prep for 18.04

docker/glastopf/Dockerfile

@@ -1,22 +1,52 @@
-FROM alpine 
-MAINTAINER MO 
+FROM alpine
 
 # Include dist
 ADD dist/ /root/dist/
 
 # Install packages
-RUN apk -U upgrade && \
-    apk add autoconf bash bind-tools build-base cython git libffi libffi-dev make py-asn1 \
-            py-cffi py-chardet py-chardet py-cparser py-cryptography py-dateutil \
-            py-enum34 py-idna py-ipaddress py-jinja2 py-lxml py-mysqldb py-openssl \
-            py-pip py-requests py-setuptools python python-dev && \
+RUN apk -U --no-cache add autoconf \
+               bash \
+               bind-tools \
+               build-base \
+               cython \
+               git \
+               libffi \
+               libffi-dev \
+               libcap \
+               make \
+               py-asn1 \
+               py-cffi \
+               py-chardet \
+               py-cparser \
+               py-cryptography \
+               py-dateutil \
+               py-enum34 \
+               py-idna \
+               py-ipaddress \
+               py-jinja2 \
+               py-lxml \
+               py-mysqldb \
+               py-openssl \
+               py-pip \
+               py-requests \
+               py-setuptools \
+               python \
+               python-dev && \
     apk -U add --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ \
-            py-beautifulsoup4 php7 php7-dev py-cssselect py-gevent py-greenlet py-mongo \
-            py-sqlalchemy py-webob && \
+               py-beautifulsoup4 \
+               php7 \
+               php7-dev \
+               py-cssselect \
+               py-gevent \
+               py-greenlet \
+               py-mongo \
+               py-sqlalchemy \
+               py-webob && \
 
 # Install php sandbox from git
-    git clone https://github.com/glastopf/BFR.git /opt/BFR && \
+    git clone https://github.com/mushorg/BFR /opt/BFR && \
     cd /opt/BFR && \
+    git checkout 508729202428a35bcc6bb27dd97b831f7e5009b5 && \
     phpize7 && \
     ./configure \
       --with-php-config=/usr/bin/php-config7 \
@@ -30,9 +60,14 @@ RUN apk -U upgrade && \
 # Install glastopf from git
     git clone https://github.com/mushorg/glastopf.git /opt/glastopf && \
     cd /opt/glastopf && \
+    git checkout c4932d9cb513d284142e2c0d66284221201d7477 && \
+    cp /root/dist/base_logger.py /opt/glastopf/glastopf/modules/reporting/auxiliary/ && \
+    cp /root/dist/log_s3.py /opt/glastopf/glastopf/modules/reporting/auxiliary/ && \
+    cp /root/dist/requirements.txt /opt/glastopf/ && \
     python setup.py install && \
     cd / && \
     rm -rf /opt/glastopf /tmp/* /var/tmp/* && \
+    setcap cap_net_bind_service=+ep /usr/bin/glastopf-runner && \
 
 # Setup user, groups and configs
     addgroup -g 2000 glastopf && \
@@ -41,7 +76,12 @@ RUN apk -U upgrade && \
     mv /root/dist/glastopf.cfg /opt/glastopf/ && \
 
 # Clean up
-    apk del autoconf build-base git libffi-dev php7-dev python-dev && \
+    apk del autoconf \
+            build-base \
+            git \
+            libffi-dev \
+            php7-dev \
+            python-dev && \
     rm -rf /root/* && \
     rm -rf /var/cache/apk/*
 

docker/glastopf/README.md

@@ -1,4 +1,4 @@
-[![](https://images.microbadger.com/badges/version/dtagdevsec/glastopf:1710.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/glastopf:1710.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1710 "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/version/dtagdevsec/glastopf:1804.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1804 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/glastopf:1804.svg)](https://microbadger.com/images/dtagdevsec/glastopf:1804 "Get your own image badge on microbadger.com")
 
