Community Help Hub

skubo · ‎11-29-2017

Posted by Shunpei Kubo in DocuWorks on Mar 8, 2017 4:53:00 PM

Endpoint Security for Linux Threat Prevention 10.2 works well on Docker environment.

ENSLがDocker環境で動くか試してみたら、きちんと動くようです。

しかし、もしあなたが自分の、あるいは自社の環境でこれを適用しようとするのであれば、

テスト環境をきちんと作ったうえでテストし、その結果からリスクを勘案の上適用してくださいね。

But, this is just a test, and if you wanna do this, do it with your own risk.

■DockerにubuntuのイメージをPULL / Pull the ubuntu image to Docker.

mcafee@ubt-server01:~$

mcafee@ubt-server01:~$ docker pull ubuntu:latest

latest: Pulling from library/ubuntu

d54efb8db41d: Pull complete

f8b845f45a87: Pull complete

e8db7bf7c39f: Pull complete

9654c40e9079: Pull complete

6d9ef359eaaa: Pull complete

Digest: sha256:dd7808d8792c9841d0b460122f1acf0a2dd1f56404f8d1e56298048885e45535

Status: Downloaded newer image for ubuntu:latest

mcafee@ubt-server01:~$

mcafee@ubt-server01:~$ docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

ubuntu latest 0ef2e08ed3fa 8 days ago 130 MB

mcafee@ubt-server01:~$

■ubuntuのコンテナ「ubuntu1」を起動 / Start ubuntu1 container from ubuntu image

mcafee@ubt-server01:~$ docker run -it --name ubuntu1 ubuntu /bin/bash

root@0958ab5785f7:/#

root@0958ab5785f7:/# id

uid=0(root) gid=0(root) groups=0(root)

root@0958ab5785f7:/#

root@0958ab5785f7:/# hostname

0958ab5785f7

root@0958ab5785f7:/#

root@0958ab5785f7:/# exit

mcafee@ubt-server01:~$

■DockerにCentOSのイメージをPULL / Pull the ubuntu image to Docker.

mcafee@ubt-server01:~$

mcafee@ubt-server01:~$ docker pull centos:latest

latest: Pulling from library/centos

45a2e645736c: Pull complete

Digest: sha256:c577af3197aacedf79c5a204cd7f493c8e07ffbce7f88f7600bf19c688c38799

Status: Downloaded newer image for centos:latest

mcafee@ubt-server01:~$ docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

ubuntu latest 0ef2e08ed3fa 8 days ago 130 MB

centos latest 67591570dd29 11 weeks ago 191.8 MB

mcafee@ubt-server01:~$

■CentOSのコンテナ「CentOS1」を起動 / Start centos1 container from centos image.

mcafee@ubt-server01:~$ docker run -it --name centos1 centos /bin/bash

[root@fd617e5e99dd /]#

[root@fd617e5e99dd /]# id

uid=0(root) gid=0(root) groups=0(root)

[root@fd617e5e99dd /]#

[root@fd617e5e99dd /]# hostname

fd617e5e99dd

[root@fd617e5e99dd /]#

[root@fd617e5e99dd /]# exit

mcafee@ubt-server01:~$

■コンテナを確認 / Confirm containers

mcafee@ubt-server01:~$ docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

fd617e5e99dd centos "/bin/bash" About a minute ago Exited (127) 5 seconds ago centos1

0958ab5785f7 ubuntu "/bin/bash" 6 minutes ago Exited (100) 2 minutes ago ubuntu1

mcafee@ubt-server01:~$

■eicarをダウンロード（AVは未インストール） / Download eicar without AV.

mcafee@ubt-server01:~$

mcafee@ubt-server01:~$ mkdir eicar

mcafee@ubt-server01:~$ cd eicar

mcafee@ubt-server01:~/eicar$

mcafee@ubt-server01:~/eicar$ sudo wget www.eicar.org/download/eicar.com.txt

--2017-03-07 20:46:17-- http://www.eicar.org/download/eicar.com.txt

Resolving www.eicar.org (www.eicar.org)... 213.211.198.62

Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 68 [application/octet-stream]

Saving to: ‘eicar.com.txt’

eicar.com.txt 100%[========================================================================================>] 68 --.-KB/s in 0s

2017-03-07 20:46:19 (11.2 MB/s) - ‘eicar.com.txt’ saved [68/68]

mcafee@ubt-server01:~/eicar$ ls

eicar.com.txt

mcafee@ubt-server01:~/eicar$ cat eicar.com.txt

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*mcafee@ubt-server01:~/eicar$

mcafee@ubt-server01:~/eicar$

( eicar is not deleted )

mcafee@ubt-server01:~/eicar$ cd ..

