Getting Started With Docker: For Cybersecurity Tools

Using Docker For Cybersecurity Projects. This tutorial will take you from complete beginner to confidently running and building Docker containers.

Shak

6 min read
Getting Started With Docker: For Cybersecurity Tools
Using Docker For Cybersecurity Projects - Photo by Dominik Lückmann / Unsplash

Overview

Docker is a containerization platform that allows you to package applications and their dependencies into lightweight, portable containers. This tutorial will take you from complete beginner to confidently running and building Docker containers.

Why Docker Matters for Cybersecurity and Home Labs

Docker has become essential for cybersecurity professionals and home lab enthusiasts because many modern security tools are distributed as Docker containers. Popular tools like Pi-hole (network-wide ad blocking), Wazuh (security monitoring), TheHive (incident response), MISP (threat intelligence), and Suricata (network intrusion detection) all offer Docker deployments that are easier to install, update, and manage than traditional installations.

Commercial security platforms like SplunkElastic Security, and IBM QRadar also leverage containerization for scalable deployments. By mastering Docker, you'll be able to quickly spin up security tools for testing, create isolated lab environments, and deploy production-ready security stacks with minimal configuration headaches.

What You'll Learn

  • Docker fundamentals and core concepts
  • Installing Docker Desktop
  • Running your first containers
  • Building custom images
  • Working with Docker Compose
  • Container and image management
  • Best practices for container management

Prerequisites

  • Basic command line knowledge (Linux)
  • Administrative access to your computer
  • Internet connection for downloading Docker and images

Part 1: Understanding Docker

What is Docker?

Docker is a containerization platform that packages applications into containers - lightweight, standalone packages that include everything needed to run an application: code, runtime, system tools, libraries, and settings.

Key Benefits:

  • Consistency: Runs the same everywhere
  • Isolation: Applications don't interfere with each other
  • Efficiency: Lighter than virtual machines
  • Scalability: Easy to scale up or down
  • Portability: Move containers between environments

Core Concepts

  • Images: Read-only templates used to create containers (like a blueprint) 
  • Containers: Running instances of images (like a house built from a blueprint) 
  • Dockerfile: Text file with instructions to build an image 
  • Registry: Storage for Docker images (Docker Hub is the default) 
  • Volumes: Persistent data storage for containers 
  • Networks: Communication channels between containers

Part 2: Installing Docker Desktop

Download and Install

  1. Visit the official Docker website: https://docs.docker.com/get-docker/
  2. Download Docker Desktop for your operating system
  3. Run the installer and follow the setup wizard
  4. Restart your computer when prompted
Initially, you may want to try Docker Desktop on Windows or Mac. Later on, you can test running the Docker Engine natively on Linux for real-world applications. The guide is designed for Mac or Linux terminals

Verify Installation

Open your terminal/command prompt and run:

docker --version
docker-compose --version

You should see version information for both commands.

Docker Desktop Interface

Launch Docker Desktop and familiarize yourself with:

  • Dashboard: Overview of running containers
  • Images: Local images on your system
  • Containers: Running and stopped containers
  • Volumes: Data storage volumes
  • Dev Environments: Development workspace (if available)

Part 3: Your First Docker Container

Hello World Container

Docker Desktop includes a built-in "Hello World" tutorial. Let's start there:

docker run hello-world

This command:

  1. Looks for the hello-world image locally
  2. Downloads it from Docker Hub if not found
  3. Creates and runs a container from the image
  4. Displays a welcome message

Running Interactive Containers

Try running an Ubuntu container interactively:

docker run -it ubuntu bash

Flags explained:

  • i: Interactive mode
  • t: Allocate a pseudo-TTY
  • ubuntu: Image name
  • bash: Command to run inside container Inside the container, try some commands:
ls
cat /etc/os-release
apt update && apt install curl -y
exit

Running Background Services

Run an Nginx web server in the background:

docker run -d -p 8080:80 --name my-nginx nginx

Flags explained:

  • d: Detached mode (background)
  • p 8080:80: Map host port 8080 to container port 80
  • -name my-nginx: Give the container a name
  • nginx: Image name Visit http://localhost:8080 in your browser to see the Nginx welcome page.

Part 4: Container and Image Management Overview

Once you start working with Docker regularly, you'll need to manage multiple containers and images efficiently. This involves understanding the lifecycle of containers, monitoring their status, and keeping your Docker environment clean and organized.

Container Lifecycle Management

Containers go through various states: created, running, paused, stopped, and removed. You'll frequently need to check which containers are running, view their logs for troubleshooting, and clean up resources when projects are complete.

Example - Checking running containers: When you have multiple security tools running (like Pi-hole, Wazuh, and a web server), you can quickly see their status and resource usage to ensure everything is operating correctly.

Example - Accessing container logs: If your Pi-hole container isn't blocking ads properly, viewing its logs can reveal DNS query patterns and help identify configuration issues.

Image Management Best Practices

Docker images can consume significant disk space, especially when experimenting with different security tools. Regular cleanup of unused images and understanding image layers helps maintain an efficient development environment.

Example - Image cleanup: After testing various vulnerability scanners or SIEM tools, you'll want to remove unused images to free up space while keeping the ones you use regularly.

