Skip to main content

Installing the Iceberg Docker Container on a Linux Host

Step-by-step instructions on setting up the Iceberg Sensor Docker container on a Linux Host using the Docker engine

Michael Bakaic avatar
Written by Michael Bakaic
Updated over a month ago

Prerequisites

Linux Host Machine

While it is possible to follow these instructions for setting up the Iceberg Sensor Docker container on a Windows host, there are limitations to how Docker containers connect to the host network on a Windows host machine. Those limitations prevent the Iceberg Sensor from detecting network connected devices. The scans won't work properly. So use a Linux host 🐧

API Key and Host ID

To use an Iceberg Cyber Sensor Container, an API Key is required. The API key helps to uniquely identify the container instance and helps assign the vulnerability it finds to a user/account. If you do not already have an API Key, please contact Iceberg Cyber to have one provided to you.

Each API also has a linked Host ID. The Host ID will be necessary to start the container and is used to uniquely identify the container’s results in the Iceberg User Portal.

Container Repository Access Key

Iceberg Cyber Sensor Container Images are stored on a private container registry. To access this registry, the user will require a special access key. If you do not already have an access key, please contact the Iceberg Cyber Team and one will be provided to you.

Terminal Access

You will need super user terminal access to the Linux host where the Docker engine is running

Download Image

Steps to download the Iceberg Cyber Sensor Container image:

  • Open a terminal on the Linux host where the Docker engine is running

  • Run command: sudo docker login -u <username> -p <access key> icebergsensordocker.azurecr.io

Replace <username> and <access key> with the Container Repository Username and Access Key provided by Iceberg Cyber

  • If the login was successful, you should see a note in the command line “Login Succeeded”

  • Run command: sudo docker pull icebergsensordocker.azurecr.io/sensor/iceberg-sensor:<version>

Replace <version> with the desired version, or the word “latest” for the latest release. The version compatible with the Iceberg Web App is version 1.1.1

Latest is currently set to 1.3.1 as of 2025-03-19

  • If successful, you should see each layer of the docker image being downloaded

  • Once all the layers have finished downloading, you should be able to run: sudo docker image ls and see the Iceberg Cyber Sensor Container in your list of images. You can also see it in your Docker Desktop application

Setup MACvLAN Network

A MACvLAN network may be required for all the features of the Iceberg Cyber Sensor Container to work properly. A MACvLAN network will treat each container on it as if it were directly connected to the same network as the host device, with a different mac address as the host. For more information about MACvLan networks, see Macvlan network driver

To set up the MACvLAN network, follow the below steps:

  • Gather the necessary information about your host network:

    • Subnet

    • Gateway

    • Host device network interface

To get this information, a command like: 

ip link show

will show all the network interfaces on the Synology device. Usually, the desired interface is looks something like “eth0”

  • Run command: sudo docker network create -d macvlan --subnet=<subnet> --gateway=<gateway> --ip-range=<desired ip>/32 -o parent=<interface> IcebergNetwork

  • Replace the contents between any <> with the relevant information.

  • Replace the <desired ip> with any ip address on the same subnet that does not conflict with any other device on the same network.

  • If successful, the user should see the IcebergNetwork in the list when the following command is run: sudo docker network ls

Start Container

To start the container, use the following steps:

  1. Run command sudo docker run -d --net=IcebergNetwork --env ICEBERG_KEY=<API Key> --env IOTIUM_NODE_SERIAL_ID=<Host ID> --name=IcebergSensorContainer icebergsensordocker.azurecr.io/sensor/iceberg-sensor:<version>

  • Replace <API Key> with the API Key provided by Iceberg Cyber

  • Replace <Host ID> with the host Id linked to the API, also provided by Iceberg Cyber

  • Replace <version> with the desired version of the container

  • If successful, you should see the container as active if you run: sudo docker ps -a

  • After this stage, you can start, stop, and inspect the container using the Docker Desktop application

Results in the Iceberg App

After the container starts for the first time, it may take 2-3 hours for the scanning engine to update. Then you will see the Sensor online in the Iceberg app @ app.icebergcyber.com

Related Articles
Installing the Iceberg Docker Container in Synology Container Manager
Did this answer your question?