mcafee@ubt-server01:~$ cd Downloads/

mcafee@ubt-server01:~/Downloads$ ls

ISecTP-10.2.0-534-Release-standalone ISecTP-10.2.0-534-Release-standalone.tar.gz McAfeeSmartInstall.sh PublicKey.txt

mcafee@ubt-server01:~/Downloads$

mcafee@ubt-server01:~/Downloads$ gpg --import PublicKey.txt

gpg: keyring `/home/mcafee/.gnupg/secring.gpg' created

gpg: keyring `/home/mcafee/.gnupg/pubring.gpg' created

gpg: no valid OpenPGP data found.

gpg: Total number processed: 0

mcafee@ubt-server01:~/Downloads$

mcafee@ubt-server01:~/Downloads$ ls

ISecTP-10.2.0-534-Release-standalone ISecTP-10.2.0-534-Release-standalone.tar.gz McAfeeSmartInstall.sh PublicKey.txt

mcafee@ubt-server01:~/Downloads$

mcafee@ubt-server01:~/Downloads$ cd ISecTP-10.2.0-534-Release-standalone/

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ ls

install-isectp.sh ISecTP-10.2.0-534-standalone.linux ISecTP-10.2.0-534-standalone.linux.tar.gz

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ cd ISecTP-10.2.0-534-standalone.linux/

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ ls

ISecESP-10.2.0-478.deb ISecESPFileAccess-10.2.0-478.deb ISecRt-10.2.0-478.deb ISecTP-10.2.0-534.deb license.txt

ISecESP-10.2.0-478.x86_64.rpm ISecESPFileAccess-10.2.0-478.x86_64.rpm ISecRt-10.2.0-478.x86_64.rpm ISecTP-10.2.0-534.x86_64.rpm

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$

■パッケージ展開コマンド(dpkg-sig)をホストOSにinstall / Install dpkg-dig on Host OS.

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ sudo apt install dpkg-sig

[sudo] password for mcafee:

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following additional packages will be installed:

libconfig-file-perl

Suggested packages:

ssh libterm-readkey-perl

The following NEW packages will be installed:

dpkg-sig libconfig-file-perl

0 upgraded, 2 newly installed, 0 to remove and 16 not upgraded.

Need to get 44.4 kB of archives.

After this operation, 215 kB of additional disk space will be used.

Do you want to continue? [Y/n] Y

Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 libconfig-file-perl all 1.50-3 [9,722 B]

Get:2 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 dpkg-sig all 0.13.1+nmu2 [34.7 kB]

Fetched 44.4 kB in 1s (33.6 kB/s)

Selecting previously unselected package libconfig-file-perl.

(Reading database ... 206674 files and directories currently installed.)

Preparing to unpack .../libconfig-file-perl_1.50-3_all.deb ...

Unpacking libconfig-file-perl (1.50-3) ...

Selecting previously unselected package dpkg-sig.

Preparing to unpack .../dpkg-sig_0.13.1+nmu2_all.deb ...

Unpacking dpkg-sig (0.13.1+nmu2) ...

Processing triggers for man-db (2.7.5-1) ...

Setting up libconfig-file-perl (1.50-3) ...

Setting up dpkg-sig (0.13.1+nmu2) ...

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecESP-10.2.0-478.deb

Processing ISecESP-10.2.0-478.deb...

UNKNOWNSIG _gpgorigin B08477AF

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecESPFileAccess-10.2.0-478.deb

Processing ISecESPFileAccess-10.2.0-478.deb...

UNKNOWNSIG _gpgorigin B08477AF

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecRt-10.2.0-478.deb

Processing ISecRt-10.2.0-478.deb...

UNKNOWNSIG _gpgorigin B08477AF

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ dpkg-sig -verify ISecTP-10.2.0-534.deb

Processing ISecTP-10.2.0-534.deb...

UNKNOWNSIG _gpgorigin B08477AF

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ ls

ISecESP-10.2.0-478.deb ISecESPFileAccess-10.2.0-478.deb ISecRt-10.2.0-478.deb ISecTP-10.2.0-534.deb license.txt

ISecESP-10.2.0-478.x86_64.rpm ISecESPFileAccess-10.2.0-478.x86_64.rpm ISecRt-10.2.0-478.x86_64.rpm ISecTP-10.2.0-534.x86_64.rpm

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone/ISecTP-10.2.0-534-standalone.linux$ cd ..

