Skip to content

Commit

Permalink
Merge branch 'StamusNetworks:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
universalbit-dev authored Jul 1, 2024
2 parents a1b6a4e + 4af455c commit a6e63fd
Show file tree
Hide file tree
Showing 9 changed files with 345 additions and 267 deletions.
4 changes: 2 additions & 2 deletions build-debian-live.sh
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ then
### END Kernel Version choice ###

lb config \
-a amd64 -d bullseye \
-a amd64 -d bookworm \
--archive-areas "main contrib" \
--swap-file-size 2048 \
--bootloader syslinux \
Expand All @@ -202,7 +202,7 @@ then
else

cd Stamus-Live-Build && lb config \
-a amd64 -d bullseye \
-a amd64 -d bookworm \
--archive-areas "main contrib" \
--swap-file-size 2048 \
--debian-installer live \
Expand Down
62 changes: 36 additions & 26 deletions docker/Arkime/Arkime.dockerfile
Original file line number Diff line number Diff line change
@@ -1,46 +1,56 @@
FROM debian:bullseye


FROM debian:bullseye as installer

# Declare args
ARG ARKIME_VERSION=3.2.1
ARG ARKIME_VERSION=5.0.0
ARG UBUNTU_VERSION=20.04
ARG ARKIME_DEB_PACKAGE="arkime_"$ARKIME_VERSION"-1_amd64.deb"
ARG ARKIMEDIR "/opt/arkime"

# Declare envs vars for each arg
ENV ARKIME_VERSION $ARKIME_VERSION
ENV UBUNTU_VERSION $UBUNTU_VERSION
ENV ARKIME_DEB_PACKAGE $ARKIME_DEB_PACKAGE
ENV ARKIMEDIR "/opt/arkime"


# Install Arkime
RUN apt-get update && apt-get install -y curl wget logrotate
RUN mkdir -p /tmp /suricata-logs

WORKDIR /tmp
RUN wget -q "https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-"$UBUNTU_VERSION"/"$ARKIME_DEB_PACKAGE
RUN apt-get install -y ./$ARKIME_DEB_PACKAGE

RUN wget -q -O /opt/arkime/etc/oui.txt "https://www.wireshark.org/download/automated/data/manuf"
RUN $ARKIMEDIR/bin/arkime_update_geo.sh


# add config

FROM debian:bullseye as runner

# Declare args

ENV ES_HOST "elasticsearch"
ENV ES_PORT 9200
ENV ARKIME_ADMIN_USERNAME "selks-user"
ENV ARKIME_ADMIN_PASSWORD "selks-user"
ENV ARKIME_HOSTNAME "arkime"
ENV ARKIMEDIR "/opt/arkime"

# Add entrypoint
RUN apt-get update && apt-get install -y libpcre3 libyaml-0-2 libssl1.1 libmagic1 curl libwww-perl libjson-perl

COPY --from=installer $ARKIMEDIR $ARKIMEDIR

COPY start-arkimeviewer.sh /start-arkimeviewer.sh
COPY arkimepcapread-selks-config.ini /opt/arkime/etc/config.ini

# Install Arkime
RUN apt-get update && \
apt-get install -y curl libmagic-dev wget logrotate && \
mkdir -p /data && \
mkdir -p /suricata-logs && \
cd /data && \
wget -q "https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-"$UBUNTU_VERSION"/"$ARKIME_DEB_PACKAGE && \
apt-get install -y ./$ARKIME_DEB_PACKAGE && \
mv $ARKIMEDIR/etc /data/config && \
ln -s /data/config $ARKIMEDIR/etc && \
ln -s /data/logs $ARKIMEDIR/logs && \
ln -s /data/pcap $ARKIMEDIR/raw && \
wget -q -O /data/config/oui.txt "https://www.wireshark.org/download/automated/data/manuf" && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* && \
rm /data/$ARKIME_DEB_PACKAGE && \
$ARKIMEDIR/bin/arkime_update_geo.sh && \
chmod 755 /start-arkimeviewer.sh && \
RUN chmod 755 /start-arkimeviewer.sh && \
mkdir -p /readpcap

# add config
COPY arkimepcapread-selks-config.ini /data/config/config.ini

VOLUME ["/data/pcap", "/data/config", "/data/logs"]
EXPOSE 8005
WORKDIR $ARKIMEDIR

ENTRYPOINT ["/start-arkimeviewer.sh"]
ENTRYPOINT [ "bash", "-c" ]
CMD ["/start-arkimeviewer.sh"]
7 changes: 4 additions & 3 deletions docker/Arkime/arkimepcapread-selks-config.ini
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
# SELKS5 proxy conf for Kibana 6 dashboards scripted fields
webBasePath = /moloch/
viewHost = 0.0.0.0
userNameHeader=remote_user
authMode = anonymous
userAuthIps = 0.0.0.0/0

# Semicolon ';' separated list of plugins to load and the order to load in
plugins=suricata.so
Expand Down Expand Up @@ -142,11 +143,11 @@ geoLite2ASN = /data/GeoLite2-ASN.mmdb

# Path of the rir assignments file
# https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.csv
rirFile = /data/config/ipv4-address-space.csv
rirFile = /opt/arkime/etc/ipv4-address-space.csv

# Path of the OUI file from whareshark
# https://raw.githubusercontent.com/wireshark/wireshark/master/manuf
ouiFile = /data/config/oui.txt
ouiFile = /opt/arkime/etc/oui.txt

# User to drop privileges to. The pcapDir must be writable by this user or group below
#dropUser=nobody
Expand Down
9 changes: 6 additions & 3 deletions docker/Arkime/start-arkimeviewer.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

echo "Using ES_HOST: $ES_HOST and ES_PORT: $ES_PORT"
echo "Giving ES time to start..."
until curl -sS "http://$ES_HOST:$ES_PORT/_cluster/health?wait_for_status=yellow" > /dev/null 2>&1
until curl -sS "http://$ES_HOST:$ES_PORT/_cluster/health"
do
echo "Waiting for ES to start"
sleep 3
Expand All @@ -20,11 +20,14 @@ done
export ARKIME_ELASTICSEARCH="http://"$ES_HOST":"$ES_PORT

if [ ! -f $ARKIMEDIR/etc/.initialized ]; then
echo "Initializing ES database..."
echo INIT | $ARKIMEDIR/db/db.pl $ARKIME_ELASTICSEARCH init
$ARKIMEDIR/bin/arkime_add_user.sh $ARKIME_ADMIN_USERNAME "SELKS Admin User" $ARKIME_ADMIN_PASSWORD --admin
$ARKIMEDIR/bin/arkime_add_user.sh moloch moloch moloch --admin --webauth
echo $ARKIME_VERSION > $ARKIMEDIR/etc/.initialized
echo UPGRADE | $ARKIMEDIR/db/db.pl http://$ES_HOST:$ES_PORT upgrade
else
echo "ES database already initialized..."
# possible update
read old_ver < $ARKIMEDIR/etc/.initialized
# detect the newer version
Expand All @@ -50,4 +53,4 @@ echo " password: $ARKIME_ADMIN_PASSWORD"

echo "Launch viewer..."
cd $ARKIMEDIR/viewer
$ARKIMEDIR/bin/node $ARKIMEDIR/viewer/viewer.js >> $ARKIMEDIR/logs/viewer.log 2>&1
$ARKIMEDIR/bin/node $ARKIMEDIR/viewer/viewer.js >> $ARKIMEDIR/logs/viewer.log 2>&1
Loading

0 comments on commit a6e63fd

Please sign in to comment.