Docker updates (#172)

* Remove unnecessary files * Updates config file for latest options * Changes setup to not require the package installed * Updates docker files * Updates docker instructions
thinkst · Jun 23, 2022 · e4c378d · e4c378d
1 parent b470c24
commit e4c378d
Show file tree

Hide file tree

Showing 8 changed files with 165 additions and 46 deletions.
diff --git a/Dockerfile.latest b/Dockerfile.latest
@@ -1,16 +1,28 @@
-FROM python:3.6-buster
+FROM python:3.7-buster
 
-RUN mkdir -p /opencanary
-
-COPY bin /opencanary/bin
-COPY data /opencanary/data
-COPY opencanary /opencanary/opencanary
-COPY docs /opencanary/docs
-COPY LICENSE /opencanary/LICENSE
-COPY requirements.txt /opencanary/requirements.txt
-COPY setup.py /opencanary/setup.py
+# Download cache lists and install minimal versions
+RUN apt-get update && apt-get -yq install --no-install-recommends \
+    # Required linux dependencies
+    sudo && \
+    # Remove cache lists and clean up anything not needed to minimize image size
+    apt-get autoremove -yq && apt-get clean && rm -rf /var/lib/apt/lists/*
 
+# Create and set the working directory
 WORKDIR /opencanary
 
+# Copy only the files needed to install dependencies
+COPY opencanary/__init__.py ./opencanary/__init__.py
+COPY requirements.txt setup.py ./
+COPY bin /opencanary/bin
+
+# Install the required dependencies
 RUN pip install -r requirements.txt
 
+# Copy in the latest version
+COPY opencanary ./opencanary
+
+# Set the default application we are running
+ENTRYPOINT [ "opencanaryd" ]
+
+# Set the default arguments to be used for the entrypoint
+CMD [ "--dev" ]
diff --git a/Dockerfile.stable b/Dockerfile.stable
@@ -1,14 +1,19 @@
-FROM python:3.6-buster
+FROM python:3.7-buster
 
-WORKDIR /root/
+# Download cache lists and install minimal versions
+RUN apt-get update && apt-get -yq install --no-install-recommends \
+	# Required linux dependencies
+	sudo vim build-essential libssl-dev libffi-dev python-dev libpcap-dev && \
+	# Remove cache lists and clean up anything not needed to minimize image size
+	apt-get autoremove -yq && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-RUN apt update &&\
-	 apt-get install -y sudo vim build-essential libssl-dev libffi-dev python-dev libpcap-dev
+# Install required pip dependencies
 RUN pip install rdpy
 RUN pip install opencanary
-RUN pip install scapy pcapy 
-COPY run.sh /bin/run
-RUN chmod +x /bin/run
+RUN pip install scapy pcapy
 
-CMD /bin/run
+# Set the default application we are running
+ENTRYPOINT [ "opencanaryd" ]
 
+# Set the default arguments to be used for the entrypoint
+CMD [ "--dev" ]
diff --git a/README.md b/README.md
@@ -126,17 +126,58 @@ FAQ
 ---
 We have a FAQ over [here](https://github.com/thinkst/opencanary/wiki)
 
+Docker Compose
+----------------
+
+> Requires [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/install/) installed.
+
+1. Edit the `data/.opencanary.conf` file to enable, disable or customize the services that will run.
+
+1. Edit the `ports` section of the `docker-compose.yml` file to enable/disable the desired ports based on the services you have enabled in the config file.
+
+1. Build and run the container.
+
+    To run the latest Docker image (based on the code on a given branch) run:
+    ```bash
+    docker-compose up -d --build latest
+    ```
+    To run a Docker image based on what has been released in Pypi, run:
+    ```bash
+    docker-compose up -d --build stable
+    ```
+
+> To view the logs run `docker-compose logs latest` or `docker-compose logs stable`
+
+> To stop the container run `docker-compose down`
+
 Docker
 ----------------
 
-To build the latest Docker image (based on the code on a given branch) run:
+> Requires [Docker](https://docs.docker.com/get-docker/) installed.
 
-```bash
-docker build -t opencanary -f Dockerfile.latest .
-```
+1. Edit the `data/.opencanary.conf` file to enable, disable or customize the services that will run.
+
+1. Build a Docker image to run.
+
+    To build the latest Docker image (based on the code on a given branch) run:
+
+    ```bash
+    docker build -t opencanary -f Dockerfile.latest .
+    ```
 
