irt/docker_file_analysis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Restructure Dockerfiles and add Oh My Zsh support

Browse Source 
Major changes:
- Dockerfile now builds the REMnux-based image (was Dockerfile.remnux)
- Removed redundant Dockerfile.remnux
- Dockerfile.scratch builds from Ubuntu 20.04 (from scratch variant)
- Updated Makefile to reflect new structure:
  - 'make build' for REMnux-based (default)
  - 'make build-scratch' for Ubuntu-based
  - Removed kali references
  - Simplified targets and naming

Zsh improvements:
- Added Oh My Zsh auto-installation on first run
- Pre-install Oh My Zsh in Docker images for remnux user
- Custom prompt with 🔍 indicator for analysis work
- Fallback to minimal config for system users
- Includes plugins: git, docker, command-not-found, colored-man-pages
- Welcome message shows only once per session
- No more first-time configuration prompts

Shell experience:
- bash (default) - traditional, reliable
- zsh - now with Oh My Zsh, custom theme, plugins
- fish - friendly interactive shell

All shells include help aliases and analysis shortcuts.
This commit is contained in:
Tobias Kessels
2025-10-01 13:22:54 +02:00
parent b98aaee3e0
commit ef4253c9a0
5 changed files with 265 additions and 406 deletions
Download Patch File Download Diff File Expand all files Collapse all files

