I was writing a script the other day and had to generate a password and found the nifty tool call makepasswd.
makepasswd is a command that generate true random passwords using /dev/random.
To install you do
sudo apt-get install makepasswd
To generate a password you do
makepasswd
and if you want a 16 character password you do
makepasswd --chars 16
Monday, November 28, 2016
Monday, November 14, 2016
FIR (fast incident response) in docker
FIR (Fast Incident Response) is a project by CERT Société Générale. It is a nice system to do incident tracking and I use it on a regular basis for over a year now. After a year of daily use, I gathered the users and a series of issues and wanted features where expressed.
To make things go forward in an easy way I decided it was time to dockerize the installation so the end users can give quick feedback on features under development.
Although there is a Dockerfile in the repo, I decided to make my own based on the existing one:
# Dockerfile to build FIR container
# Original Dockerfile by Kyle Maxwell https://github.com/certsocietegenerale/FIR/blob/master/docker/Dockerfile
#
# to build: docker build -t fir .
# to run: docker run -d p 8000:8000 fir
# webinterface: http://x.x.x.x.:8000
#
# default administrator: admin
# default password: admin
# Based on ubuntu:latest
FROM ubuntu:16.04
MAINTAINER Erik Vanderhasselt
# Set environment variables
ENV DEBIAN_FRONTEND noninteractive
# Upgrade Ubuntu
RUN \
apt-get update && \
apt-get dist-upgrade -y && \
apt-get autoremove -y && \
apt-get clean
# Set the timezone
# https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1554806
RUN ln -fs /usr/share/zoneinfo/Europe/Brussels /etc/localtime
RUN dpkg-reconfigure -f noninteractive tzdata
# Install dependencies
RUN apt-get install -y python-dev
RUN apt-get install -y python-pip
RUN apt-get install -y python-lxml
RUN apt-get install -y git
RUN apt-get install -y libxml2-dev
RUN apt-get install -y libxslt1-dev
RUN apt-get install -y libz-dev
# Install the latest version of pip
RUN pip install --upgrade pip
# create the user and group
RUN groupadd -r fir
RUN useradd -r -g fir -d /home/fir -s /usr/sbin/nologin -c "FIR user" fir
# Download FIR from Github
WORKDIR /home
RUN mkdir /home/fir
RUN cd /home/fir
RUN git clone https://github.com/certsocietegenerale/FIR.git
RUN mv FIR fir
RUN chown -R fir:fir /home/fir
# install the requirements
WORKDIR /home/fir/FIR
# remove psycopg2==2.6.2 from requirements.txt since we are not using PostgreSQL
RUN sed '/^psycopg2/d' /home/fir/FIR/requirements.txt > /home/fir/FIR/req1.txt
# run pip
RUN pip install -r /home/fir/FIR/req1.txt
# prepare to run
USER fir
ENV HOME /home/fir
ENV USER fir
WORKDIR /home/fir/FIR
RUN ./manage.py migrate
RUN ./manage.py loaddata incidents/fixtures/seed_data.json
RUN ./manage.py loaddata incidents/fixtures/dev_users.json
###############################################################################
# make it run
EXPOSE 8000
ENTRYPOINT ["/home/fir/FIR/manage.py"]
CMD ["runserver", "0.0.0.0:8000"]
To build the container you do sudo docker build -t fir .
To run the container you do sudo docker run -d p 8000:8000 fir
To access fir you point your browser to http://localhost:8000, the default login is admin and the default password is admin too.
Now you have a nice system to record your incidents which is a good start but you need incident response procedures. If you got no idea what I am talking about I recommend you read up on the documents written by ENISA, NIST, CERT.org, etc.
To make things go forward in an easy way I decided it was time to dockerize the installation so the end users can give quick feedback on features under development.
Although there is a Dockerfile in the repo, I decided to make my own based on the existing one:
# Dockerfile to build FIR container
# Original Dockerfile by Kyle Maxwell https://github.com/certsocietegenerale/FIR/blob/master/docker/Dockerfile
#
# to build: docker build -t fir .
# to run: docker run -d p 8000:8000 fir
# webinterface: http://x.x.x.x.:8000
#
# default administrator: admin
# default password: admin
# Based on ubuntu:latest
FROM ubuntu:16.04
MAINTAINER Erik Vanderhasselt
# Set environment variables
ENV DEBIAN_FRONTEND noninteractive
# Upgrade Ubuntu
RUN \
apt-get update && \
apt-get dist-upgrade -y && \
apt-get autoremove -y && \
apt-get clean
# Set the timezone
RUN ln -fs /usr/share/zoneinfo/Europe/Brussels /etc/localtime
# Install dependencies
RUN apt-get install -y python-dev
RUN apt-get install -y python-pip
RUN apt-get install -y python-lxml
RUN apt-get install -y git
RUN apt-get install -y libxml2-dev
RUN apt-get install -y libxslt1-dev
RUN apt-get install -y libz-dev
# Install the latest version of pip
RUN pip install --upgrade pip
# create the user and group
RUN groupadd -r fir
RUN useradd -r -g fir -d /home/fir -s /usr/sbin/nologin -c "FIR user" fir
# Download FIR from Github
WORKDIR /home
RUN mkdir /home/fir
RUN cd /home/fir
RUN git clone https://github.com/certsocietegenerale/FIR.git
RUN mv FIR fir
RUN chown -R fir:fir /home/fir
# install the requirements
WORKDIR /home/fir/FIR
# remove psycopg2==2.6.2 from requirements.txt since we are not using PostgreSQL
RUN sed '/^psycopg2/d' /home/fir/FIR/requirements.txt > /home/fir/FIR/req1.txt
# run pip
RUN pip install -r /home/fir/FIR/req1.txt
# prepare to run
USER fir
ENV HOME /home/fir
ENV USER fir
WORKDIR /home/fir/FIR
RUN ./manage.py migrate
RUN ./manage.py loaddata incidents/fixtures/seed_data.json
RUN ./manage.py loaddata incidents/fixtures/dev_users.json
###############################################################################
# make it run
EXPOSE 8000
ENTRYPOINT ["/home/fir/FIR/manage.py"]
CMD ["runserver", "0.0.0.0:8000"]
To build the container you do sudo docker build -t fir .
To run the container you do sudo docker run -d p 8000:8000 fir
To access fir you point your browser to http://localhost:8000, the default login is admin and the default password is admin too.
Now you have a nice system to record your incidents which is a good start but you need incident response procedures. If you got no idea what I am talking about I recommend you read up on the documents written by ENISA, NIST, CERT.org, etc.
Subscribe to:
Posts (Atom)