├── Dockerfile ├── LICENSE ├── README.md └── scripts ├── buildmoloch.sh └── startmoloch.sh /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:jessie 2 | MAINTAINER kost - https://github.com/kost 3 | 4 | RUN apt-get -qq update && \ 5 | apt-get install -yq wget curl libpcre3-dev uuid-dev libmagic-dev pkg-config g++ flex bison zlib1g-dev libffi-dev gettext libgeoip-dev make libjson-perl libbz2-dev libwww-perl libpng-dev xz-utils libffi-dev python git openjdk-7-jdk libssl-dev && \ 6 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* 7 | 8 | # add scripts 9 | ADD /scripts /data/ 10 | RUN chmod 755 /data/startmoloch.sh && chmod 755 /data/buildmoloch.sh 11 | RUN /data/buildmoloch.sh /data/moloch-git 12 | 13 | # VOLUME ["/data/moloch/logs","/data/moloch/data","/data/moloch/raw","/data/pcap"] 14 | VOLUME ["/data/pcap"] 15 | EXPOSE 8005 16 | WORKDIR /data/moloch 17 | 18 | ENTRYPOINT ["/data/startmoloch.sh"] 19 | 20 | 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 kost 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # k0st/moloch 2 | 3 | Docker Moloch container 4 | 5 | Image is based on the [debian](https://registry.hub.docker.com/u/debian/) base image 6 | 7 | ## Docker image size 8 | 9 | [![Latest](https://badge.imagelayers.io/k0st/moloch.svg)](https://imagelayers.io/?images=k0st/moloch:latest 'latest') 10 | 11 | ## Docker image usage 12 | 13 | ``` 14 | docker run k0st/moloch [capture] 15 | ``` 16 | 17 | ## Examples 18 | 19 | Run capture on docker container eth0 interface: 20 | 21 | ``` 22 | docker run k0st/moloch capture 23 | ``` 24 | 25 | Run viewer and import pcap to analyze: 26 | 27 | ``` 28 | docker run -v /path/to/host/pcap:/data/pcap:rw k0st/moloch 29 | docker exec containerid /data/moloch/bin/moloch-capture -r /data/pcap/sniff.pcap -t mysniff 30 | ``` 31 | -------------------------------------------------------------------------------- /scripts/buildmoloch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | mkdir -p /data/pcap 4 | 5 | if [ -z $1 ]; then 6 | BUILDDIR=/data/moloch-git 7 | else 8 | BUILDDIR=$1 9 | fi 10 | 11 | echo "git clone" 12 | git clone https://github.com/aol/moloch.git $BUILDDIR 13 | echo "cd to dir and build" 14 | cd $BUILDDIR 15 | USEPFRING=no ESMEM="512M" DONOTSTART=yes MOLOCHUSER=daemon GROUPNAME=daemon PASSWORD=0mgMolochDockerRules5 INTERFACE=eth0 BATCHRUN=yes ./easybutton-singlehost.sh 16 | killall java 17 | echo "Giving ES time to shut itself" 18 | sleep 5 19 | 20 | -------------------------------------------------------------------------------- /scripts/startmoloch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | MOLOCHDIR=/data/moloch 4 | 5 | echo "Starting elasticsearch..." 6 | cd $MOLOCHDIR/bin 7 | ./run_es.sh 8 | 9 | echo "Giving ES time to start..." 10 | sleep 5 11 | until curl -sS 'http://127.0.0.1:9200/_cluster/health?wait_for_status=yellow&timeout=5s' 12 | do 13 | echo "Waiting for ES to start" 14 | sleep 1 15 | done 16 | echo 17 | 18 | if [ -z $1 ]; then 19 | echo "Not starting capture, start capturing with giving 'capture' parameter" 20 | else 21 | echo "Starting capture on default interface. Change /data/moloch/etc/config.ini" 22 | nohup ./run_capture.sh 23 | fi 24 | 25 | echo 26 | echo "How to import pcap?" 27 | echo " - docker start -v /path/to/host/dir/with/pcap:/data/pcap:rw k0st/moloch" 28 | echo " - docker exec container_id /data/moloch/bin/moloch-capture -r /data/pcap/sniff.pcap -t mysniff --copy" 29 | echo 30 | echo "PLEASE ignore error about mising log file. It's standard moloch start script" 31 | echo "Starting viewer. Go with https to port 8005 of container." 32 | ./run_viewer.sh 33 | --------------------------------------------------------------------------------