2020-06-08 02:44:19 +08:00
---
title: "Docker"
date: 2020-05-26T20:57:28+03:00
draft: false
pre: '< i class = "fab fa-docker" > < / i > '
weight: 4
2021-01-28 02:23:40 +08:00
tags: ["setup", "docker", "linux", "windows"]
2020-06-08 02:44:19 +08:00
---
2021-06-07 21:54:09 +08:00
## Supported operating systems
The Infection Monkey Docker container works on Linux only. It is not compatible with Docker for Windows or Docker for Mac.
2020-06-08 02:44:19 +08:00
## Deployment
2021-06-07 21:56:02 +08:00
### 1. Load the docker images
1. Pull the MongoDB v4.2 Docker image:
2021-05-11 23:27:59 +08:00
2021-06-07 21:56:02 +08:00
```bash
sudo docker pull mongo:4.2
```
2020-06-08 02:44:19 +08:00
2021-06-07 21:56:02 +08:00
1. Extract the Monkey Island Docker tarball:
2020-06-08 02:44:19 +08:00
2021-06-07 21:56:02 +08:00
```bash
2021-10-22 15:03:18 +08:00
tar -xvzf InfectionMonkey-docker-v1.12.0.tgz
2021-06-07 21:56:02 +08:00
```
2020-06-14 20:44:07 +08:00
2021-06-07 21:56:02 +08:00
1. Load the Monkey Island Docker image:
```bash
2021-10-22 15:03:18 +08:00
sudo docker load -i InfectionMonkey-docker-v1.12.0.tar
2021-06-07 21:56:02 +08:00
```
### 2. Start MongoDB
2021-10-26 00:57:40 +08:00
{{% notice info %}}
If you are upgrading the Infection Monkey to a new version, be sure to remove
any MongoDB containers or volumes associated with the previous version.
{{% /notice %}}
2021-06-07 21:56:02 +08:00
1. Start a MongoDB Docker container:
```bash
sudo docker run \
--name monkey-mongo \
--network=host \
--volume db:/data/db \
2021-06-18 08:08:28 +08:00
--detach \
mongo:4.2
2021-06-07 21:56:02 +08:00
```
2021-11-30 21:44:46 +08:00
### 3. Start Monkey Island with default certificate
2021-06-07 21:56:02 +08:00
By default, Infection Monkey comes with a [self-signed SSL certificate ](https://aboutssl.org/what-is-self-sign-certificate/ ). In
enterprise or other security-sensitive environments, it is recommended that the
user [provide Infection Monkey with a
2021-11-30 21:44:46 +08:00
certificate](#start-monkey-island-with-user-provided-certificate) that has
2021-06-07 21:56:02 +08:00
been signed by a private certificate authority.
1. Run the Monkey Island server
```bash
sudo docker run \
2021-10-27 19:58:39 +08:00
--tty \
--interactive \
2021-06-07 21:56:02 +08:00
--name monkey-island \
--network=host \
2021-08-06 02:48:06 +08:00
guardicore/monkey-island:VERSION
2021-06-07 21:56:02 +08:00
```
2021-11-30 21:44:46 +08:00
### 4. Accessing Monkey Island
2021-06-07 21:56:02 +08:00
2021-11-30 21:44:46 +08:00
After the Monkey Island docker container starts, you can access Monkey Island by pointing your browser at `https://localhost:5000` .
2021-06-07 21:56:02 +08:00
2021-11-30 21:44:46 +08:00
## Configuring the server
2021-06-07 21:56:02 +08:00
2021-11-30 21:44:46 +08:00
You can configure the server by mounting a volume and specifying a
[server configuration file ](../../reference/server_configuration ):
2021-06-07 21:56:02 +08:00
2021-11-30 21:44:46 +08:00
1. Create a directory for server configuration file, e.g. `monkey_island_data` :
2021-06-07 21:56:02 +08:00
```bash
2021-11-30 21:44:46 +08:00
mkdir ./monkey_island_data
chmod 700 ./monkey_island_data
2021-06-07 21:56:02 +08:00
```
2021-11-30 21:44:46 +08:00
1. Move your `server_config.json` file to `./monkey_island_data` directory.
1. Run the container with a mounted volume, specify the path to the `server_config.json` :
```bash
sudo docker run \
--rm \
--name monkey-island \
--network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
```
### Start Monkey Island with user-provided certificate
By default, Infection Monkey comes with a [self-signed SSL
certificate](https://aboutssl.org/what-is-self-sign-certificate/). In
enterprise or other security-sensitive environments, it is recommended that the
user provide Infection Monkey with a certificate that has been signed by a
private certificate authority.
