tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-8753-13366-analizar-posibles-vulnerabilidades' into 'develop' 

clean old dockerfiles open

See merge request artica/pandorafms!5062
This commit is contained in:
Daniel Rodriguez 2022-09-01 11:34:31 +00:00
parent 855686772f 2fdb4f0302
commit bacf850cc3
9 changed files with 0 additions and 513 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
extras/Dockerfile
View File

@ -1,62 +0,0 @@
# Dockerfile for the Pandora FMS image.
FROM debian:jessie
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql
RUN mkdir /docker-entrypoint-initdb.d
# FATAL ERROR: please install the following Perl modules before executing /usr/local/mysql/scripts/mysql_install_db:
# File::Basename
# File::Copy
# Sys::Hostname
# Data::Dumper
RUN apt-get update && apt-get install -y perl pwgen git openssh-client --no-install-recommends && rm -rf /var/lib/apt/lists/*
# gpg: key 5072E1F5: public key "MySQL Release Engineering <mysql-build@oss.oracle.com>" imported
RUN apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys A4A9406876FCBD3C456770C88C718D3B5072E1F5
ENV MYSQL_MAJOR 5.6
ENV MYSQL_VERSION 5.6.29-1debian8
RUN echo "deb http://repo.mysql.com/apt/debian/ jessie mysql-${MYSQL_MAJOR}" > /etc/apt/sources.list.d/mysql.list
# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql)
# also, we set debconf keys to make APT a little quieter
RUN { \
echo mysql-community-server mysql-community-server/data-dir select ''; \
echo mysql-community-server mysql-community-server/root-pass password ''; \
echo mysql-community-server mysql-community-server/re-root-pass password ''; \
echo mysql-community-server mysql-community-server/remove-test-db select false; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y mysql-server="${MYSQL_VERSION}" && rm -rf /var/lib/apt/lists/* \
&& rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql
# comment out a few problematic configuration values
# don't reverse lookup hostnames, they are usually another container
RUN sed -Ei 's/^(bind-address|log)/#&/' /etc/mysql/my.cnf \
&& echo 'skip-host-cache\nskip-name-resolve' | awk '{ print } $1 == "[mysqld]" && c == 0 { c = 1; system("cat") }' /etc/mysql/my.cnf > /tmp/my.cnf \
&& mv /tmp/my.cnf /etc/mysql/my.cnf
VOLUME /var/lib/mysql
COPY docker-entrypoint.sh /entrypoint.sh
COPY pandora.cnf /etc/mysql/conf.d
COPY pandora_initdb.sh /docker-entrypoint-initdb.d
ENTRYPOINT ["/entrypoint.sh"]
# Make ssh dir
RUN mkdir /root/.ssh/
# Copy over private key, and set permissions
RUN echo "Host github.com\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config
RUN chown -R root:root /root/.ssh
#Clone the repo
RUN git config --global http.sslVerify false
RUN git clone -b develop --single-branch https://github.com/pandorafms/pandorafms.git /tmp/pandorafms
#RUN mv -f /tmp/pandorafms/pandora_console/pandoradb.sql /docker-entrypoint-initdb.d
#RUN mv -f /tmp/pandorafms/pandora_console/pandoradb_data.sql /docker-entrypoint-initdb.d
EXPOSE 3306
CMD ["mysqld"]

