velociraptor/Dockerfile

30 lines
589 B
Docker
Raw Normal View History

Accepting request 975255 from home:jeff_mahoney:security:sensor:devel - Fix error handling in tcpsnoop and dnssnoop. * If BTF information is unavailable, there is no indication that the query has failed. - Rebase on 0.6.4: * Updated dependencies * Bugfix: startup bugs (#1680) * bugfix: Server event notebook not correctly created (#1737) * Bugfix: Start a dummy indexing service (#1736) * Add bugfix which would return no rows if the user removed whitelist (#1735) * Fixed bug in read_reg_key (#1734) * BUGFIX: Do not include config flag when darwin installer is repacked (#1733) * Refactored index into its own service. (#1730) * Bugfix: Write one index item per JSONL record. (#1727) * Bugfix: Estimating client impact should consider last active status (#1726) * Add complete ntfs metadata option to MFT output (#1725) * Various bugfixes. (#1724) * Update Usn.yaml (#1723) * Fixed a bug in hunt download preparation. (#1722) * Add Windows.Forensics.Usn filter and presentation updates (#1720) * Optimize writing event monitoring records (#1721) * Add Generic.Detection.Yara.Zip (#1718) * Fixed crash on master-pong response. (#1719) * Remove _type option from elastic. (#1715) * Opportunistically update directly connected client's ping times (#1713) * Fixed a bug in hunt download preparation. (#1722) * Add Windows.Forensics.Usn filter and presentation updates (#1720) * Optimize writing event monitoring records (#1721) * Add Generic.Detection.Yara.Zip (#1718) * Fixed crash on master-pong response. (#1719) OBS-URL: https://build.opensuse.org/request/show/975255 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=14
2022-05-05 20:38:36 +02:00
FROM opensuse/tumbleweed
# Need to build on SLE first -- it's mostly static but depends on glibc
#FROM registry.suse.com/suse/sle15:latest
VOLUME /data
VOLUME /logs
VOLUME /config
# API
EXPOSE 8801
# GUI
EXPOSE 8889
# Frontend
EXPOSE 8000
# Monitoring
EXPOSE 8003
COPY entry-point.sh generate-config.sh obs-signing-key.key /
COPY init-config.json /etc/velociraptor/
RUN rpm --import /obs-signing-key.key
RUN zypper -q ar obs://security:sensor/ "obs://security/sensor"
RUN zypper -q --non-interactive refresh
RUN zypper -q --non-interactive install velociraptor
CMD /entry-point.sh