Merge branch 'netbox' of https://github.com/mmguero-dev/Malcolm into …

…development

.dockerignore

@@ -27,3 +27,6 @@ scripts
 !scripts/malcolm_common.py
 zeek-logs
 suricata-logs
+netbox/netbox/media
+netbox/netbox/postgres
+netbox/netbox/redis

.github/workflows/netbox-build-and-push-ghcr.yml

@@ -0,0 +1,62 @@
+name: netbox-build-and-push-ghcr
+
+on:
+  push:
+    branches:
+      - main
+      - development
+    paths:
+      - 'netbox/**'
+      - 'Dockerfiles/netbox.Dockerfile'
+      - 'shared/bin/*'
+      - '.trigger_workflow_build'
+  workflow_dispatch:
+  repository_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      packages: write
+      contents: read
+    steps:
+      -
+        name: Cancel previous run in progress
+        uses: styfle/[email protected]
+        with:
+          ignore_sha: true
+          all_but_latest: true
+          access_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: |
+            image=moby/buildkit:master
+      -
+        name: Log in to registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfiles/netbox.Dockerfile
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/malcolmnetsec/netbox:${{ steps.extract_branch.outputs.branch }}

.github/workflows/postgresql-build-and-push-ghcr.yml

@@ -0,0 +1,61 @@
+name: postgresql-build-and-push-ghcr
+
+on:
+  push:
+    branches:
+      - main
+      - development
+    paths:
+      - 'Dockerfiles/postgresql.Dockerfile'
+      - 'shared/bin/*'
+      - '.trigger_workflow_build'
+  workflow_dispatch:
+  repository_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      packages: write
+      contents: read
+    steps:
+      -
+        name: Cancel previous run in progress
+        uses: styfle/[email protected]
+        with:
+          ignore_sha: true
+          all_but_latest: true
+          access_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: |
+            image=moby/buildkit:master
+      -
+        name: Log in to registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfiles/api.Dockerfile
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/malcolmnetsec/api:${{ steps.extract_branch.outputs.branch }}

.github/workflows/redis-build-and-push-ghcr.yml

@@ -0,0 +1,61 @@
+name: redis-build-and-push-ghcr
+
+on:
+  push:
+    branches:
+      - main
+      - development
+    paths:
+      - 'Dockerfiles/redis.Dockerfile'
+      - 'shared/bin/*'
+      - '.trigger_workflow_build'
+  workflow_dispatch:
+  repository_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      packages: write
+      contents: read
+    steps:
+      -
+        name: Cancel previous run in progress
+        uses: styfle/[email protected]
+        with:
+          ignore_sha: true
+          all_but_latest: true
+          access_token: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Extract branch name
+        shell: bash
+        run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
+        id: extract_branch
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          driver-opts: |
+            image=moby/buildkit:master
+      -
+        name: Log in to registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfiles/api.Dockerfile
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/malcolmnetsec/api:${{ steps.extract_branch.outputs.branch }}

Dockerfiles/api.Dockerfile

@@ -76,7 +76,7 @@ COPY shared/bin/opensearch_status.sh "${APP_HOME}"/
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 RUN    apt-get -q update \
     && apt-get -y -q --no-install-recommends upgrade \
-    && apt-get -y -q --no-install-recommends install curl netcat \
+    && apt-get -y -q --no-install-recommends install curl netcat tini \
     && python3 -m pip install --upgrade pip \
     && python3 -m pip install --no-cache /wheels/* \
     && chmod 755 /usr/local/bin/docker-uid-gid-setup.sh \
@@ -89,7 +89,7 @@ RUN    apt-get -q update \
 
 EXPOSE 5000
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh", "${APP_HOME}/entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh", "${APP_HOME}/entrypoint.sh"]
 