113
extras/docker-entrypoint.sh
View File

@ -1,113 +0,0 @@
#!/bin/bash
set -eo pipefail
# if command starts with an option, prepend mysqld
if [ "${1:0:1}" = '-' ]; then
set -- mysqld "$@"
fi
if [ "$1" = 'mysqld' ]; then
# Get config
DATADIR="$("$@" --verbose --help --log-bin-index=`mktemp -u` 2>/dev/null | awk '$1 == "datadir" { print $2; exit }')"
if [ ! -d "$DATADIR/mysql" ]; then
if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
echo >&2 'error: database is uninitialized and password option is not specified '
echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD'
exit 1
fi
mkdir -p "$DATADIR"
chown -R mysql:mysql "$DATADIR"
echo 'Initializing database'
mysql_install_db --user=mysql --datadir="$DATADIR" --rpm --keep-my-cnf
echo 'Database initialized'
"$@" --skip-networking &
pid="$!"
mysql=( mysql --protocol=socket -uroot )
for i in {30..0}; do
if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then
break
fi
echo 'MySQL init process in progress...'
sleep 1
done
if [ "$i" = 0 ]; then
echo >&2 'MySQL init process failed.'
exit 1
fi
if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
# sed is for https://bugs.mysql.com/bug.php?id=20545
mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
fi
if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
fi
"${mysql[@]}" <<-EOSQL
-- What's done in this file shouldn't be replicated
-- or products like mysql-fabric won't work
SET @@SESSION.SQL_LOG_BIN=0;
DELETE FROM mysql.user ;
CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ;
DROP DATABASE IF EXISTS test ;
FLUSH PRIVILEGES ;
EOSQL
if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
mysql+=( -p"${MYSQL_ROOT_PASSWORD}" )
fi
if [ "$MYSQL_DATABASE" ]; then
echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}"
mysql+=( "$MYSQL_DATABASE" )
fi
if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}"
if [ "$MYSQL_DATABASE" ]; then
echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
fi
echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}"
fi
echo
for f in /docker-entrypoint-initdb.d/*; do
case "$f" in
*.sh) echo "$0: running $f"; . "$f" ;;
*.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;;
*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;;
*) echo "$0: ignoring $f" ;;
esac
echo
done
if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then
"${mysql[@]}" <<-EOSQL
ALTER USER 'root'@'%' PASSWORD EXPIRE;
EOSQL
fi
if ! kill -s TERM "$pid" || ! wait "$pid"; then
echo >&2 'MySQL init process failed.'
exit 1
fi
echo
echo 'MySQL init process done. Ready for start up.'
echo
fi
chown -R mysql:mysql "$DATADIR"
fi
exec "$@"

57
extras/docker/Dockerfile
View File

@ -1,57 +0,0 @@
FROM pandorafms/pandorafms-base:centos7
# Build variables.
ARG BRANCH=develop
ARG DB_PASS=pandora
# Clone the Pandora FMS repo.
RUN git clone --depth 1 -b "$BRANCH" https://github.com/pandorafms/pandorafms.git /tmp/pandorafms || \
git clone --depth 1 -b develop https://github.com/pandorafms/pandorafms.git /tmp/pandorafms
# Install the Pandora FMS Server.
RUN cd /tmp/pandorafms/pandora_server && \
yes | ./pandora_server_installer --install && \
sed -i "s/^dbuser.*/dbuser root/" /etc/pandora/pandora_server.conf && \
sed -i "s/^dbpass.*/dbpass $DB_PASS/" /etc/pandora/pandora_server.conf
# Install the Pandora FMS Agent.
RUN cd /tmp/pandorafms/pandora_agents/unix && \
./pandora_agent_installer --install
# Set the server's name in Apache's configuration file to avoid warnings.
RUN sed -i "s/#ServerName.*/ServerName localhost:80/" /etc/httpd/conf/httpd.conf
# Install the Pandora FMS Console.
RUN rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql && \
mkdir -p /var/log/mysql/ && chown mysql. /var/log/mysql && \
chown mysql. -R /var/lib/mysql && \
sudo -u mysql mysqld --initialize --explicit_defaults_for_timestamp && \
sudo -u mysql mysqld --daemonize & \
sleep 50 && \
mysql_default_pass=$(cat /var/log/mysqld.log | grep "temporary password" | awk '{print $NF}') && \
mysqladmin -u root -p"$mysql_default_pass" --user=root password 'pandora' && \
httpd -k start && \
cp -r /tmp/pandorafms/pandora_console /var/www/html && \
chown -R apache.apache /var/www/html/pandora_console/ && \
python /tmp/pandorafms/tests/install_console.py
# Redirect HTTP requests to / to the Pandora FMS Console.
RUN echo '<meta http-equiv="refresh" content="0;url=/pandora_console">' > /var/www/html/index.html
# Create the entrypoint script.
RUN echo -e '#/bin/bash\n \
sudo -u mysql mysqld --daemonize &&\n \
httpd -k start &&\n \
/usr/sbin/crond &&\n \
/etc/init.d/pandora_agent_daemon start && \
/etc/init.d/pandora_server start && \
tail -f /var/log/pandora/pandora_server.log' \
>> /entrypoint.sh && \
chmod +x /entrypoint.sh
# Clean-up.
RUN rm -rf /tmp/pandorafms
RUN yum clean all
EXPOSE 80 3306 41121
ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]

