How to install Hyperledger Fabric on Ubuntu 18.04 with the help of Docker

Hyperledger Fabric is a blockchain framework implementation that works as a foundation for developing applications with a modular architecture. Normally, Hyperledger Fabric is quite difficult to install. And even though the time you invest will be paid off with a powerful tool, you might want an easier method for installing it.

The good news is that there is an easier method of deploying Hyperledger Fabric. That method comes by way of Docker. And because all of the pieces are open source, there’s little to no cost here.

I’m going to walk you through the process of installing Hyperledger Fabric v 1.4.4 on Ubuntu Server 18.04, via the Docker container engine. You’ll use the command line for the entire method, so be prepared to type a bit.

This tutorial assumes you already have an instance of Ubuntu Server 18.04 up and running. You will also need an account with sudo rights.

With that said, let’s deploy this container so you can start developing blockchain applications.

Update and Upgrade

Before we get into the deployment, let’s update and upgrade your Ubuntu server first. It’s important to know that, after upgrading the kernel, you’ll have to reboot the machine (so the updates will take effect).

In order to update and upgrade ubuntu, log into the server and issue the following two commands:

sudo apt-get update

sudo apt-get upgrade -y

Once you complete that, reboot your server (if necessary) and log back in. You’re now ready to start the installation/deployment process. You won’t even need to bring in your third-party outsourcing services to take care of this task.

Installing Docker Engine

The first thing you need to do is install the Docker engine. To do this, issue the command:

sudo apt-get install -y

Once the installation finishes, start and enable the Docker engine with the commands:

sudo systemctl start docker

sudo systemctl enable docker

Next, you need to add your user to the Docker group. If you don’t do this, you’ll only be able to run the Docker command with sudo, which can lead to security issues. To add your user to the Docker group, issue the command:

sudo usermod -aG docker $USER

In order for the change to take effect, you must log out and log back into your Ubuntu server. To verify your user has permission to use the docker engine, issue the command:

docker ps -a

You shouldn’t get any errors from the command. Instead, you’ll see no docker containers listed (Figure 1).

Deploying the Container

At this point, you are now ready to deploy the Hyperledger Fabric container. This task can be done with a single command. The command is:

curl -sSL | bash -s 1.4.4

You can define which version of the framework to deploy. For instance, if you want to deploy the beta version (2.0), you could issue the command:

curl -sSL | bash -s 2.0.0

Or if you wanted to deploy an older version, you could issue the command:

curl -sSL | bash -s 1.3.0.

To find out what versions are available, check out the official Hyperledger Fabric release page.

You now need to build your first Hyperledger Framework network so the container can be deployed. To do this, change into the newly-created directory with the command:

cd ~/fabric-samples/first-network

Now generate the network with the command:

./ generate

Finally, bring the network up with the command:

./ up

The final command will take some time to complete. Once it finishes, you can verify it’s actually up and running by issuing the command:

docker ps -a

This time around (Figure 2), you should see the framework has been deployed.

Figure 2

The Hyperledger Framework has been successfully deployed.

Finally, you might want to add the download directory to your $PATH, so you don’t always have to type the full path to the download directory. To do this, issue the command:

export PATH=<path to download location>/bin:$PATH

Where path to download location is the full path to the directory (such as ~/fabric-samples).

When you’re finished, you can bring down the network with the command (run from within the ~/fabric-samples/first-network directory):

./ down

Just remember, if you need to work with the framework again, you’ll have to bring the network backup with the command:

./ up

Time To Develop

At this point, you can now start developing your first application on your Hyperledger Framework network. To start on your Hyperledger Framework development path, you should read up on the official documentation before diving in.


Advisory: SUDO tool vulnerability

A local privilege escalation vulnerability exists in the sudo utility and has been given CVE-2019-14287 for tracking.

Configurations that supposedly restrict a user to running commands only a different (non-root) user are not effective, allowing commands to be run as root instead.

The following sections are covered:

Applies to the following Sophos products and versions


The vulnerability is NOT applicable to any Sophos products.


  • In relation to Sophos products: no.
  • In general: update systems frequently to receive vendor patches.

Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.


  • No Related Posts

Re: sudo file getting ovewritten

We have created a script that enables our ServiceDesk to close OPEN files on Isilon.

We did not want to use a root level account.

We created a custom Role=CloseSMB and gave it these privileges:


Platform API



Namespace Traverse

Namespace Access

We created a local account called “Closer” and added it to our CloseSMB role.

The account could not run isi_for_array until we gave it some sudo rights and nopasswrd required

We added to sudo:

Closer ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array, /usr/bin/isi

We added to all nodes in cluster.

The script worked.

I went in the GUI to check on CloseSMB privileges.

A few minutes later I was doing some more testing and the script failed.

Something took out our line:

Closer ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array, /usr/bin/isi

How do we edit sudo and make it stick?