 # glastopf
 

docker/glastopf/dist/base_logger.py

@@ -0,0 +1,31 @@
+# Copyright (C) 2015 Lukas Rist
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+from ConfigParser import SafeConfigParser
+import os
+
+
+class BaseLogger(object):
+    def __init__(self, config='glastopf.cfg'):
+        if not isinstance(config, SafeConfigParser):
+            self.config = SafeConfigParser(os.environ)
+            self.config.read(config)
+        else:
+            self.config = config
+
+    def insert(self, event):
+        pass

docker/glastopf/dist/glastopf.cfg

@@ -104,3 +104,13 @@ sensorid = None
 
 [profiler]
 enabled = False
+
+[s3storage]
+enabled = False
+endpoint = %(GLASTOPF_S3_ENDPOINT)s
+aws_access_key_id = %(GLASTOPF_S3_ACCESS_KEY_ID)s
+aws_secret_access_key = %(GLASTOPF_S3_SECRET_ACCESS_KEY)s
+bucket = %(GLASTOPF_S3_BUCKET)s
+region = %(GLASTOPF_S3_REGION)s
+signature_version = %(GLASTOPF_S3_SIGNATURE_VERSION)s
+

docker/glastopf/dist/log_s3.py

@@ -0,0 +1,72 @@
+# Copyright (C) 2018 Andre Vorbach @vorband
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import logging
+import os
+import gevent
+
+import botocore.session, botocore.client
+from botocore.exceptions import ClientError
+
+from glastopf.modules.reporting.auxiliary.base_logger import BaseLogger
+
+
+logger = logging.getLogger(__name__)
+
+
+class S3Logger(BaseLogger):
+
+    def __init__(self, data_dir, work_dir, config="glastopf.cfg", reconnect=True):
+        config = os.path.join(work_dir, config)
+        BaseLogger.__init__(self, config)
+        self.files_dir = os.path.join(data_dir, 'files/')
+        self.enabled = False
+        self._initial_connection_happend = False
+        self.options = {'enabled': self.enabled}
+        if self.config.getboolean("s3storage", "enabled"):
+            self.endpoint = self.config.get("s3storage", "endpoint")
+            self.accesskey = self.config.get("s3storage", "aws_access_key_id")
+            self.secretkey = self.config.get("s3storage", "aws_secret_access_key")
+            self.version = self.config.get("s3storage", "signature_version")
+            self.region = self.config.get("s3storage", "region")
+            self.bucket = self.config.get("s3storage", "bucket")
+            self.enabled = True
+            self.options = {'enabled': self.enabled}
+            self.s3client = None
+            self.s3session = None
+            gevent.spawn(self._start_connection, self.endpoint, self.accesskey, self.secretkey, self.version, self.region, self.bucket)
+
+    def _start_connection(self, endpoint, accesskey, secretkey, version, region, bucket):
+        self.s3session = botocore.session.get_session()
+        self.s3session.set_credentials(accesskey, secretkey)
+        self.s3client = self.s3session.create_client(
+            's3',
+            endpoint_url=self.endpoint,
+            region_name=self.region,
+            config=botocore.config.Config(signature_version=self.version)
+        )
+        self._initial_connection_happend = True
+
+    def insert(self, attack_event):
+        if self._initial_connection_happend:
+            if attack_event.file_name is not None:
+                with file(os.path.join(self.files_dir, attack_event.file_name), 'r') as file_handler:
+                    try:
+                        self.s3client.put_object(Bucket=self.bucket, Body=file_handler, Key=attack_event.sensorid+"/"+attack_event.file_name)
+                        logger.debug('Sending file ({0}) using s3 bucket "{1}" on {2}'.format(attack_event.file_name, self.bucket, self.endpoint))
+                    except ClientError as e:
+                        logger.warning("Received error: %s", e.response['Error']['Message'])
+        else:
+            logger.warning('Not storing attack file because initial s3 connect has not succeeded')

docker/glastopf/dist/requirements.txt

@@ -0,0 +1,17 @@
+gevent==1.2.2
+webob==1.2.3
+pyopenssl==17.2.0
+chardet==3.0.4
+lxml==4.1.1
+sqlalchemy==1.1.14
+jinja2==2.9.6
+beautifulsoup==3.2.1
+requests==2.18.4
+cssselect==1.0.0
+pymongo==3.2.2
+MySQL-python==1.2.5
+hpfeeds==1.0
+pylibinjection==0.2.4
+libtaxii==1.1.110
+python-logstash==0.4.6
+botocore==1.9.6

docker/glastopf/docker-compose.yml

@@ -1,4 +1,4 @@
-version: '2.1'
+version: '2.2'
 
 networks:
   glastopf_local:
@@ -7,13 +7,14 @@ services:
 
 # Glastopf service
   glastopf:
+    build: .
     container_name: glastopf
     restart: always
     networks:
      - glastopf_local
     ports:
      - "80:80"
-    image: "dtagdevsec/glastopf:1710"
+    image: "dtagdevsec/glastopf:1804"
     volumes:
      - /data/glastopf/db:/opt/glastopf/db
      - /data/glastopf/log:/opt/glastopf/log