restore: 从main分支恢复TestDocker测试环境目录

- 恢复完整的Docker测试环境配置
- 支持MySQL, Redis, SSH, MongoDB等多种服务测试
- 包含57个测试环境配置文件
- 方便进行插件功能验证和性能测试

TestDocker/ActiveMQ/Dockerfile

@@ -0,0 +1,11 @@
+FROM rmohr/activemq:5.15.9
+
+# 复制配置文件
+COPY users.properties /opt/activemq/conf/users.properties
+COPY activemq.xml /opt/activemq/conf/activemq.xml
+
+# 暴露端口
+EXPOSE 61616 61613
+
+# 设置启动命令
+CMD ["/opt/activemq/bin/activemq", "console"]

TestDocker/ActiveMQ/README.txt

@@ -0,0 +1,2 @@
+docker build -t activemq-weak .
+docker run -d --name activemq-test -p 61616:61616 -p 8161:8161 -p 61613:61613 activemq-weak

TestDocker/ActiveMQ/activemq.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:amq="http://activemq.apache.org/schema/core"
+       xsi:schemaLocation="
+       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+       http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+    <broker xmlns="http://activemq.apache.org/schema/core" useJmx="true" persistent="false">
+        <!-- 安全设置 -->
+        <plugins>
+            <simpleAuthenticationPlugin>
+                <users>
+                    <authenticationUser username="admin" password="Aa123456789" groups="admins,publishers,consumers"/>
+                    <authenticationUser username="test" password="test123" groups="publishers,consumers"/>
+                    <authenticationUser username="root" password="root123" groups="admins"/>
+                    <authenticationUser username="system" password="admin123" groups="admins"/>
+                </users>
+            </simpleAuthenticationPlugin>
+
+            <!-- 授权插件 -->
+            <authorizationPlugin>
+                <map>
+                    <authorizationMap>
+                        <authorizationEntries>
+                            <authorizationEntry queue=">" read="consumers" write="publishers" admin="admins"/>
+                            <authorizationEntry topic=">" read="consumers" write="publishers" admin="admins"/>
+                        </authorizationEntries>
+                    </authorizationMap>
+                </map>
+            </authorizationPlugin>
+        </plugins>
+
+        <transportConnectors>
+            <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+            <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
+        </transportConnectors>
+    </broker>
+</beans>

TestDocker/ActiveMQ/users.properties

@@ -0,0 +1,4 @@
+admin=Aa123456789
+test=test123
+root=root123
+system=admin123

TestDocker/Cassandra/README.txt

@@ -0,0 +1,2 @@
+docker build -t cassandra-weak .
+docker run -d --name cassandra-test -e CASSANDRA_AUTHENTICATOR=AllowAllAuthenticator -p 9042:9042 -p 9160:9160 cassandra:3.11

TestDocker/Elasticsearch/Dockerfile

@@ -0,0 +1,19 @@
+FROM docker.elastic.co/elasticsearch/elasticsearch:7.9.3
+
+# 设置环境变量允许单节点运行
+ENV discovery.type=single-node
+
+# 允许任意IP访问
+ENV network.host=0.0.0.0
+
+# 设置弱密码
+ENV ELASTIC_PASSWORD=elastic123
+
+# 暴露端口
+EXPOSE 9200 9300
+
+# 设置默认用户名elastic和密码elastic123
+RUN echo 'elastic:elastic123' > /usr/share/elasticsearch/config/users
+
+# 关闭xpack安全功能，使其可以无认证访问
+RUN echo 'xpack.security.enabled: false' >> /usr/share/elasticsearch/config/elasticsearch.yml

TestDocker/Elasticsearch/README.txt

@@ -0,0 +1,2 @@
+docker build -t elastic-test .
+docker run -d -p 9200:9200 -p 9300:9300 elastic-test

TestDocker/FTP/README.txt

@@ -0,0 +1,2 @@
+docker run -d -p 20:20 -p 21:21 -e FTP_USER=admin  -e FTP_PASS=123456  -e PASV_ADDRESS=127.0.0.1 --name ftp bogem/ftp
+Mac上可能有问题