203
Dockerfile.scratch
View File

@@ -1,212 +1,111 @@
# Build File Analysis Container from scratch using Ubuntu 20.04
# This provides full control over package selection and configuration
FROM ubuntu:20.04
ARG CAST_VER=0.16.22
USER root
WORKDIR /tmp
RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
apt-get install -y wget gnupg git && \
wget https://github.com/ekristen/cast/releases/download/v${CAST_VER}/cast-v${CAST_VER}-linux-amd64.deb && \
dpkg -i /tmp/cast-v${CAST_VER}-linux-amd64.deb && \
cast install --mode cloud --user remnux remnux && \
rm -rf /root/.cache/* && \
unset DEBIAN_FRONTEND && \
rm /tmp/cast-v${CAST_VER}-linux-amd64.deb
ENV TERM=linux
WORKDIR /home/remnux
RUN mkdir /var/run/sshd
LABEL maintainer="tabledevil"
LABEL description="File Analysis toolkit built from Ubuntu 20.04 base"
USER root
ARG DEBIAN_FRONTEND=noninteractive
ENV TZ=Europe/Berlin
# Install essential system utilities
# Install additional system packages that REMnux doesn't include
RUN apt-get update && apt-get install -y \
apt-transport-https \
build-essential \
ca-certificates \
curl \
git \
gnupg \
software-properties-common \
sudo \
tzdata \
wget \
&& rm -rf /var/lib/apt/lists/*
# Install Python and Node.js repositories
RUN apt-get update && apt-get install -y \
python3 \
python3-pip \
python3-dev \
python3-setuptools \
python3-wheel \
python3-lxml \
npm \
&& rm -rf /var/lib/apt/lists/*
# Install Ruby
RUN apt-get update && apt-get install -y \
ruby \
ruby-dev \
&& rm -rf /var/lib/apt/lists/*
# Install PowerShell
RUN wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb \
&& dpkg -i packages-microsoft-prod.deb \
&& rm packages-microsoft-prod.deb \
&& apt-get update \
&& apt-get install -y powershell \
&& rm -rf /var/lib/apt/lists/*
# Install core analysis tools
RUN apt-get update && apt-get install -y \
autoconf \
binutils \
binwalk \
busybox \
catdoc \
docx2txt \
exiftool \
fd-find \
file \
fish \
foremost \
fzf \
hexedit \
imagemagick \
jq \
libboost-python-dev \
libboost-thread-dev \
libjpeg-dev \
libreoffice \
libssl-dev \
libtool \
mc \
mpack \
osslsigncode \
p7zip-full \
pdftk \
pev \
pipx \
pkg-config \
ripgrep \
sqlite3 \
ssdeep \
tesseract-ocr \
unrtf \
unzip \
upx-ucl \
xxd \
yara \
zsh \
zsh-autosuggestions \
zsh-syntax-highlighting \
&& rm -rf /var/lib/apt/lists/*
# Configure pip
# Configure pip
ENV PYTHONDONTWRITEBYTECODE=1
ADD pip.conf /etc/pip.conf
# Upgrade pip
RUN python3 -m pip install --upgrade pip
# Install PowerShell PSScriptAnalyzer module
RUN pwsh -NoProfile -Command "Install-Module -Name PSScriptAnalyzer -Force"
# Install Didier Stevens Suite (PDF analysis tools)
RUN git clone https://github.com/DidierStevens/DidierStevensSuite /opt/didierstevenssuite \
&& chmod +x /opt/didierstevenssuite/*py \
&& ln -s /opt/didierstevenssuite/pdfid.py /usr/local/bin/pdfid.py \
&& ln -s /opt/didierstevenssuite/pdf-parser.py /usr/local/bin/pdf-parser.py \
&& ln -s /opt/didierstevenssuite/oledump.py /usr/local/bin/oledump.py \
&& ln -s /opt/didierstevenssuite/rtfdump.py /usr/local/bin/rtfdump.py
# Install Python analysis tools
RUN python3 -m pip install --break-system-packages \
psutil \
oletools \
pefile \
python-magic \
pytz \
requests \
six
# Install PDF tools via Ruby
RUN gem install origami
# Configure ImageMagick for PDF processing
RUN sed -i '/PDF/s/"none"/"read|write"/' /etc/ImageMagick-6/policy.xml
# Install PyPy for performance-critical tasks
RUN wget -O- https://downloads.python.org/pypy/pypy2.7-v7.3.5-linux64.tar.bz2 | tar -C /opt/ -xvj \
&& ln -s /opt/pypy2.7-v7.3.5-linux64/bin/pypy /usr/local/bin/pypy
# Install pypy pip
RUN pypy -m ensurepip && pypy -m pip install -U pip
# Install Mandiant CAPA for malware analysis
RUN wget -O- https://github.com/mandiant/capa/releases/download/v7.4.0/capa-v7.4.0-linux.zip | busybox unzip -d /usr/bin - \
&& chmod +x /usr/bin/capa
# Install JavaScript sandbox
RUN npm install box-js --global --production
# Setup pipx environment
ENV PIPX_HOME=/opt/pipx
ENV PIPX_BIN_DIR=/usr/local/bin
# Install tools via pipx for isolation
# Install unfurl & dependencies via pipx (for URL analysis)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps dfir-unfurl \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx inject dfir-unfurl requests six maclookup
# Install visidata via pipx (for data exploration)
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps visidata
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps oletools
# Install offline help and cheat sheet tools
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat \
&& PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps cheat
# Removed navi - focus on tldr and cheat for reliable help system
RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --include-deps tldr
# Create data directory and set permissions
RUN mkdir -p /data \
&& chown remnux:remnux /data
# Create remnux user (matching REMnux convention)
RUN groupadd -g 1000 -r remnux && \
useradd -u 1000 -r -g remnux -d /home/remnux -s /bin/bash -c "REMnux User" remnux && \
mkdir -p /home/remnux && \
chown -R remnux:remnux /home/remnux
# Create data directory
RUN mkdir -p /data && chown remnux:remnux /data
# Add documentation and help system
# Add documentation and streamlined help system
ADD files/README /opt/README
ADD files/command_help /opt/command_help
ADD files/zshrc /etc/zsh/zshrc
ADD files/fish_config.fish /etc/fish/conf.d/remnux.fish
# Add helper scripts
ADD scripts/create-offline-help-system.sh /usr/local/bin/create-offline-help-system.sh
ADD scripts/find-tool /usr/local/bin/find-tool
ADD scripts/fhelp /usr/local/bin/fhelp
ADD scripts/import-remnux-cheatsheets.sh /usr/local/bin/import-remnux-cheatsheets.sh
ADD scripts/convert-remnux-cheats.py /usr/local/bin/convert-remnux-cheats.py
ADD scripts/add-tool-cheats.sh /usr/local/bin/add-tool-cheats.sh
ADD scripts/check-help-coverage.sh /usr/local/bin/check-help-coverage.sh
# Create offline help system
RUN chmod +x /usr/local/bin/create-offline-help-system.sh \
/usr/local/bin/find-tool \
/usr/local/bin/fhelp \
/usr/local/bin/import-remnux-cheatsheets.sh \
/usr/local/bin/convert-remnux-cheats.py \
/usr/local/bin/add-tool-cheats.sh \
/usr/local/bin/check-help-coverage.sh \
# Create streamlined offline help system (tldr + cheat)
RUN chmod +x /usr/local/bin/create-offline-help-system.sh /usr/local/bin/find-tool /usr/local/bin/fhelp /usr/local/bin/import-remnux-cheatsheets.sh \
&& chmod +x /usr/local/bin/convert-remnux-cheats.py /usr/local/bin/add-tool-cheats.sh \
&& /usr/local/bin/create-offline-help-system.sh \
&& /usr/local/bin/add-tool-cheats.sh
# Update bashrc with welcome message
# Install Oh My Zsh for remnux user
RUN su - remnux -c 'sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended' || true
# Update bashrc with welcome message and comprehensive help info
RUN echo 'cat /opt/README' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'echo "📚 Help System:"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp - File analysis help"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp cheat <tool> - Command examples"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp tools pdf - Find PDF tools"' >> /etc/bash.bashrc \
&& echo 'echo "📚 Comprehensive Help System:"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp - Complete file analysis help"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp tools pdf - Find PDF analysis tools"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp cheat pdfid.py - Show command examples"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp examples - Browse all examples"' >> /etc/bash.bashrc \
&& echo 'echo " fhelp pdf - PDF analysis workflow"' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'echo " Shells: bash (default), zsh (with Oh My Zsh), fish"' >> /etc/bash.bashrc \
&& echo 'echo ""' >> /etc/bash.bashrc \
&& echo 'alias analyse="fhelp"' >> /etc/bash.bashrc \
&& echo 'alias ?="fhelp"' >> /etc/bash.bashrc
# Set environment
# Switch to remnux user (REMnux default user)
USER remnux
ENV LANG=en_US.UTF-8
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/didierstevenssuite:/opt/pypy2.7-v7.3.5-linux64/bin:/home/remnux/.local/bin
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/remnux/.local/bin
WORKDIR /data
CMD ["/bin/bash"]