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ ls

install-isectp.sh ISecTP-10.2.0-534-standalone.linux ISecTP-10.2.0-534-standalone.linux.tar.gz

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$

■ホストOSにENSLTPをinstall / Install ENSLTP on Host OS

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ sudo ./install-isectp.sh

INTEL SECURITY END USER LICENSE AGREEMENT

BY DOWNLOADING, INSTALLING, COPYING, ACCESSING OR USING THIS SOFTWARE, YOU AGREE TO THE TERMS OF THIS END USER LICENSE AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF

OF ANOTHER PERSON OR COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY OR LEGAL ENTITY TO THESE TERMS.

IF YOU DO NOT AGREE TO THESE TERMS:

* DO NOT DOWNLOAD, INSTALL, COPY, ACCESS OR USE THIS SOFTWARE, AND

* PROMPTLY RETURN THIS SOFTWARE AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM YOU ACQUIRED THEM

1) Definitions.

a) “Authorized Partner” means any of Intel’s distributors, resellers or other business partners that are authorized by Intel in writing to sell Support or the Software lice

nse rights granted under this Agreement.

b) “Documentation” means explanatory materials in printed, electronic or online form accompanying the Software in English and other languages, if available.

c) “DATs” means detection definition files, also referred to as signature files, that contain the code(s) anti-malware software uses to detect and repair viruses, Trojan ho

rses, and potentially unwanted programs.

d) “Grant Letter” means a confirmation notice letter issued by Intel to you, confirming the Software and Support purchased by you, including the applicable product entitlem

ent, as defined in the Product Entitlement Definitions (further described at Section 3(a) below).

e) “High Risk System” means a device or system that requires extra safety functionalities such as fail-safe or fault-tolerant performance features to maintain a safe state

where it is reasonably foreseeable that failure of the device or system could lead directly to death, personal injury, or catastrophic property damage. A device or system w

ith a fail-safe feature in the event of failure may revert to a safe condition rather than break down, may include a secondary system that comes into operation to prevent a

malfunction, or may operate as a backup in the event of a malfunction. A device or system with a fault-tolerant feature in the event of failure may continue its intended o

peration, possibly at a reduced level, rather than failing completely. Without limitation, High Risk Systems may be required in critical infrastructure, industrial plants,

manufacturing facilities, direct life support devices, aircraft, train, boat or vehicle navigation or communication systems, air traffic control, weapons systems, nuclear f

acilities, power plants, medical systems and facilities, and transportation facilities.

f) “Intel” means Intel Americas, Inc., with offices located at 2200 Mission College Blvd., Santa Clara, California 95054, USA, if the Software is purchased in the Unite

d States (except as provided in subclause (vi), below), Canada, Mexico, Central America, South America, or the Caribbean, (ii) Intel Corporation UK Limited, with its regist

ered offices located at Pipers Way, Swindon, Wiltshire SN3 1NJ, United Kingdom, if the Software is purchased in Europe, the Middle East, or Africa, (iii) Intel Semiconducto

r (US) LLC, with a trading address located at 69/F, Central Plaza, 18 Harbour Road, Wanchai, Hong Kong, if the Software is purchased in Asia (other than China (if the Softw

Enter accept or reject: accept

Detected deb based distribution - Ubuntu

Installing ISecRt as it is currently not installed

Installing ISecESPFileAccess as it is currently not installed

Installing ISecESP as it is currently not installed

Installing ISecTP as it is currently not installed

Selecting previously unselected package isecrt.

(Reading database ... 206713 files and directories currently installed.)

Preparing to unpack .../ISecRt-10.2.0-478.deb ...

Unpacking isecrt (10.2.0-478) ...

Setting up isecrt (10.2.0-478) ...

Successfully installed ISecRt-10.2.0-478.deb

Selecting previously unselected package isecesp.

(Reading database ... 206765 files and directories currently installed.)

Preparing to unpack .../ISecESP-10.2.0-478.deb ...

Validating that McAfee Agent 5.0.3-272 or above is installed

Unpacking isecesp (10.2.0-478) ...

Setting up isecesp (10.2.0-478) ...

Successfully installed ISecESP-10.2.0-478.deb

Selecting previously unselected package isecespfileaccess.

(Reading database ... 206808 files and directories currently installed.)

Preparing to unpack .../ISecESPFileAccess-10.2.0-478.deb ...

Unpacking isecespfileaccess (10.2.0-478) ...

Setting up isecespfileaccess (10.2.0-478) ...

Successfully installed ISecESPFileAccess-10.2.0-478.deb

Selecting previously unselected package isectp.

(Reading database ... 206845 files and directories currently installed.)

Preparing to unpack .../ISecTP-10.2.0-534.deb ...

