2019-09-16 23:00:18 +02:00
|
|
|
FROM ubuntu:bionic
|
2018-07-22 00:11:52 +02:00
|
|
|
LABEL maintainer "Jessie Frazelle <jess@linux.com>"
|
|
|
|
|
2019-09-16 23:00:18 +02:00
|
|
|
ENV DEBIAN_FRONTEND noninteractive
|
|
|
|
|
2018-07-22 00:11:52 +02:00
|
|
|
RUN apt-get update && apt-get install -y \
|
2019-09-16 23:00:18 +02:00
|
|
|
apt-transport-https \
|
2018-07-22 00:11:52 +02:00
|
|
|
ca-certificates \
|
2019-09-16 23:00:18 +02:00
|
|
|
curl \
|
|
|
|
gnupg2 \
|
|
|
|
libc++1 \
|
2019-09-17 00:07:14 +02:00
|
|
|
tar \
|
|
|
|
xz-utils \
|
2018-07-22 00:11:52 +02:00
|
|
|
--no-install-recommends \
|
2019-09-16 23:00:18 +02:00
|
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
|
|
&& curl -sSL https://apt.kitware.com/keys/kitware-archive-latest.asc | apt-key add - \
|
|
|
|
&& echo 'deb https://apt.kitware.com/ubuntu/ bionic main' > /etc/apt/sources.list.d/cmake.list
|
2018-07-22 00:11:52 +02:00
|
|
|
|
2020-05-15 07:50:38 +02:00
|
|
|
ENV OSQUERY_VERSION 4.3.0
|
2018-07-22 00:11:52 +02:00
|
|
|
|
|
|
|
RUN buildDeps=' \
|
2019-09-16 23:00:18 +02:00
|
|
|
bison \
|
2019-07-25 01:25:48 +02:00
|
|
|
clang \
|
|
|
|
cmake \
|
2019-09-16 23:00:18 +02:00
|
|
|
flex \
|
2019-07-25 01:25:48 +02:00
|
|
|
git \
|
|
|
|
libc++-dev \
|
|
|
|
libc++abi-dev \
|
|
|
|
liblzma-dev \
|
2019-09-16 23:00:18 +02:00
|
|
|
libssl-dev \
|
2019-07-25 01:25:48 +02:00
|
|
|
llvm \
|
|
|
|
make \
|
|
|
|
python \
|
|
|
|
python3 \
|
2018-07-22 00:11:52 +02:00
|
|
|
' \
|
|
|
|
&& set -x \
|
|
|
|
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
|
|
|
|
&& rm -rf /var/lib/apt/lists/* \
|
2019-07-25 03:07:44 +02:00
|
|
|
&& mkdir -p /usr/src/osquery/build /usr/share/osquery \
|
2019-07-25 01:25:48 +02:00
|
|
|
&& git clone --branch "${OSQUERY_VERSION}" --depth 1 https://github.com/osquery/osquery.git /usr/src/osquery/src \
|
|
|
|
&& cd /usr/src/osquery \
|
|
|
|
&& ls -la src/ \
|
|
|
|
&& cd build \
|
2019-09-17 00:07:14 +02:00
|
|
|
&& curl -sSL https://github.com/osquery/osquery-toolchain/releases/download/1.0.0/osquery-toolchain-1.0.0.tar.xz | tar -xJ -C /usr/local \
|
|
|
|
&& cmake -DOSQUERY_TOOLCHAIN_SYSROOT=/usr/local/osquery-toolchain ../src \
|
|
|
|
&& cmake --build . \
|
2019-07-25 03:07:44 +02:00
|
|
|
&& mv osquery/osqueryd /usr/bin \
|
|
|
|
&& mv package/linux/osqueryctl /usr/bin \
|
2019-09-17 18:10:17 +02:00
|
|
|
&& mkdir -p /usr/share/osquery/certs \
|
|
|
|
&& cp ../src/tools/deployment/certs.pem /usr/share/osquery/certs/ \
|
2018-07-22 00:11:52 +02:00
|
|
|
&& apt-get purge -y --auto-remove $buildDeps \
|
2019-07-25 03:07:44 +02:00
|
|
|
&& chmod a+x /usr/bin/osquery* \
|
|
|
|
&& cp -r /usr/src/osquery/src/packs /usr/share/osquery/
|
2018-07-22 00:11:52 +02:00
|
|
|
|
|
|
|
COPY osquery.example.conf /etc/osquery/osquery.conf
|
|
|
|
|
|
|
|
ENV HOME /home/user
|
2019-07-25 03:07:44 +02:00
|
|
|
RUN mkdir -p /var/osquery /var/log/osquery \
|
2019-07-25 01:25:48 +02:00
|
|
|
&& useradd --create-home --home-dir $HOME user \
|
2018-07-22 00:11:52 +02:00
|
|
|
&& chown -R user:user $HOME /etc/osquery /var/osquery /usr/share/osquery /var/log/osquery
|
|
|
|
|
|
|
|
WORKDIR $HOME
|
|
|
|
|
|
|
|
USER user
|
|
|
|
|
|
|
|
ENTRYPOINT [ "osqueryd", "--pidfile", "/home/user/osqueryd.pidfile" ]
|
|
|
|
CMD [ "--config_path=/etc/osquery/osquery.conf", "--verbose", "--docker_socket=/var/run/docker.sock", "--host_identifier=hostname", "--disable_distributed=false", "--distributed_plugin=tls" ]
|