TestDocker/IMAP/Dockerfile

@@ -0,0 +1,74 @@
+FROM ubuntu:20.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# 安装 Dovecot 和工具
+RUN apt-get update && \
+    apt-get install -y dovecot-imapd dovecot-gssapi ssl-cert net-tools procps && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# 创建邮件存储目录和邮箱
+RUN mkdir -p /var/mail/vhosts/ && \
+    chmod 777 /var/mail/vhosts/
+
+# 创建用户和密码文件
+RUN echo "test:{PLAIN}123456" > /etc/dovecot/passwd && \
+    echo "admin:{PLAIN}admin123" >> /etc/dovecot/passwd && \
+    echo "root:{PLAIN}root123" >> /etc/dovecot/passwd && \
+    chown dovecot:dovecot /etc/dovecot/passwd && \
+    chmod 600 /etc/dovecot/passwd
+
+# 配置Dovecot
+RUN echo ' \
+protocols = imap \n\
+listen = * \n\
+ssl = yes \n\
+ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem \n\
+ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key \n\
+mail_location = mbox:~/mail:INBOX=/var/mail/%u \n\
+disable_plaintext_auth = no \n\
+auth_mechanisms = plain login \n\
+auth_debug = yes \n\
+auth_debug_passwords = yes \n\
+mail_debug = yes \n\
+\n\
+passdb { \n\
+  driver = passwd-file \n\
+  args = scheme=PLAIN /etc/dovecot/passwd \n\
+} \n\
+\n\
+userdb { \n\
+  driver = static \n\
+  args = uid=vmail gid=vmail home=/var/mail/%u \n\
+} \n\
+\n\
+service auth { \n\
+  user = dovecot \n\
+  unix_listener auth-userdb { \n\
+    mode = 0600 \n\
+    user = vmail \n\
+  } \n\
+} \n\
+\n\
+service imap-login { \n\
+  inet_listener imap { \n\
+    port = 143 \n\
+  } \n\
+  inet_listener imaps { \n\
+    port = 993 \n\
+    ssl = yes \n\
+  } \n\
+} \n\
+' > /etc/dovecot/dovecot.conf
+
+# 创建vmail用户并设置正确的权限
+RUN groupadd -g 5000 vmail && \
+    useradd -g vmail -u 5000 vmail && \
+    chown -R vmail:vmail /var/mail && \
+    chown -R dovecot:dovecot /etc/dovecot && \
+    chmod -R 644 /etc/dovecot/dovecot.conf
+
+EXPOSE 143 993
+
+CMD ["dovecot", "-F"]

TestDocker/IMAP/README.txt

@@ -0,0 +1,2 @@
+docker build -t weak-imap .
+docker run -d --name imap-test -p 143:143 -p 993:993 weak-imap

TestDocker/Kafka/README.txt

@@ -0,0 +1 @@
+docker-compose up -d

TestDocker/Kafka/docker-compose.yml

@@ -0,0 +1,22 @@
+# docker-compose.yml
+version: '3'
+services:
+  kafka:
+    image: bitnami/kafka:latest
+    ports:
+      - "9092:9092"
+    environment:
+      - KAFKA_CFG_NODE_ID=1
+      - KAFKA_CFG_PROCESS_ROLES=broker,controller
+      - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=1@kafka:9093
+      - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER
+      - KAFKA_CFG_LISTENERS=CONTROLLER://:9093,SASL_PLAINTEXT://:9092
+      - KAFKA_CFG_ADVERTISED_LISTENERS=SASL_PLAINTEXT://localhost:9092
+      - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,SASL_PLAINTEXT:SASL_PLAINTEXT
+      - KAFKA_CFG_SASL_ENABLED_MECHANISMS=PLAIN
+      - KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL=PLAIN
+      - KAFKA_CFG_INTER_BROKER_LISTENER_NAME=SASL_PLAINTEXT
+      - KAFKA_OPTS=-Djava.security.auth.login.config=/opt/bitnami/kafka/config/kafka_jaas.conf
+      - ALLOW_PLAINTEXT_LISTENER=yes
+    volumes:
+      - ./kafka_jaas.conf:/opt/bitnami/kafka/config/kafka_jaas.conf

TestDocker/Kafka/kafka_jaas.conf

@@ -0,0 +1,8 @@
+KafkaServer {
+   org.apache.kafka.common.security.plain.PlainLoginModule required
+   username="admin"
+   password="admin123"
+   user_admin="admin123"
+   user_test="test123"
+   user_kafka="kafka123";
+};

