-
Notifications
You must be signed in to change notification settings - Fork 335
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'development' of https://github.com/mmguero-dev/Malcolm …
…into v24.09.0_merge_cisagov
- Loading branch information
Showing
236 changed files
with
6,062 additions
and
1,777 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
FROM --platform=${TARGETPLATFORM} python:3-slim-bookworm as builder | ||
FROM python:3-slim-bookworm as builder | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
ENV TERM xterm | ||
|
@@ -20,7 +18,7 @@ WORKDIR /usr/src/app | |
RUN python3 -m pip wheel --no-cache-dir --no-deps --wheel-dir /usr/src/app/wheels -r requirements.txt \ | ||
&& flake8 --ignore=E203,E501,F401,W503 | ||
|
||
FROM --platform=${TARGETPLATFORM} python:3-slim-bookworm | ||
FROM python:3-slim-bookworm | ||
|
||
# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. | ||
LABEL maintainer="[email protected]" | ||
|
@@ -39,6 +37,7 @@ ENV DEFAULT_GID $DEFAULT_GID | |
ENV PUSER "yeflask" | ||
ENV PGROUP "yeflask" | ||
ENV PUSER_PRIV_DROP true | ||
USER root | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
ENV TERM xterm | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,6 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. | ||
|
||
FROM --platform=${TARGETPLATFORM} debian:12-slim | ||
FROM debian:12-slim | ||
|
||
LABEL maintainer="[email protected]" | ||
LABEL org.opencontainers.image.authors='[email protected]' | ||
|
@@ -27,6 +25,7 @@ ENV PGROUP "arkime" | |
# a final check in docker_entrypoint.sh before startup | ||
ENV PUSER_PRIV_DROP false | ||
ENV PUSER_RLIMIT_UNLOCK true | ||
USER root | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
ENV TERM xterm | ||
|
@@ -65,6 +64,7 @@ ARG PCAP_PIPELINE_VERBOSITY="" | |
ARG PCAP_MONITOR_HOST=pcap-monitor | ||
ARG PCAP_NODE_NAME=malcolm | ||
ARG MAXMIND_GEOIP_DB_LICENSE_KEY="" | ||
ARG MAXMIND_GEOIP_DB_ALTERNATE_DOWNLOAD_URL="" | ||
|
||
# Declare envs vars for each arg | ||
ENV MALCOLM_USERNAME $MALCOLM_USERNAME | ||
|
@@ -123,6 +123,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ | |
libyaml-dev \ | ||
libyara9 \ | ||
libzmq5 \ | ||
lua5.4 \ | ||
lzma \ | ||
p7zip-full \ | ||
procps \ | ||
|
@@ -148,7 +149,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ | |
mkdir -p "${ARKIME_DIR}"/plugins && \ | ||
curl -fsSL -o "${ARKIME_DIR}/plugins/ja4plus.${DEBARCH}.so" "$(echo "${ARKIME_JA4_SO_URL}" | sed "s/XXX/${DEBARCH}/g")" && \ | ||
chmod 755 "${ARKIME_DIR}/plugins/ja4plus.${DEBARCH}.so" && \ | ||
python3 -m pip install --break-system-packages --no-compile --no-cache-dir beautifulsoup4 pyzmq watchdog==4.0.2 && \ | ||
python3 -m pip install --break-system-packages --no-compile --no-cache-dir beautifulsoup4 pyzmq watchdog==5.0.2 && \ | ||
ln -sfr $ARKIME_DIR/bin/npm /usr/local/bin/npm && \ | ||
ln -sfr $ARKIME_DIR/bin/node /usr/local/bin/node && \ | ||
ln -sfr $ARKIME_DIR/bin/npx /usr/local/bin/npx && \ | ||
|
@@ -161,6 +162,7 @@ RUN export DEBARCH=$(dpkg --print-architecture) && \ | |
COPY --chmod=755 shared/bin/docker-uid-gid-setup.sh /usr/local/bin/ | ||
COPY --chmod=755 shared/bin/service_check_passthrough.sh /usr/local/bin/ | ||
COPY --chmod=755 shared/bin/self_signed_key_gen.sh /usr/local/bin/ | ||
COPY --chmod=755 shared/bin/maxmind-mmdb-download.sh /usr/local/bin/ | ||
COPY --chmod=755 shared/bin/nic-capture-setup.sh /usr/local/bin/ | ||
