash enter oh so far it's giving me a self-signed certificate or error let's say advanced scroll down a hair accept the risk and continue look at that we are now prompted with the openvas login there you have it you can actually pull down any docker container that you want off of the public docker hub and bring it straight into evg and as long as it's got basically like you know a linux console a telnet console you can use it from the telnet portal or maybe if it's exposing a web front end we can use it that way so there you have it you've now seen docker in action and one of the biggest benefits of going with even g pro i hope you've now seen the benefit that i saw in it and this was a no hesitation upgrade for me so that's how you can get docker containers up and running in your evg environment thanks for stopping by all i'll see in the next
Info
Channel: Data Knox
Views: 10,005
Rating: undefined out of 5
Keywords: install eve-ng on google cloud, install eve-ng on esxi, install eve-ng vmware workstation, install eve-ng on ubuntu, install eve-ng on azure, install eve-ng on esxi 6.7, how to install eve-ng iso on vmware workstation, install eve-ng on ubuntu 18.04, install eve-ng on ubuntu server, eve-ng setup, eve-ng getting started, eve-ng installation guide, eve-ng add images, eve-ng windows 10, eve-ng tutorial, eve-ng lab, eve-ng docker, eve-ng openvas, eve-ng container
Id: n_tDPWPlhJw
Channel Id: undefined
Length: 14min 44sec (884 seconds)
Published: Mon Oct 19 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.