TestDocker/LDAP/Dockerfile

@@ -0,0 +1,18 @@
+FROM osixia/openldap:1.5.0
+
+# 环境变量设置
+ENV LDAP_ORGANISATION="Example Inc"
+ENV LDAP_DOMAIN="example.com"
+ENV LDAP_BASE_DN="dc=example,dc=com"
+# 设置一个弱密码
+ENV LDAP_ADMIN_PASSWORD="Aa123456789"
+# 允许匿名访问
+ENV LDAP_READONLY_USER="true"
+ENV LDAP_READONLY_USER_USERNAME="readonly"
+ENV LDAP_READONLY_USER_PASSWORD="readonly"
+
+# 暴露端口
+EXPOSE 389 636
+
+# 创建初始化脚本
+COPY bootstrap.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/

TestDocker/LDAP/README.txt

@@ -0,0 +1,2 @@
+docker build -t ldap-weak .
+docker run -d --name ldap-test -p 389:389 -p 636:636 ldap-weak

TestDocker/LDAP/bootstrap.ldif

@@ -0,0 +1,24 @@
+dn: ou=users,dc=example,dc=com
+objectClass: organizationalUnit
+ou: users
+
+dn: cn=admin,ou=users,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: admin
+sn: admin
+uid: admin
+userPassword: admin123
+
+dn: cn=test,ou=users,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: test
+sn: test
+uid: test
+userPassword: test123
+
+dn: cn=root,ou=users,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: root
+sn: root
+uid: root
+userPassword: root123

TestDocker/MSSQL/Dockerfile

@@ -0,0 +1,14 @@
+# 使用SQL Server官方镜像
+FROM mcr.microsoft.com/mssql/server:2022-latest
+
+# 设置环境变量
+ENV ACCEPT_EULA=Y
+ENV MSSQL_SA_PASSWORD=P@ssword123
+ENV MSSQL_PID=Express
+
+# 开放1433端口
+EXPOSE 1433
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s \
+  CMD /opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P P@ssword123 -Q "SELECT 1" || exit 1

TestDocker/MSSQL/README.txt

@@ -0,0 +1,5 @@
+docker build -t mssql-server .
+docker run -d \
+  -p 1433:1433 \
+  --name mssql-container \
+  mssql-server

TestDocker/Memcached/Dockerfile

@@ -0,0 +1,11 @@
+# 使用Memcached官方镜像
+FROM memcached:latest
+
+# 开放11211端口
+EXPOSE 11211
+
+# 设置启动参数
+# -m 64: 分配64MB内存
+# -c 1024: 最大同时连接数1024
+# -v: 显示版本信息
+CMD ["memcached", "-m", "64", "-c", "1024", "-v"]

TestDocker/Memcached/README.txt

@@ -0,0 +1,5 @@
+docker build -t memcached-server .
+docker run -d \
+  -p 11211:11211 \
+  --name memcached-container \
+  memcached-server

TestDocker/Modbus/README.txt

@@ -0,0 +1 @@
+docker run --rm -p 5020:5020 oitc/modbus-server:latest

TestDocker/Mongodb/Dockerfile

@@ -0,0 +1,13 @@
+# 使用MongoDB官方镜像
+FROM mongo:latest
+
+# 设置环境变量
+ENV MONGO_INITDB_ROOT_USERNAME=admin
+ENV MONGO_INITDB_ROOT_PASSWORD=123456
+
+# 开放27017端口
+EXPOSE 27017
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s \
+  CMD mongosh --eval 'db.runCommand("ping").ok' localhost:27017/test --quiet

TestDocker/Mongodb/README.txt

@@ -0,0 +1,5 @@
+docker build -t mongodb-server .
+docker run -d \
+  -p 27017:27017 \
+  --name mongodb-container \
+  mongodb-server

TestDocker/MySQL/Dockerfile

@@ -0,0 +1,17 @@
+# 使用MySQL官方镜像
+FROM mysql:latest
+
+# 设置环境变量
+ENV MYSQL_ROOT_PASSWORD=Password
+ENV MYSQL_DATABASE=mydb
+
+# 开放3306端口
+EXPOSE 3306
+
+# MySQL配置
+# 允许远程访问
+COPY my.cnf /etc/mysql/conf.d/my.cnf
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s \
+  CMD mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT 1" || exit 1

TestDocker/MySQL/README.txt

@@ -0,0 +1,2 @@
+docker build -t mysql-server .
+docker run -d -p 3306:3306 --name mysql-container mysql-server

