DetectionLab/Vagrant/resources/malcolm/file-monitor/supervisord.conf

; Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.

[unix_http_server]
file=/tmp/supervisor.sock   ; (the path to the socket file)
chmod=0700

[supervisord]
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/tmp/supervisord.pid

[rpcinterface:supervisor]
supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface

[supervisorctl]
serverurl=unix:///tmp/supervisor.sock

[program:watcher]
command=/usr/local/bin/zeek_carve_watcher.py
  --verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
  --extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
  --start-sleep %(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
  --ignore-existing %(ENV_EXTRACTED_FILE_IGNORE_EXISTING)s
  --min-bytes %(ENV_EXTRACTED_FILE_MIN_BYTES)s
  --max-bytes %(ENV_EXTRACTED_FILE_MAX_BYTES)s
  --directory "%(ENV_ZEEK_EXTRACTOR_PATH)s"
autostart=true
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[group:scanners]
programs=virustotal,clamav,yara,capa,malass

[program:virustotal]
command=/usr/local/bin/vtot_scan.py
  --verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
  --extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
  --start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
  --vtot-api %(ENV_VTOT_API2_KEY)s
  --req-limit %(ENV_VTOT_REQUESTS_PER_MINUTE)s
autostart=%(ENV_EXTRACTED_FILE_ENABLE_VTOT)s
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:clamav]
command=/usr/local/bin/clam_scan.py
  --verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
  --extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
  --start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
  --clamav %(ENV_EXTRACTED_FILE_ENABLE_CLAMAV)s
  --clamav-socket "%(ENV_CLAMD_SOCKET_FILE)s"
  --req-limit %(ENV_CLAMD_MAX_REQUESTS)s
autostart=%(ENV_EXTRACTED_FILE_ENABLE_CLAMAV)s
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:yara]
command=/usr/local/bin/yara_scan.py
  --verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
  --extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
  --start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
  --yara %(ENV_EXTRACTED_FILE_ENABLE_YARA)s
  --yara-custom-only %(ENV_EXTRACTED_FILE_YARA_CUSTOM_ONLY)s
  --req-limit %(ENV_YARA_MAX_REQUESTS)s
autostart=%(ENV_EXTRACTED_FILE_ENABLE_YARA)s
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:capa]
command=/usr/local/bin/capa_scan.py
  --verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
  --extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
  --start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
  --capa %(ENV_EXTRACTED_FILE_ENABLE_CAPA)s
  --capa-verbose %(ENV_EXTRACTED_FILE_CAPA_VERBOSE)s
  --req-limit %(ENV_CAPA_MAX_REQUESTS)s
autostart=%(ENV_EXTRACTED_FILE_ENABLE_CAPA)s
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:malass]
command=/usr/local/bin/malass_scan.py
  --verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
  --extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
  --start-sleep %(ENV_EXTRACTED_FILE_SCANNER_START_SLEEP)s
  --malass-host "%(ENV_MALASS_HOST)s"
  --malass-port %(ENV_MALASS_PORT)s
  --req-limit %(ENV_MALASS_MAX_REQUESTS)s
autostart=%(ENV_EXTRACTED_FILE_ENABLE_MALASS)s
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:logger]
command=/usr/local/bin/zeek_carve_logger.py
  --verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG)s
  --extra-verbose %(ENV_EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA)s
  --start-sleep %(ENV_EXTRACTED_FILE_LOGGER_START_SLEEP)s
  --preserve %(ENV_EXTRACTED_FILE_PRESERVATION)s
  --directory "%(ENV_ZEEK_EXTRACTOR_PATH)s"
  --zeek-log "%(ENV_ZEEK_LOG_DIRECTORY)s"
autostart=true
startsecs=%(ENV_EXTRACTED_FILE_WATCHER_START_SLEEP)s
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:freshclam]
command=/usr/bin/freshclam freshclam --config-file=/etc/clamav/freshclam.conf --daemon
autostart=%(ENV_EXTRACTED_FILE_UPDATE_RULES)s
autorestart=true
startsecs=0
startretries=0
stopasgroup=true
killasgroup=true
directory=/
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:clamd]
command=/usr/sbin/clamd -c /etc/clamav/clamd.conf
autostart=%(ENV_EXTRACTED_FILE_ENABLE_CLAMAV)s
autorestart=true
startsecs=0
startretries=0
stopasgroup=true
killasgroup=true
directory=/
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:fileserve]
command=/usr/local/bin/zeek_carved_http_server.py
  --port %(ENV_EXTRACTED_FILE_HTTP_SERVER_PORT)s
  --encrypt %(ENV_EXTRACTED_FILE_HTTP_SERVER_ENCRYPT)s
  --directory /data/zeek/extract_files
autostart=%(ENV_EXTRACTED_FILE_HTTP_SERVER_ENABLE)s
autorestart=true
startsecs=0
startretries=0
stopasgroup=true
killasgroup=true
directory=/data/zeek/extract_files
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true

[program:cron]
autorestart=true
command=/usr/local/bin/supercronic -json "%(ENV_SUPERCRONIC_CRONTAB)s"
stopasgroup=true
killasgroup=true
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true