-To build a Docker image based on what has been released in Pypi, run:
+    To build a Docker image based on what has been released in Pypi, run:
+
+    ```bash
+    docker build -t opencanary -f Dockerfile.stable .
+    ```
+
+1. Run the docker image with the following command:
 
 ```bash
-docker build -t opencanary -f Dockerfile.stable .
+# You will need to add/remove the ports you are using by listing them with `-p ##:##`
+docker run --rm --detach -p 21:21 -p 80:80 -v "${PWD}/data/.opencanary.conf":"/root/.opencanary.conf" --name opencanary opencanary
 ```
+
+> To view the logs run `docker logs opencanary`
+
+> To stop the container run `docker stop opencanary`
diff --git a/data/.opencanary.conf b/data/.opencanary.conf
@@ -1,6 +1,7 @@
 {
     "device.node_id": "opencanary-1",
-    "git.enabled": true,
+    "ip.ignorelist": [  ],
+    "git.enabled": false,
     "git.port" : 9418,
     "ftp.enabled": true,
     "ftp.port": 21,
@@ -38,6 +39,9 @@
             "formatters": {
                 "plain": {
                     "format": "%(message)s"
+                },
+                "syslog_rfc": {
+                    "format": "opencanaryd[%(process)-5s:%(thread)d]: %(name)s %(levelname)-5s %(message)s"
                 }
             },
             "handlers": {
@@ -53,6 +57,7 @@
         }
     },
     "portscan.enabled": false,
+    "portscan.ignore_localhost": false,
     "portscan.logfile":"/var/log/kern.log",
     "portscan.synrate": 5,
     "portscan.nmaposrate": 5,
@@ -74,7 +79,7 @@
     "snmp.enabled": false,
     "snmp.port": 161,
     "ntp.enabled": false,
-    "ntp.port": "123",
+    "ntp.port": 123,
     "tftp.enabled": false,
     "tftp.port": 69,
     "tcpbanner.maxnum":10,
@@ -91,7 +96,7 @@
     "tcpbanner_1.keep_alive_interval":300,
     "tcpbanner_1.keep_alive_idle": 300,
     "telnet.enabled": false,
-    "telnet.port": "23",
+    "telnet.port": 23,
     "telnet.banner": "",
     "telnet.honeycreds": [
         {

diff --git a/data/twistd 2.pid b/data/twistd 2.pid
diff --git a/data/twistd.pid b/data/twistd.pid
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,16 +1,56 @@
-version: "3"
+version: "3.4"
+
+x-common: &common
+  restart: unless-stopped
+  volumes:
+    - ./data/.opencanary.conf:/root/.opencanary.conf
+  image: "opencanary"
+  ports:
+    # Comment/un-comment the port lines below to disable/enable the services you are using
+    # FTP
+    - "21:21"
+    # SSH
+    # - "22:22"
+    # Telnet
+    # - "23:23"
+    # TFTP
+    # - "69:69"
+    # HTTP
+    - "80:80"
+    # NTP
+    # - "123:123"
+    # SNMP
+    # - "161:161"
+    # MSSQL
+    # - "1433:1433"
+    # MYSQL
+    # - "3306:3306"
+    # RDP
+    # - "3389:3389"
+    # VNC
+    # - "5000:5000"
+    # SIP
+    # - "5060:5060"
+    # REDIS
+    # - "6379:6379"
+    # TCP Banner
+    # - "8001:8001"
+    # HTTP Proxy
+    # - "8080:8080"
+    # Git
+    # - "9418:9418"
 
 services:
- canary:
-      container_name: opencanary
-      restart: unless-stopped
-      volumes:
-          - ./opencanary/:/etc/opencanaryd/
-          - ./data/:/root/
-      ports:
-              - '21:21'
-              - '888:80'
-      image: 'opencanary'
-      build:
-        context: .
-        dockerfile: Dockerfile.latest
+  latest: # docker-compose up --build -d latest
+    <<: *common
+    container_name: opencanary_latest
+    build:
+      context: .
+      dockerfile: Dockerfile.latest
+
+  stable: # docker-compose up --build -d stable
+    <<: *common
+    container_name: opencanary_stable
+    build:
+      context: .
+      dockerfile: Dockerfile.stable
diff --git a/setup.py b/setup.py
@@ -1,7 +1,25 @@
+import codecs
+import os.path
 from setuptools import setup, find_packages
-
 import sys
-import opencanary
+
+
+def read(rel_path):
+    here = os.path.abspath(os.path.dirname(__file__))
+    with codecs.open(os.path.join(here, rel_path), 'r') as fp:
+        return fp.read()
+
+def get_version(rel_path):
+    """
+    Reading the package version dynamically.
+    https://packaging.python.org/en/latest/guides/single-sourcing-package-version/
+    """
+    for line in read(rel_path).splitlines():
+        if line.startswith('__version__'):
+            delim = '"' if '"' in line else "'"
+            return line.split(delim)[1]
+    else:
+        raise RuntimeError("Unable to find version string.")
 
 requirements = [
     'Twisted==19.10.0',
@@ -24,7 +42,7 @@
 
 setup(
     name='opencanary',
-    version=opencanary.__version__,
+    version=get_version("opencanary/__init__.py"),
     url='http://www.thinkst.com/',
     author='Thinkst Applied Research',
     author_email='info@thinkst.com',