Python3 and ansible (#6)

Merging a new version that removes python3 and ansible builds, and exposes new BHR functionality to user control

.gitignore

@@ -0,0 +1,3 @@
+hpfeeds-bhr-testing.env
+docker-compose-testing.yml
+venv

.gitlab-ci.yml

@@ -25,6 +25,7 @@ pep8:
 
 build_container:
   stage: build
+  when: always
   tags:
     - container_scanning
   services:

Dockerfile

@@ -1,22 +1,22 @@
-FROM ubuntu:18.04
+FROM python:3.7
 
-LABEL maintainer Alexander Merck <[email protected]>
-LABEL maintainer Jesse Bowling <[email protected]>
+LABEL maintainer Team STINGAR <[email protected]>
 LABEL name "hpfeeds-bhr"
-LABEL version "0.1"
+LABEL version "1.9"
 LABEL release "1"
 LABEL summary "HPFeeds BHR handler"
 LABEL description "HPFeeds BHR handler is a tool for submitting black hole routes from honeypot events."
 LABEL authoritative-source-url "https://github.com/CommunityHoneyNetwork/hpfeeds-bhr"
 LABEL changelog-url "https://github.com/CommunityHoneyNetwork/hpfeeds-bhr/commits/master"
 
-ENV playbook "hpfeeds-bhr.yml"
+COPY requirements.txt /opt/requirements.txt
+ENV DEBIAN_FRONTEND "noninteractive"
 
-RUN apt-get update \
-       && apt-get install -y ansible
+RUN apt-get update && apt-get upgrade -y && apt-get install -y gcc git python3-dev python3-pip
+RUN pip3 install -r /opt/requirements.txt
+RUN pip3 install git+https://github.com/CommunityHoneyNetwork/hpfeeds3.git
 
-RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts
 ADD . /opt/
-RUN ansible-playbook /opt/${playbook}
+RUN chmod 755 /opt/entrypoint.sh
 
-ENTRYPOINT ["/usr/bin/runsvdir", "-P", "/etc/service"]
+ENTRYPOINT ["/opt/entrypoint.sh"]

docker-compose.yml

@@ -1,14 +1,15 @@
 version: '2'
 services:
   redis:
-    image: stingar/redis:1.7
-    volumes:
-      - ./storage/redis:/var/lib/redis:z
+    image: stingar/redis:1.8
+  mongodb:
+    image: stingar/mongodb:1.8
   hpfeeds-bhr:
     build:
       context: .
-    image: hpfeeds-bhr:ubuntu
-    volumes:
-      - ./hpfeeds-bhr.sysconfig:/etc/default/hpfeeds-bhr:z
+    image: hpfeeds-bhr:latest
+    env_file:
+      - hpfeeds-bhr.env
     links:
       - redis:redis
+      - mongodb:mongodb

entrypoint.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+trap "exit 130" SIGINT
+trap "exit 137" SIGKILL
+trap "exit 143" SIGTERM
+
+set -o nounset
+set -o pipefail
+
+
+main () {
+  python3 /opt/scripts/build_config.py
+  if [[ $? -ne 0 ]]
+  then
+      echo "Config build failed; verify config and then restart the container."
+      sleep 120
+      exit 1
+  fi
+  cat /opt/hpfeeds-bhr.cfg
+  python3 /opt/hpfeeds-bhr/feedhandler.py /opt/hpfeeds-bhr.cfg
+}
+
+main "$@"

hpfeeds-bhr.cfg.template

@@ -8,9 +8,13 @@ include_hp_tags = true
 ignore_cidr = 10.0.0.0/8
 
 [bhr]
-bhr_host = http://bhr
-bhr_token = bologna
-bhr_verify_ssl = False
-bhr_tags = ''
+bhr_host = localhost
+bhr_ident = chn
+bhr_token =
+bhr_username =
+bhr_password =
+bhr_ssl_no_verify = false
+bhr_timeout = 30
+bhr_duration = 3600
 bhr_cache_db = 1
 bhr_cache_expire = 300

hpfeeds-bhr.sysconfig → hpfeeds-bhr.env

@@ -1,26 +1,28 @@
-# This file is read from /etc/default/hpfeeds-bhr
-#
-# Defaults here are for containers, but can be adjusted
-# to customize the containers
+# Defaults are here, but can be adjusted to customize the containers
+# If a variable is commented out it should have sane defaults and you can safely ignore it
 
-HPFEEDS_HOST='hpfeeds'
-HPFEEDS_PORT=10000
-IDENT=hpfeeds-bhr-${RANDOM}
+#IDENT=hpfeeds-bhr
+#HPFEEDS_HOST=hpfeeds
+#HPFEEDS_PORT=10000
 
-MONGODB_HOST='mongodb'
-MONGODB_PORT=27017
+#MONGODB_HOST=mongodb
+#MONGODB_PORT=27017
 
-BHR_HOST='https://bhr'
-BHR_TOKEN=''
-BHR_VERIFY_SSL=False
-BHR_TAGS=''
+# Use either a token or a username + password below
+BHR_HOST=https://bhr
+BHR_TOKEN=
+#BHR_USERNAME=username
+#BHR_PASSWORD=password
+#BHR_IDENT=currently_broken_waiting_upstream_fix
+#BHR_SSL_NO_VERIFY=false
+#BHR_DURATION
 
 # Specify CIDR networks for which we should NOT submit to BHR
 # Useful for not reporting any locally compromised hosts and prepopulated with RFC1918 addresses
 IGNORE_CIDR="192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"
 
 # Include the honeypot specific tags in the comment for BHR
-INCLUDE_HP_TAGS=False
+# INCLUDE_HP_TAGS=False
 
 # ADVANCED: Specify the Redis database number to use for caching BHR submissions. This is only necessary when
 # running multiple BHR containers on the same host submitting to different instances. Note that hpfeeds-bhr defaults