-
Notifications
You must be signed in to change notification settings - Fork 260
Expand file tree
/
Copy pathentrypoint
More file actions
executable file
·161 lines (147 loc) · 5.89 KB
/
entrypoint
File metadata and controls
executable file
·161 lines (147 loc) · 5.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#!/bin/bash
test "${no_config:-0}" == 1
CONFIG=$?
test "${no_config_secret:-0}" == 1
CONFIG_SECRET=$?
test "${no_config_es:-0}" == 1
CONFIG_ES=$?
ES_URI=${es_uri:-}
ES_HOSTNAME=${es_hostname:-elasticsearch}
CONFIG_FILE=${config_file:-/etc/cortex/application.conf}
DEFAULT_ANALYZER_URL="https://download.thehive-project.org/analyzers.json"
ANALYZER_URLS=()
IFS=',' read -r -a ANALYZER_URLS <<< "${analyzer_urls:-$analyzer_url}"
DEFAULT_RESPONDER_URL="https://download.thehive-project.org/responders.json"
RESPONDER_URLS=()
IFS=',' read -r -a RESPONDER_URLS <<< "${responder_urls:-$responder_url}"
START_DOCKER=${start_docker:-0}
SHOW_SECRET=${show_secret:-0}
DAEMON_USER=${daemon_user:-cortex}
JOB_DIRECTORY=${job_directory:-/tmp/cortex-jobs}
DOCKER_JOB_DIRECTORY=${docker_job_directory:-}
KUBERNETES_JOB_PVC=${kubernetes_job_pvc:-}
function usage {
cat <<- _EOF_
Available options:
--no-config | do not configure TheHive (add secret and elasticsearch)
--no-config-secret | do not add random secret to configuration
--no-config-es | do not add elasticsearch hosts to configuration
--es-uri <uri> | use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
--es-hostname <host> | resolve this hostname to find elasticsearch instances
--secret <secret> | secret to secure sessions
--show-secret | show the generated secret
--job-directory <dir> | use this directory to store job files
--docker-job-directory <dir> | indicate the job directory in the host (not inside container)
--kubernetes-job-pvc <name> | indicate the ReadWriteMany persistent volume claim holding job directory
--analyzer-url <url> | where analyzers are located (url or path)
--responder-url <url> | where responders are located (url or path)
--start-docker | start a internal docker (inside container) to run analyzers/responders
--daemon-user <user> | run cortex using this user
_EOF_
exit 1
}
STOP=0
while test $# -gt 0 -o $STOP = 1
do
case "$1" in
"--no-config") CONFIG=0;;
"--no-config-secret") CONFIG_SECRET=0;;
"--no-config-es") CONFIG_ES=0;;
"--es-hosts") echo "--es-hosts is deprecated, please use --es-uri"
usage;;
"--es-uri") shift; ES_URI=$1;;
"--es-hostname") shift; ES_HOSTNAME=$1;;
"--secret") shift; SECRET=$1;;
"--show-secret") SHOW_SECRET=1;;
"--job-directory") shift; JOB_DIRECTORY=$1;;
"--docker-job-directory") shift; DOCKER_JOB_DIRECTORY=$1;;
"--kubernetes-job-pvc") shift; KUBERNETES_JOB_PVC=$1;;
"--analyzer-path") echo "--analyzer-path is deprecated, please use --analyzer-url"
shift; ANALYZER_URLS+=("$1");;
"--responder-path") echo "--responder-path is deprecated, please use --responder-url"
shift; RESPONDER_URLS+=("$1");;
"--analyzer-url") shift; ANALYZER_URLS+=("$1");;
"--responder-url") shift; RESPONDER_URLS+=("$1");;
"--start-docker") START_DOCKER=1;;
"--daemon-user") shift; DAEMON_USER=$1;;
"--") STOP=1;;
*) echo "unrecognized option: $1"; usage;;
esac
shift
done
if test $CONFIG = 1
then
CONFIG_FILE=$(mktemp --tmpdir cortex-XXXXXX.conf)
if test $CONFIG_SECRET = 1
then
if test -z "$SECRET"
then
SECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 64 | head -n 1)
test $SHOW_SECRET = 1 && echo "Using secret: $SECRET"
fi
echo "play.http.secret.key=\"$SECRET\"" >> "$CONFIG_FILE"
fi
if test $CONFIG_ES = 1
then
if test -z "$ES_URI"
then
function join_es_hosts {
echo -n "$1:9200"
shift
printf "%s," "${@/#/:9200}"
}
ES=$(getent ahostsv4 "$ES_HOSTNAME" | awk '{ print $1 }' | sort -u)
if test -z "$ES"
then
echo "Warning automatic elasticsearch host config fails"
else
ES_URI=http://$(join_es_hosts "$ES")
fi
fi
if test -n "$ES_URI"
then
echo "Using elasticsearch uri: $ES_URI"
echo "search.uri=\"$ES_URI\"" >> "$CONFIG_FILE"
else
echo elasticsearch host not configured
fi
fi
test -n "$JOB_DIRECTORY" && echo "job.directory=\"$JOB_DIRECTORY\"" >> "$CONFIG_FILE"
test -n "$DOCKER_JOB_DIRECTORY" && echo "job.dockerDirectory=\"$DOCKER_JOB_DIRECTORY\"" >> "$CONFIG_FILE"
test -n "$KUBERNETES_JOB_PVC" && echo "job.kubernetes.persistentVolumeClaimName=\"$KUBERNETES_JOB_PVC\"" >> "$CONFIG_FILE"
function join_urls {
echo -n "\"$1\""
shift
for U do echo -n ",\"$U\""; done
# printf ",\"%s\"" $@
}
test ${#ANALYZER_URLS} = 0 && ANALYZER_URLS+=("$DEFAULT_ANALYZER_URL")
echo "analyzer.urls=[$(join_urls "${ANALYZER_URLS[@]}")]" >> "$CONFIG_FILE"
test ${#RESPONDER_URLS} = 0 && RESPONDER_URLS+=("$DEFAULT_RESPONDER_URL")
echo "responder.urls=[$(join_urls "${RESPONDER_URLS[@]}")]" >> "$CONFIG_FILE"
echo 'include file("/etc/cortex/application.conf")' >> "$CONFIG_FILE"
fi
if test $START_DOCKER = 1
then
usermod --append --groups docker "$DAEMON_USER"
dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 &> /dev/null &
DOCKER_PID=$!
fi
echo config file is:
cat "$CONFIG_FILE"
touch /var/log/cortex/application.log
chown -R "$DAEMON_USER" /var/log/cortex
chown -R "$DAEMON_USER" /etc/cortex
chown -R "$DAEMON_USER" "$CONFIG_FILE"
test -e /var/run/docker.sock && chown "$DAEMON_USER" /var/run/docker.sock
if test -n "$JOB_DIRECTORY"
then
mkdir -p "$JOB_DIRECTORY"
chown -R "$DAEMON_USER" "$JOB_DIRECTORY"
fi
su "$DAEMON_USER" -c "bin/cortex \
-Dconfig.file=$CONFIG_FILE \
-Dlogger.file=/etc/cortex/logback.xml \
-Dpidfile.path=/dev/null \
$*"
test $START_DOCKER = 1 && kill ${DOCKER_PID}