trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
70f1922e8064cfd18378ee7c87145fb72c5fa64f
DetectionLab/Vagrant/resources/malcolm/Dockerfiles/file-upload.Dockerfile
Trinitor 70f1922e80 added Malcolm
2021-08-06 10:35:01 +02:00

110 lines
4.8 KiB
Docker
Raw Blame History

FROM debian:buster-slim AS build
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
ENV DEBIAN_FRONTEND noninteractive
ARG SITE_NAME="Capture File and Log Archive Upload"
ENV SITE_NAME $SITE_NAME
ENV JQUERY_FILE_UPLOAD_VERSION v9.19.1
ENV JQUERY_FILE_UPLOAD_URL "https://github.com/blueimp/jQuery-File-Upload/archive/${JQUERY_FILE_UPLOAD_VERSION}.tar.gz"
RUN apt-get update && \
apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages install --no-install-recommends npm node-encoding git ca-certificates curl wget && \
npm install -g bower && \
mkdir -p /jQuery-File-Upload && \
curl -sSL "$JQUERY_FILE_UPLOAD_URL" | tar xzvf - -C /jQuery-File-Upload --strip-components 1 && \
cd /jQuery-File-Upload && \
bower --allow-root install bootstrap && \
bower --allow-root install jquery && \
bower --allow-root install blueimp-gallery && \
bower --allow-root install bootstrap-tagsinput && \
rm -rf /jQuery-File-Upload/*.html /jQuery-File-Upload/test/ /jQuery-File-Upload/server/gae-go/ \
/jQuery-File-Upload/server/gae-python/
FROM debian:buster-slim AS runtime
LABEL maintainer="malcolm.netsec@gmail.com"
LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/master/README.md'
LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
LABEL org.opencontainers.image.vendor='Cybersecurity and Infrastructure Security Agency'
LABEL org.opencontainers.image.title='malcolmnetsec/file-upload'
LABEL org.opencontainers.image.description='Malcolm container providing an interface for uploading PCAP files and Zeek logs for processing'
ARG DEFAULT_UID=33
ARG DEFAULT_GID=33
ENV DEFAULT_UID $DEFAULT_UID
ENV DEFAULT_GID $DEFAULT_GID
ENV PUSER "www-data"
ENV PGROUP "www-data"
# not dropping privileges globally in this container as required to run SFTP server. this can
# be handled by supervisord instead on an as-needed basis, and/or php-fpm/nginx itself
# will drop privileges to www-data as well.
ENV PUSER_PRIV_DROP false
ENV DEBIAN_FRONTEND noninteractive
ENV TERM xterm
COPY --from=build /jQuery-File-Upload/ /var/www/upload/
RUN apt-get update && \
apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages install --no-install-recommends \
wget \
ca-certificates \
openssh-server \
supervisor \
vim-tiny \
less \
php7.3-gd \
php7.3-fpm \
php7.3-apcu \
nginx-light && \
apt-get clean -y -q && \
rm -rf /var/lib/apt/lists/*
ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
ADD docs/images/logo/Malcolm_banner.png /var/www/upload/Malcolm_banner.png
ADD file-upload/docker-entrypoint.sh /docker-entrypoint.sh
ADD file-upload/jquery-file-upload/bootstrap.min.css /var/www/upload/bower_components/bootstrap/dist/css/bootstrap.min.css
ADD file-upload/jquery-file-upload/index.html /var/www/upload/index.html
ADD file-upload/jquery-file-upload/index.php /var/www/upload/server/php/index.php
ADD file-upload/nginx/sites-available/default /etc/nginx/sites-available/default
ADD file-upload/php/php.ini /etc/php/7.3/fpm/php.ini
ADD file-upload/sshd_config /tmp/sshd_config
ADD file-upload/supervisord.conf /supervisord.conf
RUN mkdir -p /var/run/sshd /var/www/upload/server/php/chroot /run/php && \
mv /var/www/upload/server/php/files /var/www/upload/server/php/chroot && \
ln -s /var/www/upload/server/php/chroot/files /var/www/upload/server/php/files && \
ln -sr /var/www/upload /var/www/upload/upload && \
perl -i -pl -e 's/^#?(\s*PermitRootLogin\s+)[\w\-]+$/$1no/i;' \
-e 's/^#?(\s*PasswordAuthentication\s+)\w+$/$1no/i' /etc/ssh/sshd_config && \
chmod a+x /docker-entrypoint.sh && \
cat /tmp/sshd_config >>/etc/ssh/sshd_config && \
chmod 775 /var/www/upload/server/php/chroot/files && \
chmod 755 /var /var/www /var/www/upload /var/www/upload/server /var/www/upload/server/php \
/var/www/upload/server/php/chroot && \
echo "Put your files into /files. Don't use subdirectories." \
>/var/www/upload/server/php/chroot/README.txt && \
rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/* /var/www/upload/server/php/chroot/files/.gitignore /tmp/sshd_config
VOLUME [ "/var/www/upload/server/php/chroot/files" ]
EXPOSE 22 80
ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh", "/docker-entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf", "-u", "root", "-n"]
# to be populated at build-time:
ARG BUILD_DATE
ARG MALCOLM_VERSION
ARG VCS_REVISION
LABEL org.opencontainers.image.created=$BUILD_DATE
LABEL org.opencontainers.image.version=$MALCOLM_VERSION
LABEL org.opencontainers.image.revision=$VCS_REVISION
Reference in New Issue View Git Blame Copy Permalink