Skip to content

Commit

Permalink
ISO and Docker image improvements (#35)
Browse files Browse the repository at this point in the history 
* Build DEB package for python3.7 rather than just make altinstall

* Updated build ISO process to create a package for python3.7 rather than just make altinstall

* working on making malcolm iso buster-based

* bump version to 1.3.1

* genericize gitignore

* enable net.ipv4.ip_forward for docker

* issue #34: don't HUP netsniff-ng based on PCAP files that predate the netsniff-ng process being examined

* remove development package required for pip before finishing docker build
  • Loading branch information
@mmguero
mmguero authored Jul 11, 2019
1 parent 0a144b4 commit 1af097b
Show file tree
Hide file tree
Showing 22 changed files with 144 additions and 147 deletions.
1 change: 0 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
/nginx/htpasswd

# development
docker-compose-seth*
.vagrant
malcolm_*images.tar.gz
*.iso
Expand Down
1 change: 1 addition & 0 deletions Dockerfiles/moloch.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,7 @@ RUN sed -i "s/stretch main/stretch main contrib non-free/" /etc/apt/sources.list
ln -sf $MOLOCHDIR/bin/npm /usr/local/bin/npm && \
ln -sf $MOLOCHDIR/bin/node /usr/local/bin/node && \
ln -sf $MOLOCHDIR/bin/npx /usr/local/bin/npx && \
apt-get -q -y --purge remove gcc gcc-6 cpp cpp-6 libssl1.0-dev && \
apt-get -q -y autoremove && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
Expand Down
40 changes: 20 additions & 20 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,16 +108,16 @@ You can then observe that the images have been retrieved by running `docker imag
```
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
malcolmnetsec/nginx-proxy 1.3.0 xxxxxxxxxxxx 16 hours ago 53MB
malcolmnetsec/file-upload 1.3.0 xxxxxxxxxxxx 16 hours ago 214MB
malcolmnetsec/pcap-capture 1.3.0 xxxxxxxxxxxx 17 hours ago 111MB
malcolmnetsec/file-monitor 1.3.0 xxxxxxxxxxxx 17 hours ago 353MB
malcolmnetsec/moloch 1.3.0 xxxxxxxxxxxx 17 hours ago 1.04GB
malcolmnetsec/filebeat-oss 1.3.0 xxxxxxxxxxxx 17 hours ago 454MB
malcolmnetsec/curator 1.3.0 xxxxxxxxxxxx 17 hours ago 303MB
malcolmnetsec/logstash-oss 1.3.0 xxxxxxxxxxxx 17 hours ago 1.14GB
malcolmnetsec/elastalert 1.3.0 xxxxxxxxxxxx 17 hours ago 268MB
malcolmnetsec/kibana-oss 1.3.0 xxxxxxxxxxxx 17 hours ago 850MB
malcolmnetsec/nginx-proxy 1.3.1 xxxxxxxxxxxx 16 hours ago 53MB
malcolmnetsec/file-upload 1.3.1 xxxxxxxxxxxx 16 hours ago 214MB
malcolmnetsec/pcap-capture 1.3.1 xxxxxxxxxxxx 17 hours ago 111MB
malcolmnetsec/file-monitor 1.3.1 xxxxxxxxxxxx 17 hours ago 353MB
malcolmnetsec/moloch 1.3.1 xxxxxxxxxxxx 17 hours ago 1.04GB
malcolmnetsec/filebeat-oss 1.3.1 xxxxxxxxxxxx 17 hours ago 454MB
malcolmnetsec/curator 1.3.1 xxxxxxxxxxxx 17 hours ago 303MB
malcolmnetsec/logstash-oss 1.3.1 xxxxxxxxxxxx 17 hours ago 1.14GB
malcolmnetsec/elastalert 1.3.1 xxxxxxxxxxxx 17 hours ago 268MB
malcolmnetsec/kibana-oss 1.3.1 xxxxxxxxxxxx 17 hours ago 850MB
docker.elastic.co/elasticsearch/elasticsearch-oss 6.8.1 xxxxxxxxxxxx 3 weeks ago 765MB
```

