Skip to content

Commit

Permalink
Merge remote-tracking branch 'cisa/master'
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmguero
mmguero committed Oct 1, 2020
2 parents 5220c6c + 39d9c18 commit 207dc4f
Show file tree
Hide file tree
Showing 56 changed files with 738 additions and 275 deletions.
38 changes: 32 additions & 6 deletions Dockerfiles/file-monitor.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ ARG EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA=false
ARG CLAMD_SOCKET_FILE=/tmp/clamd.ctl
ARG EXTRACTED_FILE_ENABLE_YARA=false
ARG EXTRACTED_FILE_YARA_CUSTOM_ONLY=false
ARG EXTRACTED_FILE_ENABLE_CAPA=false
ARG EXTRACTED_FILE_CAPA_VERBOSE=false

ENV ZEEK_EXTRACTOR_PATH $ZEEK_EXTRACTOR_PATH
ENV ZEEK_LOG_DIRECTORY $ZEEK_LOG_DIRECTORY
Expand All @@ -64,10 +66,14 @@ ENV EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA $EXTRACTED_FILE_PIPELINE_DEBUG_EXTRA
ENV CLAMD_SOCKET_FILE $CLAMD_SOCKET_FILE
ENV EXTRACTED_FILE_ENABLE_YARA $EXTRACTED_FILE_ENABLE_YARA
ENV EXTRACTED_FILE_YARA_CUSTOM_ONLY $EXTRACTED_FILE_YARA_CUSTOM_ONLY
ENV EXTRACTED_FILE_ENABLE_CAPA $EXTRACTED_FILE_ENABLE_CAPA
ENV EXTRACTED_FILE_CAPA_VERBOSE $EXTRACTED_FILE_CAPA_VERBOSE
ENV YARA_VERSION "4.0.2"
ENV YARA_URL "https://github.com/VirusTotal/yara/archive/v${YARA_VERSION}.tar.gz"
ENV YARA_RULES_URL "https://codeload.github.com/Neo23x0/signature-base/tar.gz/master"
ENV YARA_RULES_DIR "/yara-rules"
ENV CAPA_URL "https://github.com/fireeye/capa"
ENV CAPA_RULES_DIR "/opt/capa-rules"
ENV SRC_BASE_DIR "/usr/local/src"

RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list && \
Expand All @@ -80,6 +86,7 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
clamav-freshclam \
curl \
gcc \
git \
libclamunrar9 \
libjansson-dev \
libjansson4 \
Expand All @@ -89,19 +96,25 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
libssl1.1 \
libtool \
make \
pkg-config && \
pkg-config \
unzip && \
apt-get -y -q install \
inotify-tools \
libzmq5 \
psmisc \
python \
python-dev \
python-pip \
python-backports-shutil-get-terminal-size \
python3 \
python3-bs4 \
python3-dev \
python3-pip \
python3-pyinotify \
python3-requests \
python3-zmq && \
pip3 install clamd supervisor yara-python && \
pip3 install clamd supervisor yara-python python-magic psutil && \
pip2 install flare-capa && \
mkdir -p "${SRC_BASE_DIR}" && \
cd "${SRC_BASE_DIR}" && \
curl -sSL "${YARA_URL}" | tar xzf - -C "${SRC_BASE_DIR}" && \
Expand All @@ -114,35 +127,47 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
--enable-dotnet && \
make && \
make install && \
cd /tmp && \
rm -rf "${SRC_BASE_DIR}"/yara* && \
mkdir -p ./Neo23x0 && \
cd /tmp && \
mkdir -p ./Neo23x0 && \
curl -sSL "$YARA_RULES_URL" | tar xzvf - -C ./Neo23x0 --strip-components 1 && \
mkdir -p "${YARA_RULES_DIR}" && \
cp ./Neo23x0/yara/* ./Neo23x0/vendor/yara/* "${YARA_RULES_DIR}"/ && \
cp ./Neo23x0/LICENSE "${YARA_RULES_DIR}"/_LICENSE && \
rm -rf /tmp/Neo23x0 && \
cd /tmp && \
git clone --depth 1 --single-branch --branch "v$(/usr/local/bin/capa --version 2>&1 | awk '{print $2}')" "${CAPA_URL}" /tmp/capa && \
cd /tmp/capa && \
git submodule init rules && \
git submodule update --depth 1 rules && \
cd /tmp && \
rm -rf "${CAPA_RULES_DIR}" && \
mv /tmp/capa/rules "${CAPA_RULES_DIR}" && \
rm -rf "${CAPA_RULES_DIR}"/.git* /tmp/capa && \
apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages --purge remove \
automake \
build-essential \
gcc \
gcc-8 \
git \
libc6-dev \
libgcc-8-dev \
libjansson-dev \
libmagic-dev \
libssl-dev \
libtool \
make \
python3-dev && \
python-dev \
python3-dev \
unzip && \
apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages autoremove && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
curl -s -S -L -o /var/lib/clamav/main.cvd http://database.clamav.net/main.cvd && \
curl -s -S -L -o /var/lib/clamav/daily.cvd http://database.clamav.net/daily.cvd && \
curl -s -S -L -o /var/lib/clamav/bytecode.cvd http://database.clamav.net/bytecode.cvd && \
groupadd --gid ${DEFAULT_GID} ${PGROUP} && \
useradd -M --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER} && \
useradd -m --uid ${DEFAULT_UID} --gid ${DEFAULT_GID} ${PUSER} && \
usermod -a -G tty ${PUSER} && \
mkdir -p /var/log/clamav /var/lib/clamav && \
chown -R ${PUSER}:${PGROUP} /var/log/clamav /var/lib/clamav && \
Expand All @@ -161,6 +186,7 @@ RUN sed -i "s/buster main/buster main contrib non-free/g" /etc/apt/sources.list
ln -r -s /usr/local/bin/zeek_carve_scanner.py /usr/local/bin/vtot_scan.py && \
ln -r -s /usr/local/bin/zeek_carve_scanner.py /usr/local/bin/clam_scan.py && \
ln -r -s /usr/local/bin/zeek_carve_scanner.py /usr/local/bin/yara_scan.py && \
ln -r -s /usr/local/bin/zeek_carve_scanner.py /usr/local/bin/capa_scan.py && \
ln -r -s /usr/local/bin/zeek_carve_scanner.py /usr/local/bin/malass_scan.py

ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/moloch.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ FROM debian:buster-slim AS build

ENV DEBIAN_FRONTEND noninteractive

ENV MOLOCH_VERSION "2.4.0"
ENV MOLOCH_VERSION "2.4.1"
ENV MOLOCHDIR "/data/moloch"
ENV MOLOCH_URL "https://codeload.github.com/aol/moloch/tar.gz/v${MOLOCH_VERSION}"
ENV MOLOCH_LOCALELASTICSEARCH no
Expand Down
2 changes: 1 addition & 1 deletion Dockerfiles/zeek.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ ENV SRC_BASE_DIR "/usr/local/src"
ENV ZEEK_DIR "/opt/zeek"
ENV ZEEK_PATCH_DIR "${SRC_BASE_DIR}/zeek-patches"
ENV ZEEK_SRC_DIR "${SRC_BASE_DIR}/zeek-${ZEEK_VERSION}"
ENV ZEEK_VERSION "3.0.8"
ENV ZEEK_VERSION "3.0.10"

# using clang now instead of gcc because Spicy depends on it
ENV LLVM_VERSION "10"
Expand Down
Loading

0 comments on commit 207dc4f

Please sign in to comment.