COPY --chmod=755 shared/bin/opensearch_status.sh /opt | ||
COPY --chmod=755 shared/bin/pcap_processor.py /opt/ | ||
|
@@ -179,15 +181,9 @@ COPY --from=ghcr.io/mmguero-dev/gostatic --chmod=755 /goStatic /usr/bin/goStatic | |
# see https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads | ||
# see https://github.com/arkime/arkime/issues/1350 | ||
# see https://github.com/arkime/arkime/issues/1352 | ||
RUN [ ${#MAXMIND_GEOIP_DB_LICENSE_KEY} -gt 1 ] && for DB in ASN Country City; do \ | ||
cd /tmp && \ | ||
curl -s -S -L -o "GeoLite2-$DB.mmdb.tar.gz" "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-$DB&license_key=$MAXMIND_GEOIP_DB_LICENSE_KEY&suffix=tar.gz" && \ | ||
tar xf "GeoLite2-$DB.mmdb.tar.gz" --wildcards --no-anchored '*.mmdb' --strip=1 && \ | ||
mv -v "GeoLite2-$DB.mmdb" $ARKIME_DIR/etc/; \ | ||
rm -f "GeoLite2-$DB*"; \ | ||
done; \ | ||
curl -s -S -L -o $ARKIME_DIR/etc/ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv" && \ | ||
curl -s -S -L -o $ARKIME_DIR/etc/oui.txt "https://www.wireshark.org/download/automated/data/manuf" | ||
RUN ( /usr/local/bin/maxmind-mmdb-download.sh -o $ARKIME_DIR/etc || true ) && \ | ||
curl -s -S -L -o $ARKIME_DIR/etc/ipv4-address-space.csv "https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv" && \ | ||
curl -s -S -L -o $ARKIME_DIR/etc/oui.txt "https://www.wireshark.org/download/automated/data/manuf" | ||
|
||
RUN groupadd --gid $DEFAULT_GID $PGROUP && \ | ||
useradd -M --uid $DEFAULT_UID --gid $DEFAULT_GID --home $ARKIME_DIR $PUSER && \ | ||
|
@@ -201,8 +197,8 @@ RUN groupadd --gid $DEFAULT_GID $PGROUP && \ | |
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip CAP_IPC_LOCK+eip' $ARKIME_DIR/bin/capture && \ | ||
chown root:${PGROUP} /sbin/ethtool && \ | ||
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /sbin/ethtool && \ | ||
mkdir -p /var/run/arkime $ARKIME_DIR/logs && \ | ||
chown -R $PUSER:$PGROUP $ARKIME_DIR/etc $ARKIME_DIR/rules $ARKIME_DIR/logs /var/run/arkime | ||
mkdir -p /var/run/arkime $ARKIME_DIR/logs $ARKIME_DIR/lua && \ | ||
chown -R $PUSER:$PGROUP $ARKIME_DIR/etc $ARKIME_DIR/lua $ARKIME_DIR/rules $ARKIME_DIR/logs /var/run/arkime | ||
#Update Path | ||
ENV PATH="/opt:$ARKIME_DIR/bin:${PATH}" | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
FROM --platform=${TARGETPLATFORM} debian:12-slim | ||
FROM debian:12-slim | ||
|
||
# Copyright (c) 2020 Battelle Energy Alliance, LLC. All rights reserved. | ||
LABEL maintainer="[email protected]" | ||
|
@@ -18,7 +16,14 @@ ENV DEFAULT_UID $DEFAULT_UID | |
ENV DEFAULT_GID $DEFAULT_GID | ||
ENV PUSER "helper" | ||
ENV PGROUP "helper" | ||
# This is to handle an issue when running with rootless podman and | ||
# "userns_mode: keep-id". It seems that anything defined as a VOLUME | ||
# in the Dockerfile is getting set with an ownership of 999:999. | ||
# This is to override that, although I'm not yet sure if there are | ||
# other implications. See containers/podman#23347. | ||
ENV PUSER_CHOWN "/data/init" | ||
ENV PUSER_PRIV_DROP true | ||
USER root | ||
|
||
ENV TERM xterm | ||
|
||
|
@@ -37,7 +42,7 @@ ENV OPENSEARCH_DEFAULT_DASHBOARD $OPENSEARCH_DEFAULT_DASHBOARD | |
ENV DASHBOARDS_DARKMODE $DASHBOARDS_DARKMODE | ||
ENV PATH="/data:${PATH}" | ||
|
||
ENV SUPERCRONIC_VERSION "0.2.30" | ||
ENV SUPERCRONIC_VERSION "0.2.32" | ||
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-" | ||
