added Malcolm

2021-08-06 10:35:01 +02:00
parent f043730066
commit 70f1922e80
751 changed files with 195277 additions and 0 deletions
--- a/Vagrant/resources/malcolm/Dockerfiles/pcap-monitor.Dockerfile
+++ b/Vagrant/resources/malcolm/Dockerfiles/pcap-monitor.Dockerfile
@@ -0,0 +1,80 @@
+FROM debian:buster-slim
+
+# Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
+LABEL maintainer="malcolm.netsec@gmail.com"
+LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
+LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/master/README.md'
+LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
+LABEL org.opencontainers.image.vendor='Cybersecurity and Infrastructure Security Agency'
+LABEL org.opencontainers.image.title='malcolmnetsec/pcap-monitor'
+LABEL org.opencontainers.image.description='Malcolm container watching for captured or uploaded artifacts to be processed'
+
+ARG DEFAULT_UID=1000
+ARG DEFAULT_GID=1000
+ENV DEFAULT_UID $DEFAULT_UID
+ENV DEFAULT_GID $DEFAULT_GID
+ENV PUSER "watcher"
+ENV PGROUP "watcher"
+# not dropping privileges globally: supervisord will take care of it
+# on a case-by-case basis so that one script (watch-pcap-uploads-folder.sh)
+# can chown uploaded files
+ENV PUSER_PRIV_DROP false
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV TERM xterm
+
+ARG ELASTICSEARCH_URL="http://elasticsearch:9200"
+ARG PCAP_PATH=/pcap
+ARG PCAP_PIPELINE_DEBUG=false
+ARG PCAP_PIPELINE_DEBUG_EXTRA=false
+ARG PCAP_PIPELINE_IGNORE_PREEXISTING=false
+ARG ZEEK_PATH=/zeek
+
+ENV ELASTICSEARCH_URL $ELASTICSEARCH_URL
+ENV PCAP_PATH $PCAP_PATH
+ENV PCAP_PIPELINE_DEBUG $PCAP_PIPELINE_DEBUG
+ENV PCAP_PIPELINE_DEBUG_EXTRA $PCAP_PIPELINE_DEBUG_EXTRA
+ENV PCAP_PIPELINE_IGNORE_PREEXISTING $PCAP_PIPELINE_IGNORE_PREEXISTING
+ENV ZEEK_PATH $ZEEK_PATH
+
+RUN apt-get update && \
+    apt-get install --no-install-recommends -y -q \
+      file \
+      inotify-tools \
+      libzmq5 \
+      procps \
+      psmisc \
+      python \
+      python3-pip \
+      python3-setuptools \
+      python3-wheel \
+      supervisor \
+      vim-tiny && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    pip3 install --no-cache-dir elasticsearch elasticsearch_dsl pyzmq pyinotify python-magic && \
+    groupadd --gid ${DEFAULT_GID} ${PGROUP} && \
+      useradd -M --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER}
+
+ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
+ADD pcap-monitor/supervisord.conf /etc/supervisord.conf
+ADD pcap-monitor/scripts/ /usr/local/bin/
+ADD shared/bin/pcap_watcher.py /usr/local/bin/
+ADD shared/bin/pcap_utils.py /usr/local/bin/
+
+EXPOSE 30441
+
+ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]
+
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
+
+
+# to be populated at build-time:
+ARG BUILD_DATE
+ARG MALCOLM_VERSION
+ARG VCS_REVISION
+
+LABEL org.opencontainers.image.created=$BUILD_DATE
+LABEL org.opencontainers.image.version=$MALCOLM_VERSION
+LABEL org.opencontainers.image.revision=$VCS_REVISION