Docker commands

what_is_docker.png

 

Show all running containers

#docker ps

Show all containers(running or stopped)

#docker ps -a

Delete docker container that has been previously used(currently stopped)

# docker rm <image_name>

 

Stops a current running container.

# docker stop <container>

 

$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                      NAMES
28c8251dcb0f        tozd/postfix        “/usr/local/sbin/r…”   2 months ago        Up About an hour    25/tcp, 465/tcp, 587/tcp   postfix

ismails-MacBook-Air:~ ismailyenigul$ docker stop 28c8251dcb0f
28c8251dcb0f

Pull container image from repository

# docker pull <imagename>:<tag>

Delete all previously used containers, including running  ones

# docker stop `docker ps -a -q`
# docker rm `docker ps -a -q`

Run container in interactive mode and attach to terminal
-i, –interactive                           Keep STDIN open even if not attached
-t, –tty                                   Allocate a pseudo-TTY

# docker run -it  ubuntu:latest /bin/bash

Forcefully delete container even if he has been running with -f parameter

# docker rmi -f <container>:<tag>

Map host port to container port(map host port 8080 to image port 80)

# docker run -d -p 8080:80 <image>:<tag>

Search docker container on DockerHub

# docker search <keyword>

execute arbitary code on a docker container?

$ docker exec [options] <container> command

List local images

# docker images

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest             6b914bbcb89e        4 weeks ago         182 MB
tozd/postfix   latest              89a0d910cc21        2 months ago        253 MB
mongo            latest              a3bfb96cf65e        3 months ago        402 MB
ubuntu           latest              104bec311bcd        3 months ago        129 MB

List docker networks

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
b4e6fdaaa778        bridge              bridge              local
20cba5897034        host                host                local
274c3bd1077b        none                null                local

View configuration of bridge network

 

$ docker inspect bridge
[
{
“Name”: “bridge”,
“Id”: “b4e6fdaaa7784cba883228af101f842e6e7f994a8623e6699b748fcc0078de29”,
“Created”: “2017-03-29T07:36:01.29631817Z”,
“Scope”: “local”,
“Driver”: “bridge”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: [
{
“Subnet”: “172.17.0.0/16”,
“Gateway”: “172.17.0.1”
}
]
},
“Internal”: false,
“Attachable”: false,
“Containers”: {
“aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752”: {
“Name”: “romantic_easley”,
“EndpointID”: “586993464a0fc7e315538f752def1e75969aa438adec814e76c26384384c777d”,
“MacAddress”: “02:42:ac:11:00:02”,
“IPv4Address”: “172.17.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
            “com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
},
“Labels”: {}
}
]

 

View configuration of an image in json format

# docker inspect <image-name>:<tag>

 