ENV SUPERCRONIC_CRONTAB "/etc/crontab" | ||
|
||
|
@@ -114,6 +119,7 @@ ENTRYPOINT ["/usr/bin/tini", \ | |
CMD ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"] | ||
# see PUSER_CHOWN comment above | ||
VOLUME ["/data/init"] | ||
# to be populated at build-time: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
FROM --platform=${TARGETPLATFORM} opensearchproject/opensearch-dashboards:2.16.0 | ||
FROM opensearchproject/opensearch-dashboards:2.17.0 | ||
|
||
LABEL maintainer="[email protected]" | ||
LABEL org.opencontainers.image.authors='[email protected]' | ||
|
@@ -18,13 +16,14 @@ ENV DEFAULT_GID $DEFAULT_GID | |
ENV PUSER "opensearch-dashboards" | ||
ENV PGROUP "opensearch-dashboards" | ||
ENV PUSER_PRIV_DROP true | ||
USER root | ||
|
||
ENV TERM xterm | ||
|
||
ENV TINI_VERSION v0.19.0 | ||
ENV TINI_URL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini | ||
|
||
ENV OSD_TRANSFORM_VIS_VERSION 2.15.0 | ||
ENV OSD_TRANSFORM_VIS_VERSION 2.16.0 | ||
|
||
ARG NODE_OPTIONS="--max_old_space_size=4096" | ||
ENV NODE_OPTIONS $NODE_OPTIONS | ||
|
@@ -44,8 +43,8 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') | |
/usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin remove securityDashboards --allow-root && \ | ||
cd /tmp && \ | ||
unzip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \ | ||
sed -i "s/2\.15\.0/2\.16\.0/g" opensearch-dashboards/transformVis/opensearch_dashboards.json && \ | ||
sed -i "s/2\.15\.0/2\.16\.0/g" opensearch-dashboards/transformVis/package.json && \ | ||
sed -i "s/2\.16\.0/2\.17\.0/g" opensearch-dashboards/transformVis/opensearch_dashboards.json && \ | ||
sed -i "s/2\.16\.0/2\.17\.0/g" opensearch-dashboards/transformVis/package.json && \ | ||
zip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \ | ||
cd /usr/share/opensearch-dashboards/plugins && \ | ||
/usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin install file:///tmp/transformVis.zip --allow-root && \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
FROM --platform=${TARGETPLATFORM} alpine:3.20 | ||
FROM alpine:3.20 | ||
|
||
# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. | ||
LABEL maintainer="[email protected]" | ||
|
@@ -19,6 +17,7 @@ ENV DEFAULT_GID $DEFAULT_GID | |
ENV PUSER "dirinit" | ||
ENV PGROUP "dirinit" | ||
ENV PUSER_PRIV_DROP true | ||
USER root | ||
|
||
ENV TERM xterm | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
FROM --platform=${TARGETPLATFORM} debian:12-slim | ||
FROM debian:12-slim | ||
|
||
# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. | ||
LABEL maintainer="[email protected]" | ||
|
@@ -19,6 +17,8 @@ ENV DEFAULT_GID $DEFAULT_GID | |
ENV PUSER "monitor" | ||
ENV PGROUP "monitor" | ||
ENV PUSER_PRIV_DROP true | ||
# see PUSER_CHOWN at the bottom of the file (after the other environment variables it references) | ||
USER root | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
ENV TERM xterm | ||
|
@@ -88,7 +88,7 @@ ENV EXTRACTED_FILE_ENABLE_CAPA $EXTRACTED_FILE_ENABLE_CAPA | |
ENV EXTRACTED_FILE_CAPA_VERBOSE $EXTRACTED_FILE_CAPA_VERBOSE | ||
ENV SRC_BASE_DIR "/usr/local/src" | ||
ENV CLAMAV_RULES_DIR "/var/lib/clamav" | ||
ENV YARA_VERSION "4.5.1" | ||
ENV YARA_VERSION "4.5.2" | ||
ENV YARA_URL "https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz" | ||
ENV YARA_RULES_SRC_DIR "/yara-rules-src" | ||
ENV YARA_RULES_DIR "/yara-rules" | ||
