docker-nfqueue-scapy - Docker container for intercepting packets with scapy from a netfilter queue (nfqueue)

  •        29

Docker container with an example python script to listen for packets on a netfilter queue and manipulate them with scapy. You can listen on any queue number, and you can push packets into the queue from any iptables rule. This container gives you a powerful prototyping and debugging tool for monitoring, manipulating, dropping, accepting, requeing, or forwarding network packets in python. You can read from a queue on the host with --net=host --cap-add=NET_ADMIN. Or, you can run it within another container's namespace to listen for packets on an nfqueue in that container's network namespace. This container includes a full installation of scapy and python netfilter queue (nfqueue) bindings, and an example python script nfqueue_listener.py to print incoming packets on the queue.

https://github.com/milesrichardson/docker-nfqueue-scapy

Tags
Implementation
License
Platform

   




Related Projects

scapy-ssl_tls - SSL/TLS layers for scapy the interactive packet manipulation tool

  •    Python

SSL/TLS layers for scapy the interactive packet manipulation tool. SSL/TLS and DTLS layers and TLS utiltiy functions for Scapy.

scapy - Scapy: the Python-based interactive packet manipulation program & library

  •    Python

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

synsanity - netfilter (iptables) target for high performance lockless SYN cookies for SYN flood mitigation

  •    C

synsanity is a netfilter (iptables) target for high performance lockless SYN cookies for SYN flood mitigation, as used in production at GitHub.synsanity allows Linux servers running 3.x kernels to handle SYN floods with minimal (or at least less) performance impact. With default Linux kernel 3.x settings, a very small SYN flood causes complete CPU exhaustion as the kernel spinlocks on the LISTEN socket and in conntrack. synsanity moves much of this work into a netfilter (iptables) target and bypasses locks for this attack scenario, allowing high throughput syncookie generation before the packets hit the TCP stack.

geard - geard is no longer maintained - see OpenShift 3 and Kubernetes

  •    Go

The geard agent exposes operations on containers needed for large scale orchestration in production environments, and tries to map those operations closely to the underlying concepts in Docker and systemd. It supports linking containers into logical groups (applications) across multiple hosts with iptables based local networking, shared environment files, and SSH access to containers. It is also a test bed for prototyping related container services that may eventually exist as Docker plugins, such as routing, event notification, and efficient idling and network activation.The gear daemon and local commands must run as root to interface with the Docker daemon over its Unix socket and systemd over DBus.

trollhunter - linux netfilter/iptables f

  •    Perl

a linux netfilter/iptables firewall log summarizer with graphical and command line interface that helps the sysadmin in his daily routine. points of interest can be examined closer to gain further information. you can also run it in command line mode and


HiddenWall - Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, rootkit functions etc)

  •    C

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).

bors - A DNS blacklist defender

  •    C

Bors is a theoretical project that would use DNS blacklists like those used for spam but on a nfqueue level. It uses ideas from mblock/nfblockd but instead of a local list it uses DNS blacklists to lookup if an IP is blocked and what category it belongs.

awesome-docker - :whale: A curated list of Docker resources and projects

  •    Javascript

A curated list of Docker resources and projects Inspired by @sindresorhus' awesome and improved by these amazing contributors. The creators and maintainers of this list do not receive any form of payment to accept a change made by any contributor. This page is not an official Docker product in any way. It is a list of links to projects and is maintained by volunteers. Everybody is welcome to contribute. The goal of this repo is to index open-source projects, not to advertise for profit.

