-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDockerfile
166 lines (146 loc) · 5.03 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# Dockerfile for Webview Netflow Reporter
# From https://sourceforge.net/projects/wvnetflow/
FROM phusion/baseimage:0.9.22
MAINTAINER Rich Brown <[email protected]>
ENV USERACCT wvnetflow
ENV WVNETFLOW_VERSION 1.0.7d
ENV FLOWTOOLS_VERSION 0.68.5.1
# Use baseimage-docker's init system.
CMD ["/sbin/my_init"]
# ---------------------------
# Work as user USERACCT, not root
RUN useradd -ms /bin/bash $USERACCT
# && ls -al /etc/sudoers.d \
# && echo "$USERACCT ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/$USERACCT \
# && chmod 0440 /etc/sudoers.d/$USERACCT \
# && ls /etc/sudoers.d \
# && cat /etc/sudoers.d/README
# ---------------------------
# update and retrieve all packages necessary
RUN apt-get update && apt-get -y install \
apache2 \
automake \
build-essential \
byacc \
cpanminus \
libcflow-perl \
libgd-gd2-perl \
libnet-dns-perl \
libnet-patricia-perl \
libnet-snmp-perl \
librrds-perl \
libspreadsheet-writeexcel-perl \
libtool \
nano \
rrdtool \
tcpdump \
unzip \
wget \
zlib1g-dev
# time zone
RUN apt-get install -y tzdata
# add the CPAN CGI module
RUN cpanm CGI
# do everything inside wvnetflow home directory
ENV USERHOME /home/$USERACCT
WORKDIR $USERHOME
#
# Retrieve, gunzip and untar the wvnetflow distribution
# create directories and install the wvnetflow files into /usr/local/webview directories
#
# Orig source code at: wget https://iweb.dl.sourceforge.net/project/wvnetflow/wvnetflow/wvnetflow-1.07d.tar.gz
RUN cd $USERHOME \
&& wget https://github.com/richb-hanover/wvnetflow/archive/master.zip \
&& unzip -q master.zip \
&& cd wvnetflow-master \
&& mkdir -p /opt/netflow/tmp \
&& mkdir -p /opt/netflow/data \
&& mkdir -p /opt/netflow/cache \
&& mkdir -p /opt/netflow/capture \
&& chown -R $USERACCT:$USERACCT /opt/netflow \
&& mkdir -p /usr/local/webview \
&& cp -Rp flowage www utils /usr/local/webview \
&& mkdir -p /usr/local/webview/www/flow/graphs \
&& chmod 777 /usr/local/webview/www/flow/graphs \
&& chown -R www-data:www-data /usr/local/webview/www/flow \
&& touch junk.html \
&& cp etc/webview.conf /etc
#
# Install the flowd collector.
# Webview uses a fork of the flowd source with improvements for logging and sequence number handling
# (see http://code.google.com/r/cweinhold-flowd-sequence for more information).
#
## Don't rely on sourceforge any more...
## && wget http://iweb.dl.sourceforge.net/project/wvnetflow/flowd-sequence/cweinhold-flowd-sequence.tar.gz \
COPY docker_scripts/cweinhold-flowd-sequence.tar.gz .
RUN cd $USERHOME \
&& gunzip -c cweinhold-flowd-sequence.tar.gz | tar -xf - \
&& cd cweinhold-flowd-sequence \
&& ./configure \
&& make install \
&& mkdir -p /var/empty/dev \
&& groupadd _flowd \
&& useradd -g _flowd -c "flowd privsep" -d /var/empty _flowd
#
# Install flow-tools and Cflow.pm.
# This requires building from the flow-tools fork at https://code.google.com/p/flow-tools/.
# and patching from the wvnetflow-master patch file...
# Installed into /usr/local/flow-tools/
# file moved - no longer at: wget https://flow-tools.googlecode.com/files/flow-tools-0.68.5.1.tar.bz2
WORKDIR $USERHOME
RUN cd $USERHOME \
&& wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/flow-tools/flow-tools-0.68.5.1.tar.bz2 \
&& bzcat flow-tools-0.68.5.1.tar.bz2 | tar -xf - \
&& cd flow-tools-0.68.5.1/ \
&& patch -p1 <../wvnetflow-master/optional-accessories/flow-tools-patches/patch.flow-tools.scan-and-hash \
&& ./configure \
&& make \
&& make install
#
# set up flowd init script for runit (in /etc/service/flowd/run)
#
COPY etc/flowd-2055.conf /usr/local/etc/
RUN cd $USERHOME \
&& mkdir /etc/service/flowd \
&& touch /var/log/flowd
COPY docker_scripts/flowd.sh /etc/service/flowd/run
RUN chmod +x /etc/service/flowd/run
#
# Set up web server
#
COPY docker_scripts/replacement-index.html /var/www/html/index.html
RUN sed -i.bak -e'/<\/VirtualHost>/ i \
Alias "/webview" "/usr/local/webview/www" \n\
<Directory /usr/local/webview/www> \n\
Options Indexes Includes FollowSymLinks ExecCGI \n\
# order allow,deny \n\
Require all granted \n\
SetEnv no-gzip 1 \n\
# allow from all \n\
AddHandler cgi-script .cgi \n\
</Directory> \n\
' /etc/apache2/sites-available/000-default.conf \
&& a2enmod cgi \
&& mkdir /etc/service/apache2
COPY docker_scripts/apache.sh /etc/service/apache2/run
RUN chmod +x /etc/service/apache2/run
# Set the ServerName directive to suppress Apache error
RUN echo "ServerName localhost" >> /etc/apache2/apache2.conf
#
# create crontab from wvnetflow commands
#
WORKDIR $USERHOME
COPY docker_scripts/newcron .
RUN crontab newcron
# Expose apache & netflow port
EXPOSE 80
EXPOSE 2055
# Clean up APT when done.
RUN apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& rm cweinhold-flowd-sequence.tar.gz \
&& rm -rf cweinhold-flowd-sequence \
&& rm flow-tools-0.68.5.1.tar.bz2 \
&& rm -rf flow-tools-0.68.5.1 \
&& rm master.zip \
&& rm -rf wvnetflow-master