Practical Management Scenarios

In a typical home lab setup, you might run containers for network monitoring, log analysis, and threat detection simultaneously. Understanding how to manage these containers efficiently - starting and stopping services as needed, accessing their interfaces, and troubleshooting issues - is crucial for maintaining a functional security lab.

Part 5: Building Custom Images

Creating a Dockerfile

Create a new directory for your project:

mkdir my-docker-app
cd my-docker-app

Create a simple web application (index.html):

<!DOCTYPE html>
<html>
<head>
    <title>My Docker App</title>
</head>
<body>
    <h1>Hello from Docker!</h1>
    <p>This is my first custom Docker image.</p>
</body>
</html>

Create a Dockerfile:

# Use official nginx image as base
FROM nginx:alpine

# Copy our HTML file to nginx web directory
COPY index.html /usr/share/nginx/html/

# Expose port 80
EXPOSE 80

# nginx starts automatically in the base image

Build Your Image

Build the image:

docker build -t my-web-app .

Command breakdown:

  • build: Build an image
  • t my-web-app: Tag the image with name "my-web-app"
  • .: Use current directory as build context

Run Your Custom Image

docker run -d -p 8081:80 --name my-custom-app my-web-app

Visit http://localhost:8081 to see your custom application.

Part 6: Docker Compose Basics

Docker Compose allows you to define and run multi-container applications using a YAML file.

Create a docker-compose.yml

version: '3.8'

services:
  web:
    build: .
    ports:
      - "8082:80"
    container_name: my-compose-web

  database:
    image: mysql:8.0
    environment:
      MYSQL_ROOT_PASSWORD: secretpassword
      MYSQL_DATABASE: myapp
    volumes:
      - db_data:/var/lib/mysql
    container_name: my-compose-db

volumes:
  db_data:

Run with Docker Compose

Start the application stack:

docker-compose up -d

View running services:

docker-compose ps

Stop the stack:

docker-compose down

Part 7: Real-World Example - ELK Stack

Based on the cybersecurity monitoring tutorial at https://blog.cyberdesserts.com/elk-stack-security-monitoring-tutorial/

here's a simplified ELK stack setup:

ELK Docker Compose

version: '3.8'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.6.0
    environment:
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - xpack.security.enabled=false
    ports:
      - "9200:9200"
    volumes:
      - elasticsearch_data:/usr/share/elasticsearch/data

  logstash:
    image: docker.elastic.co/logstash/logstash:8.6.0
    volumes:
      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
    ports:
      - "5044:5044"
    depends_on:
      - elasticsearch

  kibana:
    image: docker.elastic.co/kibana/kibana:8.6.0
    ports:
      - "5601:5601"
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
    depends_on:
      - elasticsearch

volumes:
  elasticsearch_data:

This demonstrates how Docker Compose can orchestrate complex multi-service applications.

Part 8: Best Practices

Image Best Practices

  1. Use official base images when possible
  2. Keep images small - use alpine variants
  3. Layer efficiently - combine RUN commands
  4. Use .dockerignore to exclude unnecessary files
  5. Don't run as root - create and use non-root users
  6. Pin versions - specify exact image versions

Security Considerations

  • Scan images for vulnerabilities
  • Keep base images updated
  • Use secrets management for sensitive data
  • Run containers with least privilege
  • Limit resource usage with --memory and --cpu flags

Development Workflow

  1. Local Development: Use volumes to mount source code
  2. Testing: Build and test images locally
  3. CI/CD: Automate image builds and deployments
  4. Production: Use orchestration tools like Docker Swarm or Kubernetes

Part 9: Troubleshooting Common Issues

Container Won't Start

Check container logs:

docker logs <container-name>

Port Already in Use

Find what's using the port:

# On macOS/Linux
lsof -i :8080

# On Windows
netstat -ano | findstr :8080

Out of Disk Space

Clean up unused resources:

docker system prune -a --volumes

Permission Issues

On Linux, add your user to the docker group:

sudo usermod -aG docker $USER

Next Steps

Continue Learning

  1. Official Docker Documentationhttps://docs.docker.com/
  2. Docker Hub: Explore available images at https://hub.docker.com/
  3. Docker Tutorials: Follow the built-in tutorials in Docker Desktop
  4. Advanced Topics: Learn about Docker networks, multi-stage builds, and Docker Swarm

Practice Projects

  1. Containerize a simple web application
  2. Set up a development environment with database
  3. Create a monitoring stack (like the ELK example)
  4. Build a microservices architecture

Join the Community

  • Docker Community Forums
  • Docker Discord/Slack channels
  • Local Docker meetups
  • Contribute to open source Docker projects

Conclusion

You now have the fundamental knowledge to start using Docker effectively. The key is to practice with real projects and gradually explore more advanced features. Remember that Docker's strength lies in its simplicity and consistency - once you understand these core concepts, you can apply them to virtually any application stack.

Key Takeaways:

  • Containers provide consistent, isolated environments
  • Docker Desktop makes development and testing easy
  • Docker Compose simplifies multi-container applications
  • The Docker ecosystem offers solutions for every use case
  • Practice with real projects accelerates learning Start small, experiment often, and don't hesitate to explore the excellent official Docker documentation for deeper dives into specific topics.

Read more