add

2 years ago · 1842ec2383
1 changed files with 157 additions and 2 deletions
--- a/install/usr/share/swarmlab.io/sec/swarmlab-sec
+++ b/install/usr/share/swarmlab.io/sec/swarmlab-sec
@ -40,7 +40,7 @@ IMAGE_local="microservice-volatilitywindows"
 HYBRID_NETWORK="microservice-volatilitywindows"
 # dont edit
 #IMAGE_origin="hub.swarmlab.io:5480/hybrid-numpy:latest"
-IMAGE_origin="hub.swarmlab.io:5480/hybrid-volatilitywindows"
+IMAGE_origin="hub.swarmlab.io:5480/hybrid-volatility"
 bootstrap="sec_bootstrap"
 hostnames="auto_update_hosts"
 hostnames_get="get_hosts"
@ -139,8 +139,86 @@ if [ -d "$Wdir/project" ]; then
        	echo ""
 		echo ">>>	Load Origin 	"
 		cat << EOF > $Wdir/Dockerfile
-		FROM $IMAGE_origin
+		FROM $IMAGE_origin 
 		#
+ARG DEF_ALPINE_VERSION=3.11
+FROM alpine:${DEF_ALPINE_VERSION} AS builder
+ARG DEF_USERNAME=root
+USER ${DEF_USERNAME}
+WORKDIR /tmp/build/
+
+# Fetch the symbols from the Volatility 3 framework
+RUN curl -fL https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip -o windows.zip && \
+    unzip windows.zip
+
+RUN apk --purge del \
+    .build
+
+FROM alpine:${DEF_ALPINE_VERSION}
+
+ARG DEF_USERNAME=root
+ARG DEF_INSTALL_PREFIX=/usr
+
+LABEL name="volatility"                                 \
+      version="0.1"                                     \
+      uri="https://github.com/sk4la/volatility3-docker" \
+      maintainer="sk4la <sk4la.box@gmail.com>"          \
+      status="beta"
+
+USER ${DEF_USERNAME}
+
+WORKDIR ${DEF_INSTALL_PREFIX}/lib
+
+# Install system dependencies
+RUN apk add --no-cache                  \
+    python3                          && \
+    apk add --no-cache --virtual .build \
+    git
+
+COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/yara-python yara-python
+
+RUN find . -type d -exec chmod 755 {} \; && \
+    find . -type f -exec chmod 644 {} \;
+
+# Install the Volatility 3 framework
+RUN git clone https://github.com/volatilityfoundation/volatility3.git && \
+    cd volatility3                                                    && \
+    python3 setup.py install                                          && \
+    ln -sf ${DEF_INSTALL_PREFIX}/bin/vol ${DEF_INSTALL_PREFIX}/bin/volatility
+
+WORKDIR ${DEF_INSTALL_PREFIX}/lib/yara-python
+
+# Install the Python bindings for YARA
+RUN python3 setup.py install
+
+WORKDIR ${DEF_INSTALL_PREFIX}/lib/volatility3/volatility/symbols/
+
+#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/linux linux
+#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/mac mac
+COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/windows windows
+
+RUN find . -type d -exec chmod 755 {} \; && \
+    find . -type f -exec chmod 644 {} \;
+
+RUN apk --purge del \
+    .build
+
+RUN apk update && apk add --no-cache \
+    bash \
+    coreutils \
+    findutils \
+    net-tools \
+    tcpdump \
+    nmap \
+    bind-tools \
+    gawk \
+    git \
+    curl                                \
+    gcc                                 \
+    git                                 \
+    musl-dev                            \
+    unzip
+
 		USER root

 		COPY $bootstrap /usr/bin
@ -226,6 +304,83 @@ if [ "$Wdir" ==  "$HOME" ]; then
 		cat << EOF > $Wdir/Dockerfile
 		FROM $IMAGE_origin
 		#
+ARG DEF_ALPINE_VERSION=3.11
+FROM alpine:${DEF_ALPINE_VERSION} AS builder
+ARG DEF_USERNAME=root
+USER ${DEF_USERNAME}
+WORKDIR /tmp/build/
+
+# Fetch the symbols from the Volatility 3 framework
+RUN curl -fL https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip -o windows.zip && \
+    unzip windows.zip
+
+RUN apk --purge del \
+    .build
+
+FROM alpine:${DEF_ALPINE_VERSION}
+
+ARG DEF_USERNAME=root
+ARG DEF_INSTALL_PREFIX=/usr
+
+LABEL name="volatility"                                 \
+      version="0.1"                                     \
+      uri="https://github.com/sk4la/volatility3-docker" \
+      maintainer="sk4la <sk4la.box@gmail.com>"          \
+      status="beta"
+
+USER ${DEF_USERNAME}
+
+WORKDIR ${DEF_INSTALL_PREFIX}/lib
+
+# Install system dependencies
+RUN apk add --no-cache                  \
+    python3                          && \
+    apk add --no-cache --virtual .build \
+    git
+
+COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/yara-python yara-python
+
+RUN find . -type d -exec chmod 755 {} \; && \
+    find . -type f -exec chmod 644 {} \;
+
+# Install the Volatility 3 framework
+RUN git clone https://github.com/volatilityfoundation/volatility3.git && \
+    cd volatility3                                                    && \
+    python3 setup.py install                                          && \
+    ln -sf ${DEF_INSTALL_PREFIX}/bin/vol ${DEF_INSTALL_PREFIX}/bin/volatility
+
+WORKDIR ${DEF_INSTALL_PREFIX}/lib/yara-python
+
+# Install the Python bindings for YARA
+RUN python3 setup.py install
+
+WORKDIR ${DEF_INSTALL_PREFIX}/lib/volatility3/volatility/symbols/
+
+#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/linux linux
+#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/mac mac
+COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/windows windows
+
+RUN find . -type d -exec chmod 755 {} \; && \
+    find . -type f -exec chmod 644 {} \;
+
+RUN apk --purge del \
+    .build
+
+RUN apk update && apk add --no-cache \
+    bash \
+    coreutils \
+    findutils \
+    net-tools \
+    tcpdump \
+    nmap \
+    bind-tools \
+    gawk \
+    git \
+    curl                                \
+    gcc                                 \
+    git                                 \
+    musl-dev                            \
+    unzip
 		USER root
 		COPY $bootstrap /usr/bin
 		COPY $hostnames_get /usr/bin