added Malcolm
This commit is contained in:
197
Vagrant/resources/malcolm/file-monitor/supervisord.conf
Normal file
197
Vagrant/resources/malcolm/file-monitor/supervisord.conf
Normal file
@@ -0,0 +1,197 @@
|
||||
; Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
|
||||
|
||||
[unix_http_server]
|
||||
file=/tmp/supervisor.sock ; (the path to the socket file)
|
||||
chmod=0700
|
||||
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
logfile=/dev/null
|
||||
logfile_maxbytes=0
|
||||
pidfile=/tmp/supervisord.pid
|
||||
|
||||
[rpcinterface:supervisor]
|
||||
supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
|
||||
|
||||
[supervisorctl]
|
||||
serverurl=unix:///tmp/supervisor.sock
|
||||
|
||||
[program:watcher]
|
||||
command=/usr/local/bin/zeek_carve_watcher.py
|
||||
--verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
|
||||
--extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
|
||||
--start-sleep %(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
--ignore-existing %(ENV_EXTRACTED_FILE_IGNORE_EXISTING)s
|
||||
--min-bytes %(ENV_EXTRACTED_FILE_MIN_BYTES)s
|
||||
--max-bytes %(ENV_EXTRACTED_FILE_MAX_BYTES)s
|
||||
--directory "%(ENV_ZEEK_EXTRACTOR_PATH)s"
|
||||
autostart=true
|
||||
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[group:scanners]
|
||||
programs=virustotal,clamav,yara,capa,malass
|
||||
|
||||
[program:virustotal]
|
||||
command=/usr/local/bin/vtot_scan.py
|
||||
--verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
|
||||
--extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
|
||||
--start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
|
||||
--vtot-api %(ENV_VTOT_API2_KEY)s
|
||||
--req-limit %(ENV_VTOT_REQUESTS_PER_MINUTE)s
|
||||
autostart=%(ENV_EXTRACTED_FILE_ENABLE_VTOT)s
|
||||
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:clamav]
|
||||
command=/usr/local/bin/clam_scan.py
|
||||
--verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
|
||||
--extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
|
||||
--start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
|
||||
--clamav %(ENV_EXTRACTED_FILE_ENABLE_CLAMAV)s
|
||||
--clamav-socket "%(ENV_CLAMD_SOCKET_FILE)s"
|
||||
--req-limit %(ENV_CLAMD_MAX_REQUESTS)s
|
||||
autostart=%(ENV_EXTRACTED_FILE_ENABLE_CLAMAV)s
|
||||
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:yara]
|
||||
command=/usr/local/bin/yara_scan.py
|
||||
--verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
|
||||
--extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
|
||||
--start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
|
||||
--yara %(ENV_EXTRACTED_FILE_ENABLE_YARA)s
|
||||
--yara-custom-only %(ENV_EXTRACTED_FILE_YARA_CUSTOM_ONLY)s
|
||||
--req-limit %(ENV_YARA_MAX_REQUESTS)s
|
||||
autostart=%(ENV_EXTRACTED_FILE_ENABLE_YARA)s
|
||||
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:capa]
|
||||
command=/usr/local/bin/capa_scan.py
|
||||
--verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
|
||||
--extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
|
||||
--start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
|
||||
--capa %(ENV_EXTRACTED_FILE_ENABLE_CAPA)s
|
||||
--capa-verbose %(ENV_EXTRACTED_FILE_CAPA_VERBOSE)s
|
||||
--req-limit %(ENV_CAPA_MAX_REQUESTS)s
|
||||
autostart=%(ENV_EXTRACTED_FILE_ENABLE_CAPA)s
|
||||
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:malass]
|
||||
command=/usr/local/bin/malass_scan.py
|
||||
--verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
|
||||
--extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
|
||||
--start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
|
||||
--malass-host "%(ENV_MALASS_HOST)s"
|
||||
--malass-port %(ENV_MALASS_PORT)s
|
||||
--req-limit %(ENV_MALASS_MAX_REQUESTS)s
|
||||
autostart=%(ENV_EXTRACTED_FILE_ENABLE_MALASS)s
|
||||
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:logger]
|
||||
command=/usr/local/bin/zeek_carve_logger.py
|
||||
--verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
|
||||
--extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
|
||||
--start-sleep %(ENV_EXTRACTED_FILE_LOGGER_START_SLEEP)s
|
||||
--preserve %(ENV_EXTRACTED_FILE_PRESERVATION)s
|
||||
--directory "%(ENV_ZEEK_EXTRACTOR_PATH)s"
|
||||
--zeek-log "%(ENV_ZEEK_LOG_DIRECTORY)s"
|
||||
autostart=true
|
||||
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:freshclam]
|
||||
command=/usr/bin/freshclam freshclam --config-file=/etc/clamav/freshclam.conf --daemon
|
||||
autostart=%(ENV_EXTRACTED_FILE_UPDATE_RULES)s
|
||||
autorestart=true
|
||||
startsecs=0
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:clamd]
|
||||
command=/usr/sbin/clamd -c /etc/clamav/clamd.conf
|
||||
autostart=%(ENV_EXTRACTED_FILE_ENABLE_CLAMAV)s
|
||||
autorestart=true
|
||||
startsecs=0
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:fileserve]
|
||||
command=/usr/local/bin/zeek_carved_http_server.py
|
||||
--port %(ENV_EXTRACTED_FILE_HTTP_SERVER_PORT)s
|
||||
--encrypt %(ENV_EXTRACTED_FILE_HTTP_SERVER_ENCRYPT)s
|
||||
--directory /data/zeek/extract_files
|
||||
autostart=%(ENV_EXTRACTED_FILE_HTTP_SERVER_ENABLE)s
|
||||
autorestart=true
|
||||
startsecs=0
|
||||
startretries=0
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
directory=/data/zeek/extract_files
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
|
||||
[program:cron]
|
||||
autorestart=true
|
||||
command=/usr/local/bin/supercronic -json "%(ENV_SUPERCRONIC_CRONTAB)s"
|
||||
stopasgroup=true
|
||||
killasgroup=true
|
||||
stdout_logfile=/dev/fd/1
|
||||
stdout_logfile_maxbytes=0
|
||||
redirect_stderr=true
|
||||
Reference in New Issue
Block a user