-
Notifications
You must be signed in to change notification settings - Fork 7
/
Dockerfile
94 lines (81 loc) · 2.3 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#
# This Docker image encapsulates Calamity A Tool to Automate Memory Analysis using Volatility
# Thanks to remnux as this Dockerfile is based off their Volatility Dockerfile
#
# To run this image after installing Docker, use the following command:
# sudo docker run --rm -it -v ~/memdumps:/home/nonroot/memdumps hestat/calamity bash
#
# Before running Volatility, create the ~/memdumps directory and make it world-accessible
# (“chmod a+xwr").
FROM ubuntu:18.04
MAINTAINER Hestat (@laskow26)
# Install packages from apt repository
USER root
RUN apt-get -qq update && apt-get install -y \
automake \
build-essential \
git \
ipython \
libbz2-dev \
libc6-dev \
libfreetype6-dev \
libgdbm-dev \
libjansson-dev \
libjpeg8-dev \
libmagic-dev \
libreadline-gplv2-dev \
libtool \
python2.7 \
python-dev \
python-pillow \
python-pip \
tar \
unzip \
wget \
zlib1g \
zlib1g-dev \
clamav \
libssl-dev && \
# Ensure we're using Python 2.7
ln -fs /usr/bin/python2.7 /usr/bin/python
# Install additional dependencies
RUN pip install distorm3 \
openpyxl \
pycrypto \
pytz
# Retrieve remaining dependencies
RUN cd /tmp && \
wget -O yara-v3.10.0.tar.gz "https://github.com/VirusTotal/yara/archive/v3.10.0.tar.gz" && \
wget -O calamity.zip "https://github.com/Hestat/calamity/archive/master.zip" && \
# If hashes OK, install Yara and prepare Volatility setup
unzip calamity.zip && \
cd calamity-master && \
./install.sh && \
cd /tmp && \
tar vxzf yara-v3.10.0.tar.gz && \
cd yara-3.10.0 && \
./bootstrap.sh && \
./configure && \
make && \
make install && \
#fix clamav setup and install sigs
chown clamav. /var/log/clamav/freshclam.log && \
freshclam && \
# Add nonroot user and setup environment
groupadd -r nonroot && \
useradd -r -g nonroot -d /home/nonroot -s /sbin/nologin -c "Nonroot User" nonroot && \
mkdir /home/nonroot && \
# Setup Volatility
cd /opt/calamity/volatility/ && \
chmod +x vol.py && \
ln -fs /opt/calamity/volatility/vol.py /usr/local/bin/ && \
chown -R nonroot:nonroot /home/nonroot
# Clean up
RUN apt-get remove -y --purge automake build-essential libtool && \
apt-get autoremove -y --purge && \
apt-get clean -y && \
rm -rf /var/lib/apt/lists/*
USER nonroot
ENV HOME /home/nonroot
ENV USER nonroot
WORKDIR /home/nonroot/