ismails-MacBook-Air:~ ismailyenigul$ docker inspect aeb711c91939
[
{
“Id”: “aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752”,
“Created”: “2017-03-29T08:52:15.909697831Z”,
“Path”: “/usr/local/sbin/runsvdir-start”,
“Args”: [],
“State”: {
“Status”: “running”,
“Running”: true,
“Paused”: false,
“Restarting”: false,
“OOMKilled”: false,
“Dead”: false,
“Pid”: 19651,
“ExitCode”: 0,
“Error”: “”,
“StartedAt”: “2017-03-29T08:52:16.870951366Z”,
“FinishedAt”: “0001-01-01T00:00:00Z”
},
“Image”: “sha256:89a0d910cc2102b464d1025e3510de2d1610f721f2743fa093517d9feea1a3d4”,
“ResolvConfPath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/resolv.conf”,
“HostnamePath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/hostname”,
“HostsPath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/hosts”,
“LogPath”: “/var/lib/docker/containers/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752/aeb711c91939024a408d7fe5bc375726c156397ea1366d4ae6e868596c26f752-json.log”,
“Name”: “/romantic_easley”,
“RestartCount”: 0,
“Driver”: “aufs”,
“MountLabel”: “”,
“ProcessLabel”: “”,
“AppArmorProfile”: “”,
“ExecIDs”: null,
“HostConfig”: {
“Binds”: null,
“ContainerIDFile”: “”,
“LogConfig”: {
“Type”: “json-file”,
“Config”: {}
},
“NetworkMode”: “default”,
“PortBindings”: {},
“RestartPolicy”: {
“Name”: “no”,
“MaximumRetryCount”: 0
},
“AutoRemove”: false,
“VolumeDriver”: “”,
“VolumesFrom”: null,
“CapAdd”: null,
“CapDrop”: null,
“Dns”: [],
“DnsOptions”: [],
“DnsSearch”: [],
“ExtraHosts”: null,
“GroupAdd”: null,
“IpcMode”: “”,
“Cgroup”: “”,
“Links”: null,
“OomScoreAdj”: 0,
“PidMode”: “”,
“Privileged”: false,
“PublishAllPorts”: false,
“ReadonlyRootfs”: false,
“SecurityOpt”: null,
“UTSMode”: “”,
“UsernsMode”: “”,
“ShmSize”: 67108864,
“Runtime”: “runc”,
“ConsoleSize”: [
0,
0
],
“Isolation”: “”,
“CpuShares”: 0,
“Memory”: 0,
“NanoCpus”: 0,
“CgroupParent”: “”,
“BlkioWeight”: 0,
“BlkioWeightDevice”: null,
“BlkioDeviceReadBps”: null,
“BlkioDeviceWriteBps”: null,
“BlkioDeviceReadIOps”: null,
“BlkioDeviceWriteIOps”: null,
“CpuPeriod”: 0,
“CpuQuota”: 0,
“CpuRealtimePeriod”: 0,
“CpuRealtimeRuntime”: 0,
“CpusetCpus”: “”,
“CpusetMems”: “”,
“Devices”: [],
“DiskQuota”: 0,
“KernelMemory”: 0,
“MemoryReservation”: 0,
“MemorySwap”: 0,
“MemorySwappiness”: -1,
“OomKillDisable”: false,
“PidsLimit”: 0,
“Ulimits”: null,
“CpuCount”: 0,
“CpuPercent”: 0,
“IOMaximumIOps”: 0,
“IOMaximumBandwidth”: 0
},
“GraphDriver”: {
“Name”: “aufs”,
“Data”: null
},
“Mounts”: [
{
“Type”: “volume”,
“Name”: “ea583d6e30e3fa2af98023477fbf051603953cfbb4090253b744bc4da283b17c”,
“Source”: “/var/lib/docker/volumes/ea583d6e30e3fa2af98023477fbf051603953cfbb4090253b744bc4da283b17c/_data”,
“Destination”: “/var/spool/postfix”,
“Driver”: “local”,
“Mode”: “”,
“RW”: true,
“Propagation”: “”
},
{
“Type”: “volume”,
“Name”: “c5e967f7a1ee6c34e992575ab4af4f67de60d332adbd5daf2439875c92077658”,
“Source”: “/var/lib/docker/volumes/c5e967f7a1ee6c34e992575ab4af4f67de60d332adbd5daf2439875c92077658/_data”,
“Destination”: “/var/log/postfix”,
“Driver”: “local”,
“Mode”: “”,
“RW”: true,
“Propagation”: “”
}
],
“Config”: {
“Hostname”: “aeb711c91939”,
“Domainname”: “”,
“User”: “”,
“AttachStdin”: false,
“AttachStdout”: false,
“AttachStderr”: false,
“ExposedPorts”: {
“25/tcp”: {},
“465/tcp”: {},
“587/tcp”: {}
},
“Tty”: false,
“OpenStdin”: false,
“StdinOnce”: false,
“Env”: [
“no_proxy=*.local, 169.254/16”,
“PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”,
“DEBIAN_FRONTEND=noninteractive”,
“MAILNAME=mail.example.com”,
“MY_NETWORKS=172.17.0.0/16 127.0.0.0/8”,
“MY_DESTINATION=localhost.localdomain, localhost”,
“ROOT_ALIAS=admin@example.com”
],
“Cmd”: null,
“ArgsEscaped”: true,
“Image”: “tozd/postfix”,
“Volumes”: {
“/var/log/postfix”: {},
“/var/spool/postfix”: {}
},
“WorkingDir”: “”,
“Entrypoint”: [
“/usr/local/sbin/runsvdir-start”
],
“OnBuild”: null,
“Labels”: {}
},
“NetworkSettings”: {
“Bridge”: “”,
“SandboxID”: “803fb774951dd18b58e0de894079829cbfd76116e683d4f10db401640e6a9578”,
“HairpinMode”: false,
“LinkLocalIPv6Address”: “”,
“LinkLocalIPv6PrefixLen”: 0,
“Ports”: {
“25/tcp”: null,
“465/tcp”: null,
“587/tcp”: null
},
“SandboxKey”: “/var/run/docker/netns/803fb774951d”,
“SecondaryIPAddresses”: null,
“SecondaryIPv6Addresses”: null,
“EndpointID”: “586993464a0fc7e315538f752def1e75969aa438adec814e76c26384384c777d”,
“Gateway”: “172.17.0.1”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“IPAddress”: “172.17.0.2”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“MacAddress”: “02:42:ac:11:00:02”,
“Networks”: {
“bridge”: {
“IPAMConfig”: null,
“Links”: null,
“Aliases”: null,
“NetworkID”: “b4e6fdaaa7784cba883228af101f842e6e7f994a8623e6699b748fcc0078de29”,
“EndpointID”: “586993464a0fc7e315538f752def1e75969aa438adec814e76c26384384c777d”,
“Gateway”: “172.17.0.1”,
“IPAddress”: “172.17.0.2”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“MacAddress”: “02:42:ac:11:00:02”
}
}
}
}
]