4
extras/docker/build_and_push.sh
View File

@ -1,4 +0,0 @@
#!/bin/bash
docker build --rm=true --pull --no-cache --build-arg BRANCH="develop" --build-arg DB_PASS="pandora" -t pandorafms/pandorafms:7 . && \
[ "$QA_ENV" == "" ] && \
docker push pandorafms/pandorafms:7

15
pandora_console/DB_Dockerfile
View File

@ -1,15 +0,0 @@
FROM mysql:5.5
MAINTAINER Pandora FMS Team <info@pandorafms.com>
WORKDIR /pandorafms/pandora_console
ADD pandoradb.sql /docker-entrypoint-initdb.d
ADD pandoradb_data.sql /docker-entrypoint-initdb.d
RUN chown mysql /docker-entrypoint-initdb.d
ENV MYSQL_DATABASE=pandora
RUN echo " \n\
sed -i \"1iUSE \$MYSQL_DATABASE\" /docker-entrypoint-initdb.d/pandoradb.sql \n\
sed -i \"1iUSE \$MYSQL_DATABASE\" /docker-entrypoint-initdb.d/pandoradb_data.sql \n\
" >> /docker-entrypoint-initdb.d/create_pandoradb.sh

62
pandora_console/Dockerfile
View File

@ -1,62 +0,0 @@
FROM centos:centos6
MAINTAINER Pandora FMS Team <info@pandorafms.com>
RUN { \
echo '[EPEL]'; \
echo 'name = CentOS Epel'; \
echo 'baseurl = http://dl.fedoraproject.org/pub/epel/6/x86_64'; \
echo 'enabled=1'; \
echo 'gpgcheck=0'; \
} > /etc/yum.repos.d/extra_repos.repo
RUN { \
echo '[artica_pandorafms]'; \
echo 'name=CentOS6 - PandoraFMS official repo'; \
echo 'baseurl=http://artica.es/centos6'; \
echo 'gpgcheck=0'; \
echo 'enabled=1'; \
} > /etc/yum.repos.d/pandorafms.repo
RUN yum -y update; yum clean all;
RUN yum install -y \
git \
httpd \
cronie \
ntp \
openldap \
nfdump \
wget \
curl \
openldap \
plymouth \
xterm \
php \
php-gd \
graphviz \
php-mysql \
php-pear-DB \
php-pear \
php-pdo \
php-mbstring \
php-ldap \
php-snmp \
php-ldap \
php-common \
php-zip \
nmap \
net-snmp-utils \
mod_ssl \
xprobe2
#Clone the repo
RUN git clone -b develop https://github.com/pandorafms/pandorafms.git /tmp/pandorafms
#Exposing ports for: HTTP, SNMP Traps, Tentacle protocol
EXPOSE 80 162/udp 443 41121
# Simple startup script to avoid some issues observed with container restart
ADD docker_entrypoint.sh /entrypoint.sh
RUN chmod -v +x /entrypoint.sh
CMD ["/entrypoint.sh"]

