-
Notifications
You must be signed in to change notification settings - Fork 55
/
Dockerfile
79 lines (66 loc) · 2.27 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
FROM python:3.7
LABEL maintainer="[email protected]"
ENV USER stoq
ENV GROUP stoq
ENV STOQ_HOME /home/$USER/.stoq
ENV STOQ_TMP /tmp/stoq
ENV XORSEARCH_VER 1_11_3
ENV EXIFTOOL_VER 12.00
RUN groupadd -r $GROUP && \
useradd -r -g $GROUP $USER && \
install -d $STOQ_HOME -d $STOQ_HOME/plugins -o $USER -g $GROUP
RUN apt-get update && \
apt-get install -y software-properties-common && \
apt-add-repository -y non-free && \
apt-get update && \
apt-get -y install \
automake \
build-essential \
libyaml-dev \
git-core \
p7zip-full \
unace-nonfree \
unzip \
wget \
curl \
libfuzzy-dev \
libc6-i386 \
libssl-dev \
swig \
lib32ncurses6 && \
apt-get clean -y && \
rm -rf /var/lib/apt/lists/*
COPY . ${STOQ_TMP}
WORKDIR ${STOQ_TMP}
# Install stoQ and plugins
RUN pip install --no-cache-dir six asynctest && \
python3 setup.py install && \
git clone --depth 1 -b v3 https://github.com/PUNCH-Cyber/stoq-plugins-public ${STOQ_TMP}/stoq-plugins-public && \
cd ${STOQ_TMP}/stoq-plugins-public && \
for plugin in $(ls -d */); do stoq install $plugin; done
# Ensure the latest version of the IANA TLDs are in the appropriate place for the iocextract plugin
ADD https://data.iana.org/TLD/tlds-alpha-by-domain.txt $STOQ_HOME/plugins/iocextract/
RUN chmod 644 $STOQ_HOME/plugins/iocextract/tlds-alpha-by-domain.txt
# Install xorsearch
RUN wget -O XORSearch.zip "https://github.com/DidierStevens/FalsePositives/blob/master/XORSearch_V${XORSEARCH_VER}.zip?raw=true" && \
unzip -qq XORSearch -d XORSearch && \
gcc -o /usr/local/bin/xorsearch XORSearch/XORSearch.c
# Install exiftool
RUN wget -O exif.tgz "https://exiftool.org/Image-ExifTool-${EXIFTOOL_VER}.tar.gz" && \
tar -xvf exif.tgz && \
cd Image-ExifTool-${EXIFTOOL_VER} && \
perl Makefile.PL && \
make && \
make test && \
make install
# Install TRiD
RUN wget -O trid_linux_64.zip "http://mark0.net/download/trid_linux_64.zip" && \
unzip -qq trid_linux_64 -d /usr/local/bin && \
chmod +x /usr/local/bin/trid && \
wget -O triddefs.zip "http://mark0.net/download/triddefs.zip" && \
unzip -qq triddefs -d $STOQ_HOME/plugins/trid
# Clean up
RUN rm -rf $STOQ_TMP /tmp/* /var/tmp/*
WORKDIR /home/$USER
USER $USER
ENTRYPOINT ["stoq"]