 # to be populated at build-time:
 ARG BUILD_DATE

Dockerfiles/arkime.Dockerfile

@@ -178,6 +178,7 @@ RUN sed -i "s/bullseye main/bullseye main contrib non-free/g" /etc/apt/sources.l
       supervisor \
       vim-tiny \
       wget \
+      tini \
       tar gzip unzip cpio bzip2 lzma xz-utils p7zip-full unrar zlib1g && \
     pip3 install --no-cache-dir beautifulsoup4 pyzmq && \
     ln -sfr $ARKIME_DIR/bin/npm /usr/local/bin/npm && \
@@ -231,7 +232,7 @@ ENV PATH="/opt:$ARKIME_DIR/bin:${PATH}"
 EXPOSE 8000 8005 8081
 WORKDIR $ARKIME_DIR
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh", "/opt/docker_entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh", "/opt/docker_entrypoint.sh"]
 
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]
 

Dockerfiles/dashboards-helper.Dockerfile

@@ -69,7 +69,7 @@ ADD scripts/malcolm_common.py /data/
 
 RUN apk update --no-cache && \
     apk upgrade --no-cache && \
-    apk --no-cache add bash python3 py3-pip curl openssl procps psmisc npm shadow jq && \
+    apk --no-cache add bash python3 py3-pip curl openssl procps psmisc npm shadow jq tini && \
     npm install -g http-server && \
     pip3 install supervisor humanfriendly requests && \
     curl -fsSLO "$SUPERCRONIC_URL" && \
@@ -97,7 +97,7 @@ RUN apk update --no-cache && \
 
 EXPOSE $OFFLINE_REGION_MAPS_PORT
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh"]
 
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]
 

Dockerfiles/dashboards.Dockerfile

@@ -89,6 +89,8 @@ ENV PUSER_PRIV_DROP true
 
 ENV TERM xterm
 
+ENV TINI_VERSION v0.19.0
+
 ARG OPENSEARCH_URL="http://opensearch:9200"
 ARG OPENSEARCH_LOCAL="true"
 ARG CREATE_OS_ARKIME_SESSION_INDEX="true"
@@ -97,7 +99,6 @@ ARG ARKIME_INDEX_PATTERN_ID="arkime_sessions3-*"
 ARG ARKIME_INDEX_TIME_FIELD="firstPacket"
 ARG NODE_OPTIONS="--max_old_space_size=4096"
 
-
 ENV CREATE_OS_ARKIME_SESSION_INDEX $CREATE_OS_ARKIME_SESSION_INDEX
 ENV ARKIME_INDEX_PATTERN $ARKIME_INDEX_PATTERN
 ENV ARKIME_INDEX_PATTERN_ID $ARKIME_INDEX_PATTERN_ID
@@ -111,6 +112,7 @@ ENV NODE_OPTIONS $NODE_OPTIONS
 USER root
 
 COPY --from=build /usr/share/opensearch-dashboards/plugins/sankey_vis/build/kbnSankeyVis.zip /tmp/kbnSankeyVis.zip
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/bin/tini
 
 RUN yum upgrade -y && \
     yum install -y curl psmisc util-linux openssl python3 zip unzip && \
@@ -120,6 +122,7 @@ RUN yum upgrade -y && \
     cd /usr/share/opensearch-dashboards/plugins && \
     /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin install file:///tmp/kbnSankeyVis.zip --allow-root && \
     chown -R ${DEFAULT_UID}:${DEFAULT_GID} /usr/share/opensearch-dashboards/plugins/* && \
+    chmod +x /usr/bin/tini && \
     yum clean all && \
     rm -rf /var/cache/yum
 
@@ -142,7 +145,7 @@ ADD docs/images/favicon/favicon32.png /usr/share/opensearch-dashboards/src/core/
 ADD docs/images/favicon/apple-touch-icon-precomposed.png /usr/share/opensearch-dashboards/src/core/server/core_app/assets/favicons/apple-touch-icon.png
 
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh", "/usr/local/bin/docker_entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh", "/usr/local/bin/docker_entrypoint.sh"]
 
 CMD ["/usr/share/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh"]
 

