ARL灯塔Docker版搭建记录

之前的云服务器不用了,换了个新的,因此ARL也要重新搭建了,之前搭建的时候没有做笔记,所以这次就记一下。

ARL主仓库已经关闭很久了,用的ARL docker镜像仓库: ARL-docker

中间需要解决几个问题,前三个我就不说了,本文主讲第4步。

  1. docker 的安装
  2. docker 镜像仓库,代理访问
  3. Linux 搭建 代理,我用的clash
  4. ARL-docker 搭建

ARL-docker 搭建

在线下载安装法

下载部署脚本项目:git clone https://github.com/honmashironeko/ARL-docker.git

进入项目文件夹:cd ARL-docker/

添加运行权限:chmod +x setup-arl.sh

执行部署脚本:bash setup-arl.sh

可能会在运行的时候报错一次,不需要管他,重新运行一遍 bash setup-arl.sh 即可。

启动 ARL 命令:docker-compose up -d

接下来就是记录一些问题、排查过程及解决办法了。

Q1:服务无法启动

问题描述

启动 ARL 命令:docker-compose up -d docker ps 发现服务无法启动 有三个容器无法正常启动 arl_web、arl_worker、arl_scheduler,

1
2
3
4
5
6
7
[root@localhost ARL-docker]# docker ps -a
CONTAINER ID     IMAGE                           COMMAND               CREATED        STATUS          PORTS          NAMES
7045ec724fa5      honmashironeko/arl-docker-all       "sh -c 'gen_crt.sh..."   5 hours ago    Restarting (1) 3 minutes ago                                            arl_web
94a3497339c0      honmashironeko/arl-docker-all       "sh -c 'wait-for-i..."   5 hours ago    Restarting (255) 3 minutes ago                                          arl_worker
3bdd87b9a0f3      honmashironeko/arl-docker-all       "sh -c 'wait-for-i..."   5 hours ago    Restarting (255) 3 minutes ago                                          arl_scheduler
58f66a52f583      rabbitmq:3.8.19-management-alpine   "docker-entrypoint..."   5 hours ago    Up 7 minutes      4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 15691-15692/tcp, 25672/tcp   arl_rabbitmq
457a964ab6dc      mongo:4.0.27                        "docker-entrypoint..."   5 hours ago    Up 7 minutes      27017/tcp                                                 arl_mongodb

排查日志:

1
docker logs --tail 20 <CONTAINER ID>

有几个权限报错:

1
Error: Error: 'arl_web.log' isn't writable [PermissionError(13, 'Permission denied')]

还有个/code/app/config.yaml 的权限报错,日志刷没了,不记得具体报错命令了。

看配置文件是本地文件和容器文件的映射

1
2
3
4
5
6
7
8
[root@localhost ARL-docker]# cat docker-compose.yml
……
services:
    web:
    ……
        volumes:
          - ./arl_web.log:/code/arl_web.log
          - ./config-docker.yaml:/code/app/config.yaml

检查文件、目录权限,容器内用户身份,检查 SELinux

解决办法

最后我找到的解决办法是关闭SELinux

1
2
sudo sestatus        # 查看 SELinux 状态
sudo setenforce 0 # 临时关闭 SELinux
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
[root@localhost ARL-docker]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
[root@localhost ARL-docker]# sudo setenforce 0
[root@localhost ARL-docker]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

清除一下,之后再重启下就解决了。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
[root@localhost ARL-docker]# docker-compose down
[+] Running 6/6
 ✔ Container arl_web           Removed                          0.3s 
 ✔ Container arl_scheduler     Removed                          0.3s 
 ✔ Container arl_worker        Removed                          0.3s 
 ✔ Container arl_rabbitmq      Removed                          0.0s 
 ✔ Container arl_mongodb       Removed                          0.0s 
 ✔ Network arl-docker_default  Removed                          0.2s 
[root@localhost ARL-docker]# docker-compose up -d
[+] Building 0.0s (0/0)
[+] Running 6/6
 ✔ Network arl-docker_default  Created                          0.2s 
 ✔ Container arl_mongodb       Started                          0.9s 
 ✔ Container arl_rabbitmq      Started                          0.9s 
 ✔ Container arl_worker        Started                          1.6s 
 ✔ Container arl_scheduler     Started                          1.6s 
 ✔ Container arl_web           Started                          1.7s 
[root@localhost ARL-docker]#

Q2:Web密码错误

问题描述

前往ARLweb页面:https://IP:5003/,账号:admin,密码:honmashironeko,提示密码错误

进 arl_web 服务容器看了下代码

1
2
3
[root@localhost ARL-docker]# docker exec -it arl_web /bin/bash
[root@6a3109921ab8 code]# ls
app  arl_web.log  frontend  requirements.txt  test
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@6a3109921ab8 app]# cat utils/user.py 
from flask import  request
from app import modules
from app.config import Config
from . import gen_md5, random_choices
from .conn import conn_db

salt = 'arlsalt!@#'

def user_login(username = None, password = None):
    if not username or not password:
        return

    query = {"username": username, "password": gen_md5(salt + password)}

    if conn_db('user').find_one(query):
        item = {
            "username": username,
            "token": gen_md5(random_choices(50)),
            "type": "login"
        }
        conn_db('user').update_one(query, {"$set": {"token": item["token"]}})

        return item

image-20250316014902691

又看了MongoDB数据库,没发现有账号记录

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@localhost xavier]# docker exec -ti arl_mongodb mongo -u admin -p admin
MongoDB shell version v4.0.27
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("dd7329eb-ea82-4041-a454-d43aedb1328b") }
MongoDB server version: 4.0.27
Welcome to the MongoDB shell.
…………
> use arl
switched to db arl
> db.user.find()
> db.getCollectionNames();
[
        "asset_domain",
        "asset_ip",
        "asset_site",
        "cert",
        "domain",
        "fileleak",
        "github_monitor_result",
        "github_result",
        "ip",
        "npoc_service",
        "poc",
        "service",
        "site",
        "url",
        "vuln",
        "wih"
]

没看到有user表

image-20250316014630278

解决办法

添加账户记录

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
> db.user.insert({ username: 'admin',  password: hex_md5('arlsalt!@#'+'admin123') })
WriteResult({ "nInserted" : 1 })
> db.user.find()
{ "_id" : ObjectId("67d5ab76da9827cdcf275ce3"), "username" : "admin", "password" : "fd9fb75bf102e785e6874af0025a331e" }
> db.getCollectionNames();
[
        "asset_domain",
        "asset_ip",
        "asset_site",
        "cert",
        "domain",
        "fileleak",
        "github_monitor_result",
        "github_result",
        "ip",
        "npoc_service",
        "poc",
        "service",
        "site",
        "url",
        "user",
        "vuln",
        "wih"
]

image-20250316014731951

最后用了admin、admin123 成功登录。

0%