Skip to content

Commit

Permalink
#2042 Include cloner tool in docker entrypoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@To-om
To-om committed Jun 3, 2021
1 parent 6a7a20d commit 69c0c26
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 52 deletions.
2 changes: 1 addition & 1 deletion docker.sbt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ dockerCommands := Seq(
Cmd("ADD", "--chown=root:root", "opt", "/opt"),
Cmd("ADD", "--chown=thehive:thehive", "var", "/var"),
Cmd("ADD", "--chown=thehive:thehive", "etc", "/etc"),
ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint"),
ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint", "/opt/thehive/bin/cloner", "/opt/thehive/bin/migrate"),
Cmd("RUN", "mkdir", "/data", "/opt/thp", "&&", "chown", "thehive:thehive", "/data", "/opt/thp"),
Cmd("EXPOSE", "9000"),
Cmd("USER", "thehive"),
Expand Down
2 changes: 1 addition & 1 deletion migration/src/main/scala/org/thp/thehive/cloner/Cloner.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ object Cloner extends App with IntegrityCheckApp {
val argParser = {
import builder._
OParser.sequence(
programName("clone"),
programName("cloner"),
version('v', "version"),
help('h', "help"),
head("TheHive cloner tool", getVersion),
Expand Down
122 changes: 72 additions & 50 deletions package/docker/entrypoint
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ test "${TH_NO_CONFIG}" == 1
CONFIG=$?
CONFIG_FILE=${TH_CONFIG_FILE:-/etc/thehive/application.conf}
CORTEX_KEYS=${TH_CORTEX_KEYS}
MIGRATE=${TH_MIGRATE:-0}
CLONER=${TH_CLONER:-0}

function usage {
cat <<- _EOF_
Available options:
Expand All @@ -42,16 +45,18 @@ function usage {
--cortex-port <port> | define port to connect to Cortex (default: 9001)
--cortex-hostname <host>,<host>,... | resolve this hostname to find Cortex instances
--cortex-keys <key>,<key>,... | define Cortex key
migrate <param> <param> ... | run migration tool
cloner <param> <param> ... | run cloner tool
_EOF_
exit 1
}


STOP=0
while test $# -gt 0 -o "${STOP}" = 1
while test $# -gt 0 -a "${STOP}" = 0
do
case "$1" in
"--config-file") shift;CONFIG_FILE=$1 ;;
"--config-file") shift; CONFIG_FILE=$1 ;;
"--no-config") CONFIG=0 ;;
"--no-config-secret") CONFIG_SECRET=0 ;;
"--secret") shift; SECRET=$1 ;;
Expand All @@ -70,12 +75,26 @@ do
"--cortex-port") shift; CORTEX_PORT=$1 ;;
"--cortex-hostnames") shift; CORTEX_HOSTNAMES=$1 ;;
"--cortex-keys") shift; CORTEX_KEYS=$1 ;;
"--") STOP=1;;
*) usage
"--") STOP=1 ;;
"migrate") MIGRATE=1; STOP=1 ;;
"cloner") CLONER=1; STOP=1 ;;
*) echo param is -"$1"-; usage
esac
shift
done

if test "${MIGRATE}" = 1
then
bin/migrate "$@"
exit $?
fi

if test "${CLONER}" = 1
then
bin/cloner "$@"
exit $?
fi

if test "${CONFIG}" = 1
then
CONFIG_FILE=$(mktemp --tmpdir thehive-XXXXXX.conf)
Expand All @@ -84,9 +103,9 @@ then
if test -z "${SECRET}"
then
SECRET=$(dd if=/dev/urandom bs=1024 count=1 | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
test "${SHOW_SECRET}" = 1 && echo Using secret: ${SECRET}
test "${SHOW_SECRET}" = 1 && echo "Using secret: ${SECRET}"
fi
echo "play.http.secret.key = \"${SECRET}\"" >> ${CONFIG_FILE}
echo "play.http.secret.key = \"${SECRET}\"" >> "${CONFIG_FILE}"
fi