Validating that McAfee Agent 5.0.3-272 or above is installed

Unpacking isectp (10.2.0-534) ...

Setting up isectp (10.2.0-534) ...

Processing triggers for man-db (2.7.5-1) ...

Successfully installed ISecTP-10.2.0-534.deb

Schedule for Default DAT and Engine update task was successfully added

Enabling OAS, please wait for some time

OAS was successfully enabled

ISecTP is ready for use now

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$

■ホストOS上でENSLTPの効果を確認 / Confirm that ENSLTP was intalled.

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$

mcafee@ubt-server01:~/Downloads/ISecTP-10.2.0-534-Release-standalone$ cd

mcafee@ubt-server01:~$ cd eicar/

mcafee@ubt-server01:~/eicar$ ls

eicar.com.txt

mcafee@ubt-server01:~/eicar$

mcafee@ubt-server01:~/eicar$ cat eicar.com.txt

cat: eicar.com.txt: Operation not permitted

mcafee@ubt-server01:~/eicar$

mcafee@ubt-server01:~/eicar$ ls

mcafee@ubt-server01:~/eicar$

( eicar was deleted ! )

■DockersのContainer(Ubuntu1)でwgetコマンドをinstall / Install wget on ubuntu1 container.

mcafee@ubt-server01:~/eicar$

mcafee@ubt-server01:~/eicar$ docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

fd617e5e99dd centos "/bin/bash" About an hour ago Exited (127) About an hour ago centos1

0958ab5785f7 ubuntu "/bin/bash" About an hour ago Exited (100) About an hour ago ubuntu1

mcafee@ubt-server01:~/eicar$

mcafee@ubt-server01:~/eicar$ docker start -i ubuntu1

root@0958ab5785f7:/#

root@0958ab5785f7:/# id

uid=0(root) gid=0(root) groups=0(root)

root@0958ab5785f7:/#

root@0958ab5785f7:/# apt-get install wget

Reading package lists... Done

Building dependency tree

Reading state information... Done

The following additional packages will be installed:

ca-certificates libidn11 libssl1.0.0 openssl

The following NEW packages will be installed:

ca-certificates libidn11 libssl1.0.0 openssl wget

0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.

Need to get 2108 kB of archives.

After this operation, 6083 kB of additional disk space will be used.

Do you want to continue? [Y/n] Y

Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libidn11 amd64 1.32-3ubuntu1.1 [45.6 kB]

Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libssl1.0.0 amd64 1.0.2g-1ubuntu4.6 [1082 kB]

Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 openssl amd64 1.0.2g-1ubuntu4.6 [492 kB]

Get:4 http://archive.ubuntu.com/ubuntu xenial/main amd64 ca-certificates all 20160104ubuntu1 [191 kB]

Get:5 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 wget amd64 1.17.1-1ubuntu1.1 [298 kB]

Fetched 2108 kB in 22s (95.4 kB/s)

debconf: delaying package configuration, since apt-utils is not installed

Selecting previously unselected package libidn11:amd64.

(Reading database ... 7256 files and directories currently installed.)

Preparing to unpack .../libidn11_1.32-3ubuntu1.1_amd64.deb ...

Unpacking libidn11:amd64 (1.32-3ubuntu1.1) ...

Selecting previously unselected package libssl1.0.0:amd64.

Preparing to unpack .../libssl1.0.0_1.0.2g-1ubuntu4.6_amd64.deb ...

Unpacking libssl1.0.0:amd64 (1.0.2g-1ubuntu4.6) ...

Selecting previously unselected package openssl.

Preparing to unpack .../openssl_1.0.2g-1ubuntu4.6_amd64.deb ...

Unpacking openssl (1.0.2g-1ubuntu4.6) ...

Selecting previously unselected package ca-certificates.

Preparing to unpack .../ca-certificates_20160104ubuntu1_all.deb ...

Unpacking ca-certificates (20160104ubuntu1) ...

Selecting previously unselected package wget.

Preparing to unpack .../wget_1.17.1-1ubuntu1.1_amd64.deb ...

Unpacking wget (1.17.1-1ubuntu1.1) ...

Processing triggers for libc-bin (2.23-0ubuntu5) ...

Setting up libidn11:amd64 (1.32-3ubuntu1.1) ...

Setting up libssl1.0.0:amd64 (1.0.2g-1ubuntu4.6) ...

debconf: unable to initialize frontend: Dialog

debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)

debconf: falling back to frontend: Teletype

Setting up openssl (1.0.2g-1ubuntu4.6) ...

Setting up ca-certificates (20160104ubuntu1) ...

debconf: unable to initialize frontend: Dialog

debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)

debconf: falling back to frontend: Teletype

Setting up wget (1.17.1-1ubuntu1.1) ...

