├── compose └── ntopng │ ├── README.md │ └── docker-compose.yml ├── Dockerfile.cento ├── Dockerfile.nprobe.dev ├── Dockerfile.nprobe ├── Dockerfile.n2disk ├── Dockerfile.pfring ├── Dockerfile.nscrub ├── Dockerfile.ntap.dev ├── Dockerfile.nprobe_arm64.dev ├── Dockerfile.ntopng_arm64.dev ├── Dockerfile.ntopng.debian11.dev ├── Dockerfile.ntopng.dev ├── Dockerfile.ntopng ├── README.md └── install_geoipupdate.sh /compose/ntopng/README.md: -------------------------------------------------------------------------------- 1 | # Sample ntopng Docker Compose Configuration 2 | 3 | This folder contains a sample `compose.yml` Docker Compose configuration file used to run 4 | ntopng and ClickHouse for [historic flows](https://www.ntop.org/guides/ntopng/clickhouse.html) 5 | as 2 Docker containers. Container images from [Dockerhub](https://hub.docker.com/u/ntop) are used. 6 | 7 | Run the containers: 8 | 9 | ``` 10 | sudo docker-compose up -d 11 | ``` 12 | 13 | Stop the containers: 14 | 15 | ``` 16 | sudo docker-compose down 17 | ``` 18 | -------------------------------------------------------------------------------- /Dockerfile.cento: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | RUN apt-get update && \ 5 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 && \ 6 | wget -q https://packages.ntop.org/apt-stable/24.04/all/apt-ntop-stable.deb && \ 7 | dpkg -i apt-ntop-stable.deb && \ 8 | apt-get clean all 9 | 10 | RUN apt-get update && \ 11 | apt-get -y install cento 12 | 13 | RUN echo '#!/bin/bash\ncento "$@" $NTOP_CONFIG' > /run.sh && \ 14 | chmod +x /run.sh 15 | 16 | ENTRYPOINT ["/run.sh"] 17 | -------------------------------------------------------------------------------- /Dockerfile.nprobe.dev: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | RUN apt-get update && \ 7 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 && \ 8 | wget -q https://packages.ntop.org/apt/24.04/all/apt-ntop.deb && \ 9 | dpkg -i apt-ntop.deb && \ 10 | apt-get clean all 11 | 12 | RUN apt-get update && \ 13 | apt-get -y install nprobe 14 | 15 | RUN echo '#!/bin/bash\nnprobe "$@" $NTOP_CONFIG' > /run.sh && \ 16 | chmod +x /run.sh 17 | 18 | ENTRYPOINT ["/run.sh"] 19 | -------------------------------------------------------------------------------- /Dockerfile.nprobe: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | RUN apt-get update && \ 7 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 && \ 8 | wget -q https://packages.ntop.org/apt-stable/24.04/all/apt-ntop-stable.deb && \ 9 | dpkg -i apt-ntop-stable.deb && \ 10 | apt-get clean all 11 | 12 | RUN apt-get update && \ 13 | apt-get -y install nprobe 14 | 15 | RUN echo '#!/bin/bash\nnprobe "$@" $NTOP_CONFIG' > /run.sh && \ 16 | chmod +x /run.sh 17 | 18 | ENTRYPOINT ["/run.sh"] 19 | -------------------------------------------------------------------------------- /Dockerfile.n2disk: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | RUN apt-get update && \ 7 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 && \ 8 | wget -q https://packages.ntop.org/apt-stable/24.04/all/apt-ntop-stable.deb && \ 9 | dpkg -i apt-ntop-stable.deb && \ 10 | apt-get clean all 11 | 12 | RUN apt-get update && \ 13 | apt-get -y install n2disk 14 | 15 | RUN echo '#!/bin/bash\nn2disk "$@" $NTOP_CONFIG' > /run.sh && \ 16 | chmod +x /run.sh 17 | 18 | ENTRYPOINT ["/run.sh"] 19 | -------------------------------------------------------------------------------- /Dockerfile.pfring: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | RUN apt-get update && \ 7 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 && \ 8 | wget -q https://packages.ntop.org/apt-stable/24.04/all/apt-ntop-stable.deb && \ 9 | dpkg -i apt-ntop-stable.deb && \ 10 | apt-get clean all 11 | 12 | RUN apt-get update && \ 13 | apt-get -y install pfring 14 | 15 | RUN echo '#!