if test "${CONFIG_DB}" = 1
Expand All @@ -95,75 +114,78 @@ then
declare -a CQL
for C in "${CQL_HOSTS[@]}"
do
CQL+=($(getent ahostsv4 "$C" | awk '{ print $1 }' | sort -u))
for IP in $(getent ahostsv4 "$C" | awk '{ print $1 }' | sort -u)
do
CQL+=("$IP")
done
done
echo "db.janusgraph {" >> ${CONFIG_FILE}
echo "db.janusgraph {" >> "${CONFIG_FILE}"
if test "${#CQL[@]}" = 0
then
echo "Local database in ${BDB_DIRECTORY} is be used"
mkdir -p "${BDB_DIRECTORY}"
echo "storage.backend = berkeleyje" >> ${CONFIG_FILE}
echo "storage.directory = \"${BDB_DIRECTORY}\"" >> ${CONFIG_FILE}
echo "berkeleyje.freeDisk = 1" >> ${CONFIG_FILE}
echo "storage.backend = berkeleyje" >> "${CONFIG_FILE}"
echo "storage.directory = \"${BDB_DIRECTORY}\"" >> "${CONFIG_FILE}"
echo "berkeleyje.freeDisk = 1" >> "${CONFIG_FILE}"
if test -e "${BDB_DIRECTORY}"
then
test -w "${BDB_DIRECTORY}" || echo "WARNING the directory used to store database ($BDB_DIRECTORY) is not writable"
else
mkdir -p "${BDB_DIRECTORY}" || echo "WARNING the directory used to store database ($BDB_DIRECTORY) is not writable"
fi
else
echo "Using cassandra address = ${CQL[@]}"
echo "storage.backend = cql" >> ${CONFIG_FILE}
echo "Using cassandra address = ${CQL[*]}"
echo "storage.backend = cql" >> "${CONFIG_FILE}"
if [[ -n $CQL_USERNAME && -n $CQL_PASSWORD ]]
then
echo "storage.username = \"${CQL_USERNAME}\"" >> ${CONFIG_FILE}
echo "storage.password = \"${CQL_PASSWORD}\"" >> ${CONFIG_FILE}
printf "Using ${CQL_USERNAME} as cassandra username and ${CQL_PASSWORD} as its password\n"
echo "storage.username = \"${CQL_USERNAME}\"" >> "${CONFIG_FILE}"
echo "storage.password = \"${CQL_PASSWORD}\"" >> "${CONFIG_FILE}"
echo "Using ${CQL_USERNAME} as cassandra username and ${CQL_PASSWORD} as its password"
fi
echo "storage.cql.cluster-name = thp" >> ${CONFIG_FILE}
echo "storage.cql.keyspace = thehive" >> ${CONFIG_FILE}
echo "storage.hostname = [" >> ${CONFIG_FILE}
printf '%s\n' "${CQL_HOSTS[@]}" >> ${CONFIG_FILE}
echo "]" >> ${CONFIG_FILE}
echo "storage.cql.cluster-name = thp" >> "${CONFIG_FILE}"
echo "storage.cql.keyspace = thehive" >> "${CONFIG_FILE}"
echo "storage.hostname = [" >> "${CONFIG_FILE}"
printf '%s\n' "${CQL_HOSTS[@]}" >> "${CONFIG_FILE}"
echo "]" >> "${CONFIG_FILE}"
echo "Waiting until Cassandra DB is up"
sleep 30 # Sleep until cassandra Db is up
fi
echo "index.search.backend = lucene" >> ${CONFIG_FILE}
echo "index.search.directory = \"${INDEX_DIRECTORY}\"" >> ${CONFIG_FILE}
echo "index.search.backend = lucene" >> "${CONFIG_FILE}"
echo "index.search.directory = \"${INDEX_DIRECTORY}\"" >> "${CONFIG_FILE}"
if test -e "${INDEX_DIRECTORY}"
then
test -w "${INDEX_DIRECTORY}" || echo "WARNING the directory used to store index ($INDEX_DIRECTORY) is not writable"
else
mkdir -p "${INDEX_DIRECTORY}" || echo "WARNING the directory used to store index ($INDEX_DIRECTORY) is not writable"
fi
echo "}" >> ${CONFIG_FILE}
echo "}" >> "${CONFIG_FILE}"
fi