|
@@ -100,7 +100,7 @@ ENV EXTRACTED_FILE_HTTP_SERVER_KEY $EXTRACTED_FILE_HTTP_SERVER_KEY | |
ENV EXTRACTED_FILE_HTTP_SERVER_RECURSIVE $EXTRACTED_FILE_HTTP_SERVER_RECURSIVE | ||
ENV EXTRACTED_FILE_HTTP_SERVER_PORT $EXTRACTED_FILE_HTTP_SERVER_PORT | ||
|
||
ENV SUPERCRONIC_VERSION "0.2.30" | ||
ENV SUPERCRONIC_VERSION "0.2.32" | ||
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-" | ||
ENV SUPERCRONIC_CRONTAB "/etc/crontab" | ||
|
||
|
@@ -159,7 +159,7 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') | |
python-magic \ | ||
stream-zip \ | ||
supervisor \ | ||
watchdog==4.0.2 \ | ||
watchdog==5.0.2 \ | ||
yara-python && \ | ||
curl -fsSL -o /usr/local/bin/supercronic "${SUPERCRONIC_URL}${BINARCH}" && \ | ||
chmod +x /usr/local/bin/supercronic && \ | ||
|
@@ -237,11 +237,18 @@ COPY --chmod=644 shared/bin/watch_common.py /usr/local/bin/ | |
COPY --chmod=644 scripts/malcolm_utils.py /usr/local/bin/ | ||
COPY --chmod=644 file-monitor/supervisord.conf /etc/supervisord.conf | ||
COPY --chmod=755 file-monitor/docker-entrypoint.sh /docker-entrypoint.sh | ||
COPY --chmod=755 file-monitor/*update.sh /usr/local/bin/ | ||
COPY --from=ghcr.io/mmguero-dev/gostatic --chmod=755 /goStatic /usr/bin/goStatic | ||
|
||
WORKDIR /zeek/extract_files | ||
|
||
# This is to handle an issue when running with rootless podman and | ||
# "userns_mode: keep-id". It seems that anything defined as a VOLUME | ||
# in the Dockerfile is getting set with an ownership of 999:999. | ||
# This is to override that, although I'm not yet sure if there are | ||
# other implications. See containers/podman#23347. | ||
ENV PUSER_CHOWN "$CLAMAV_RULES_DIR;$YARA_RULES_DIR;$YARA_RULES_SRC_DIR" | ||
|
||
# see PUSER_CHOWN comment above | ||
VOLUME ["$CLAMAV_RULES_DIR"] | ||
VOLUME ["$YARA_RULES_DIR"] | ||
VOLUME ["$YARA_RULES_SRC_DIR"] | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
FROM --platform=${TARGETPLATFORM} debian:12-slim AS npmget | ||
FROM debian:12-slim AS npmget | ||
|
||
# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. | ||
|
||
|
@@ -17,7 +15,7 @@ RUN apt-get -q update && \ | |
filepond-plugin-file-rename \ | ||
@jcubic/tagger | ||
|
||
FROM --platform=${TARGETPLATFORM} debian:12-slim AS runtime | ||
FROM debian:12-slim AS runtime | ||
|
||
LABEL maintainer="[email protected]" | ||
LABEL org.opencontainers.image.authors='[email protected]' | ||
|
@@ -34,10 +32,17 @@ ENV DEFAULT_UID $DEFAULT_UID | |
ENV DEFAULT_GID $DEFAULT_GID | ||
ENV PUSER "www-data" | ||
ENV PGROUP "www-data" | ||
# This is to handle an issue when running with rootless podman and | ||
# "userns_mode: keep-id". It seems that anything defined as a VOLUME | ||
# in the Dockerfile is getting set with an ownership of 999:999. | ||
# This is to override that, although I'm not yet sure if there are | ||
# other implications. See containers/podman#23347. | ||
ENV PUSER_CHOWN "/var/www/upload/server/php/chroot/files" | ||
# not dropping privileges globally in this container as required to run SFTP server. this can | ||
# be handled by supervisord instead on an as-needed basis, and/or php-fpm/nginx itself | ||
# will drop privileges to www-data as well. | ||
ENV PUSER_PRIV_DROP false | ||
USER root | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
ENV TERM xterm | ||
|
@@ -51,7 +56,7 @@ ENV FILEPOND_SERVER_BRANCH $FILEPOND_SERVER_BRANCH | |
