From 1842ec2383e3c05e2a97ee9dd1a7a93d4f40f7ee Mon Sep 17 00:00:00 2001 From: zeus Date: Thu, 23 Dec 2021 14:27:15 +0200 Subject: [PATCH] add --- .../usr/share/swarmlab.io/sec/swarmlab-sec | 159 +++++++++++++++++- 1 file changed, 157 insertions(+), 2 deletions(-) diff --git a/install/usr/share/swarmlab.io/sec/swarmlab-sec b/install/usr/share/swarmlab.io/sec/swarmlab-sec index 69f46ad..f3847ac 100755 --- a/install/usr/share/swarmlab.io/sec/swarmlab-sec +++ b/install/usr/share/swarmlab.io/sec/swarmlab-sec @@ -40,7 +40,7 @@ IMAGE_local="microservice-volatilitywindows" HYBRID_NETWORK="microservice-volatilitywindows" # dont edit #IMAGE_origin="hub.swarmlab.io:5480/hybrid-numpy:latest" -IMAGE_origin="hub.swarmlab.io:5480/hybrid-volatilitywindows" +IMAGE_origin="hub.swarmlab.io:5480/hybrid-volatility" bootstrap="sec_bootstrap" hostnames="auto_update_hosts" hostnames_get="get_hosts" @@ -139,8 +139,86 @@ if [ -d "$Wdir/project" ]; then echo "" echo ">>> Load Origin " cat << EOF > $Wdir/Dockerfile - FROM $IMAGE_origin + FROM $IMAGE_origin # +ARG DEF_ALPINE_VERSION=3.11 +FROM alpine:${DEF_ALPINE_VERSION} AS builder +ARG DEF_USERNAME=root +USER ${DEF_USERNAME} +WORKDIR /tmp/build/ + +# Fetch the symbols from the Volatility 3 framework +RUN curl -fL https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip -o windows.zip && \ + unzip windows.zip + +RUN apk --purge del \ + .build + +FROM alpine:${DEF_ALPINE_VERSION} + +ARG DEF_USERNAME=root +ARG DEF_INSTALL_PREFIX=/usr + +LABEL name="volatility" \ + version="0.1" \ + uri="https://github.com/sk4la/volatility3-docker" \ + maintainer="sk4la " \ + status="beta" + +USER ${DEF_USERNAME} + +WORKDIR ${DEF_INSTALL_PREFIX}/lib + +# Install system dependencies +RUN apk add --no-cache \ + python3 && \ + apk add --no-cache --virtual .build \ + git + +COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/yara-python yara-python + +RUN find . -type d -exec chmod 755 {} \; && \ + find . -type f -exec chmod 644 {} \; + +# Install the Volatility 3 framework +RUN git clone https://github.com/volatilityfoundation/volatility3.git && \ + cd volatility3 && \ + python3 setup.py install && \ + ln -sf ${DEF_INSTALL_PREFIX}/bin/vol ${DEF_INSTALL_PREFIX}/bin/volatility + +WORKDIR ${DEF_INSTALL_PREFIX}/lib/yara-python + +# Install the Python bindings for YARA +RUN python3 setup.py install + +WORKDIR ${DEF_INSTALL_PREFIX}/lib/volatility3/volatility/symbols/ + +#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/linux linux +#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/mac mac +COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/windows windows + +RUN find . -type d -exec chmod 755 {} \; && \ + find . -type f -exec chmod 644 {} \; + +RUN apk --purge del \ + .build + +RUN apk update && apk add --no-cache \ + bash \ + coreutils \ + findutils \ + net-tools \ + tcpdump \ + nmap \ + bind-tools \ + gawk \ + git \ + curl \ + gcc \ + git \ + musl-dev \ + unzip + USER root COPY $bootstrap /usr/bin @@ -226,6 +304,83 @@ if [ "$Wdir" == "$HOME" ]; then cat << EOF > $Wdir/Dockerfile FROM $IMAGE_origin # +ARG DEF_ALPINE_VERSION=3.11 +FROM alpine:${DEF_ALPINE_VERSION} AS builder +ARG DEF_USERNAME=root +USER ${DEF_USERNAME} +WORKDIR /tmp/build/ + +# Fetch the symbols from the Volatility 3 framework +RUN curl -fL https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip -o windows.zip && \ + unzip windows.zip + +RUN apk --purge del \ + .build + +FROM alpine:${DEF_ALPINE_VERSION} + +ARG DEF_USERNAME=root +ARG DEF_INSTALL_PREFIX=/usr + +LABEL name="volatility" \ + version="0.1" \ + uri="https://github.com/sk4la/volatility3-docker" \ + maintainer="sk4la " \ + status="beta" + +USER ${DEF_USERNAME} + +WORKDIR ${DEF_INSTALL_PREFIX}/lib + +# Install system dependencies +RUN apk add --no-cache \ + python3 && \ + apk add --no-cache --virtual .build \ + git + +COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/yara-python yara-python + +RUN find . -type d -exec chmod 755 {} \; && \ + find . -type f -exec chmod 644 {} \; + +# Install the Volatility 3 framework +RUN git clone https://github.com/volatilityfoundation/volatility3.git && \ + cd volatility3 && \ + python3 setup.py install && \ + ln -sf ${DEF_INSTALL_PREFIX}/bin/vol ${DEF_INSTALL_PREFIX}/bin/volatility + +WORKDIR ${DEF_INSTALL_PREFIX}/lib/yara-python + +# Install the Python bindings for YARA +RUN python3 setup.py install + +WORKDIR ${DEF_INSTALL_PREFIX}/lib/volatility3/volatility/symbols/ + +#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/linux linux +#COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/mac mac +COPY --from=builder --chown="${DEF_USERNAME}:${DEF_USERNAME}" /tmp/build/windows windows + +RUN find . -type d -exec chmod 755 {} \; && \ + find . -type f -exec chmod 644 {} \; + +RUN apk --purge del \ + .build + +RUN apk update && apk add --no-cache \ + bash \ + coreutils \ + findutils \ + net-tools \ + tcpdump \ + nmap \ + bind-tools \ + gawk \ + git \ + curl \ + gcc \ + git \ + musl-dev \ + unzip USER root COPY $bootstrap /usr/bin COPY $hostnames_get /usr/bin