if test "${CONFIG_STORAGE}" = 1
then
echo "storage {" >> ${CONFIG_FILE}
echo "storage {" >> "${CONFIG_FILE}"
if test -n "${HDFS_URL}"
then
echo "Using HDFS ${HDFS_URL}"
echo "provider: hdfs" >> ${CONFIG_FILE}
echo "hdfs {" >> ${CONFIG_FILE}
echo "root: \"${HDFS_URL}\"" >> ${CONFIG_FILE}
echo "location: "/thehive"" >> ${CONFIG_FILE}
echo "username: thehive" >> ${CONFIG_FILE}
echo "}" >> ${CONFIG_FILE}
echo "provider: hdfs" >> "${CONFIG_FILE}"
echo "hdfs {" >> "${CONFIG_FILE}"
echo "root: \"${HDFS_URL}\"" >> "${CONFIG_FILE}"
echo "location: \"/thehive\"" >> "${CONFIG_FILE}"
echo "username: thehive" >> "${CONFIG_FILE}"
echo "}" >> "${CONFIG_FILE}"
else
echo "Using local storage in ${STORAGE_DIRECTORY}"
mkdir -p "${STORAGE_DIRECTORY}"
echo "provider: localfs" >> ${CONFIG_FILE}
echo "localfs.directory: \"${STORAGE_DIRECTORY}\"" >> ${CONFIG_FILE}
echo "provider: localfs" >> "${CONFIG_FILE}"
echo "localfs.directory: \"${STORAGE_DIRECTORY}\"" >> "${CONFIG_FILE}"
if test -e "${STORAGE_DIRECTORY}"
then
test -w "${STORAGE_DIRECTORY}" || echo "WARNING the directory used to store files ($STORAGE_DIRECTORY) is not writable"
else
mkdir -p "${STORAGE_DIRECTORY}" || echo "WARNING the directory used to store files ($STORAGE_DIRECTORY) is not writable"
fi
fi
echo "}" >> ${CONFIG_FILE}
echo "}" >> "${CONFIG_FILE}"
fi

if test "${CONFIG_CORTEX}" = 1
Expand All @@ -177,34 +199,34 @@ then
done
if test ${#CORTEX_URLS[@]} -gt 0
then
echo "play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule" >> ${CONFIG_FILE}
echo "cortex.servers = [" >> ${CONFIG_FILE}
echo "play.modules.enabled += org.thp.thehive.connector.cortex.CortexModule" >> "${CONFIG_FILE}"
echo "cortex.servers = [" >> "${CONFIG_FILE}"
I=0
for C in ${CORTEX_URLS[@]}
for C in "${CORTEX_URLS[@]}"
do
echo "Add Cortex cortex${I}: ${C}"
echo "{" >> ${CONFIG_FILE}
echo "name = cortex${I}" >> ${CONFIG_FILE}
echo "url = \"$C\"" >> ${CONFIG_FILE}
echo auth { >> ${CONFIG_FILE}
echo "type = \"bearer\"" >> ${CONFIG_FILE}
echo "key = \"${CK[$I]}\"" >> ${CONFIG_FILE}
echo "}" >> ${CONFIG_FILE}
echo "}" >> ${CONFIG_FILE}
I=$((${I}+1))
echo "{" >> "${CONFIG_FILE}"
echo "name = cortex${I}" >> "${CONFIG_FILE}"
echo "url = \"$C\"" >> "${CONFIG_FILE}"
echo "auth {" >> "${CONFIG_FILE}"
echo "type = \"bearer\"" >> "${CONFIG_FILE}"
echo "key = \"${CK[$I]}\"" >> "${CONFIG_FILE}"
echo "}" >> "${CONFIG_FILE}"
echo "}" >> "${CONFIG_FILE}"
I=$((I+1))
done
echo "]" >> ${CONFIG_FILE}
echo "]" >> "${CONFIG_FILE}"
fi
fi

echo "include file(\"/etc/thehive/application.conf\")" >> ${CONFIG_FILE}
echo "include file(\"/etc/thehive/application.conf\")" >> "${CONFIG_FILE}"
fi

bin/thehive \
-Dconfig.file=${CONFIG_FILE} \
-Dconfig.file="${CONFIG_FILE}" \
-Dlogger.file=/etc/thehive/logback.xml \
-Dpidfile.path=/dev/null \
$@
"$@"
PID=$!
trap 'kill -SIGTERM "${PID}"; wait "${PID}"; exit 143' SIGTERM SIGINT
wait ${PID}

0 comments on commit 69c0c26

Please sign in to comment.