FROM debian:buster-slim AS build # Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved. ENV DEBIAN_FRONTEND noninteractive ENV ARKIME_VERSION "2.7.1" ENV ARKIMEDIR "/data/moloch" ENV ARKIME_URL "https://codeload.github.com/arkime/arkime/tar.gz/v${ARKIME_VERSION}" ENV ARKIME_LOCALELASTICSEARCH no ENV ARKIME_INET yes ADD moloch/scripts/bs4_remove_div.py /data/ ADD moloch/patch/* /data/patches/ ADD README.md $ARKIMEDIR/doc/ ADD doc.css $ARKIMEDIR/doc/ ADD docs/images $ARKIMEDIR/doc/images/ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \ apt-get -q update && \ apt-get install -q -y --no-install-recommends \ binutils \ bison \ cmake \ curl \ file \ flex \ g++ \ gcc \ gettext \ git-core \ groff \ groff-base \ imagemagick \ libcap-dev \ libjson-perl \ libkrb5-dev \ libmaxminddb-dev \ libpcap0.8-dev \ libssl-dev \ libtool \ libwww-perl \ libyaml-dev \ make \ meson \ ninja-build \ pandoc \ patch \ python3-dev \ python3-pip \ python3-setuptools \ python3-wheel \ rename \ sudo \ swig \ wget \ zlib1g-dev && \ pip3 install --no-cache-dir beautifulsoup4 && \ cd $ARKIMEDIR/doc/images && \ find . -name "*.png" -exec bash -c 'convert "{}" -fuzz 2% -transparent white -background white -alpha remove -strip -interlace Plane -quality 85% "{}.jpg" && rename "s/\.png//" "{}.jpg"' \; && \ cd $ARKIMEDIR/doc && \ sed -i "s/^# Malcolm$//" README.md && \ sed -i '/./,$!d' README.md && \ sed -i "s/.png/.jpg/g" README.md && \ sed -i "s@docs/images@images@g" README.md && \ pandoc -s --self-contained --metadata title="Malcolm README" --css $ARKIMEDIR/doc/doc.css -o $ARKIMEDIR/doc/README.html $ARKIMEDIR/doc/README.md && \ cd /data && \ mkdir -p "./moloch-"$ARKIME_VERSION && \ curl -sSL "$ARKIME_URL" | tar xzvf - -C "./moloch-"$ARKIME_VERSION --strip-components 1 && \ cd "./moloch-"$ARKIME_VERSION && \ bash -c 'for i in /data/patches/*; do patch -p 1 -r - --no-backup-if-mismatch < $i || true; done' && \ find $ARKIMEDIR/doc/images/screenshots -name "*.png" -delete && \ export PATH="$ARKIMEDIR/bin:${PATH}" && \ ln -sfr $ARKIMEDIR/bin/npm /usr/local/bin/npm && \ ln -sfr $ARKIMEDIR/bin/node /usr/local/bin/node && \ ln -sfr $ARKIMEDIR/bin/npx /usr/local/bin/npx && \ python3 /data/bs4_remove_div.py -i ./viewer/vueapp/src/components/users/Users.vue -o ./viewer/vueapp/src/components/users/Users.new -c "new-user-form" && \ mv -vf ./viewer/vueapp/src/components/users/Users.new ./viewer/vueapp/src/components/users/Users.vue && \ sed -i 's/v-if.*password.*"/v-if="false"/g' ./viewer/vueapp/src/components/settings/Settings.vue && \ rm -rf ./viewer/vueapp/src/components/upload && \ sed -i "s/^\(ARKIME_LOCALELASTICSEARCH=\).*/\1"$ARKIME_LOCALELASTICSEARCH"/" ./release/Configure && \ sed -i "s/^\(ARKIME_INET=\).*/\1"$ARKIME_INET"/" ./release/Configure && \ ./easybutton-build.sh --install && \ npm cache clean --force && \ bash -c "file ${ARKIMEDIR}/bin/* ${ARKIMEDIR}/node-v*/bin/* | grep 'ELF 64-bit' | sed 's/:.*//' | xargs -l -r strip -v --strip-unneeded" FROM debian:buster-slim LABEL maintainer="malcolm.netsec@gmail.com" LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com' LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm' LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/master/README.md' LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm' LABEL org.opencontainers.image.vendor='Cybersecurity and Infrastructure Security Agency' LABEL org.opencontainers.image.title='malcolmnetsec/arkime' LABEL org.opencontainers.image.description='Malcolm container providing Arkime' ARG DEFAULT_UID=1000 ARG DEFAULT_GID=1000 ENV DEFAULT_UID $DEFAULT_UID ENV DEFAULT_GID $DEFAULT_GID ENV PUSER "arkime" ENV PGROUP "arkime" ENV PUSER_PRIV_DROP true ENV DEBIAN_FRONTEND noninteractive ENV TERM xterm ARG ES_HOST=elasticsearch ARG ES_PORT=9200 ARG MALCOLM_USERNAME=admin ARG ARKIME_INTERFACE=eth0 ARG ARKIME_ANALYZE_PCAP_THREADS=1 ARG WISE=off ARG VIEWER=on #Whether or not Arkime is in charge of deleting old PCAP files to reclaim space ARG MANAGE_PCAP_FILES=false #Whether or not to auto-tag logs based on filename