Posted by Shunpei Kubo in DocuWorks on Mar 8, 2017 4:53:00 PM
Endpoint Security for Linux Threat Prevention 10.2 works well on Docker environment.
ENSLがDocker環境で動くか試してみたら、きちんと動くようです。
しかし、もしあなたが自分の、あるいは自社の環境でこれを適用しようとするのであれば、
テスト環境をきちんと作ったうえでテストし、その結果からリスクを勘案の上適用してくださいね。
But, this is just a test, and if you wanna do this, do it with your own risk.
■DockerにubuntuのイメージをPULL / Pull the ubuntu image to Docker.
mcafee@ubt-server01:~$
mcafee@ubt-server01:~$ docker pull ubuntu:latest
latest: Pulling from library/ubuntu
d54efb8db41d: Pull complete
f8b845f45a87: Pull complete
e8db7bf7c39f: Pull complete
9654c40e9079: Pull complete
6d9ef359eaaa: Pull complete
Digest: sha256:dd7808d8792c9841d0b460122f1acf0a2dd1f56404f8d1e56298048885e45535
Status: Downloaded newer image for ubuntu:latest
mcafee@ubt-server01:~$
mcafee@ubt-server01:~$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 0ef2e08ed3fa 8 days ago 130 MB
mcafee@ubt-server01:~$
■ubuntuのコンテナ「ubuntu1」を起動 / Start ubuntu1 container from ubuntu image
mcafee@ubt-server01:~$ docker run -it --name ubuntu1 ubuntu /bin/bash
root@0958ab5785f7:/#
root@0958ab5785f7:/# id
uid=0(root) gid=0(root) groups=0(root)
root@0958ab5785f7:/#
root@0958ab5785f7:/# hostname
0958ab5785f7
root@0958ab5785f7:/#
root@0958ab5785f7:/#
root@0958ab5785f7:/# exit
mcafee@ubt-server01:~$
■DockerにCentOSのイメージをPULL / Pull the ubuntu image to Docker.
mcafee@ubt-server01:~$
mcafee@ubt-server01:~$ docker pull centos:latest
latest: Pulling from library/centos
45a2e645736c: Pull complete
Digest: sha256:c577af3197aacedf79c5a204cd7f493c8e07ffbce7f88f7600bf19c688c38799
Status: Downloaded newer image for centos:latest
mcafee@ubt-server01:~$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest 0ef2e08ed3fa 8 days ago 130 MB
centos latest 67591570dd29 11 weeks ago 191.8 MB
mcafee@ubt-server01:~$
■CentOSのコンテナ「CentOS1」を起動 / Start centos1 container from centos image.
mcafee@ubt-server01:~$ docker run -it --name centos1 centos /bin/bash
[root@fd617e5e99dd /]#
[root@fd617e5e99dd /]#
[root@fd617e5e99dd /]# id
uid=0(root) gid=0(root) groups=0(root)
[root@fd617e5e99dd /]#
[root@fd617e5e99dd /]# hostname
fd617e5e99dd
[root@fd617e5e99dd /]#
[root@fd617e5e99dd /]# exit
mcafee@ubt-server01:~$
■コンテナを確認 / Confirm containers
mcafee@ubt-server01:~$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fd617e5e99dd centos "/bin/bash" About a minute ago Exited (127) 5 seconds ago centos1
0958ab5785f7 ubuntu "/bin/bash" 6 minutes ago Exited (100) 2 minutes ago ubuntu1
mcafee@ubt-server01:~$
■eicarをダウンロード(AVは未インストール) / Download eicar without AV.
mcafee@ubt-server01:~$
mcafee@ubt-server01:~$ mkdir eicar
mcafee@ubt-server01:~$ cd eicar
mcafee@ubt-server01:~/eicar$
mcafee@ubt-server01:~/eicar$
mcafee@ubt-server01:~/eicar$ sudo wget www.eicar.org/download/eicar.com.txt
--2017-03-07 20:46:17-- http://www.eicar.org/download/eicar.com.txt
Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: ‘eicar.com.txt’
eicar.com.txt 100%[========================================================================================>] 68 --.-KB/s in 0s
2017-03-07 20:46:19 (11.2 MB/s) - ‘eicar.com.txt’ saved [68/68]
mcafee@ubt-server01:~/eicar$ ls
eicar.com.txt
mcafee@ubt-server01:~/eicar$ cat eicar.com.txt
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*mcafee@ubt-server01:~/eicar$
mcafee@ubt-server01:~/eicar$
( eicar is not deleted )
mcafee@ubt-server01:~/eicar$ cd ..
