Configuration Guide - zakharb/labshock GitHub Wiki

This guide explains how to configure Labshock services, network settings, and volumes.
And how to manage services using docker commands.

🟨 Networks Configuration

Labshock uses two bridge networks:

l2_network (192.168.2.0/24) for Level 2 devices like PLCs.
l3_network (192.168.3.0/24) for Level 3 devices like SCADA and engineering workstations.

To modify the network settings, change the subnet and ipv4_address fields under ipam.config in docker-compose.yml.

Example:

networks:
  l2_network:
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.2.0/24
  l3_network:
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.3.0/24

🟨 Services Configuration

🔶 Router

Routes traffic between l2_network and l3_network.

Change build path to modify router configurations.
Ensure privileged: true is enabled.

  router:
    build: ./router/
    privileged: true
    restart: unless-stopped
    networks:
      l2_network:
        ipv4_address: 192.168.2.254
      l3_network:
        ipv4_address: 192.168.3.254

🔶 SCADA

SCADA service uses port 1881.

Data is stored in scada-data volume.

  scada:
    build: ./scada/
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    networks:
      l3_network:
        ipv4_address: 192.168.3.20
    ports:
      - '1881:1881'
    volumes:
      - scada-data:/usr/src/app/FUXA/server/_appdata

🔶 PLC

PLC service runs a webserver on port 8080.

Data is stored in plc-data volume.

  plc:
    build: ./plc/
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    networks:
      l2_network:
        ipv4_address: 192.168.2.10
    ports:
      - "8080:8080"
    volumes:
      - plc-data:/workdir/webserver

🔶 Engineering Workstation (EWS)

EWS is available on port 5911.

Uses ews-data volume for persistent storage.

  ews:
    build: ./ews/
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    networks:
      l3_network:
        ipv4_address: 192.168.3.11
    ports:
      - "5911:5911"
    volumes:
      - ews-data:/home/engineer/

🔶 Penetration Testing Station

Runs on l3_network, uses port 2222, and has NET_RAW and NET_ADMIN privileges.

  pentest:
    build: ./pentest/
    cap_add:
      - NET_ADMIN
      - NET_RAW
    privileged: true
    restart: unless-stopped
    networks:
      l3_network:
        ipv4_address: 192.168.3.30
    ports:
      - "2222:22"

🔶 IDS (Intrusion Detection System)

Runs in host network mode.

  ids:
    build: ./ids/
    network_mode: host
    restart: unless-stopped

🔶 Log Collector

Runs on l3_network, listens on ports 2443 and 8766.

  collector:
    build: ./collector/
    networks:
      l3_network:
        ipv4_address: 192.168.3.40
    restart: unless-stopped
    ports:
      - "2443:2443"
      - "8766:8766"

🟨 Volumes Configuration

Volumes store persistent data for SCADA, PLC, and EWS. To change storage locations, modify the volumes mapping.

volumes:
  scada-data:
  plc-data:
  ews-data:

🟨 Commands

Docker docs can be found here: docker docs
Docker-compose docs can be found here: docker-compose docs

Check which services are running:

docker ps -a

Check statistics:

docker stats

Deploy Labshock using:

docker-compose up -d

To stop Labshock:

docker-compose down

To restart a specific service:

docker-compose restart <service_name>

To run bash inside container:

docker-compose exec -it <service_name> /bin/bash

Modify docker-compose.yml as needed and restart services for changes to take effect.

You can check how to configure each service in Service specific page