ARG AUTO_TAG=true ARG PCAP_PIPELINE_DEBUG=false ARG PCAP_PIPELINE_DEBUG_EXTRA=false ARG PCAP_MONITOR_HOST=pcap-monitor ARG MAXMIND_GEOIP_DB_LICENSE_KEY="" # Declare envs vars for each arg ENV ES_HOST $ES_HOST ENV ES_PORT $ES_PORT ENV ARKIME_ELASTICSEARCH "http://"$ES_HOST":"$ES_PORT ENV ARKIME_INTERFACE $ARKIME_INTERFACE ENV MALCOLM_USERNAME $MALCOLM_USERNAME # this needs to be present, but is unused as nginx is going to handle auth for us ENV ARKIME_PASSWORD "ignored" ENV ARKIMEDIR "/data/moloch" ENV ARKIME_ANALYZE_PCAP_THREADS $ARKIME_ANALYZE_PCAP_THREADS ENV WISE $WISE ENV VIEWER $VIEWER ENV MANAGE_PCAP_FILES $MANAGE_PCAP_FILES ENV AUTO_TAG $AUTO_TAG ENV PCAP_PIPELINE_DEBUG $PCAP_PIPELINE_DEBUG ENV PCAP_PIPELINE_DEBUG_EXTRA $PCAP_PIPELINE_DEBUG_EXTRA ENV PCAP_MONITOR_HOST $PCAP_MONITOR_HOST COPY --from=build $ARKIMEDIR $ARKIMEDIR RUN sed -i "s/buster main/buster main contrib non-free/" /etc/apt/sources.list && \ apt-get -q update && \ apt-get install -q -y --no-install-recommends \ curl \ file \ geoip-bin \ gettext \ libcap2-bin \ libjson-perl \ libkrb5-3 \ libmaxminddb0 \ libpcap0.8 \ libssl1.0 \ libtool \ libwww-perl \ libyaml-0-2 \ libzmq5 \ procps \ psmisc \ python \ python3 \ python3-pip \ python3-setuptools \ python3-wheel \ rename \ sudo \ supervisor \ vim-tiny \ wget \ tar gzip unzip cpio bzip2 lzma xz-utils p7zip-full unrar zlib1g && \ pip3 install --no-cache-dir beautifulsoup4 pyzmq && \ ln -sfr $ARKIMEDIR/bin/npm /usr/local/bin/npm && \ ln -sfr $ARKIMEDIR/bin/node /usr/local/bin/node && \ ln -sfr $ARKIMEDIR/bin/npx /usr/local/bin/npx && \ apt-get -q -y --purge remove gcc gcc-8 cpp cpp-8 libssl-dev && \ apt-get -q -y autoremove && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # add configuration and scripts ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/ ADD moloch/scripts /data/ ADD shared/bin/pcap_moloch_and_zeek_processor.py /data/ ADD shared/bin/pcap_utils.py /data/ ADD shared/bin/elastic_search_status.sh /data/ ADD moloch/etc $ARKIMEDIR/etc/ ADD moloch/wise/source.*.js $ARKIMEDIR/wiseService/ ADD moloch/supervisord.conf /etc/supervisord.conf # MaxMind now requires a (free) license key to download the free versions of # their GeoIP databases. This should be provided as a build argument. # see https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads # see https://github.com/arkime/arkime/issues/1350 # see https://github.com/arkime/arkime/issues/1352 RUN [ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ] && for DB in ASN Country City; do \ cd /tmp && \ curl -s -S -L -o "GeoLite2-$DB.mmdb.tar.gz" "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-$DB&license_key=$MAXMIND_GEOIP_DB_LICENSE_KEY&suffix=tar.gz" && \ tar xf "GeoLite2-$DB.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 && \ mkdir -p $ARKIMEDIR/etc/ $ARKIMEDIR/logs/ && \ mv -v "GeoLite2-$DB.mmdb" $ARKIMEDIR/etc/; \ rm -f "GeoLite2-$DB*"; \ done; \ curl -s -S -L -o $ARKIMEDIR/etc/ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv" && \ curl -s -S -L -o $ARKIMEDIR/etc/oui.txt "https://raw.githubusercontent.com/wireshark/wireshark/master/manuf" RUN groupadd --gid $DEFAULT_GID $PGROUP && \ useradd -M --uid $DEFAULT_UID --gid $DEFAULT_GID --home $ARKIMEDIR $PUSER && \ usermod -a -G tty $PUSER && \ chmod 755 /data/*.sh && \ ln -sfr /data/pcap_moloch_and_zeek_processor.py /data/pcap_moloch_processor.py && \ cp -f /data/moloch_update_geo.sh $ARKIMEDIR/bin/moloch_update_geo.sh && \ chmod u+s $ARKIMEDIR/bin/moloch-capture && \ mkdir -p /var/run/moloch && \ chown -R $PUSER:$PGROUP $ARKIMEDIR/etc $ARKIMEDIR/logs /var/run/moloch #Update Path ENV PATH="/data:$ARKIMEDIR/bin:${PATH}" EXPOSE 8000 8005 8081 WORKDIR $ARKIMEDIR ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"] CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"] # to be populated at build-time: ARG BUILD_DATE ARG MALCOLM_VERSION ARG VCS_REVISION LABEL org.opencontainers.image.created=$BUILD_DATE LABEL org.opencontainers.image.version=$MALCOLM_VERSION LABEL org.opencontainers.image.revision=$VCS_REVISION