mcafee@ubt-server01:~$ cd Downloads/
mcafee@ubt-server01:~/Downloads$ ls
ISecTP-10.2.0-534-Release-standalone ISecTP-10.2.0-534-Release-standalone.tar.gz McAfeeSmartInstall.sh PublicKey.txt
mcafee@ubt-server01:~/Downloads$
mcafee@ubt-server01:~/Downloads$
mcafee@ubt-server01:~/Downloads$ gpg --import PublicKey.txt
gpg: keyring `/home/mcafee/.gnupg/secring.gpg' created
gpg: keyring `/home/mcafee/.gnupg/pubring.gpg' created
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
mcafee@ubt-server01:~/Downloads$
mcafee@ubt-server01:~/Downloads$ ls
ISecTP-10.2.0-534-Release-standalone ISecTP-10.2.0-534-Release-standalone.tar.gz McAfeeSmartInstall.sh PublicKey.txt
mcafee@ubt-server01:~/Downloads$
mcafee@ubt-server01:~/Downloads$
mcafee@ubt-server01:~/Downloads$ cd ISecTP-10.2.0-534-Release-standalone/
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ ls
install-isectp.sh ISecTP-10.2.0-534-standalone.linux ISecTP-10.2.0-534-standalone.linux.tar.gz
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ cd ISecTP-10.2.0-534-standalone.linux/
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ ls
ISecESP-10.2.0-478.deb ISecESPFileAccess-10.2.0-478.deb ISecRt-10.2.0-478.deb ISecTP-10.2.0-534.deb license.txt
ISecESP-10.2.0-478.x86_64.rpm ISecESPFileAccess-10.2.0-478.x86_64.rpm ISecRt-10.2.0-478.x86_64.rpm ISecTP-10.2.0-534.x86_64.rpm
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$
■パッケージ展開コマンド(dpkg-sig)をホストOSにinstall / Install dpkg-dig on Host OS.
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ sudo apt install dpkg-sig
[sudo] password for mcafee:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libconfig-file-perl
Suggested packages:
ssh libterm-readkey-perl
The following NEW packages will be installed:
dpkg-sig libconfig-file-perl
0 upgraded, 2 newly installed, 0 to remove and 16 not upgraded.
Need to get 44.4 kB of archives.
After this operation, 215 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 libconfig-file-perl all 1.50-3 [9,722 B]
Get:2 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 dpkg-sig all 0.13.1+nmu2 [34.7 kB]
Fetched 44.4 kB in 1s (33.6 kB/s)
Selecting previously unselected package libconfig-file-perl.
(Reading database ... 206674 files and directories currently installed.)
Preparing to unpack .../libconfig-file-perl_1.50-3_all.deb ...
Unpacking libconfig-file-perl (1.50-3) ...
Selecting previously unselected package dpkg-sig.
Preparing to unpack .../dpkg-sig_0.13.1+nmu2_all.deb ...
Unpacking dpkg-sig (0.13.1+nmu2) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libconfig-file-perl (1.50-3) ...
Setting up dpkg-sig (0.13.1+nmu2) ...
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecESP-10.2.0-478.deb
Processing ISecESP-10.2.0-478.deb...
UNKNOWNSIG _gpgorigin B08477AF
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecESPFileAccess-10.2.0-478.deb
Processing ISecESPFileAccess-10.2.0-478.deb...
UNKNOWNSIG _gpgorigin B08477AF
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecRt-10.2.0-478.deb
Processing ISecRt-10.2.0-478.deb...
UNKNOWNSIG _gpgorigin B08477AF
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecTP-10.2.0-534.deb
Processing ISecTP-10.2.0-534.deb...
