Reworked Dockerfile to be multiarch

2024-10-11 21:46:53 +00:00
parent 2b69f1feb2
commit ab05a7f239
2 changed files with 97 additions and 39 deletions
--- a/start.sh
+++ b/start.sh
@@ -1,38 +1,44 @@
 #!/bin/sh
-#check if folder was mounted under /data
-if [[ ! -d /data ]] ; then
+# Check if folder was mounted under /data
+if [ ! -d /data ]; then
    echo "[!] No Folder was mounted to /data"
-    echo "[=] Make sure a folder containig the Windows Logs (evtx) is mounted. Example:"
+    echo "[=] Make sure a folder containing the Windows Logs (evtx) is mounted. Example:"
    echo "[=]"
    echo "[>] # docker run -it --rm --network=none -v /path/to/logfiles:/data tabledevil/hayabusa"
    exit 1
 fi

-#check which destination is writeable /data or /output
-if [[ ! -f /output/notmounted ]] && [[ -w /output ]] ; then
-    echo "[!] Output folder was mounted and is writeable"
+# Check which destination is writable /data or /output
+if [ -w /output ]; then
+    echo "[!] Output folder was mounted and is writable"
    echo "[>] Using /output as destination for report"
    output="/output"
+elif [ -w /data ]; then
+    echo "[!] Mounted folder /data can be written"
+    echo "[>] Using /data as destination for report"
+    output="/data"
 else
-    if [[ -w /data ]] ; then
-        echo "[!] Mounted folder /data can be written"
-        echo "[>] Using /data as destination for report"
-        output="/data"
-    else
-        echo "[!] No writeable output folder available"
-        echo "[=] Make sure either the folder mounted under /data is writable ..."
-        echo "[>] # docker run -it --rm -v /path/to/logfiles:/data tabledevil/hayabusa"
-        echo "[=] ... or mount a writable folder to /output"
-        echo "[>] # docker run -it --rm -v --network=none /path/to/logfiles:/data:ro -v /path/for/report:/output tabledevil/hayabusa"
-        exit 1
-    fi
+    echo "[!] No writable output folder available"
+    echo "[=] Make sure either the folder mounted under /data is writable ..."
+    echo "[>] # docker run -it --rm -v /path/to/logfiles:/data tabledevil/hayabusa"
+    echo "[=] ... or mount a writable folder to /output"
+    echo "[>] # docker run -it --rm -v /path/to/logfiles:/data:ro -v /path/for/report:/output tabledevil/hayabusa"
+    exit 1
 fi

-#set output-destination
+# Set output destination
 outdir="${output}"
-output="${output}/hayabusa_$(date +%s)"
-echo "output is goint to : ${output}"
+timestamp=$(date +%s)
+output="${output}/hayabusa_${timestamp}"
+echo "Output is going to: ${output}"

-hayabusa csv-timeline -p timesketch-verbose -r /opt/hayabusa/rules/ -w -m low -U -H "${output}".html -o "${output}.ts.csv" -C -d /data
-hayabusa json-timeline -p verbose -r /opt/hayabusa/rules/ -w -L -o "${output}_takajo.jsonl" -d /data
-takajo automagic -t "${output}_takajo.jsonl" -o "${outdir}/takajo"
+# Run hayabusa with the included rules
+/opt/hayabusa/hayabusa csv-timeline -p timesketch-verbose -r /opt/hayabusa/rules/ -w -m low -U -H "${output}.html" -o "${output}.ts.csv" -C -d /data
+/opt/hayabusa/hayabusa json-timeline -p verbose -r /opt/hayabusa/rules/ -w -L -o "${output}_takajo.jsonl" -d /data
+
+# Check if takajo exists before running it
+if [ -x /opt/hayabusa/takajo ]; then
+    /opt/hayabusa/takajo automagic -t "${output}_takajo.jsonl" -o "${outdir}/takajo"
+else
+    echo "[!] Takajo is not available on this platform."
+fi