Processing triggers for libc-bin (2.23-0ubuntu5) ...

Processing triggers for ca-certificates (20160104ubuntu1) ...

Updating certificates in /etc/ssl/certs...

173 added, 0 removed; done.

Running hooks in /etc/ca-certificates/update.d...

done.

root@0958ab5785f7:/#

■DockersのContainer(Ubuntu1)でENSLTPの効果を確認 / Confirm the effect of ENTLSP on docker container ubuntu1.

root@0958ab5785f7:/# mkdir eicar

root@0958ab5785f7:/# cd eicar

root@0958ab5785f7:/eicar#

root@0958ab5785f7:/eicar# pwd

/eicar

root@0958ab5785f7:/eicar#

root@0958ab5785f7:/eicar# wget www.eicar.org/download/eicar.com.txt

--2017-03-08 05:35:33-- http://www.eicar.org/download/eicar.com.txt

Resolving www.eicar.org (www.eicar.org)... 213.211.198.62

Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 68 [application/octet-stream]

Saving to: 'eicar.com.txt'

eicar.com.txt 100%[===================>] 68 --.-KB/s in 0s

2017-03-08 05:35:35 (11.8 MB/s) - 'eicar.com.txt' saved [68/68]

root@0958ab5785f7:/eicar#

root@0958ab5785f7:/eicar# ls

root@0958ab5785f7:/eicar#

( eicar was already deleted ! )

■DockersのContainer(Ubuntu1)でwgetコマンドをinstall / Install wget on centos1 container.

mcafee@ubt-server01:~$ docker start -i centos1

[root@fd617e5e99dd /]#

[root@fd617e5e99dd /]# yum install wget

Loaded plugins: fastestmirror, ovl

base | 3.6 kB 00:00:00

extras | 3.4 kB 00:00:00

updates | 3.4 kB 00:00:00

(1/4): extras/7/x86_64/primary_db | 122 kB 00:00:00

(2/4): base/7/x86_64/group_gz | 155 kB 00:00:02

(3/4): updates/7/x86_64/primary_db | 3.8 MB 00:00:03

(4/4): base/7/x86_64/primary_db | 5.6 MB 00:00:06

Determining fastest mirrors

* base: mirrors.usc.edu

* extras: mirror.keystealth.org

* updates: mirror.keystealth.org

Resolving Dependencies

--> Running transaction check

---> Package wget.x86_64 0:1.14-13.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================

Package Arch Version Repository Size

============================================================================================================================================================================

Installing:

wget x86_64 1.14-13.el7 base 546 k

Transaction Summary

============================================================================================================================================================================

Install 1 Package

Total download size: 546 k

Installed size: 2.0 M

Is this ok [y/d/N]: y

Downloading packages:

warning: /var/cache/yum/x86_64/7/base/packages/wget-1.14-13.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY ] 115 kB/s | 443 kB 00:00:00 ETA

Public key for wget-1.14-13.el7.x86_64.rpm is not installed

wget-1.14-13.el7.x86_64.rpm | 546 kB 00:00:02

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Importing GPG key 0xF4A80EB5:

Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"

Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5

Package : centos-release-7-3.1611.el7.centos.x86_64 (@CentOS)

From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Is this ok [y/N]: y

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : wget-1.14-13.el7.x86_64 1/1

install-info: No such file or directory for /usr/share/info/wget.info.gz

Verifying : wget-1.14-13.el7.x86_64 1/1

Installed:

wget.x86_64 0:1.14-13.el7

Complete!

[root@fd617e5e99dd /]#

■DockersのContainer(CentOS1)でENSLTPの効果を確認 / Confirm the effect of ENSLTP on container centos1 .

[root@fd617e5e99dd /]# wget www.eicar.org/download/eicar.com.txt

--2017-03-08 06:13:12-- http://www.eicar.org/download/eicar.com.txt

Resolving www.eicar.org (www.eicar.org)... 213.211.198.62

Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 68 [application/octet-stream]

Saving to: 'eicar.com.txt'

100%[==================================================================================================================================>] 68 --.-K/s in 0s

2017-03-08 06:13:14 (6.19 MB/s) - 'eicar.com.txt' saved [68/68]

[root@fd617e5e99dd /]#

[root@fd617e5e99dd /]# ls

anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var

[root@fd617e5e99dd /]#

( eicar was already deleted ! )

ENSL Hack : ENS for Linux 10.2 がDocker環境で試したら上手く動いた。 / ENSL10.2 works well on Docker environment.

Community Help Hub

Join the Community