UNKNOWNSIG _gpgorigin B08477AF
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ ls
ISecESP-10.2.0-478.deb ISecESPFileAccess-10.2.0-478.deb ISecRt-10.2.0-478.deb ISecTP-10.2.0-534.deb license.txt
ISecESP-10.2.0-478.x86_64.rpm ISecESPFileAccess-10.2.0-478.x86_64.rpm ISecRt-10.2.0-478.x86_64.rpm ISecTP-10.2.0-534.x86_64.rpm
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ cd ..
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ ls
install-isectp.sh ISecTP-10.2.0-534-standalone.linux ISecTP-10.2.0-534-standalone.linux.tar.gz
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$
■ホストOSにENSLTPをinstall / Install ENSLTP on Host OS
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ sudo ./install-isectp.sh
INTEL SECURITY END USER LICENSE AGREEMENT
BY DOWNLOADING, INSTALLING, COPYING, ACCESSING OR USING THIS SOFTWARE, YOU AGREE TO THE TERMS OF THIS END USER LICENSE AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF
OF ANOTHER PERSON OR COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY OR LEGAL ENTITY TO THESE TERMS.
IF YOU DO NOT AGREE TO THESE TERMS:
* DO NOT DOWNLOAD, INSTALL, COPY, ACCESS OR USE THIS SOFTWARE, AND
* PROMPTLY RETURN THIS SOFTWARE AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM YOU ACQUIRED THEM
1) Definitions.
a) “Authorized Partner” means any of Intel’s distributors, resellers or other business partners that are authorized by Intel in writing to sell Support or the Software lice
nse rights granted under this Agreement.
b) “Documentation” means explanatory materials in printed, electronic or online form accompanying the Software in English and other languages, if available.
c) “DATs” means detection definition files, also referred to as signature files, that contain the code(s) anti-malware software uses to detect and repair viruses, Trojan ho
rses, and potentially unwanted programs.
d) “Grant Letter” means a confirmation notice letter issued by Intel to you, confirming the Software and Support purchased by you, including the applicable product entitlem
ent, as defined in the Product Entitlement Definitions (further described at Section 3(a) below).
e) “High Risk System” means a device or system that requires extra safety functionalities such as fail-safe or fault-tolerant performance features to maintain a safe state
where it is reasonably foreseeable that failure of the device or system could lead directly to death, personal injury, or catastrophic property damage. A device or system w
ith a fail-safe feature in the event of failure may revert to a safe condition rather than break down, may include a secondary system that comes into operation to prevent a
malfunction, or may operate as a backup in the event of a malfunction. A device or system with a fault-tolerant feature in the event of failure may continue its intended o
peration, possibly at a reduced level, rather than failing completely. Without limitation, High Risk Systems may be required in critical infrastructure, industrial plants,
manufacturing facilities, direct life support devices, aircraft, train, boat or vehicle navigation or communication systems, air traffic control, weapons systems, nuclear f
acilities, power plants, medical systems and facilities, and transportation facilities.
f) “Intel” means Intel Americas, Inc., with offices located at 2200 Mission College Blvd., Santa Clara, California 95054, USA, if the Software is purchased in the Unite
d States (except as provided in subclause (vi), below), Canada, Mexico, Central America, South America, or the Caribbean, (ii) Intel Corporation UK Limited, with its regist
ered offices located at Pipers Way, Swindon, Wiltshire SN3 1NJ, United Kingdom, if the Software is purchased in Europe, the Middle East, or Africa, (iii) Intel Semiconducto
r (US) LLC, with a trading address located at 69/F, Central Plaza, 18 Harbour Road, Wanchai, Hong Kong, if the Software is purchased in Asia (other than China (if the Softw
Enter accept or reject: accept
Detected deb based distribution - Ubuntu
Installing ISecRt as it is currently not installed
Installing ISecESPFileAccess as it is currently not installed
Installing ISecESP as it is currently not installed
Installing ISecTP as it is currently not installed
Selecting previously unselected package isecrt.
(Reading database ... 206713 files and directories currently installed.)
Preparing to unpack .../ISecRt-10.2.0-478.deb ...
Unpacking isecrt (10.2.0-478) ...
Setting up isecrt (10.2.0-478) ...
Successfully installed ISecRt-10.2.0-478.deb
Selecting previously unselected package isecesp.