2021-06-07 21:56:02 +08:00
2021-12-01 01:53:55 +08:00
1. Terminate the docker container if it's already running.
2021-11-30 21:44:46 +08:00
1. Move your `.crt` and `.key` files to `./monkey_island_data` (directory created for the volume).
1. Make sure that your `.crt` and `.key` files are readable only by you.
```bash
chmod 600 < PATH_TO_KEY_FILE >
chmod 600 < PATH_TO_CRT_FILE >
```
1. Modify the [server configuration file ](../../reference/server_configuration ) and add the following lines:
```json
2021-06-07 21:56:02 +08:00
{
2021-11-30 21:44:46 +08:00
"ssl_certificate": {
"ssl_certificate_file": "/monkey_island_data/my_cert.crt",
"ssl_certificate_key_file": "/monkey_island_data/my_key.key"
}
2021-06-07 21:56:02 +08:00
}
```
2021-11-30 21:44:46 +08:00
1. Run the container with a mounted volume, specify the path to the `server_config.json` :
2021-06-07 21:56:02 +08:00
```bash
sudo docker run \
2021-11-30 21:44:46 +08:00
--rm \
2021-06-07 21:56:02 +08:00
--name monkey-island \
--network=host \
2021-06-10 23:34:08 +08:00
--user "$(id -u ${USER}):$(id -g ${USER})" \
2021-06-07 21:56:02 +08:00
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
2021-11-30 21:44:46 +08:00
guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
2021-06-07 21:56:02 +08:00
```
2021-11-30 21:44:46 +08:00
1. Access the Monkey Island web UI by pointing your browser at
`https://localhost:5000` .
2021-06-07 21:56:02 +08:00
2021-11-30 21:44:46 +08:00
### Change logging level
2021-06-07 21:56:02 +08:00
2021-12-01 01:53:55 +08:00
1. Stop the docker container if it's already running.
2021-11-30 21:44:46 +08:00
1. Modify the [server configuration file ](../../reference/server_configuration ) by adding the following lines:
```json
{
"log_level": "INFO"
}
```
1. Run the container with a mounted volume, specify the path to the `server_config.json` :
```bash
sudo docker run \
--rm \
--name monkey-island \
--network=host \
--user "$(id -u ${USER}):$(id -g ${USER})" \
--volume "$(realpath ./monkey_island_data)":/monkey_island_data \
guardicore/monkey-island:VERSION --setup-only --server-config="/monkey_island_data/server_config.json"
```
1. Access the Monkey Island web UI by pointing your browser at
`https://localhost:5000` .
2021-05-11 23:27:59 +08:00
2020-06-14 20:44:07 +08:00
## Upgrading
2021-01-28 01:54:35 +08:00
Currently, there's no "upgrade-in-place" option when a new version is released.
2021-10-26 00:57:40 +08:00
To get an updated version, download it, stop and remove the current Monkey
Island and MongoDB containers and volumes, and run the installation commands
again with the new file.
2021-10-25 20:49:22 +08:00
2021-01-28 01:54:35 +08:00
If you'd like to keep your existing configuration, you can export it to a file
using the *Export config* button and then import it to the new Monkey Island.
2020-06-14 20:44:07 +08:00
![Export configuration ](../../images/setup/export-configuration.png "Export configuration" )
2021-03-31 19:10:36 +08:00
## Troubleshooting
### The Monkey Island container crashes due to a 'UnicodeDecodeError'
2021-06-07 21:56:52 +08:00
You will encounter a `UnicodeDecodeError` if the `monkey-island` container is
using a different secret key to encrypt sensitive data than was initially used
to store data in the `monkey-mongo` container.
2021-03-31 19:10:36 +08:00
2021-06-07 21:56:52 +08:00
```
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xee in position 0: invalid continuation byte
```
2021-03-31 19:10:36 +08:00
2021-08-06 02:48:06 +08:00
Starting a new container from the `guardicore/monkey-island:VERSION` image
2021-06-07 21:56:52 +08:00
generates a new secret key for storing sensitive information in MongoDB. If you
have an old database instance running (from a previous instance of Infection
Monkey), the data stored in the `monkey-mongo` container has been encrypted
with a key that is different from the one that Monkey Island is currently
using. When MongoDB attempts to decrypt its data with the new key, decryption
fails and you get this error.
You can fix this in one of three ways:
2021-03-31 19:10:36 +08:00
1. Instead of starting a new container for the Monkey Island, you can run `docker container start -a monkey-island` to restart the existing container, which will contain the correct key material.
2021-06-07 21:56:52 +08:00
1. Kill and remove the existing MongoDB container, and start a new one. This will remove the old database entirely. Then, start the new Monkey Island container.
1. When you start the Monkey Island container, use `--volume
monkey_island_data:/monkey_island_data`. This will store all of Monkey
Island's runtime artifacts (including the encryption key file) in a docker
volume that can be reused by subsequent Monkey Island containers.