Expand Down Expand Up @@ -1231,16 +1231,16 @@ Pulling nginx-proxy ... done
user@host:~/Malcolm$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
malcolmnetsec/nginx-proxy 1.3.0 xxxxxxxxxxxx 16 hours ago 53MB
malcolmnetsec/file-upload 1.3.0 xxxxxxxxxxxx 16 hours ago 214MB
malcolmnetsec/pcap-capture 1.3.0 xxxxxxxxxxxx 17 hours ago 111MB
malcolmnetsec/file-monitor 1.3.0 xxxxxxxxxxxx 17 hours ago 353MB
malcolmnetsec/curator 1.3.0 xxxxxxxxxxxx 17 hours ago 303MB
malcolmnetsec/moloch 1.3.0 xxxxxxxxxxxx 17 hours ago 1.04GB
malcolmnetsec/filebeat-oss 1.3.0 xxxxxxxxxxxx 17 hours ago 454MB
malcolmnetsec/logstash-oss 1.3.0 xxxxxxxxxxxx 17 hours ago 1.14GB
malcolmnetsec/elastalert 1.3.0 xxxxxxxxxxxx 17 hours ago 268MB
malcolmnetsec/kibana-oss 1.3.0 xxxxxxxxxxxx 17 hours ago 850MB
malcolmnetsec/nginx-proxy 1.3.1 xxxxxxxxxxxx 16 hours ago 53MB
malcolmnetsec/file-upload 1.3.1 xxxxxxxxxxxx 16 hours ago 214MB
malcolmnetsec/pcap-capture 1.3.1 xxxxxxxxxxxx 17 hours ago 111MB
malcolmnetsec/file-monitor 1.3.1 xxxxxxxxxxxx 17 hours ago 353MB
malcolmnetsec/curator 1.3.1 xxxxxxxxxxxx 17 hours ago 303MB
malcolmnetsec/moloch 1.3.1 xxxxxxxxxxxx 17 hours ago 1.04GB
malcolmnetsec/filebeat-oss 1.3.1 xxxxxxxxxxxx 17 hours ago 454MB
malcolmnetsec/logstash-oss 1.3.1 xxxxxxxxxxxx 17 hours ago 1.14GB
malcolmnetsec/elastalert 1.3.1 xxxxxxxxxxxx 17 hours ago 268MB
malcolmnetsec/kibana-oss 1.3.1 xxxxxxxxxxxx 17 hours ago 850MB
docker.elastic.co/elasticsearch/elasticsearch-oss 6.8.1 xxxxxxxxxxxx 3 weeks ago 765MB
```

Expand Down
20 changes: 10 additions & 10 deletions docker-compose-standalone-zeek-live.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ services:
- ./elasticsearch:/usr/share/elasticsearch/data:delegated
- ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
kibana:
image: malcolmnetsec/kibana-oss:1.3.0
image: malcolmnetsec/kibana-oss:1.3.1
hostname: kibana
environment:
<< : *kibana-variables
Expand All @@ -126,7 +126,7 @@ services:
retries: 3
start_period: 200s
elastalert:
image: malcolmnetsec/elastalert:1.3.0
image: malcolmnetsec/elastalert:1.3.1
hostname: elastalert
environment:
ELASTICSEARCH_URL : 'http://elasticsearch:9200'
Expand All @@ -149,7 +149,7 @@ services:
- ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
- ./elastalert/rules/:/opt/elastalert/rules/
curator:
image: malcolmnetsec/curator:1.3.0
image: malcolmnetsec/curator:1.3.1
hostname: curator
environment:
<< : *curator-variables
Expand All @@ -158,7 +158,7 @@ services:
depends_on:
- elasticsearch
logstash:
image: malcolmnetsec/logstash-oss:1.3.0
image: malcolmnetsec/logstash-oss:1.3.1
hostname: logstash
environment:
<< : *logstash-variables
Expand All @@ -185,7 +185,7 @@ services:
- ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
- ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
filebeat:
image: malcolmnetsec/filebeat-oss:1.3.0
image: malcolmnetsec/filebeat-oss:1.3.1
hostname: filebeat
environment:
<< : *common-upload-variables
Expand All @@ -209,7 +209,7 @@ services:
- ./filebeat/certs/client.crt:/certs/client.crt:ro
- ./filebeat/certs/client.key:/certs/client.key:ro
moloch:
image: malcolmnetsec/moloch:1.3.0
image: malcolmnetsec/moloch:1.3.1
hostname: moloch
env_file:
- ./auth.env
Expand Down Expand Up @@ -241,7 +241,7 @@ services:
- ./moloch-logs:/data/moloch/logs
- ./moloch-raw:/data/moloch/raw
file-monitor:
image: malcolmnetsec/file-monitor:1.3.0
image: malcolmnetsec/file-monitor:1.3.1
hostname: filemon
environment:
<< : *zeek-file-extraction-variables
Expand All @@ -251,7 +251,7 @@ services:
- ./zeek-logs/extract_files:/data/zeek/extract_files
- ./zeek-logs/current:/data/zeek/logs
pcap-capture:
image: malcolmnetsec/pcap-capture:1.3.0
image: malcolmnetsec/pcap-capture:1.3.1
network_mode: host
ulimits:
memlock:
Expand All @@ -267,7 +267,7 @@ services:
volumes:
- ./pcap/upload:/pcap
upload:
image: malcolmnetsec/file-upload:1.3.0
image: malcolmnetsec/file-upload:1.3.1
hostname: upload
env_file:
- ./auth.env
Expand All @@ -283,7 +283,7 @@ services:
volumes:
- ./pcap/upload:/var/www/upload/server/php/chroot/files
nginx-proxy:
image: malcolmnetsec/nginx-proxy:1.3.0
image: malcolmnetsec/nginx-proxy:1.3.1
hostname: nginx-proxy
depends_on:
- moloch
Expand Down
20 changes: 10 additions & 10 deletions docker-compose-standalone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ services:
- ./elasticsearch:/usr/share/elasticsearch/data:delegated
- ./elasticsearch-backup:/opt/elasticsearch/backup:delegated
kibana:
image: malcolmnetsec/kibana-oss:1.3.0
image: malcolmnetsec/kibana-oss:1.3.1
hostname: kibana
environment:
<< : *kibana-variables
Expand All @@ -126,7 +126,7 @@ services:
retries: 3
start_period: 200s
elastalert:
image: malcolmnetsec/elastalert:1.3.0
image: malcolmnetsec/elastalert:1.3.1
hostname: elastalert
environment:
ELASTICSEARCH_URL : 'http://elasticsearch:9200'
Expand All @@ -149,7 +149,7 @@ services:
- ./elastalert/config/config.json:/opt/elastalert-server/config/config.json
- ./elastalert/rules/:/opt/elastalert/rules/
curator:
image: malcolmnetsec/curator:1.3.0
image: malcolmnetsec/curator:1.3.1
hostname: curator
environment:
<< : *curator-variables
Expand All @@ -158,7 +158,7 @@ services:
depends_on:
- elasticsearch
logstash:
image: malcolmnetsec/logstash-oss:1.3.0
image: malcolmnetsec/logstash-oss:1.3.1
hostname: logstash
environment:
<< : *logstash-variables
Expand All @@ -185,7 +185,7 @@ services:
- ./cidr-map.txt:/usr/share/logstash/config/cidr-map.txt:ro
- ./host-map.txt:/usr/share/logstash/config/host-map.txt:ro
filebeat:
image: malcolmnetsec/filebeat-oss:1.3.0
image: malcolmnetsec/filebeat-oss:1.3.1
hostname: filebeat
environment:
<< : *common-upload-variables
Expand All @@ -209,7 +209,7 @@ services:
- ./filebeat/certs/client.crt:/certs/client.crt:ro
- ./filebeat/certs/client.key:/certs/client.key:ro
moloch:
image: malcolmnetsec/moloch:1.3.0
image: malcolmnetsec/moloch:1.3.1
hostname: moloch
env_file:
- ./auth.env
Expand Down Expand Up @@ -241,7 +241,7 @@ services:
- ./moloch-logs:/data/moloch/logs
- ./moloch-raw:/data/moloch/raw
file-monitor:
image: malcolmnetsec/file-monitor:1.3.0
image: malcolmnetsec/file-monitor:1.3.1
hostname: filemon
environment:
<< : *zeek-file-extraction-variables
Expand All @@ -251,7 +251,7 @@ services:
- ./zeek-logs/extract_files:/data/zeek/extract_files
- ./zeek-logs/current:/data/zeek/logs
pcap-capture:
image: malcolmnetsec/pcap-capture:1.3.0
image: malcolmnetsec/pcap-capture:1.3.1
network_mode: host
ulimits:
memlock:
Expand All @@ -267,7 +267,7 @@ services:
volumes:
- ./pcap/upload:/pcap
upload:
image: malcolmnetsec/file-upload:1.3.0
image: malcolmnetsec/file-upload:1.3.1
hostname: upload
env_file:
- ./auth.env
Expand All @@ -283,7 +283,7 @@ services:
volumes:
- ./pcap/upload:/var/www/upload/server/php/chroot/files
nginx-proxy:
image: malcolmnetsec/nginx-proxy:1.3.0
image: malcolmnetsec/nginx-proxy:1.3.1
hostname: nginx-proxy
depends_on:
- moloch
Expand Down
20 changes: 10 additions & 10 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/kibana.Dockerfile
image: malcolmnetsec/kibana-oss:1.3.0
image: malcolmnetsec/kibana-oss:1.3.1
hostname: kibana
environment:
<< : *kibana-variables
Expand All @@ -132,7 +132,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/elastalert.Dockerfile
image: malcolmnetsec/elastalert:1.3.0
image: malcolmnetsec/elastalert:1.3.1
hostname: elastalert
environment:
ELASTICSEARCH_URL : 'http://elasticsearch:9200'
Expand All @@ -158,7 +158,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/curator.Dockerfile
image: malcolmnetsec/curator:1.3.0
image: malcolmnetsec/curator:1.3.1