ARG STALE_UPLOAD_DELETE_MIN=360 | ||
ENV STALE_UPLOAD_DELETE_MIN $STALE_UPLOAD_DELETE_MIN | ||
|
||
ENV SUPERCRONIC_VERSION "0.2.30" | ||
ENV SUPERCRONIC_VERSION "0.2.32" | ||
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-" | ||
ENV SUPERCRONIC_CRONTAB "/etc/crontab" | ||
|
||
|
@@ -122,7 +127,9 @@ RUN mkdir -p /run/php \ | |
>/var/www/upload/server/php/chroot/README.txt && \ | ||
rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/* | ||
|
||
# see PUSER_CHOWN comment above | ||
VOLUME [ "/var/www/upload/server/php/chroot/files" ] | ||
|
||
EXPOSE 22 80 | ||
|
||
ENTRYPOINT ["/usr/bin/tini", \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
ARG TARGETPLATFORM=linux/amd64 | ||
|
||
FROM --platform=${TARGETPLATFORM} docker.elastic.co/beats/filebeat-oss:8.15.0 | ||
FROM docker.elastic.co/beats/filebeat-oss:8.15.1 | ||
|
||
# Copyright (c) 2024 Battelle Energy Alliance, LLC. All rights reserved. | ||
LABEL maintainer="[email protected]" | ||
|
@@ -18,10 +16,17 @@ ENV DEFAULT_UID $DEFAULT_UID | |
ENV DEFAULT_GID $DEFAULT_GID | ||
ENV PUSER "filebeat" | ||
ENV PGROUP "filebeat" | ||
# This is to handle an issue when running with rootless podman and | ||
# "userns_mode: keep-id". It seems that anything defined as a VOLUME | ||
# in the Dockerfile is getting set with an ownership of 999:999. | ||
# This is to override that, although I'm not yet sure if there are | ||
# other implications. See containers/podman#23347. | ||
ENV PUSER_CHOWN "/usr/share/filebeat-logs/data;/usr/share/filebeat-nginx/data;/usr/share/filebeat-tcp/data" | ||
# not dropping privileges globally: supervisord will take care of it | ||
# on a case-by-case basis so that one script (filebeat-watch-zeeklogs-uploads-folder.py) | ||
# can chown uploaded files | ||
ENV PUSER_PRIV_DROP false | ||
USER root | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
ENV TERM xterm | ||
|
@@ -62,7 +67,7 @@ ARG FILEBEAT_TCP_PARSE_DROP_FIELD="" | |
ARG FILEBEAT_TCP_TAG="_malcolm_beats" | ||
ARG PCAP_NODE_NAME=malcolm | ||
|
||
ENV SUPERCRONIC_VERSION "0.2.30" | ||
ENV SUPERCRONIC_VERSION "0.2.32" | ||
ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-" | ||
ENV SUPERCRONIC_CRONTAB "/etc/crontab" | ||
|
||
|
@@ -95,13 +100,15 @@ RUN export EVTXARCH=$(uname -m | sed 's/arm64/aarch64/') && \ | |
psmisc \ | ||
python3-pip \ | ||
python3-setuptools \ | ||
python3.9 \ | ||
rsync \ | ||
tar \ | ||
tini \ | ||
unar \ | ||
unzip \ | ||
xz-utils && \ | ||
python3 -m pip install --no-compile --no-cache-dir patool entrypoint2 pyunpack python-magic ordered-set supervisor watchdog==4.0.2 && \ | ||
ln -s -f -r /usr/bin/python3.9 /usr/bin/python3 && \ | ||
python3.9 -m pip install --no-compile --no-cache-dir patool entrypoint2 pyunpack python-magic ordered-set supervisor watchdog==5.0.2 && \ | ||
curl -fsSL -o /usr/local/bin/supercronic "${SUPERCRONIC_URL}${BINARCH}" && \ | ||
chmod +x /usr/local/bin/supercronic && \ | ||
curl -fsSL -o /usr/local/bin/yq "${YQ_URL}${BINARCH}" && \ | ||
|
@@ -170,6 +177,7 @@ ENV FILEBEAT_REGISTRY_FILE "/usr/share/filebeat-logs/data/registry/filebeat/log. | |
ENV FILEBEAT_ZEEK_DIR "/zeek/" | ||
ENV PCAP_NODE_NAME $PCAP_NODE_NAME | ||
|
||
# see PUSER_CHOWN comment above | ||
VOLUME ["/usr/share/filebeat-logs/data", "/usr/share/filebeat-nginx/data", "/usr/share/filebeat-tcp/data"] | ||
|
||
ENTRYPOINT ["/usr/bin/tini", \ | ||
|
Oops, something went wrong.