Getting Started with Docker

What is Docker?

Docker is open source software to pack, ship and run any application as a lightweight container. Containers are completely hardware and platform independent so you don’t have to worry about whether what you are creating will run everywhere.

In the past virtual machines have been used to accomplish many if these same goals. However, Docker containers are smaller and have far less overhead than VMs. VMs are not portable as different VM runtime environments are very different. Docker containers are extremely portable. Finally, VMs were not built with software developers in mind; they contain no concept of versioning, and logging/monitoring is very difficult. Docker images, on the other hand, are built from layers that can be version controlled. Docker has logging functionality readily available for use.

You might be wondering what could go into a “container”. Well, anything! You can isolate pieces of your system into separate containers. You could potentially have a container for nginx, a container for MongoDB, and one for Redis. Containers are very easy to setup. Major projects like nginx, MongoDB, and Redis all offer free Docker images for you to use; you can install and run any of these containers with just one shell command. This is much easier than using a virtual machine (even with something like Vagrant).

Installation

Installing Docker is very easy. Visit the official Docker installation page and follow the instructions tailored for your operating system. There are simple installers for both Mac OS X and Windows.

After you’ve installed Docker, open the terminal and type the following:

$ docker info

If your installation worked, you will see a bunch of information about your Docker installation. If not, you will need to revisit the install docs.

#Creating Your First Docker Image

Every Docker container is an “instance” of a Docker image. There is a massive library of pre-built Docker images. However, in order to really understand Docker, you should create an image as an exercise.

Let’s create a Docker image for running Redis. Redis is an easy to use in-memory key/value store. It is commonly used as an object cache for many different platforms across many different environments and programming languages.

Remember how I said Docker images are built from layers? Well, every Docker image has to start with a base layer. Common base layers are Ubuntu and CentOS. Let’s use Ubuntu. (In production I would use Debian since it is much smaller.)

The following command will start a Docker container based on the Ubuntu:latest image. :latest is called the image tag and in this case refers to the latest version of Ubuntu. If you don’t have the image locally, it will download it first. The container will be started in a bash terminal. Run the following:

$ docker run --name my-redis -it ubuntu:latest bash

-it let’s us interact with our container via the command line. --name just gives us a convenient way to reference our container. You should now be inside your container in a bash terminal seeing something like this:

$ root@ed35631e96f9

As you can see, you are logged in as root to the container so no need for sudo. The Ubuntu base image is very bare bones. An important stratey for creating Docker images is keeping them as light as possible. Therefore you have to install a lot of things you normally just have. First, let’s install wget:

$ apt-get update
$ apt-get install wget

We need a few other things to build Redis from source and run it:

$ apt-get install build-essential tcl8.5

Now let’s install Redis:

$ wget http://download.redis.io/releases/redis-stable.tar.gz
$ tar xzf redis-stable.tar.gz
$ cd redis-stable
$ make
$ make install
$ ./utils/install_server.sh

This downloads the newest version of Redis, builds it from source, and runs the installer. You will need to answer some configuration questions. Just use all the defaults. Now start Redis by running the following (it might already be started):

$ service redis_6379 start

You now have Redis started in a Docker container. The next step is saving your image. We want to be able to save the image as it is so we can distribute it and use it elsewhere.

Note: this container is an example, and is missing some things to make it truly usable such as port mapping. We will make a production ready image in the next section.

Exit your container by running:

$ exit

Note that your container is now stopped since you exited bash. You can easily configure containers to run in the background though.

Run the following command:

$ docker ps -a

This command shows us all of our docker containers, running or stopped. See the container tagged with my-redis. That’s the one we created! Now let’s commit our container as an image:

$ docker commit -m "Added Redis" -a "Your Name" my-redis tlovett1/my-redis:latest

This command compiles our container’s changes into an image. -mspecifies a commit message, and -a let’s us specify an author. tlovett/my-redis:latest is formatted author/name:version. Author refers to your username on Docker Hub. If you don’t want to push your image to the Docker Hub, then this doesn’t matter, and you can use anything you want. If you do, you will need to create an account and use docker push to push the image upstream.

Docker commit creates an image containing the changes we made to the original Ubuntu image. This makes distributing Docker containers super fast since people won’t have to re-download layers (such as Ubuntu:latest) that they already have. In a container, every time you run a command, add a file or directory, create an environmental variable, etc. a new layer is created. Docker commit groups these layers into an image. When distributing Docker images, you should carefully optimize your layers to keep them as small as possible. This tutorial does not cover layer optimization.

You might be thinking that this is somewhat messy since your container is basically a black box. What if you want to redo your image? Would you have to write down the steps to reproduce the entire thing? What if you wanted to recreate your image from CentOS instead of Ubuntu? Your thinking would be correct. Creating Docker images in this way is not the best idea. Instead you should use Dockerfiles.

YOUR FIRST DOCKERFILE

A Dockerfile is a set of instructions written as a shell script for creating a Docker image. Let’s create a Dockerfile that generates an image like the one we just created manually but with some important additions.