80
pandora_console/docker_entrypoint.sh
View File

@ -1,80 +0,0 @@
#!/bin/bash
set -e
if [ -n "$MYSQL_PORT_3306_TCP" ]; then
if [ -z "$PANDORA_DB_HOST" ]; then
PANDORA_DB_HOST='mysql'
else
echo >&2 'warning: both PANDORA_DB_HOST and MYSQL_PORT_3306_TCP found'
echo >&2 " Connecting to PANDORA_DB_HOST ($PANDORA_DB_HOST)"
echo >&2 ' instead of the linked mysql container'
fi
fi
if [ -z "$PANDORA_DB_HOST" ]; then
echo >&2 'error: missing PANDORA_DB_HOST and MYSQL_PORT_3306_TCP environment variables'
echo >&2 ' Did you forget to --link some_mysql_container:mysql or set an external db'
echo >&2 ' with -e PANDORA_DB_HOST=hostname:port?'
exit 1
fi
# if we're linked to MySQL and thus have credentials already, let's use them
: ${PANDORA_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}
if [ "$PANDORA_DB_USER" = 'root' ]; then
: ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD}
fi
: ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD}
if [ -z "$PANDORA_DB_NAME" ]; then
: ${PANDORA_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-pandora}}
fi
if [ -z "$PANDORA_DB_PASSWORD" ]; then
echo >&2 'error: missing required PANDORA_DB_PASSWORD environment variable'
echo >&2 ' Did you forget to -e PANDORA_DB_PASSWORD=... ?'
echo >&2
echo >&2 ' (Also of interest might be PANDORA_DB_USER and PANDORA_DB_NAME.)'
exit 1
fi
mv -f /tmp/pandorafms/pandora_console /var/www/html
cd /var/www/html/pandora_console/include
cat > config.php <<- 'EOF'
<?php
$config["dbtype"] = "mysql";
$config["homedir"]="/var/www/html/pandora_console"; // Config homedir
$config["homeurl"]="/pandora_console"; // Base URL
$config["homeurl_static"]="/pandora_console"; // Don't delete
error_reporting(E_ALL);
$ownDir = dirname(__FILE__) . DIRECTORY_SEPARATOR;
EOF
echo "\$config[\"dbname\"]=\"$PANDORA_DB_NAME\";" >> config.php
echo "\$config[\"dbuser\"]=\"$PANDORA_DB_USER\";" >> config.php
echo "\$config[\"dbpass\"]=\"$PANDORA_DB_PASSWORD\";" >> config.php
echo "\$config[\"dbhost\"]=\"$PANDORA_DB_HOST\";" >> config.php
echo "include (\$ownDir . \"config_process.php\");" >> config.php
echo "?>" >> config.php
echo "Granting apache permissions to the console directory"
chown -R apache:apache /var/www/html/pandora_console
chmod 600 /var/www/html/pandora_console/include/config.php
# Customize php.iniA
echo "Configuring Pandora FMS elements and depending services"
sed "s/.*error_reporting =.*/error_reporting = E_ALL \& \~E_DEPRECATED \& \~E_NOTICE \& \~E_USER_WARNING/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini
sed "s/.*max_execution_time =.*/max_execution_time = 0/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini
sed "s/.*max_input_time =.*/max_input_time = -1/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini
sed "s/.*upload_max_filesize =.*/upload_max_filesize = 800M/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini
sed "s/.*memory_limit =.*/memory_limit = 800M/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini
sed "s/.*post_max_size =.*/post_max_size = 100M/" /etc/php.ini > /tmp/php.ini && mv /tmp/php.ini /etc/php.ini
cd /var/www/html/pandora_console && mv -f install.php install.php.done
#Create the pandora user
/usr/sbin/useradd -d /home/pandora -s /bin/false -M -g 0 pandora
#Rock n' roll!
/etc/init.d/crond start &
/etc/init.d/ntpd start &
rm -rf /run/httpd/*
exec /usr/sbin/apachectl -D FOREGROUND