TestDocker/MySQL/my.cnf

@@ -0,0 +1,2 @@
+[mysqld]
+bind-address = 0.0.0.0

TestDocker/Neo4j/Dockerfile

@@ -0,0 +1,9 @@
+FROM neo4j:4.4
+
+ENV NEO4J_AUTH=neo4j/123456
+ENV NEO4J_dbms_security_procedures_unrestricted=apoc.*
+ENV NEO4J_dbms_security_auth_enabled=true
+
+EXPOSE 7474 7687
+
+CMD ["neo4j"]

TestDocker/Neo4j/docker-compose.yml

@@ -0,0 +1,11 @@
+version: '3'
+services:
+  neo4j:
+    image: neo4j:4.4
+    ports:
+      - "7474:7474"
+      - "7687:7687"
+    environment:
+      - NEO4J_AUTH=neo4j/123456
+      - NEO4J_dbms_security_auth_enabled=true
+    container_name: neo4j-weak

TestDocker/Oracle/Dockerfile

@@ -0,0 +1,13 @@
+# 使用Oracle官方容器镜像
+FROM container-registry.oracle.com/database/express:21.3.0-xe
+
+# 设置环境变量
+ENV ORACLE_PWD=123456
+ENV ORACLE_CHARACTERSET=AL32UTF8
+
+# 开放1521端口
+EXPOSE 1521 5500
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5m --retries=3 \
+  CMD nc -z localhost 1521 || exit 1

TestDocker/Oracle/README.txt

@@ -0,0 +1,11 @@
+首先需要在Oracle Container Registry网站注册并接受许可协议：
+https://container-registry.oracle.com
+
+docker login container-registry.oracle.com
+
+docker build -t oracle-db .
+
+docker run -d \
+  -p 1521:1521 \
+  --name oracle-container \
+  oracle-db

TestDocker/POP3/Dockerfile

@@ -0,0 +1,64 @@
+FROM ubuntu:20.04
+
+# 避免交互式提示
+ENV DEBIAN_FRONTEND=noninteractive
+
+# 安装必要的包
+RUN apt-get update && apt-get install -y \
+    dovecot-pop3d \
+    openssl \
+    && rm -rf /var/lib/apt/lists/*
+
+# 生成SSL证书
+RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -keyout /etc/ssl/private/dovecot.pem \
+    -out /etc/ssl/certs/dovecot.pem \
+    -subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
+
+# 配置Dovecot
+RUN echo '\
+protocols = pop3\n\
+listen = *\n\
+ssl = yes\n\
+ssl_cert = </etc/ssl/certs/dovecot.pem\n\
+ssl_key = </etc/ssl/private/dovecot.pem\n\
+auth_mechanisms = plain login\n\
+disable_plaintext_auth = no\n\
+mail_location = mbox:~/mail:INBOX=/var/mail/%u\n\
+\n\
+passdb {\n\
+  driver = passwd-file\n\
+  args = scheme=PLAIN username_format=%u /etc/dovecot/passwd\n\
+}\n\
+\n\
+userdb {\n\
+  driver = passwd-file\n\
+  args = username_format=%u /etc/dovecot/users\n\
+}\n\
+' > /etc/dovecot/dovecot.conf
+
+# 创建密码文件
+RUN echo '\
+admin:{PLAIN}admin123\n\
+test:{PLAIN}test123\n\
+root:{PLAIN}root123\n\
+' > /etc/dovecot/passwd
+
+# 创建用户文件
+RUN echo '\
+admin:x:1000:1000::/home/admin:/bin/false\n\
+test:x:1001:1001::/home/test:/bin/false\n\
+root:x:1002:1002::/home/root:/bin/false\n\
+' > /etc/dovecot/users
+
+# 创建必要的目录和权限
+RUN mkdir -p /home/admin /home/test /home/root && \
+    chown 1000:1000 /home/admin && \
+    chown 1001:1001 /home/test && \
+    chown 1002:1002 /home/root
+
+# 暴露端口
+EXPOSE 110 995
+
+# 启动Dovecot
+CMD ["dovecot", "-F"]

TestDocker/POP3/README.txt

@@ -0,0 +1,2 @@
+docker build -t pop3-test .
+docker run -d --name pop3-server -p 110:110 -p 995:995 pop3-test

TestDocker/Postgre/Dockerfile

@@ -0,0 +1,14 @@
+# 使用PostgreSQL官方镜像
+FROM postgres:latest
+
+# 设置环境变量
+ENV POSTGRES_USER=postgres
+ENV POSTGRES_PASSWORD=123456
+ENV POSTGRES_DB=mydb
+
+# 开放5432端口
+EXPOSE 5432
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=3s \
+  CMD pg_isready -U postgres || exit 1