Portainer - Simple management UI for Docker

  •    Javascript

Portainer is a lightweight management UI which allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters). Portainer is meant to be as simple to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container). It allows you to manage your Docker containers, images, volumes, networks and more ! It is compatible with the standalone Docker engine and with Docker Swarm mode.

docker - Docker Official Image packaging for Docker

  •    Shell

This is the Git repo of the Docker "Official Image" for docker (not to be confused with any official docker image provided by docker upstream). See the Docker Hub page for the full readme on how to use this Docker image and for information regarding contributing and issues. The full description from Docker Hub is generated over in docker-library/docs, specifically in docker-library/docs/docker.

prometheus - A docker-compose stack for Prometheus monitoring

  •    

Before we get started installing the Prometheus stack. Ensure you install the latest version of docker and docker swarm on your Docker host machine. Docker Swarm is installed automatically when using Docker for Mac or Docker for Windows.Clone the project locally to your Docker host.

Distribution - The Docker toolset to pack, ship, store, and deliver content

  •    Go

The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-registry project with a new API design, focused around security and performance.

Dry - A Docker container manager for the terminal

  •    Go

Dry is a terminal application to manage Docker. It shows information about Containers, Images and Networks, and, if running a Docker Swarm, it also shows all kinds of information about the state of the Swarm cluster. It can connect to both local or remote Docker daemons. Besides showing information, it can be used to manage Docker. Most of the commands that the official Docker CLI has, are available in dry with the same behaviour.

LILA - Live Iptables Log Analyzer

  •    Python

A command line tool that allows you to (live) analyze netfilter (iptables) log files. It provides a nice output and has features like displaying hostnames, duplicate detection... More info (+ screenshots) can be found in the pdf inside the tarball.

IPTables log analyzer

  •    PHP

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log

Netfilter Perl Script Protection

  •    Perl

This script written in perl is designed to setup a basic firewall rules to protect your linux box on the Internet. It's use perl and iptables. Work fine with dial and permanent connections (cable/dsl). People don't have any experience with iptables.

docker-compose-nodejs-examples - Finally some real world examples on getting started with Docker Compose and Nodejs

  •    Javascript

Docker Compose is an awesome tool for creating isolated development environments with Docker by using simple configurations with YAML. It's clean and easy enough to wrap your head around, even if you are new to Docker. Even though, the official website is lacking some practial, real world examples for getting started with Docker Compose and Nodejs. I hope the following real world examples will save you from some headache (like I had) while trying to figure out how to (pragmatically) use Docker Compose for your Nodejs apps.

Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker

  •    

Within today’s growing cloud-based IT market, there is a strong demand for virtualisation technologies. Unfortunately most virtualisation solutions are not flexible enough to meet developer requirements and the overhead implied by the use of full virtualisation solutions becomes a burden on the scalability of the infrastructure. Docker reduces that overhead by allowing developers and system administrators to seamlessly deploy containers for applications and services required for business operations. However, because Docker leverages the same kernel as the host system to reduce the need for resources, containers can be exposed to significant security risks if not adequately configured. The following itemised list suggests hardening actions that can be undertaken to improve the security posture of the containers within their respective environment. It should be noted that proposed solutions only apply to deployment of Linux Docker containers on Linux-based hosts, using the most recent release of Docker at the time of this writing (1.4.0, commit 4595d4f, dating 11/12/14). Part of the content below is based on publications from Jérôme Petazzoni [1] and Daniel J Walsh [2]. This document aims at adding on to their recommendations and how they can specifically be implemented within Docker. Note: Most of suggested command line options can be stored and used in a similar manner inside a Dockerfile for automated image building. Docker 1.3 now supports cryptographic signatures [3] to ascertain the origin and integrity of official repository images. This feature is however still a work in progress as Docker will issue a warning but not prevent the image from actually running. Furthermore, it does not apply to non-official images. In general, ensure that images are only retrieved from trusted repositories and that the --insecure-registry=[] command line option is never used.

docker-compose-ui - web interface for Docker Compose

  •    Javascript

Docker Compose UI is a web interface for Docker Compose. The aim of this project is to provide a minimal HTTP API on top of Docker Compose while maintaining full interoperability with Docker Compose CLI.

docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production

  •    Shell

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post. We are making this available as an open-source utility so the Docker community can have an easy way to self-assess their hosts and docker containers against this benchmark.