Dockerfiles/file-monitor.Dockerfile

@@ -119,6 +119,7 @@ RUN sed -i "s/bullseye main/bullseye main contrib non-free/g" /etc/apt/sources.l
       libtool \
       make \
       pkg-config \
+      tini \
       unzip && \
     apt-get  -y -q install \
       inotify-tools \
@@ -224,7 +225,7 @@ VOLUME ["$YARA_RULES_SRC_DIR"]
 EXPOSE 3310
 EXPOSE $EXTRACTED_FILE_HTTP_SERVER_PORT
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh", "/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh", "/docker-entrypoint.sh"]
 
 CMD ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]
 

Dockerfiles/file-upload.Dockerfile

@@ -66,7 +66,8 @@ RUN apt-get -q update && \
       php$PHP_VERSION \
       php$PHP_VERSION-fpm \
       php$PHP_VERSION-apcu \
-      nginx-light && \
+      nginx-light \
+      tini && \
     apt-get clean -y -q && \
     rm -rf /var/lib/apt/lists/*
 
@@ -99,7 +100,7 @@ RUN mkdir -p /var/run/sshd /var/www/upload/server/php/chroot /run/php && \
 VOLUME [ "/var/www/upload/server/php/chroot/files" ]
 EXPOSE 22 80
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh", "/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh", "/docker-entrypoint.sh"]
 
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf", "-u", "root", "-n"]
 

Dockerfiles/filebeat.Dockerfile

@@ -62,8 +62,12 @@ ENV SUPERCRONIC "supercronic-linux-amd64"
 ENV SUPERCRONIC_SHA1SUM "d7f4c0886eb85249ad05ed592902fa6865bb9d70"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
+ENV TINI_VERSION v0.19.0
+
 USER root
 
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/bin/tini
+
 RUN yum install -y epel-release && \
         yum upgrade -y && \
         yum install -y curl inotify-tools file psmisc tar gzip unzip cpio bzip2 lzma xz openssl p7zip p7zip-plugins unar python3-setuptools python3-pip && \
@@ -74,7 +78,8 @@ RUN yum install -y epel-release && \
       echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - && \
       chmod +x "$SUPERCRONIC" && \
       mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" && \
-      ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
+      ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic && \
+    chmod +x /usr/bin/tini
 
 ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 ADD filebeat/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -131,7 +136,7 @@ ENV FILEBEAT_ZEEK_DIR "/zeek/"
 
 VOLUME ["/usr/share/filebeat/data", "/usr/share/filebeat-nginx/data", "/usr/share/filebeat-tcp/data"]
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh"]
 
 CMD ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf", "-u", "root", "-n"]
 

Dockerfiles/freq.Dockerfile

@@ -37,7 +37,8 @@ RUN apt-get -q update && \
       psmisc \
       python3 \
       python3-dev \
-      python3-pip && \
+      python3-pip \
+      tini && \
     pip3 install supervisor six && \
     cd /opt && \
     mkdir -p ./freq_server && \
@@ -60,7 +61,7 @@ WORKDIR /opt/freq_server
 
 EXPOSE $FREQ_PORT
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh"]
 
 CMD ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]
 

Dockerfiles/htadmin.Dockerfile

@@ -51,7 +51,8 @@ RUN apt-get -q update && \
       php$PHP_VERSION-fpm \
       php$PHP_VERSION-gd \
       procps \
-      supervisor && \
+      supervisor \
+      tini && \
     ( yes '' | pecl channel-update pecl.php.net ) && \
     ( yes '' | pecl install mcrypt-$MCRYPT_VERSION ) && \
     ln -s -r /usr/lib/php/20??????/*.so /usr/lib/php/$PHP_VERSION/ && \
@@ -84,7 +85,7 @@ ADD htadmin/nginx/sites-available/default /etc/nginx/sites-available/default
 
 EXPOSE 80
 
-ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh"]
 
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf", "-u", "root", "-n"]