forked from tsigouris007/Falcon-CrowdStrike-SIEM-Connector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
72 lines (53 loc) · 2.21 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
FROM --platform=linux/amd64 ubuntu:20.04
ENV WORKDIR="/home/user"
ARG CLIENT_ID=""
ARG CLIENT_SECRET=""
ARG API_BASE_URL=""
# The LOG_DIR has to be the directory until the LOG_FILE
# By default the LOG_FILE writes to stdout
# Example:
# LOG_DIR="/var/log/crowdstrike/falconhoseclient/"
# LOG_FILE="output"
ARG LOG_DIR=""
ARG LOG_FILE="/dev/stdout"
# Pass them to the environment
ENV LOG_DIR=$LOG_DIR
ENV LOG_FILE=$LOG_FILE
USER root
# Hack
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
# Not entirely necessary yet it doesn't harm
RUN apt-get clean autoclean && apt-get autoremove --yes
# Apt update + package installations
RUN apt-get update && apt-get install -y gettext-base curl
# Copy CrowdStrike deb package
COPY deb/crowdstrike-cs-falconhoseclient_2.18.0_amd64.deb "${WORKDIR}/crowdstrike.deb"
RUN dpkg -i "${WORKDIR}/crowdstrike.deb"
RUN if [ ! -z "${LOG_DIR}" ]; then mkdir -p "${LOG_DIR}"; fi
# Prepare a simple user instead of root
RUN groupadd -g 1000 user && useradd -r -u 1000 -g user user
RUN chown -R user:user /var/log/crowdstrike/falconhoseclient
RUN chmod -R 755 /var/log/crowdstrike/falconhoseclient
RUN chown -R user:user /opt/crowdstrike/etc
RUN if [ ! -z "${LOG_DIR}" ]; then chown -R user:user "${LOG_DIR}"; chmod -R 755 "${LOG_DIR}"; fi
WORKDIR "${WORKDIR}"
# Copy entrypoint
COPY entrypoint.sh "${WORKDIR}"
RUN chmod +x "${WORKDIR}/entrypoint.sh"
# Link the binary executables to /usr/bin
RUN ln -s /opt/crowdstrike/bin/cs.falconhoseclient /usr/bin/cs.falconhoseclient
RUN ln -s "${WORKDIR}/entrypoint.sh" /usr/bin/falconhoseclient
# Copy CrowdStrike configuration file
COPY cfg/cs.falconhoseclient.cfg.template "${WORKDIR}"
# Environment setup (if defined the values are used in the entrypoint)
COPY .env "${WORKDIR}"
# Install required certificates
# This step is not always required but it certainly avoids some problems
RUN curl -s -o /etc/ssl/certs/DigiCertHighAssuranceEVRootCA.crt https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
RUN curl -s -o /etc/ssl/certs/DigiCertAssuredIDRootCA.crt https://dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
# Change owner of workdir
RUN chown -R user:user "${WORKDIR}"
# Change to user
USER user
ENV PATH="${WORKDIR}:${PATH}"
ENTRYPOINT [ "falconhoseclient" ]