Create a file called Dockerfile. Paste the following into the new file:

FROM ubuntu:latest
RUN apt-get update
RUN apt-get install -y wget
RUN apt-get install -y build-essential tcl8.5
RUN wget http://download.redis.io/releases/redis-stable.tar.gz
RUN tar xzf redis-stable.tar.gz
RUN cd redis-stable && make && make install
RUN ./redis-stable/utils/install_server.sh
EXPOSE 6379
ENTRYPOINT  ["redis-server"]

There are some special things in this Dockerfile. FROM tells Docker which image to start from. As you can see, we are starting with Ubuntu. RUNsimply runs a shell command. EXPOSE opens up a port to be publically accessible. 6379 is the standard Redis port. ENTRYPOINT designates the command or application to be run when a container is created. In this case whenever a container is created from our image, redis-server will be run.

Now that we’ve written our Dockerfile, let’s build an image from it. Run the following command from within the folder of your Dockerfile:

$ docker build -t redis .

This command will create an image tagged redis from your Dockerfile.

Finally, let’s create a running container from our image. Run the following command:

$ docker run -d -p 6379:6379 redis

That’s it! Now you have Redis up-and-running on your machine.This container/image is production ready.

Conclusion

Docker is a powerful tool for creating and running distributable, lightweight applications both locally and in production.

There are many tools and services available to be used in Docker. For example, Dockunit is a tool powered by Docker that lets you test your software across any environment. This tutorial has just scratched the surface of the Docker world.

How to decrypt encrypted files infected by known encrypting ransomware viruses

You've heard of ransomware, you know that it renames and encrypts your files, but do you know what it can actually do to your computer? Yes, ransom malware like CryptoWall, CryptoLocker or CTB Locker show no sign of abating and the more you know about what they can do, the more likely you will be to protect yourself from their threat. And that can only be a good thing!

Ransomware is just about one of the worst things you can have installed on your PC. Malware programmers utilize them for a number of reasons. The main reason, of course, is to encrypt your files and then ask you to pay the ransom which could be $500 or even more. Some users said they had to pay thousands of dollars in order to get files back. Cyber crooks attack companies as well and usually demand impressive amount of money. Very often, ransomware comes bundled with Trojan horses. Trojans might steal your personal information, passwords and bank details by installing a keylogging component on your machine. They are also able to steal data directly from your hard drive or by diverting data before it's reached your server. Other Trojan Horses are created so the programmer is able to take control of your computer, turning it into a sort of clone, or zombie machine, which they will then use to carry out further malicious or illegal actions against other computer users. Such sophisticated malware not only encrypts your files but can also steal your personal information. 

Here's an example of Excel files that were renamed and encrypted by CTB Locker ransomware. As you can see, this ransomware uses random extension .mmvkhja. Therefore, these files are simply Excel files that have been encrypted so that you couldn't open them.

Please note that ransom Trojans encrypt files with various extensions.

And if that wasn't enough, how about the ransom malware who download even more malicious software onto your PC, turning it into a malware maelstrom of nightmarish proportions? Or those which have been designed purely with the intention of causing chaos on your computer by corrupting data, deleting files and modifying your operating system. 

Do we need to go any further to convince you that protecting your computer against ransom malware and being vigilant when you're online is an absolute necessity? Whatever the intentions of someone using ransomware and Trojans – whether it's for twisted fun or personal gain - you need to protect yourself at all costs.

So just HOW do you protect your PC from ransomware? There are a number of surprisingly easy steps that you can take – here are just five of the simplest ones that we suggest you adopt today.

• Back up your files. It's one of the most important steps you can take toward protecting your files.
• Don't open links or attachments in emails if you don't recognize the sender. The same goes for instant messages – ransomware programmers love trying to tempt you through spam mails and messages.
• Make sure your messenger apps are configured so that they do not open automatically when you log on to your PC.
• Don't run the .exe file extension in Windows, as Trojans often exploit this. If you need to, make certain that you trust the source.
• Finally – and crucially - keep your security software fully up to date. That includes both your anti-malware program and any security patches that are released for the software programs you have installed on your computer.

How to decrypt and restore your files?

The first and best method is to restore your data from a backup. If you have been performing backups, then you should use your backups to restore your data. If you don't have backups then you can try Windows file restore program. Some ransom Trojans make copies of your files before encrypting them. Windows might store certain information that can help you to restore at least some of your files. Read the removal guide below to learn how to use Windows restore program. Then there's a program called Shadow Explorer. It's completely free and can help to restore your files via Shadow Volume Copies that are in some cases stored on your hard drive. Please note that some ransomware programs attempt to delete any Shadow Volume Copies on your computer, but sometimes they fails to do so and you can use them to restore your files. For more information on how to restore your files via Shadow Volume Copies, please follow the steps in the removal guide below. If you have any questions, please leave a comment below.

Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.

Step 1: Removing ransomware and related malware:

Before restoring your files from shadow copies, make sure that ransomware is not running. You have to remove any malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware. 

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by ransomware virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.