first commit
This commit is contained in:
tabledevil
17
Dockerfile
Normal file
17
Dockerfile
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
FROM alpine as builder
|
||||||
|
ADD 'https://github.com/Yamato-Security/hayabusa/releases/download/v2.10.1/hayabusa-2.10.1-all-platforms.zip' /hayabusa.zip
|
||||||
|
RUN apk add -U unzip git
|
||||||
|
RUN mkdir /opt/hayabusa && cd /opt/hayabusa && unzip /hayabusa.zip
|
||||||
|
RUN chmod +x /opt/hayabusa/hayabusa-2.10.1-lin-musl
|
||||||
|
RUN ln /opt/hayabusa/hayabusa-2.10.1-lin-musl /opt/hayabusa/hayabusa
|
||||||
|
RUN chmod +x /opt/hayabusa/hayabusa
|
||||||
|
RUN /opt/hayabusa/hayabusa update-rules -r /opt/hayabusa/rules/
|
||||||
|
|
||||||
|
From alpine
|
||||||
|
COPY --from=0 /opt/hayabusa /opt/hayabusa
|
||||||
|
ENV PATH="${PATH}:/opt/hayabusa"
|
||||||
|
RUN apk add -U bash
|
||||||
|
WORKDIR /data
|
||||||
|
RUN mkdir /output && touch /output/notmounted
|
||||||
|
ADD start.sh /root/start.sh
|
||||||
|
CMD ["/bin/bash","/root/start.sh"]
|
||||||
35
start.sh
Normal file
35
start.sh
Normal file
@@ -0,0 +1,35 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#check if folder was mounted under /data
|
||||||
|
if [[ ! -d /data ]] ; then
|
||||||
|
echo "[!] No Folder was mounted to /data"
|
||||||
|
echo "[=] Make sure a folder containig the Windows Logs (evtx) is mounted. Example:"
|
||||||
|
echo "[=]"
|
||||||
|
echo "[>] # docker run -it --rm -v /path/to/logfiles:/data tabledevil/apthunter"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#check which destination is writeable /data or /output
|
||||||
|
if [[ ! -f /output/notmounted ]] && [[ -w /output ]] ; then
|
||||||
|
echo "[!] Output folder was mounted and is writeable"
|
||||||
|
echo "[>] Using /output as destination for report"
|
||||||
|
output="/output"
|
||||||
|
else
|
||||||
|
if [[ -w /data ]] ; then
|
||||||
|
echo "[!] Mounted folder /data can be written"
|
||||||
|
echo "[>] Using /data as destination for report"
|
||||||
|
output="/data"
|
||||||
|
else
|
||||||
|
echo "[!] No writeable output folder available"
|
||||||
|
echo "[=] Make sure either the folder mounted under /data is writable ..."
|
||||||
|
echo "[>] # docker run -it --rm -v /path/to/logfiles:/data tabledevil/apthunter"
|
||||||
|
echo "[=] ... or mount a writable folder to /output"
|
||||||
|
echo "[>] # docker run -it --rm -v /path/to/logfiles:/data:ro -v /path/for/report:/output tabledevil/apthunter"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
#set output-destination
|
||||||
|
output="${output}/hayabusa_$(date +%s)"
|
||||||
|
echo "output is goint to : ${output}"
|
||||||
|
|
||||||
|
hayabusa csv-timeline -p timesketch-verbose -r /opt/hayabusa/rules/ -w -m low -U -H "${output}".html -o "${output}.ts.csv" -C -d /data
|
||||||
Reference in New Issue
Block a user