(Reading database ... 206765 files and directories currently installed.)
Preparing to unpack .../ISecESP-10.2.0-478.deb ...
Validating that McAfee Agent 5.0.3-272 or above is installed
Unpacking isecesp (10.2.0-478) ...
Setting up isecesp (10.2.0-478) ...
Successfully installed ISecESP-10.2.0-478.deb
Selecting previously unselected package isecespfileaccess.
(Reading database ... 206808 files and directories currently installed.)
Preparing to unpack .../ISecESPFileAccess-10.2.0-478.deb ...
Unpacking isecespfileaccess (10.2.0-478) ...
Setting up isecespfileaccess (10.2.0-478) ...
Successfully installed ISecESPFileAccess-10.2.0-478.deb
Selecting previously unselected package isectp.
(Reading database ... 206845 files and directories currently installed.)
Preparing to unpack .../ISecTP-10.2.0-534.deb ...
Validating that McAfee Agent 5.0.3-272 or above is installed
Unpacking isectp (10.2.0-534) ...
Setting up isectp (10.2.0-534) ...
Processing triggers for man-db (2.7.5-1) ...
Successfully installed ISecTP-10.2.0-534.deb
Schedule for Default DAT and Engine update task was successfully added
Enabling OAS, please wait for some time
OAS was successfully enabled
ISecTP is ready for use now
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$
■ホストOS上でENSLTPの効果を確認 / Confirm that ENSLTP was intalled.
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$
mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ cd
mcafee@ubt-server01:~$ cd eicar/
mcafee@ubt-server01:~/eicar$ ls
eicar.com.txt
mcafee@ubt-server01:~/eicar$
mcafee@ubt-server01:~/eicar$ cat eicar.com.txt
cat: eicar.com.txt: Operation not permitted
mcafee@ubt-server01:~/eicar$
mcafee@ubt-server01:~/eicar$ ls
mcafee@ubt-server01:~/eicar$
( eicar was deleted ! )
■DockersのContainer(Ubuntu1)でwgetコマンドをinstall / Install wget on ubuntu1 container.
mcafee@ubt-server01:~/eicar$
mcafee@ubt-server01:~/eicar$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fd617e5e99dd centos "/bin/bash" About an hour ago Exited (127) About an hour ago centos1
0958ab5785f7 ubuntu "/bin/bash" About an hour ago Exited (100) About an hour ago ubuntu1
mcafee@ubt-server01:~/eicar$
mcafee@ubt-server01:~/eicar$ docker start -i ubuntu1
root@0958ab5785f7:/#
root@0958ab5785f7:/# id
uid=0(root) gid=0(root) groups=0(root)
root@0958ab5785f7:/#
root@0958ab5785f7:/# apt-get install wget
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ca-certificates libidn11 libssl1.0.0 openssl
The following NEW packages will be installed:
ca-certificates libidn11 libssl1.0.0 openssl wget
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 2108 kB of archives.
After this operation, 6083 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libidn11 amd64 1.32-3ubuntu1.1 [45.6 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libssl1.0.0 amd64 1.0.2g-1ubuntu4.6 [1082 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssl amd64 1.0.2g-1ubuntu4.6 [492 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial/main amd64 ca-certificates all 20160104ubuntu1 [191 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 wget amd64 1.17.1-1ubuntu1.1 [298 kB]
Fetched 2108 kB in 22s (95.4 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package libidn11:amd64.
(Reading database ... 7256 files and directories currently installed.)
Preparing to unpack .../libidn11_1.32-3ubuntu1.1_amd64.deb ...
Unpacking libidn11:amd64 (1.32-3ubuntu1.1) ...
Selecting previously unselected package libssl1.0.0:amd64.
Preparing to unpack .../libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.deb ...
Unpacking libssl1.0.0:amd64 (1.0.2g-1ubuntu4.6) ...
Selecting previously unselected package openssl.
Preparing to unpack .../openssl_1.0.2g-1ubuntu4.6_amd64.deb ...
Unpacking openssl (1.0.2g-1ubuntu4.6) ...
Selecting previously unselected package ca-certificates.
Preparing to unpack .../ca-certificates_20160104ubuntu1_all.deb ...
