【K8s】搭建服务漏洞靶场

其他 2021-04-04 11:52:06 阅读次数: 0

靶场漏洞服务搭建

一、数据库类

1.1 redis-4.0.4

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: redis-4014
spec:
  replicas: 1
  template:
    metadata:
      name: redis-4.0.14
      labels:
        vulhub: redis-4.0.14
    spec:
      affinity:  # 反亲和性调度,确保节点不会出现同样的服务
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: redis-4.0.14
      tolerations:  # 污点容忍,允许容器被调度在主节点中运行
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule  
      nodeSelector:  # 节点选择器,指定部署在哪个节点上
        kubernetes.io/hostname: k8s-node2.novalocal      
      containers:
      - image: vulhub/redis:4.0.14
        name: redis
        ports:
        - name: tcp1
          containerPort: 6379
          hostPort: 6379  # 使用主机端口,比hostNet更安全
        imagePullPolicy: IfNotPresent

1.2 elasticsearch-1.1.1

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: elasticsearch-111
spec:
  replicas: 1
  template:
    metadata:
      name: elasticsearch-1.1.1
      labels:
        vulhub: elasticsearch-1.1.1
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: elasticsearch-1.1.1
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule   
      containers:
      - image: vulhub/elasticsearch:1.1.1
        name: elasticsearch
        ports:
        - name: tcp1
          containerPort: 9200
          hostPort: 9200
        - name: tcp2
          containerPort: 9300
          hostPort: 9300
        imagePullPolicy: IfNotPresent

1.3 mongodb

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: mongodb-express-0530
spec:
  replicas: 1
  template:
    metadata:
      name: mongodb-0.53.0
      labels:
        vulhub: mongodb-0.53.0
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: mongodb-0.53.0
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule     
      containers:
      - image: vulhub/mongo-express:0.53.0
        name: mongo
        command: 
        - "sh" 
        - "-c" 
        - "/data/db/mongod"
        ports:
        - name: tcp1
          containerPort: 27017
          hostPort: 27017
        imagePullPolicy: IfNotPresent
二、Web应用类

2.1 WordPress

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: wordpress-46
spec:
  replicas: 0
  template:
    metadata:
      name: wordpress-4.6
      labels:
        vulhub: wordpress-4.6
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: wordpress-4.6
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule  
      containers:
      - image: mysql:5
        name: mysql
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: root
        imagePullPolicy: IfNotPresent   
      - image: vulhub/wordpress-4.6
        name: web
        env:
        - name: WORDPRESS_DB_HOST
          value: mysql:3306
        - name: WORDPRESS_DB_USER
          value: root
        - name: WORDPRESS_DB_PASSWORD
          value: root
        - name: WORDPRESS_DB_NAME
          value: wordpress
        ports:
        - name: web
          containerPort: 80
          hostPort: 86
        imagePullPolicy: IfNotPresent   
      - name: init
        image: busybox
        imagePullPolicy: IfNotPresent
        command: ["/bin/sh"]
        args:
        - -c
        - echo 127.0.0.1 mysql >> /etc/hosts;tail -f /dev/null

---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: drupal-8v5v0
spec:
  replicas: 1
  template:
    metadata:
      name: drupal-8.5.0
      labels:
        vulhub: drupal-8.5.0
        cve: CVE-2019-6341
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: drupal-8.5.0
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule   
      containers:
      - image: vulhub/drupal:8.5.0
        name: drupal
        ports:
        - name: tcp1
          containerPort: 80
          hostPort: 8080
        imagePullPolicy: IfNotPresent
三、中间件类

3.1 Weblogic

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: weblogic-latest
spec:
  replicas: 1
  template:
    metadata:
      name: weblogic-latest
      labels:
        vulhub: weblogic-latest
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: weblogic-latest
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule
      containers:
      - image: vulhub/weblogic:latest
        name: weblogic
        ports:
        - name: tcp1
          containerPort: 7001
          hostPort: 7001
        imagePullPolicy: IfNotPresent

3.2 Apache-Flink

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: apache-flink-191
spec:
  replicas: 1
  template:
    metadata:
      name: apache-flink-1.9.1
      labels:
        vulhub: apache-flink-1.9.1
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: apache-flink-1.9.1
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule     
      containers:
      - image: jstang/apache-flink:1.9.1
        name: apache-flink
        livenessProbe:
          httpGet:
            path: /
            port: 8081
            host: 127.0.0.1
            scheme: HTTP
        ports:
        - name: tcp1
          containerPort: 8081
          hostPort: 8081
        imagePullPolicy: IfNotPresent
四、系统服务类

vsFtpd

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: vsftpd-2.3.4
spec:
  replicas: 1
  template:
    metadata:
      name: vsftpd-2.3.4
      labels:
        vulhub: vsftpd-2.3.4
    spec:
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: vsftpd-2.3.4
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule     
      containers:
      - image: penkit/vsftpd:2.3.4
        name: vsftpd
        ports:
        - name: tcp1
          containerPort: 21
          hostPort: 21
        - name: tcp2
          containerPort: 6200
          hostPort: 6200
        imagePullPolicy: IfNotPresent

Samba(MS17-010 SMB RCE)

apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: smb-4.6.3
spec:
  replicas: 1
  template:
    metadata:
      name: smb-4.6.3
      labels:
        vulhub: smb-4.6.3
    spec:
      volumes:
      - name: smb-conf
        configMap:
          name: smb-4.6.3-conf
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchLabels:
                vulhub: smb-4.6.3
      tolerations:
      - key: node-role.kubernetes.io/master
        operation: Equal
        effect: NoSchedule  
      containers:
      - image: vulhub/samba:4.6.3
        name: samba
        ports:
        - name: tcp1
          containerPort: 445
          hostPort: 445
        - name: tcp2
          containerPort: 6699
          hostPort: 6699
        imagePullPolicy: IfNotPresent   
        volumeMounts:
        - name: smb-conf
          mountPath: /usr/local/samba/etc/smb.conf
          subPath: smb.conf

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: smb-4.6.3-conf
  labels:
    vulhub: smb-4.6.3-conf
data:
  smb.conf: |
    [global]
        map to guest = Bad User
        server string = Samba Server Version %v
        guest account = nobody
    [myshare]
        path = /home/share
        read only = no
        guest ok = yes
        guest only = yes

猜你喜欢

转载自blog.csdn.net/qq_38900565/article/details/109747070
今日推荐
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
开源日报 | 中学生开源前端动画引擎;全球首个Llama3 8B中文版开源模型;联想电脑恐出局;Linus讽刺AI炒作
“百模大战”必有一战 | 2024中国“百模大战”竞争格局分析
最强开源大模型 Llama 3 上架 Gitee AI
虽然老乡鸡开源的不是代码,但背后的原因却让人很暖心
周排行
决策树的部分理解
STM32软件IIC的实现
RocketMQ原理解析-HA
vue-动态路由(路由的传参和接参)
利用python对Excel中的特定数据提取并写入新表
【Ubuntu】 Ubuntu16.04搭建NFS服务
Elasticsearch基础操作与对应的curl命令行,python对接实现
JVM数据存储结构 & Java的值传递和址传递
yum命令使用指南
java基础(一):java语法基础
每日归档
更多
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(5)
2024-04-16(70)
2024-04-15(42)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022