Sql injection, Microsoft and Microsoft windows

The blackbear server is to be used as main payload for RCE exploits. Main goal is to have reliable interactive shell access (must be able to run top, sudo, screen, vi, etc) as opposed to crafted reverse shells meterpreter which allow basic commands but fail at interactive ones. Secondary goal is to …


Re: ISILON: Delegation of isi_for_array command lines to 1st level support

One solution is to give those users sudo access to just the ‘isi_for_array isi smb openfiles*’ command. There is an isi_visudo command that will allow you to integrate your entries with the standard sudo. I did a quick try in the lab and created a local user called “smb_support” and created the following entry:

smb_support ALL=(ALL:ALL) NOPASSWD: /usr/bin/isi_for_array isi smb openfiles*

Then I logged into the cluster as smb_support and tried the following:

cluster-2% id

uid=2000(smb_support) gid=1001 groups=1001

cluster-2% isi smb openfiles list

Privilege check failed. The following read privilege is required: SMB (ISI_PRIV_SMB)

(Note: This is expected, I was simply trying to show that this is not a privileged user and is not allowed to run isi command in general)

cluster-2% isi_for_array isi smb openfiles list

zsh: permission denied: isi_for_array

(Again, expected, just showing that they can’t run the command without sudo)

cluster-2% sudo isi_for_array isi smb openfiles list

cluster-2: ID Path

cluster-2: ——-

cluster-2: ——-

cluster-2: Total: 0

cluster-1: ID Path

cluster-1: ——-

cluster-1: ——-

cluster-1: Total: 0

cluster-3: ID Path

cluster-3: ——-

cluster-3: ——-

cluster-3: Total: 0

(This is a box in my lab so there were no connections at the time, but you can see the command worked)

You can, of course, tweak this to your needs, but I’m just showing that it’s possible. Also, keep an eye out on upgrades to be sure it doesn’t get wiped. I don’t believe it should, but just keep the entry around just in case.

The * at the end also allows them to run close across all of the arrays. You could limit this to just list if you wanted to. Again, your needs may change. The NOPASSWD: is optional. If you don’t use it, the user will be required to enter *their* password before the command will execute. Sometimes that’s good, sometimes it’s a pain. Again, up to you.

This is a bit UNIX-y, I realize, but the underlying OS is FreeBSD so that comes with the territory. Google can be your friend on syntax, etc.

Just an idea.


Installing Community Edition on Azure VM

I have had good success running the QRadar Community Edition on a standard Azure CentOS VM, so I thought I would post the brief mods required that allow the installation to run here, in case anyone else finds them useful – use them at your own risk.

I am not going to explain how to create an Azure VM, hopefully you will already be up to speed on that, the VM specifics I used are –

PublisherName: OpenLogic
Offer: CentOS
Skus: 7.3
Version: Latest
Size: Standard_F2s (this is 2 cpus, 4GB RAM, premium storage)
VMOSDiskSize: 80GB

Once created the VM needs a few changes to make the QRadar install run smoothly, as follows.

Extend the /dev/sda2 partition to use the full available space

sudo fdisk /dev/sda

The device presents a logical sector size that is smaller than
the physical sector size. Aligning to a physical sector (or optimal
I/O) size boundary is recommended, or performance may be impacted.
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): d
Partition number (1,2, default 2): 2
Partition 2 is deleted

Command (m for help): n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p): p
Partition number (2-4, default 2): 2
First sector (1026048-167772159, default 1026048):
Using default value 1026048
Last sector, +sectors or +size{K,M,G} (1026048-167772159, default 167772159):
Using default value 167772159
Partition 2 of type Linux and of size 79.5 GiB is set

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Reboot to pick up the new partition table.

sudo reboot

Grow the root filesystem:

sudo xfs_growfs /

Create 8GB of swap space:

sudo dd if=/dev/zero of=/swapfile bs=1024 count=8388608

sudo chmod 0600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile

Add the following line to /etc/fstab to mount the swap on reboot:

/swapfile swap swap defaults 0 0

Update everything and install screen:

sudo yum -y update

sudo yum install screen

Disable SELINUX, and reboot to clear it:

sudo sed -i -e ‘s/^SELINUX=.*$/SELINUX=disabled/g’ /etc/selinux/config
sudo reboot

Copy the Community Edition to a temporary directory, mount it and run the setup as per the IBM instructions (You get the standard appliance install screens, it tells you that you have insufficient memory, but continues to install an appliance type “300”.)

Eventually you get a working Qradar CE system! Don’t forget this doesn’t have all the DSMs so you may need to get rpms from fix central for additional log source support.



Licensing error 7001 symptom 18 (activation does not save)

When trying to activate the SPSS software (v24) using the License Wizard, I enter the Activation key, get the “Authorization Succeeded” result, and even the “Successfully processed all codes” ending, but when I open the SPSS app, I still get the licensing error 7001, and the product does not work. Seems like the authorization is not saving. I am using Mac (OS Sierra), and even running the license wizard using sudo (admin privs). Any other ideas?


Re: ESRS credentials

Why no equivalent to root? What about sudo? Why do I have to hand the keys to the kingdom to “some person on the phone”? Is giving up my root password for my protection, because it doesn’t feel like it. Root? Could there not be a built-in ‘EMCesrs” account with the necessary credentials? Who is building this OS? Is the onus on me to protect my employer or does EMC have a more efficient way for their staff to perform their duties, paid for by the customer, without putting their customers environment in jeopardy? Asking for a root password over the phone, what is this, the 90s? I am 100% sure EMC has a better way, or can come up with one in short order.

PS: They always try the default and I’m told *most* customers ‘just use the default’. LOL yup, the 90s.