hostname: curator
environment:
<< : *curator-variables
Expand All @@ -172,7 +172,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/logstash.Dockerfile
image: malcolmnetsec/logstash-oss:1.3.0
image: malcolmnetsec/logstash-oss:1.3.1
hostname: logstash
environment:
<< : *logstash-variables
Expand Down Expand Up @@ -209,7 +209,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/filebeat.Dockerfile
image: malcolmnetsec/filebeat-oss:1.3.0
image: malcolmnetsec/filebeat-oss:1.3.1
hostname: filebeat
environment:
<< : *common-upload-variables
Expand Down Expand Up @@ -237,7 +237,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/moloch.Dockerfile
image: malcolmnetsec/moloch:1.3.0
image: malcolmnetsec/moloch:1.3.1
hostname: moloch
env_file:
- ./auth.env
Expand Down Expand Up @@ -275,7 +275,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/file-monitor.Dockerfile
image: malcolmnetsec/file-monitor:1.3.0
image: malcolmnetsec/file-monitor:1.3.1
hostname: filemon
environment:
<< : *zeek-file-extraction-variables
Expand All @@ -288,7 +288,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/pcap-capture.Dockerfile
image: malcolmnetsec/pcap-capture:1.3.0
image: malcolmnetsec/pcap-capture:1.3.1
network_mode: host
ulimits:
memlock:
Expand All @@ -307,7 +307,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/file-upload.Dockerfile
image: malcolmnetsec/file-upload:1.3.0
image: malcolmnetsec/file-upload:1.3.1
hostname: upload
env_file:
- ./auth.env
Expand All @@ -326,7 +326,7 @@ services:
build:
context: .
dockerfile: Dockerfiles/nginx.Dockerfile
image: malcolmnetsec/nginx-proxy:1.3.0
image: malcolmnetsec/nginx-proxy:1.3.1
hostname: nginx-proxy
depends_on:
- moloch
Expand Down
6 changes: 3 additions & 3 deletions iso-build/build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

IMAGE_NAME=malcolm
IMAGE_VERSION=1.0.0
IMAGE_DISTRIBUTION=stretch
IMAGE_DISTRIBUTION=buster

BUILD_ERROR_CODE=1

Expand Down Expand Up @@ -73,7 +73,7 @@ if [ -d "$WORKDIR" ]; then
# make sure we install the newer kernel, firmwares, and kernel headers
echo "linux-image-$(uname -r)" > ./config/package-lists/kernel.list.chroot
echo "linux-headers-$(uname -r)" >> ./config/package-lists/kernel.list.chroot
echo "linux-compiler-gcc-6-x86=$(dpkg -s linux-compiler-gcc-6-x86 | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
echo "linux-compiler-gcc-8-x86=$(dpkg -s linux-compiler-gcc-8-x86 | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
echo "linux-kbuild-4.19=$(dpkg -s linux-kbuild-4.19 | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
echo "firmware-linux=$(dpkg -s firmware-linux | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
echo "firmware-linux-nonfree=$(dpkg -s firmware-linux-nonfree | grep ^Version: | cut -d' ' -f2)" >> ./config/package-lists/kernel.list.chroot
Expand Down Expand Up @@ -152,7 +152,7 @@ if [ -d "$WORKDIR" ]; then
--binary-images iso-hybrid \
--bootloaders "syslinux,grub-efi" \
--chroot-filesystem squashfs \
--backports true \
--backports false \
--security true \
--updates true \
--source false \
Expand Down
2 changes: 1 addition & 1 deletion iso-build/config/archives/docker.list.binary
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
deb [arch=amd64] https://download.docker.com/linux/debian buster stable

2 changes: 1 addition & 1 deletion iso-build/config/archives/docker.list.chroot
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
deb [arch=amd64] https://download.docker.com/linux/debian stretch stable
deb [arch=amd64] https://download.docker.com/linux/debian buster stable

21 changes: 0 additions & 21 deletions iso-build/config/hooks/normal/0168-python-install.hook.chroot
View file

This file was deleted.

Loading

0 comments on commit 1af097b

Please sign in to comment.