Unpacking ca-certificates (20160104ubuntu1) ...
Selecting previously unselected package wget.
Preparing to unpack .../wget_1.17.1-1ubuntu1.1_amd64.deb ...
Unpacking wget (1.17.1-1ubuntu1.1) ...
Processing triggers for libc-bin (2.23-0ubuntu5) ...
Setting up libidn11:amd64 (1.32-3ubuntu1.1) ...
Setting up libssl1.0.0:amd64 (1.0.2g-1ubuntu4.6) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Setting up openssl (1.0.2g-1ubuntu4.6) ...
Setting up ca-certificates (20160104ubuntu1) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Setting up wget (1.17.1-1ubuntu1.1) ...
Processing triggers for libc-bin (2.23-0ubuntu5) ...
Processing triggers for ca-certificates (20160104ubuntu1) ...
Updating certificates in /etc/ssl/certs...
173 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@0958ab5785f7:/#
■DockersのContainer(Ubuntu1)でENSLTPの効果を確認 / Confirm the effect of ENTLSP on docker container ubuntu1.
root@0958ab5785f7:/# mkdir eicar
root@0958ab5785f7:/# cd eicar
root@0958ab5785f7:/eicar#
root@0958ab5785f7:/eicar# pwd
/eicar
root@0958ab5785f7:/eicar#
root@0958ab5785f7:/eicar# wget www.eicar.org/download/eicar.com.txt
--2017-03-08 05:35:33-- http://www.eicar.org/download/eicar.com.txt
Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: 'eicar.com.txt'
eicar.com.txt 100%[===================>] 68 --.-KB/s in 0s
2017-03-08 05:35:35 (11.8 MB/s) - 'eicar.com.txt' saved [68/68]
root@0958ab5785f7:/eicar#
root@0958ab5785f7:/eicar# ls
root@0958ab5785f7:/eicar#
( eicar was already deleted ! )
■DockersのContainer(Ubuntu1)でwgetコマンドをinstall / Install wget on centos1 container.
mcafee@ubt-server01:~$ docker start -i centos1
[root@fd617e5e99dd /]#
[root@fd617e5e99dd /]# yum install wget
Loaded plugins: fastestmirror, ovl
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/4): extras/7/x86_64/primary_db | 122 kB 00:00:00
(2/4): base/7/x86_64/group_gz | 155 kB 00:00:02
(3/4): updates/7/x86_64/primary_db | 3.8 MB 00:00:03
(4/4): base/7/x86_64/primary_db | 5.6 MB 00:00:06
Determining fastest mirrors
* base: mirrors.usc.edu
* extras: mirror.keystealth.org
* updates: mirror.keystealth.org
Resolving Dependencies
--> Running transaction check
---> Package wget.x86_64 0:1.14-13.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================
Installing:
wget x86_64 1.14-13.el7 base 546 k
Transaction Summary
============================================================================================================================================================================
Install 1 Package
Total download size: 546 k
Installed size: 2.0 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-13.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY ] 115 kB/s | 443 kB 00:00:00 ETA
Public key for wget-1.14-13.el7.x86_64.rpm is not installed
wget-1.14-13.el7.x86_64.rpm | 546 kB 00:00:02
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : wget-1.14-13.el7.x86_64 1/1
install-info: No such file or directory for /usr/share/info/wget.info.gz
Verifying : wget-1.14-13.el7.x86_64 1/1
Installed:
wget.x86_64 0:1.14-13.el7
Complete!
[root@fd617e5e99dd /]#
■DockersのContainer(CentOS1)でENSLTPの効果を確認 / Confirm the effect of ENSLTP on container centos1 .
[root@fd617e5e99dd /]# wget www.eicar.org/download/eicar.com.txt
--2017-03-08 06:13:12-- http://www.eicar.org/download/eicar.com.txt
Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: 'eicar.com.txt'
100%[==================================================================================================================================>] 68 --.-K/s in 0s
2017-03-08 06:13:14 (6.19 MB/s) - 'eicar.com.txt' saved [68/68]
[root@fd617e5e99dd /]#
[root@fd617e5e99dd /]# ls
anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@fd617e5e99dd /]#
[root@fd617e5e99dd /]#
( eicar was already deleted ! )
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA