Creating Dockerfiles to be built with Docker for Windows Community Edition.

Creating a Dockerfile is remarkably easy. A Dockerfile is basically a text file, that is used with Docker to build a container from a Docker image.  You usually start by creating a text file named Dockerfile in a new directory. You don’t want to put a Dockerfile in the root of the C drive for example, because every file and folder below the Dockerfile will get packaged into the built container.

First line of a Dockerfile usually is just a comment starting with a pound # sign.

Then you tell Docker what image to use when creating the container like this:

FROM ubuntu:15.04

Next you add a MAINTAINER which is your name and/or email address

MAINTAINER Name name@email.com

Now we start the next line with a RUN command, that tells the container the first command to run. For example,

RUN apt-get update && /bin/bash

After the RUN command, you can then use EXPOSE 80,443 to open firewall ports 80 and 443,

there are a few different commands we can use here, but the last command will be CMD

This CMD line tells the container what process to run as its main process, and since most containers are supposed to run only one process, (although they can run more than one, best-practice is to only run one process in each container)

CMD commands should be written inside of [] brackets…

CMD [“apache2ctl”, “-D”, “FOREGROUND”]
Final Dockerfile should look like this:

 

# Apache Web Server Dockerfile with apache2-utils and vim
FROM ubuntu:15.04
RUN apt-get update && apt-get install -y \
        apache2 \
        apache2-utils \
        vim \
        && apt-get clean \
        && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
EXPOSE 80
CMD [“apache2ctl”, “-D”, “FOREGROUND”]

Now you can mine bitcoin in your browser by just entering your bitcoin address

It is easier than ever to mine bitcoin, as the new site bitminer.io allow you to simply enter your bitcoin address and just leave the tab open and it will mine bitcoin for you about .0006 per day which may not seem like much but it will add up. Do it now and check it out using my link in the last sentence.

Setting up Docker on windows server 2016

docker logo

Although Docker is available in Windows Server 2016, it is not immediately obvious how to set it up and start running containers on a Windows Server 2016 server. The first step is to enable the Windows Feature Containers with the PowerShell command Install-WindowsFeature -Name Containers -Verbose . After enabling the Containers feature, installing Docker requires executing the following PowerShell commands:

Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name DockerMsftProvider -Force
Install-Package -Name docker -ProviderName DockerMsftProvider -Force
Restart-Computer
# Open firewall port 2375
netsh advfirewall firewall add rule name="docker engine" dir=in action=allow protocol=TCP localport=2375

# Configure Docker daemon to listen on both pipe and TCP (replaces docker --register-service invocation above)
Stop-Service docker
dockerd --unregister-service
dockerd -H npipe:// -H 0.0.0.0:2375 --register-service
Start-Service docker

Optionally you can also install the PowerShell Docker Dev module with the following commands:


Register-PSRepository -Name DockerPS-Dev -SourceLocation https://ci.appveyor.com/nuget/docker-powershell-dev

Install-Module Docker -Repository DockerPS-Dev -Scope CurrentUser

To be sure that Docker is installed run the following commands in PowerShell or Command Prompt:
docker version
docker info

Now you can download the microsoft windowsservercore or nanoserver images and begin creating containers.

docker pull microsoft/windowsservercore
docker pull microsoft/nanoserver

Microsoft Policy Analyzer 3.0 Update available

WARNING: THIS link will download Policy Analyzer 3.0 and samples in a safe zip file from Microsoft:

Microsoft Policy Analyzer 3.0 is now available  and according to Aaron Margosis: “Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs).”  There is a pdf file that is included with the download that explains how to use the application. The new updated 3.0 version also includes several PolicyRules files that can be imported into the Policy Analyzer application and used to compare to the computer’s policies or any imported GPO backup files.

The best use of this software in my opinion is to use it in a domain to analyze your organization’s Group Policy Objects and to look for conflicts with Local Policies or within all the GPOs. You can point it to the SYSVOL folder and import the group policy objects that are being used in the domain. Then by comparing them, you will be alerted to any conflicts and you can export the results to an Excel spreadsheet. It is an excellent tool that will take some time to get used to, but it is extremely important for any security professional to do an analysis of an organization’s policies.



Shop Amazon Gift Cards. Any Occasion. No Expiration.

Microsoft Security Compliance Manager 4.0, Policy Analyzer, and LGPO – Security Admin Tools


(Microsoft’s Channel 9 Podcast – Defrag Tools)

I recently installed the Security Compliance Manager 4.0 using and already installed version of SQL Server 2016 express. This is how you need to install SCM 4.0 on windows 10, since SQL Server 2008 is no longer compatible with Windows 10. If you do not already have SQL Server Express installed, then you need to download and install SQL Server express 2014 or 2016 and install just the engine. Then you can install Security Compliance Manager 4.0 and it will ask for an installed instance of SQL Server and you must choose the name of the instance that you just installed. Then SCM4.0 will install successfully on Windows 10. Although Petri.com has posted a review of Microsoft Security Compliance Manager in 2014, there is now a new version available and this post will discuss Version 4.0. Security Compliance Manager will allow you to download Microsoft recommended Security Baselines for Windows 7,8, and 10, and for Windows Server 2012, 2016, and SQL Server 2012. These baselines contain group policies and settings that are recommended by Microsoft to secure your Active Directory domains.

Also available now is Policy Analyzer.

Policy Analyzer

Photo of Policy Analyzer from Microsoft Security Guidance blog on Microsoft TechNet.



The most interesting of the new baselines is perhaps the Windows 10 1607 Security Baseline, and it is available to download after you install Security Compliance Manager 4.0. This baseline can be exported to an Excel spreadsheet that separates the settings and configurations into different tabs. For some reason I am not able to preview this page anymore as I type it, I think adding Google tag manager has screwed it up. So I’m going to post this and then investigate what happened, and I might have to remove the Google Tag Manager. Hopefully I will continue this post later, if you have any questions about these two security software applications from Microsoft feel free to email me at james at jgnetworksecurity.com.