TestDocker/Postgre/README.md

@@ -0,0 +1,5 @@
+docker build -t postgres-server .
+docker run -d \
+-p 5432:5432 \
+--name postgres-container \
+postgres-server

TestDocker/RabbitMQ/Dockerfile

@@ -0,0 +1,10 @@
+FROM rabbitmq:3-management
+
+# 环境变量设置默认的用户名和密码
+ENV RABBITMQ_DEFAULT_USER=admin
+ENV RABBITMQ_DEFAULT_PASS=123456
+
+# 开放标准端口
+# 5672: AMQP 协议端口
+# 15672: HTTP API 端口和管理UI
+EXPOSE 5672 15672

TestDocker/RabbitMQ/README.txt

@@ -0,0 +1,2 @@
+docker build -t rabbitmq-weak .
+docker run -d --name rabbitmq-test -p 5672:5672 -p 15672:15672 rabbitmq-weak

TestDocker/Redis/Dockerfile

@@ -0,0 +1,34 @@
+FROM redis:5.0.1
+
+# 创建测试目录并设置权限
+RUN mkdir -p /root/.ssh && \
+    mkdir -p /var/spool/cron && \
+    mkdir -p /var/spool/cron/crontabs && \
+    mkdir -p /var/www/html && \
+    mkdir -p /etc/redis && \
+    mkdir -p /tmp/test && \
+    chmod -R 777 /root/.ssh && \
+    chmod -R 777 /var/spool/cron && \
+    chmod -R 777 /var/spool/cron/crontabs && \
+    chmod -R 777 /var/www/html && \
+    chmod -R 777 /etc/redis && \
+    chmod -R 777 /tmp/test && \
+    echo "测试目录已创建，可以写入" > /tmp/test/test.txt
+
+# 配置Redis允许远程连接和任意文件写入
+RUN echo "port 6379\n\
+bind 0.0.0.0\n\
+dir /data\n\
+dbfilename dump.rdb\n\
+protected-mode no\n\
+daemonize no\n\
+appendonly no\n\
+requirepass \"\"\n\
+" > /etc/redis/redis.conf
+
+WORKDIR /data
+
+EXPOSE 6379
+
+# 启动Redis服务器
+CMD ["redis-server", "/etc/redis/redis.conf"]

TestDocker/Redis/README.txt

@@ -0,0 +1,5 @@
+docker build -t redis-server .
+docker run -d \
+  -p 6379:6379 \
+  --name redis-container \
+  redis-server

TestDocker/Redis/redis.conf

@@ -0,0 +1,5 @@
+bind 0.0.0.0
+port 6379
+protected-mode no
+dir /data
+daemonize no

TestDocker/Rsync/Dockerfile

@@ -0,0 +1,39 @@
+FROM ubuntu:20.04
+
+# 安装rsync
+RUN apt-get update && \
+    apt-get install -y rsync
+
+# 创建测试目录和用户
+RUN mkdir -p /data/public && \
+    mkdir -p /data/secure && \
+    useradd -m testuser && \
+    echo "testuser:123456" | chpasswd
+
+# 配置文件
+RUN echo 'pid file = /var/run/rsyncd.pid' > /etc/rsyncd.conf && \
+    echo 'log file = /var/log/rsyncd.log' >> /etc/rsyncd.conf && \
+    echo 'transfer logging = yes' >> /etc/rsyncd.conf && \
+    echo 'use chroot = yes' >> /etc/rsyncd.conf && \
+    echo '[public]' >> /etc/rsyncd.conf && \
+    echo 'path = /data/public' >> /etc/rsyncd.conf && \
+    echo 'comment = Public Share' >> /etc/rsyncd.conf && \
+    echo 'read only = yes' >> /etc/rsyncd.conf && \
+    echo 'auth users = *' >> /etc/rsyncd.conf && \
+    echo 'secrets file = /etc/rsyncd.secrets' >> /etc/rsyncd.conf && \
+    echo '[anonymous]' >> /etc/rsyncd.conf && \
+    echo 'path = /data/public' >> /etc/rsyncd.conf && \
+    echo 'comment = Anonymous Share' >> /etc/rsyncd.conf && \
+    echo 'read only = yes' >> /etc/rsyncd.conf && \
+    echo 'auth users = ' >> /etc/rsyncd.conf
+
+# 创建密码文件
+RUN echo 'testuser:123456' > /etc/rsyncd.secrets && \
+    echo 'root:root123' >> /etc/rsyncd.secrets && \
+    chmod 600 /etc/rsyncd.secrets
+
+# 暴露Rsync默认端口
+EXPOSE 873
+
+# 启动rsync守护进程
+CMD ["rsync", "--daemon", "--no-detach", "--config=/etc/rsyncd.conf"]

