之前的云服务器不用了,换了个新的,因此ARL也要重新搭建了,之前搭建的时候没有做笔记,所以这次就记一下。
ARL主仓库已经关闭很久了,用的ARL docker镜像仓库: ARL-docker
中间需要解决几个问题,前三个我就不说了,本文主讲第4步。
- docker 的安装
- docker 镜像仓库,代理访问
- Linux 搭建 代理,我用的clash
- ARL-docker 搭建
ARL-docker 搭建
在线下载安装法
下载部署脚本项目:git clone https://github.com/honmashironeko/ARL-docker.git
进入项目文件夹:cd ARL-docker/
添加运行权限:chmod +x setup-arl.sh
执行部署脚本:bash setup-arl.sh
可能会在运行的时候报错一次,不需要管他,重新运行一遍 bash setup-arl.sh 即可。
启动 ARL 命令:docker-compose up -d
接下来就是记录一些问题、排查过程及解决办法了。
Q1:服务无法启动
问题描述
启动 ARL 命令:docker-compose up -d
docker ps
发现服务无法启动
有三个容器无法正常启动 arl_web、arl_worker、arl_scheduler,
1
2
3
4
5
6
7
|
[root@localhost ARL-docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7045ec724fa5 honmashironeko/arl-docker-all "sh -c 'gen_crt.sh..." 5 hours ago Restarting (1) 3 minutes ago arl_web
94a3497339c0 honmashironeko/arl-docker-all "sh -c 'wait-for-i..." 5 hours ago Restarting (255) 3 minutes ago arl_worker
3bdd87b9a0f3 honmashironeko/arl-docker-all "sh -c 'wait-for-i..." 5 hours ago Restarting (255) 3 minutes ago arl_scheduler
58f66a52f583 rabbitmq:3.8.19-management-alpine "docker-entrypoint..." 5 hours ago Up 7 minutes 4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 15691-15692/tcp, 25672/tcp arl_rabbitmq
457a964ab6dc mongo:4.0.27 "docker-entrypoint..." 5 hours ago Up 7 minutes 27017/tcp arl_mongodb
|
排查日志:
1
|
docker logs --tail 20 <CONTAINER ID>
|
有几个权限报错:
1
|
Error: Error: 'arl_web.log' isn't writable [PermissionError(13, 'Permission denied')]
|
还有个/code/app/config.yaml
的权限报错,日志刷没了,不记得具体报错命令了。
看配置文件是本地文件和容器文件的映射
1
2
3
4
5
6
7
8
|
[root@localhost ARL-docker]# cat docker-compose.yml
……
services:
web:
……
volumes:
- ./arl_web.log:/code/arl_web.log
- ./config-docker.yaml:/code/app/config.yaml
|
检查文件、目录权限,容器内用户身份,检查 SELinux
解决办法
最后我找到的解决办法是关闭SELinux
1
2
|
sudo sestatus # 查看 SELinux 状态
sudo setenforce 0 # 临时关闭 SELinux
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@localhost ARL-docker]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
[root@localhost ARL-docker]# sudo setenforce 0
[root@localhost ARL-docker]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
|
清除一下,之后再重启下就解决了。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@localhost ARL-docker]# docker-compose down
[+] Running 6/6
✔ Container arl_web Removed 0.3s
✔ Container arl_scheduler Removed 0.3s
✔ Container arl_worker Removed 0.3s
✔ Container arl_rabbitmq Removed 0.0s
✔ Container arl_mongodb Removed 0.0s
✔ Network arl-docker_default Removed 0.2s
[root@localhost ARL-docker]# docker-compose up -d
[+] Building 0.0s (0/0)
[+] Running 6/6
✔ Network arl-docker_default Created 0.2s
✔ Container arl_mongodb Started 0.9s
✔ Container arl_rabbitmq Started 0.9s
✔ Container arl_worker Started 1.6s
✔ Container arl_scheduler Started 1.6s
✔ Container arl_web Started 1.7s
[root@localhost ARL-docker]#
|
Q2:Web密码错误
问题描述
前往ARLweb页面:https://IP:5003/
,账号:admin
,密码:honmashironeko
,提示密码错误
进 arl_web 服务容器看了下代码
1
2
3
|
[root@localhost ARL-docker]# docker exec -it arl_web /bin/bash
[root@6a3109921ab8 code]# ls
app arl_web.log frontend requirements.txt test
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
[root@6a3109921ab8 app]# cat utils/user.py
from flask import request
from app import modules
from app.config import Config
from . import gen_md5, random_choices
from .conn import conn_db
salt = 'arlsalt!@#'
def user_login(username = None, password = None):
if not username or not password:
return
query = {"username": username, "password": gen_md5(salt + password)}
if conn_db('user').find_one(query):
item = {
"username": username,
"token": gen_md5(random_choices(50)),
"type": "login"
}
conn_db('user').update_one(query, {"$set": {"token": item["token"]}})
return item
|

又看了MongoDB数据库,没发现有账号记录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
[root@localhost xavier]# docker exec -ti arl_mongodb mongo -u admin -p admin
MongoDB shell version v4.0.27
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("dd7329eb-ea82-4041-a454-d43aedb1328b") }
MongoDB server version: 4.0.27
Welcome to the MongoDB shell.
…………
> use arl
switched to db arl
> db.user.find()
> db.getCollectionNames();
[
"asset_domain",
"asset_ip",
"asset_site",
"cert",
"domain",
"fileleak",
"github_monitor_result",
"github_result",
"ip",
"npoc_service",
"poc",
"service",
"site",
"url",
"vuln",
"wih"
]
|
没看到有user表

解决办法
添加账户记录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
> db.user.insert({ username: 'admin', password: hex_md5('arlsalt!@#'+'admin123') })
WriteResult({ "nInserted" : 1 })
> db.user.find()
{ "_id" : ObjectId("67d5ab76da9827cdcf275ce3"), "username" : "admin", "password" : "fd9fb75bf102e785e6874af0025a331e" }
> db.getCollectionNames();
[
"asset_domain",
"asset_ip",
"asset_site",
"cert",
"domain",
"fileleak",
"github_monitor_result",
"github_result",
"ip",
"npoc_service",
"poc",
"service",
"site",
"url",
"user",
"vuln",
"wih"
]
|

最后用了admin、admin123 成功登录。