added Malcolm

2021-08-06 10:35:01 +02:00
parent f043730066
commit 70f1922e80
751 changed files with 195277 additions and 0 deletions
--- a/Vagrant/resources/malcolm/sensor-iso/moloch/Dockerfile
+++ b/Vagrant/resources/malcolm/sensor-iso/moloch/Dockerfile
@@ -0,0 +1,39 @@
+FROM debian:buster-slim
+
+# Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
+
+LABEL maintainer="malcolm.netsec@gmail.com"
+
+ENV DEBIAN_FRONTEND noninteractive
+
+ENV ARKIME_VERSION "2.7.1"
+ENV ARKIMEDIR "/opt/moloch"
+
+RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
+  apt-get -q update && \
+  apt-get install -q -y --no-install-recommends \
+    build-essential \
+    curl \
+    git-core \
+    iproute2 \
+    meson \
+    ninja-build \
+    patch \
+    python3-dev \
+    python3-pip \
+    python3-setuptools \
+    python3-wheel \
+    ruby \
+    ruby-dev \
+    rubygems \
+    sudo \
+    wget && \
+  gem install --no-ri --no-rdoc fpm && \
+  apt-get clean && \
+  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ADD build-moloch-deb.sh /usr/local/bin/
+ADD patch /moloch-src-patch
+ADD etc /moloch-etc
+
+ENTRYPOINT ["/bin/bash", "/usr/local/bin/build-moloch-deb.sh"]
--- a/Vagrant/resources/malcolm/sensor-iso/moloch/build-docker-image.sh
+++ b/Vagrant/resources/malcolm/sensor-iso/moloch/build-docker-image.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
+
+# force-navigate to script directory
+SCRIPT_PATH="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+pushd "$SCRIPT_PATH" >/dev/null 2>&1
+
+docker build -t arkime-build:latest .
+
+popd >/dev/null 2>&1
--- a/Vagrant/resources/malcolm/sensor-iso/moloch/build-moloch-deb.sh
+++ b/Vagrant/resources/malcolm/sensor-iso/moloch/build-moloch-deb.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
+
+OUTPUT_DIR="/tmp"
+unset VERBOSE
+
+while getopts o:v opts; do
+   case ${opts} in
+      o) OUTPUT_DIR=${OPTARG} ;;
+      v) VERBOSE=1 ;;
+   esac
+done
+
+set -e
+if [[ -n $VERBOSE ]]; then
+  set -x
+fi
+
+apt-get -q update
+
+mkdir -p /opt
+curl -L -o /tmp/moloch.tar.gz "https://github.com/arkime/arkime/archive/v$ARKIME_VERSION.tar.gz"
+
+cd /tmp
+tar -xvf "moloch.tar.gz"
+rm -f "moloch.tar.gz"
+
+mv "./arkime-"$ARKIME_VERSION "./moloch-"$ARKIME_VERSION || true
+cd "./moloch-"$ARKIME_VERSION
+
+for i in /moloch-src-patch/*; do
+  patch -p 1 -r - --no-backup-if-mismatch < $i || true
+done
+
+export PATH="$ARKIMEDIR/bin:/tmp/moloch-$ARKIME_VERSION/node_modules/.bin:${PATH}"
+
+./easybutton-build.sh --dir "$ARKIMEDIR"
+
+npm -g config set user root
+
+make install
+
+cp -r ./capture/plugins/lua/samples "$ARKIMEDIR"/lua
+
+npm install license-checker; release/notice.txt.pl $ARKIMEDIR NOTICE release/CAPTURENOTICE > $ARKIMEDIR/NOTICE.txt
+
+ETC_FILES=$(shopt -s nullglob dotglob; echo /moloch-etc/*)
+if (( ${#ETC_FILES} )) ; then
+  mkdir -p $ARKIMEDIR/etc
+  cp -r /moloch-etc/* $ARKIMEDIR/etc/
+fi
+
+fpm -s dir -t deb -n moloch -x opt/moloch/logs -x opt/moloch/raw -v $ARKIME_VERSION --iteration 1 --template-scripts --after-install "release/afterinstall.sh" --url "http://molo.ch" --description "Arkime Full Packet System" -d libwww-perl -d libjson-perl -d ethtool -d libyaml-dev "$ARKIMEDIR"
+
+ls -l *.deb && mv -v *.deb "$OUTPUT_DIR"/
+
+cd /tmp
+
+if [[ -n $VERBOSE ]]; then
+  set +x
+fi
+set +e
--- a/Vagrant/resources/malcolm/sensor-iso/moloch/etc/.gitignore
+++ b/Vagrant/resources/malcolm/sensor-iso/moloch/etc/.gitignore
@@ -0,0 +1,4 @@
+GeoLite2-*
+oui.txt*
+ipv4-address-space.csv*
+
--- a/Vagrant/resources/malcolm/sensor-iso/moloch/patch/user_agent.patch
+++ b/Vagrant/resources/malcolm/sensor-iso/moloch/patch/user_agent.patch
@@ -0,0 +1,30 @@
+diff --git a/capture/http.c b/capture/http.c
+index c39f7a0c..a2032880 100644
+--- a/capture/http.c
+++ b/capture/http.c
+@@ -227,6 +227,8 @@ unsigned char *moloch_http_send_sync(void *serverV, const char *method, const ch
+         curl_easy_setopt(easy, CURLOPT_HTTPGET, 1L);
+     }
+ 
+    curl_easy_setopt(easy, CURLOPT_USERAGENT, "arkime");
+
+     if (headerList) {
+         curl_easy_setopt(easy, CURLOPT_HTTPHEADER, headerList);
+     }
+@@ -828,6 +830,7 @@ gboolean moloch_http_send(void *serverV, const char *method, const char *key, in
+     curl_easy_setopt(request->easy, CURLOPT_CLOSESOCKETFUNCTION, moloch_http_curl_close_callback);
+     curl_easy_setopt(request->easy, CURLOPT_ACCEPT_ENCODING, ""); // https://curl.haxx.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html
+     curl_easy_setopt(request->easy, CURLOPT_TCP_KEEPALIVE, 1L);
+    curl_easy_setopt(request->easy, CURLOPT_USERAGENT, "arkime");
+ 
+     if (request->headerList) {
+         curl_easy_setopt(request->easy, CURLOPT_HTTPHEADER, request->headerList);
+@@ -947,7 +950,7 @@ void moloch_http_set_retries(void *serverV, uint16_t retries)
+     server->maxRetries = retries;
+ }
+ /******************************************************************************/
+-void moloch_http_set_client_cert(void *serverV, char* clientCert, 
+void moloch_http_set_client_cert(void *serverV, char* clientCert,
+                                 char* clientKey, char* clientKeyPass)
+ {
+     MolochHttpServer_t        *server = serverV;