TestDocker/Rsync/README.txt

@@ -0,0 +1,2 @@
+docker build -t rsync-test .
+docker run -d --name rsync-server -p 873:873 rsync-test

TestDocker/SMTP/Dockerfile

@@ -0,0 +1,51 @@
+FROM ubuntu:20.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# 安装必要的软件
+RUN apt-get update && apt-get install -y \
+    postfix \
+    sasl2-bin \
+    libsasl2-modules \
+    mailutils \
+    rsyslog \
+    && rm -rf /var/lib/apt/lists/*
+
+# 配置Postfix
+RUN postconf -e 'smtpd_sasl_auth_enable = yes' \
+    && postconf -e 'smtpd_sasl_security_options = noanonymous' \
+    && postconf -e 'smtpd_sasl_local_domain =' \
+    && postconf -e 'broken_sasl_auth_clients = yes' \
+    && postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' \
+    && postconf -e 'inet_interfaces = all'
+
+# 配置SASL
+RUN mkdir -p /etc/postfix/sasl/
+RUN echo "pwcheck_method: auxprop" > /etc/postfix/sasl/smtpd.conf \
+    && echo "auxprop_plugin: sasldb" >> /etc/postfix/sasl/smtpd.conf \
+    && echo "mech_list: PLAIN LOGIN" >> /etc/postfix/sasl/smtpd.conf
+
+# 创建SASL用户（使用固定域名localhost）
+RUN echo "123456" | saslpasswd2 -p -c -u localhost test
+RUN echo "admin123" | saslpasswd2 -p -c -u localhost admin
+RUN echo "root123" | saslpasswd2 -p -c -u localhost root
+
+# 设置权限
+RUN chown postfix:postfix /etc/sasldb2
+
+# 创建日志目录和文件
+RUN mkdir -p /var/log && \
+    touch /var/log/mail.log && \
+    chmod 644 /var/log/mail.log
+
+# 开放端口
+EXPOSE 25
+
+# 创建启动脚本
+RUN echo '#!/bin/bash' > /start.sh \
+    && echo 'service rsyslog start' >> /start.sh \
+    && echo 'service postfix start' >> /start.sh \
+    && echo 'tail -f /var/log/mail.log' >> /start.sh \
+    && chmod +x /start.sh
+
+CMD ["/start.sh"]

TestDocker/SMTP/README.txt

@@ -0,0 +1,2 @@
+docker build -t smtp-weak .
+docker run -d --name smtp-test -p 25:25 smtp-weak

TestDocker/SMTP/start.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+service postfix start
+tail -f /var/log/mail.log

TestDocker/SNMP/Dockerfile

@@ -0,0 +1,23 @@
+FROM ubuntu:20.04
+
+# 安装SNMP服务
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y snmpd && \
+    rm -rf /var/lib/apt/lists/*
+
+# 备份原配置
+RUN cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig
+
+# 创建新的配置文件
+RUN echo "rocommunity public default" > /etc/snmp/snmpd.conf && \
+    echo "rocommunity private default" >> /etc/snmp/snmpd.conf && \
+    echo "rocommunity cisco default" >> /etc/snmp/snmpd.conf && \
+    echo "rocommunity community default" >> /etc/snmp/snmpd.conf && \
+    # 允许从任何地址访问
+    echo "agentAddress udp:161,udp6:[::1]:161" >> /etc/snmp/snmpd.conf
+
+# 开放SNMP端口
+EXPOSE 161/udp
+
+# 启动SNMP服务
+CMD ["snmpd", "-f", "-Lo", "-C", "-c", "/etc/snmp/snmpd.conf"]

TestDocker/SNMP/README.txt

@@ -0,0 +1,2 @@
+docker build -t snmp-weak .
+docker run -d --name snmp-test -p 161:161/udp snmp-weak

