靶场漏洞服务搭建
一、数据库类
1.1 redis-4.0.4
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: redis-4014
spec:
replicas: 1
template:
metadata:
name: redis-4.0.14
labels:
vulhub: redis-4.0.14
spec:
affinity: # 反亲和性调度,确保节点不会出现同样的服务
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: redis-4.0.14
tolerations: # 污点容忍,允许容器被调度在主节点中运行
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
nodeSelector: # 节点选择器,指定部署在哪个节点上
kubernetes.io/hostname: k8s-node2.novalocal
containers:
- image: vulhub/redis:4.0.14
name: redis
ports:
- name: tcp1
containerPort: 6379
hostPort: 6379 # 使用主机端口,比hostNet更安全
imagePullPolicy: IfNotPresent
1.2 elasticsearch-1.1.1
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: elasticsearch-111
spec:
replicas: 1
template:
metadata:
name: elasticsearch-1.1.1
labels:
vulhub: elasticsearch-1.1.1
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: elasticsearch-1.1.1
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: vulhub/elasticsearch:1.1.1
name: elasticsearch
ports:
- name: tcp1
containerPort: 9200
hostPort: 9200
- name: tcp2
containerPort: 9300
hostPort: 9300
imagePullPolicy: IfNotPresent
1.3 mongodb
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: mongodb-express-0530
spec:
replicas: 1
template:
metadata:
name: mongodb-0.53.0
labels:
vulhub: mongodb-0.53.0
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: mongodb-0.53.0
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: vulhub/mongo-express:0.53.0
name: mongo
command:
- "sh"
- "-c"
- "/data/db/mongod"
ports:
- name: tcp1
containerPort: 27017
hostPort: 27017
imagePullPolicy: IfNotPresent
二、Web应用类
2.1 WordPress
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: wordpress-46
spec:
replicas: 0
template:
metadata:
name: wordpress-4.6
labels:
vulhub: wordpress-4.6
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: wordpress-4.6
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: mysql:5
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
value: root
imagePullPolicy: IfNotPresent
- image: vulhub/wordpress-4.6
name: web
env:
- name: WORDPRESS_DB_HOST
value: mysql:3306
- name: WORDPRESS_DB_USER
value: root
- name: WORDPRESS_DB_PASSWORD
value: root
- name: WORDPRESS_DB_NAME
value: wordpress
ports:
- name: web
containerPort: 80
hostPort: 86
imagePullPolicy: IfNotPresent
- name: init
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh"]
args:
- -c
- echo 127.0.0.1 mysql >> /etc/hosts;tail -f /dev/null
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: drupal-8v5v0
spec:
replicas: 1
template:
metadata:
name: drupal-8.5.0
labels:
vulhub: drupal-8.5.0
cve: CVE-2019-6341
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: drupal-8.5.0
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: vulhub/drupal:8.5.0
name: drupal
ports:
- name: tcp1
containerPort: 80
hostPort: 8080
imagePullPolicy: IfNotPresent
三、中间件类
3.1 Weblogic
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: weblogic-latest
spec:
replicas: 1
template:
metadata:
name: weblogic-latest
labels:
vulhub: weblogic-latest
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: weblogic-latest
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: vulhub/weblogic:latest
name: weblogic
ports:
- name: tcp1
containerPort: 7001
hostPort: 7001
imagePullPolicy: IfNotPresent
3.2 Apache-Flink
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: apache-flink-191
spec:
replicas: 1
template:
metadata:
name: apache-flink-1.9.1
labels:
vulhub: apache-flink-1.9.1
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: apache-flink-1.9.1
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: jstang/apache-flink:1.9.1
name: apache-flink
livenessProbe:
httpGet:
path: /
port: 8081
host: 127.0.0.1
scheme: HTTP
ports:
- name: tcp1
containerPort: 8081
hostPort: 8081
imagePullPolicy: IfNotPresent
四、系统服务类
vsFtpd
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: vsftpd-2.3.4
spec:
replicas: 1
template:
metadata:
name: vsftpd-2.3.4
labels:
vulhub: vsftpd-2.3.4
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: vsftpd-2.3.4
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: penkit/vsftpd:2.3.4
name: vsftpd
ports:
- name: tcp1
containerPort: 21
hostPort: 21
- name: tcp2
containerPort: 6200
hostPort: 6200
imagePullPolicy: IfNotPresent
Samba(MS17-010 SMB RCE)
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: smb-4.6.3
spec:
replicas: 1
template:
metadata:
name: smb-4.6.3
labels:
vulhub: smb-4.6.3
spec:
volumes:
- name: smb-conf
configMap:
name: smb-4.6.3-conf
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
vulhub: smb-4.6.3
tolerations:
- key: node-role.kubernetes.io/master
operation: Equal
effect: NoSchedule
containers:
- image: vulhub/samba:4.6.3
name: samba
ports:
- name: tcp1
containerPort: 445
hostPort: 445
- name: tcp2
containerPort: 6699
hostPort: 6699
imagePullPolicy: IfNotPresent
volumeMounts:
- name: smb-conf
mountPath: /usr/local/samba/etc/smb.conf
subPath: smb.conf
---
apiVersion: v1
kind: ConfigMap
metadata:
name: smb-4.6.3-conf
labels:
vulhub: smb-4.6.3-conf
data:
smb.conf: |
[global]
map to guest = Bad User
server string = Samba Server Version %v
guest account = nobody
[myshare]
path = /home/share
read only = no
guest ok = yes
guest only = yes