Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

quick and dirty Dockerfile #37

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 64 additions & 0 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
FROM debian

# This is not an ultra fast build, takes appx. 10 min on a powerful PC.
# It strictly follows the installation instructions, so everything
# is running in one container.

# Prepare the OS
RUN apt-get update && apt-get -y upgrade
RUN apt install -y pipx git make gcc g++ make cmake autoconf automake libtool python3 libssl-dev
RUN pipx install poetry && env
ENV PATH=/root/.local/bin:$PATH

# Install Redis from source
RUN git clone https://github.com/redis/redis.git
RUN cd redis && git checkout 7.2
RUN cd redis && make

# Install KVRocks from source (takes a moment)
RUN git clone --recursive https://github.com/apache/incubator-kvrocks.git kvrocks
RUN cd kvrocks ; git checkout v2.5.1
RUN cd kvrocks ; ./x.py build

# Install vulnerablity-lookup from source
RUN git clone --recursive https://github.com/cve-search/vulnerability-lookup.git
RUN cd vulnerability-lookup ; git submodule update --init
RUN ls -la
RUN cd vulnerability-lookup ; poetry install
RUN echo VULNERABILITYLOOKUP_HOME="/vulnerability-lookup" >> .env

# We need the CSAF Tools
RUN apt install -y wget

# this was build on a ARM machine, change to AMD if on Intel
RUN wget https://dl.google.com/go/go1.22.2.linux-arm64.tar.gz
RUN tar -C /usr/local -xzf go1.22.2.linux-arm64.tar.gz
ENV PATH=/usr/local/go/bin:$PATH
RUN git clone https://github.com/csaf-poc/csaf_distribution.git
RUN cd csaf_distribution ; make build_linux

COPY run.sh /
RUN chmod +x /run.sh

#
# Please check the following edits:
#
# 1/ generic.json needs a hostname, set "public_domain": "localhost:10001"
#
# 2/ CSAF downloader path must be changed to installation location in generic.json:
# "csaf_downloader_path": "/csaf_distribution/bin-linux-amd64/csaf_downloader",
#
# 3/ Add your NVD key to modules.cfg
#

COPY generic.json vulnerability-lookup/config
COPY logging.json vulnerability-lookup/config
COPY modules.cfg vulnerability-lookup/config

# We overwrite the config file to enable network access to redis
COPY cache.conf /vulnerability-lookup/cache/cache.conf

EXPOSE 10001
EXPOSE 10002

CMD /run.sh
22 changes: 22 additions & 0 deletions docker/generic.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"loglevel": "INFO",
"website_listen_ip": "0.0.0.0",
"website_listen_port": 10001,
"systemd_service_name": "vulnerability-lookup",
"storage_db_hostname": "127.0.0.1",
"storage_db_port": 10002,
"output_dir": "output",
"public_domain": "localhost:10001",
"csaf_downloader_path": "/csaf_distribution/bin-linux-amd64/csaf_downloader",
"_notes": {
"loglevel": "(lookyloo) Can be one of the value listed here: https://docs.python.org/3/library/logging.html#levels",
"website_listen_ip": "IP Flask will listen on. Defaults to 0.0.0.0, meaning all interfaces.",
"website_listen_port": "Port Flask will listen on.",
"systemd_service_name": "(Optional) Name of the systemd service if your project has one.",
"storage_db_hostname": "Hostname or IP of the kvrocks instance. Must be the same as in storage/kvrocks.conf",
"storage_db_port": "Port of the kvrocks instance. Must be the same as in storage/kvrocks.conf",
"output_dir": "Output directory for fetchers",
"public_domain": "Public domain used for template generating links such as the RSS feeds",
"csaf_downloader_path": "Full path to the csaf_downloader. Get it from there: https://github.com/csaf-poc/csaf_distribution/"
}
}
33 changes: 33 additions & 0 deletions docker/logging.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{
"version": 1,
"disable_existing_loggers": false,
"formatters": {
"simple": {
"format": "%(asctime)s %(name)s %(levelname)s:%(message)s"
}
},
"handlers": {
"stdout": {
"class": "logging.StreamHandler",
"level": "INFO",
"formatter": "simple",
"stream": "ext://sys.stdout"
},
"file": {
"class": "logging.handlers.RotatingFileHandler",
"level": "WARNING",
"formatter": "simple",
"filename": "logs/warning.log",
"mode": "a",
"maxBytes": 1000000,
"backupCount": 5
}
},
"root": {
"level": "DEBUG",
"handlers": [
"stdout",
"file"
]
}
}
18 changes: 18 additions & 0 deletions docker/modules.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
[feeder:nvd]
apikey = XXXXX
level = DEBUG

[feeder:cvelistv5]
level = DEBUG

[feeder:gsd]
level = DEBUG

[feeder:github]
level = DEBUG

[feeder:pysec]
level = DEBUG

[feeder:cisa_known_exploited]
level = DEBUG
5 changes: 5 additions & 0 deletions docker/run.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/bin/bash

export VULNERABILITYLOOKUP_HOME='/vulnerability-lookup'
cd vulnerability-lookup && poetry run start
sleep infinity