TestDocker/SSH/Dockerfile

@@ -0,0 +1,20 @@
+# 使用Ubuntu最新版本作为基础镜像
+FROM ubuntu:latest
+
+# 安装必要的软件包
+RUN apt-get update && apt-get install -y \
+    openssh-server \
+    && rm -rf /var/lib/apt/lists/*
+
+# 创建SSH所需的目录
+RUN mkdir /var/run/sshd
+
+# 允许root用户SSH登录并设置密码
+RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+RUN echo 'root:Aa123456789' | chpasswd
+
+# 开放22端口
+EXPOSE 22
+
+# 启动SSH服务
+CMD ["/usr/sbin/sshd", "-D"]

TestDocker/SSH/README.txt

@@ -0,0 +1,2 @@
+docker build -t ubuntu-ssh .
+docker run -d -p 2222:22 ubuntu-ssh

TestDocker/Telnet/Dockerfile

@@ -0,0 +1,18 @@
+FROM busybox:latest
+
+# 安装必要的包
+RUN ["busybox", "telnetd", "--help"]
+
+# 创建测试用户
+RUN adduser -D -h /home/test test && \
+    echo "test:123456" | chpasswd
+
+# 创建弱密码管理员
+RUN adduser -D -h /home/admin admin && \
+    echo "admin:admin" | chpasswd
+
+# 暴露 Telnet 端口
+EXPOSE 23
+
+# 启动 Telnet 服务
+CMD ["busybox", "telnetd", "-F", "-l", "/bin/sh"]

TestDocker/Telnet/README.md

@@ -0,0 +1,2 @@
+docker build -t telnet-test .
+docker run -d -p 23:23 --name telnet-server telnet-test

TestDocker/Tomcat/Dockerfile

@@ -0,0 +1,17 @@
+FROM tomcat:9.0-jdk8
+
+# 删除默认应用
+RUN rm -rf /usr/local/tomcat/webapps/*
+
+# 复制tomcat-users.xml配置文件
+COPY tomcat-users.xml /usr/local/tomcat/conf/
+
+# 允许远程访问manager
+COPY context.xml /usr/local/tomcat/webapps.dist/manager/META-INF/
+COPY context.xml /usr/local/tomcat/webapps.dist/host-manager/META-INF/
+
+# 复制默认应用
+RUN cp -r /usr/local/tomcat/webapps.dist/* /usr/local/tomcat/webapps/
+
+EXPOSE 8080
+CMD ["catalina.sh", "run"]

TestDocker/Tomcat/README.txt

@@ -0,0 +1,2 @@
+docker build -t tomcat-weak .
+docker run -d --name tomcat-test -p 8080:8080 tomcat-weak

TestDocker/Tomcat/context.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Context antiResourceLocking="false" privileged="true" >
+    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+           allow=".*" />
+</Context>

TestDocker/Tomcat/tomcat-users.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+
+    <role rolename="manager-gui"/>
+    <role rolename="manager-script"/>
+    <role rolename="manager-jmx"/>
+    <role rolename="manager-status"/>
+    <role rolename="admin-gui"/>
+    <role rolename="admin-script"/>
+
+    <user username="admin" password="123456" roles="manager-gui,manager-script,manager-jmx,manager-status"/>
+    <user username="tomcat" password="tomcat" roles="manager-gui"/>
+    <user username="both" password="both" roles="manager-gui,admin-gui"/>
+    <user username="root" password="root123" roles="manager-gui,manager-script"/>
+
+</tomcat-users>

TestDocker/VNC/Dockerfile

@@ -0,0 +1,45 @@
+FROM ubuntu:20.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TZ=Asia/Shanghai
+
+# 安装必要的包
+RUN apt-get update && apt-get install -y \
+    tightvncserver \
+    xfce4 \
+    xfce4-terminal \
+    supervisor
+
+# 创建新用户
+RUN useradd -m vncuser
+ENV USER=vncuser
+ENV HOME=/home/vncuser
+
+# 设置supervisor配置
+RUN mkdir -p /var/log/supervisor
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+# 切换到vncuser用户
+USER vncuser
+WORKDIR /home/vncuser
+
+# 创建必要的文件和目录
+RUN touch ~/.Xauthority
+RUN mkdir -p ~/.vnc
+
+# 创建启动脚本
+RUN echo '#!/bin/bash\nxrdb $HOME/.Xresources\nstartxfce4 &' > ~/.vnc/xstartup
+RUN chmod +x ~/.vnc/xstartup
+
+# 设置VNC密码
+RUN echo "123456" | vncpasswd -f > ~/.vnc/passwd
+RUN chmod 600 ~/.vnc/passwd
+
+# 切回root用户来运行supervisor
+USER root
+
+# 暴露VNC端口
+EXPOSE 5901
+
+# 使用supervisor启动服务
+CMD ["/usr/bin/supervisord"]