 

ismail yenigul

Note: will be updated time to time.

Advertisements
Docker commands

Install clamav on Centos 7

Installing clamav on previous Centos version was very easy for me.  When I tried to install on Centos 7. I had to learn many things from scratch!..

Install EPEL repo

Clamav is available on EPEL repo. Please install EPEL first then, run the following command:

# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Remove “Example” line from freshclam.conf and /etc/clamd.d/scan.conf in default locatiof of clamd.conf!

#sed -i -e “s/^Example/#Example/” /etc/freshclam.conf

#sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf

Run freshclam to update database manually.

# freshclam

Btw, fresclam is run by cron job from /etc/cron.d/clamav-update 

# cat /etc/cron.d/clamav-update
## Adjust this line…
MAILTO=root

## It is ok to execute it as root; freshclam drops privileges and becomes
## user ‘clamupdate’ as soon as possible
0  */3 * * * root /usr/share/clamav/freshclam-sleep

# /usr/share/clamav/freshclam-sleep
WARNING: update of clamav database is disabled; please see
‘/etc/sysconfig/freshclam’
for information how to enable the periodic update resp. how to turn
off this message.

It seems that freshclam update via cron is disabled. Remove the last line (REMOVE ME) from /etc/sysconfig/freshclam file to active…

# tail /etc/sysconfig/freshclam
## ‘disabled-warn’  …  disables the automatic freshclam update and
##                         gives out a warning
## ‘disabled’       …  disables the automatic freshclam silently
# FRESHCLAM_DELAY=

### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn    # REMOVE ME

run clamd manually for testing purposes

#/usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes
ERROR: Please define server type (local and/or TCP)

Himm.. We need to define server type. I suggest to use socket option.

Comment out the following line in /etc/clamd.d/scan.conf

#LocalSocket /var/run/clamd.scan/clamd.sock

to

LocalSocket /var/run/clamd.scan/clamd.sock

Enable on startup

# systemctl  enable clamd@scan
ln -s ‘/usr/lib/systemd/system/clamd@scan.service’ ‘/etc/systemd/system/multi-user.target.wants/clamd@scan.service’

and start the service, check the status

# systemctl  start clamd@scan
# systemctl  status clamd@scan
clamd@scan.service – Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled)
   Active: active (running) since Mon 2015-01-05 14:45:08 EET; 3s ago
 Main PID: 13588 (clamd)
   CGroup: /system.slice/system-clamd.slice/clamd@scan.service
           └─13588 /usr/sbin/clamd -c /etc/clamd.d/scan.conf –nofork=yes

Jan 05 14:45:08 Centos7-min systemd[1]: Started Generic clamav scanner daemon.
Jan 05 14:45:08 Centos7-min clamd[13588]: clamd daemon 0.98.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 05 14:45:08 Centos7-min clamd[13588]: Running as user clamscan (UID 995, GID 994)
Jan 05 14:45:08 Centos7-min clamd[13588]: Log file size limited to 1048576 bytes.
Jan 05 14:45:08 Centos7-min clamd[13588]: Reading databases from /var/lib/clamav
Jan 05 14:45:08 Centos7-min clamd[13588]: Not loading PUA signatures.
Jan 05 14:45:08 Centos7-min clamd[13588]: Bytecode: Security mode set to “TrustSigned”.

Run a test scan:

# clamdscan -c /etc/clamd.d/scan.conf /etc/hosts
/etc/hosts: OK

———– SCAN SUMMARY ———–
Infected files: 0
Time: 0.002 sec (0 m 0 s)

İsmail YENIGUL

Install clamav on Centos 7