66
pandora_server/Dockerfile
View File

@ -1,66 +0,0 @@
FROM centos:centos6
MAINTAINER Pandora FMS Team <info@pandorafms.com>
RUN { \
echo '[EPEL]'; \
echo 'name = CentOS Epel'; \
echo 'baseurl = http://dl.fedoraproject.org/pub/epel/6/x86_64'; \
echo 'enabled=1'; \
echo 'gpgcheck=0'; \
} > /etc/yum.repos.d/extra_repos.repo
RUN { \
echo '[artica_pandorafms]'; \
echo 'name=CentOS6 - PandoraFMS official repo'; \
echo 'baseurl=http://artica.es/centos6'; \
echo 'gpgcheck=0'; \
echo 'enabled=1'; \
} > /etc/yum.repos.d/pandorafms.repo
RUN yum -y update; yum clean all;
RUN yum install -y \
git \
cronie \
ntp \
wget \
curl \
xterm \
postfix \
wmic \
perl-HTML-Tree \
perl-DBI \
perl-DBD-mysql \
perl-libwww-perl \
perl-XML-Simple \
perl-XML-SAX \
perl-NetAddr-IP \
net-snmp \
net-tools \
perl-IO-Socket-INET6 \
perl-Socket6 \
nmap \
sudo \
xprobe2 \
make \
perl-CPAN \
perl-JSON \
net-snmp-perl \
perl-Time-HiRes \
perl-XML-Twig \
perl-Encode-Locale \
net-snmp \
net-snmp-utils
#Clone the repo
RUN git clone -b develop https://github.com/pandorafms/pandorafms.git /tmp/pandorafms
#Exposing ports for: Tentacle protocol
EXPOSE 41121
# Simple startup script to avoid some issues observed with container restart
ADD docker_entrypoint.sh /entrypoint.sh
RUN chmod -v +x /entrypoint.sh
CMD ["/entrypoint.sh"]

54
pandora_server/docker_entrypoint.sh
View File

@ -1,54 +0,0 @@
#!/bin/bash
set -e
if [ -n "$MYSQL_PORT_3306_TCP" ]; then
if [ -z "$PANDORA_DB_HOST" ]; then
PANDORA_DB_HOST='mysql'
else
echo >&2 'warning: both PANDORA_DB_HOST and MYSQL_PORT_3306_TCP found'
echo >&2 " Connecting to PANDORA_DB_HOST ($PANDORA_DB_HOST)"
echo >&2 ' instead of the linked mysql container'
fi
fi
if [ -z "$PANDORA_DB_HOST" ]; then
echo >&2 'error: missing PANDORA_DB_HOST and MYSQL_PORT_3306_TCP environment variables'
echo >&2 ' Did you forget to --link some_mysql_container:mysql or set an external db'
echo >&2 ' with -e PANDORA_DB_HOST=hostname:port?'
exit 1
fi
# if we're linked to MySQL and thus have credentials already, let's use them
: ${PANDORA_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}
if [ "$PANDORA_DB_USER" = 'root' ]; then
: ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_ROOT_PASSWORD}
fi
: ${PANDORA_DB_PASSWORD:=$MYSQL_ENV_MYSQL_PASSWORD}
if [ -z "$PANDORA_DB_NAME" ]; then
: ${PANDORA_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-pandora}}
fi
if [ -z "$PANDORA_DB_PASSWORD" ]; then
echo >&2 'error: missing required PANDORA_DB_PASSWORD environment variable'
echo >&2 ' Did you forget to -e PANDORA_DB_PASSWORD=... ?'
echo >&2
echo >&2 ' (Also of interest might be PANDORA_DB_USER and PANDORA_DB_NAME.)'
exit 1
fi
#Create the pandora user, mainly
/usr/sbin/useradd -d /home/pandora -s /bin/false -M -g 0 pandora
cd /tmp/pandorafms/pandora_server && ./pandora_server_installer --install
#Configure the Pandora FMS Server to connect to the database
sed -i "s/dbname pandora/dbname $PANDORA_DB_NAME/g" /etc/pandora/pandora_server.conf
sed -i "s/dbpass pandora/dbpass $PANDORA_DB_PASSWORD/g" /etc/pandora/pandora_server.conf
sed -i "s/dbuser pandora/dbuser $PANDORA_DB_USER/g" /etc/pandora/pandora_server.conf
sed -i "s/dbhost 127.0.0.1/dbhost $PANDORA_DB_HOST/g" /etc/pandora/pandora_server.conf
#Rock n' roll!
/etc/init.d/crond start &
/etc/init.d/ntpd start &
/etc/init.d/postfix start &
/etc/init.d/tentacle_serverd start &
/usr/bin/pandora_server /etc/pandora/pandora_server.conf