TestDocker/VNC/README.txt

@@ -0,0 +1,2 @@
+docker build -t vnc-server .
+docker run -d -p 5901:5901 vnc-server

TestDocker/VNC/supervisord.conf

@@ -0,0 +1,8 @@
+[supervisord]
+nodaemon=true
+
+[program:vnc]
+command=/usr/bin/vncserver :1 -geometry 1280x800 -depth 24
+user=vncuser
+autostart=true
+autorestart=true

TestDocker/Weblogic/Dockerfile

@@ -0,0 +1,20 @@
+FROM container-registry.oracle.com/middleware/weblogic:12.2.1.4-dev
+
+# 环境变量
+ENV DOMAIN_NAME="base_domain" \
+    ADMIN_PORT="7001" \
+    ADMIN_NAME="weblogic" \
+    ADMIN_PASSWORD="weblogic123" \
+    PRODUCTION_MODE="dev" \
+    DOMAIN_HOME="/u01/oracle/user_projects/domains/base_domain"
+
+USER oracle
+
+# 创建域配置脚本
+COPY --chown=oracle:oracle create-domain.py /u01/oracle/
+COPY --chown=oracle:oracle start.sh /u01/oracle/
+RUN chmod +x /u01/oracle/start.sh
+
+EXPOSE 7001 7002
+
+CMD ["/u01/oracle/start.sh"]

TestDocker/Weblogic/README.txt

@@ -0,0 +1,2 @@
+docker build -t weblogic-weak .
+docker run -d --name weblogic-test -p 7001:7001 -p 7002:7002 weblogic-weak

TestDocker/Weblogic/create-domain.py

@@ -0,0 +1,26 @@
+import os
+
+# 读取模板
+readTemplate("/u01/oracle/wlserver/common/templates/wls/wls.jar")
+
+# 配置管理服务器
+cd('/Security/base_domain/User/weblogic')
+cmo.setPassword('weblogic123')
+
+# 设置域名称和路径
+cd('/')
+cmo.setName('base_domain')
+setOption('DomainName', 'base_domain')
+setOption('ServerStartMode', 'dev')
+setOption('OverwriteDomain', 'true')
+
+# 配置管理服务器
+cd('/Servers/AdminServer')
+set('ListenAddress', '')
+set('ListenPort', 7001)
+
+# 写入域配置
+writeDomain('/u01/oracle/user_projects/domains/base_domain')
+closeTemplate()
+
+exit()

TestDocker/Weblogic/start.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# 创建域
+wlst.sh -skipWLSModuleScanning /u01/oracle/create-domain.py
+
+# 等待域创建完成
+sleep 5
+
+# 启动服务器
+/u01/oracle/user_projects/domains/base_domain/bin/startWebLogic.sh

TestDocker/Zabbix/docker-compose.yml

@@ -0,0 +1,58 @@
+version: '3'
+
+services:
+  mysql:
+    image: mysql:8.0
+    container_name: zabbix-mysql
+    command: --default-authentication-plugin=mysql_native_password
+    environment:
+      MYSQL_ROOT_PASSWORD: root123
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix123
+    ports:
+      - "3306:3306"
+    volumes:
+      - ./mysql_data:/var/lib/mysql
+    networks:
+      - zabbix-net
+
+  zabbix-server:
+    image: zabbix/zabbix-server-mysql:ubuntu-6.0.23
+    container_name: zabbix-server
+    environment:
+      DB_SERVER_HOST: mysql
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix123
+      MYSQL_ROOT_PASSWORD: root123
+    ports:
+      - "10051:10051"
+    depends_on:
+      - mysql
+    networks:
+      - zabbix-net
+
+  zabbix-web:
+    image: zabbix/zabbix-web-nginx-mysql:ubuntu-6.0.23
+    container_name: zabbix-web
+    environment:
+      DB_SERVER_HOST: mysql
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix123
+      MYSQL_ROOT_PASSWORD: root123
+      ZBX_SERVER_HOST: zabbix-server
+      PHP_TZ: Asia/Shanghai
+    ports:
+      - "80:8080"
+      - "443:8443"
+    depends_on:
+      - mysql
+      - zabbix-server
+    networks:
+      - zabbix-net
+
+networks:
+  zabbix-net:
+    driver: bridge