/bin/bash\nset -e\nexec "$@" $NTOP_CONFIG' > /run.sh && \ 16 | chmod +x /run.sh 17 | 18 | ENTRYPOINT ["/run.sh"] 19 | 20 | -------------------------------------------------------------------------------- /Dockerfile.nscrub: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | 6 | RUN apt-get update && \ 7 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 && \ 8 | wget -q https://packages.ntop.org/apt-stable/24.04/all/apt-ntop-stable.deb && \ 9 | dpkg -i apt-ntop-stable.deb && \ 10 | apt-get clean all 11 | 12 | RUN apt-get update && \ 13 | apt-get -y install nscrub 14 | 15 | RUN echo '#!/bin/bash\nnscrub "$@" $NTOP_CONFIG' > /run.sh && \ 16 | chmod +x /run.sh 17 | 18 | EXPOSE 8880 19 | 20 | ENTRYPOINT ["/run.sh"] 21 | -------------------------------------------------------------------------------- /Dockerfile.ntap.dev: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | RUN apt-get update && \ 5 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 && \ 6 | wget -q https://packages.ntop.org/apt/24.04/all/apt-ntop.deb && \ 7 | dpkg -i apt-ntop.deb && \ 8 | apt-get clean all 9 | 10 | RUN apt-get update && \ 11 | echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ 12 | apt-get -y install ntap 13 | 14 | RUN echo '#!/bin/bash\nntap_remote "$@" $NTOP_CONFIG' > /run.sh && \ 15 | chmod +x /run.sh 16 | 17 | ENTRYPOINT ["/run.sh"] 18 | -------------------------------------------------------------------------------- /Dockerfile.nprobe_arm64.dev: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN apt-get update \ 4 | && apt-get -y -q install \ 5 | software-properties-common \ 6 | wget \ 7 | whiptail \ 8 | lsb-release \ 9 | gnupg \ 10 | libelf1 \ 11 | && wget -q http://packages.ntop.org/RaspberryPI/apt-ntop.deb \ 12 | && apt-get -y -q install ./apt-ntop.deb \ 13 | && rm ./apt-ntop.deb \ 14 | && apt-get update \ 15 | && apt-get -y -q install nprobe \ 16 | && apt-get clean all \ 17 | && rm -rf /var/lib/apt/lists/* 18 | 19 | RUN echo '#!/bin/bash\nnprobe "$@" $NTOP_CONFIG' > /run.sh && \ 20 | chmod +x /run.sh 21 | 22 | ENTRYPOINT ["/run.sh"] 23 | -------------------------------------------------------------------------------- /Dockerfile.ntopng_arm64.dev: -------------------------------------------------------------------------------- 1 | FROM debian:bookworm-slim 2 | 3 | RUN apt-get update \ 4 | && apt-get -y -q install \ 5 | software-properties-common \ 6 | wget \ 7 | whiptail \ 8 | lsb-release \ 9 | gnupg \ 10 | libelf1 \ 11 | && wget -q http://packages.ntop.org/RaspberryPI/apt-ntop.deb \ 12 | && apt-get -y -q install ./apt-ntop.deb \ 13 | && rm ./apt-ntop.deb \ 14 | && apt-get update \ 15 | && apt-get -y -q install \ 16 | ntopng \ 17 | libcap2 \ 18 | libzstd1 \ 19 | && apt-get clean all \ 20 | && rm -rf /var/lib/apt/lists/* 21 | 22 | RUN echo '#!/bin/bash\n/etc/init.d/redis-server start\nntopng "$@" $NTOP_CONFIG' > /run.sh \ 23 | && chmod +x /run.sh 24 | 25 | EXPOSE 3000 26 | 27 | ENTRYPOINT ["/run.sh"] 28 | -------------------------------------------------------------------------------- /compose/ntopng/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | ntopng: 3 | image: ntop/ntopng:stable 4 | hostname: ntop 5 | container_name: ntop 6 | restart: always 7 | network_mode: host 8 | # Port mapping (disable network_mode: host) 9 | #ports: 10 | # - 3000:3000 11 | volumes: 12 | - /etc/ntopng.license:/etc/ntopng.license:ro 13 | - ntopng_redis:/var/lib/redis 14 | command: [ '-i', 'tcp://*:5556c', '-F', 'clickhouse', '--disable-login', '1' ] 15 | depends_on: 16 | - clickhouse 17 | 18 | clickhouse: 19 | image: clickhouse/clickhouse-server:latest 20 | hostname: clickhouse 21 | container_name: clickhouse 22 | restart: always 23 | network_mode: host 24 | volumes: 25 | - clickhouse_data:/var/lib/clickhouse 26 | - clickhouse_logs:/var/log/clickhouse-server 27 | 28 | volumes: 29 | clickhouse_data: 30 | clickhouse_logs: 31 | ntopng_redis: 32 | -------------------------------------------------------------------------------- /Dockerfile.ntopng.debian11.dev: -------------------------------------------------------------------------------- 1 | FROM debian:bullseye 2 | MAINTAINER ntop.org 3 | 4 | ENV DEBIAN_FRONTEND noninteractive 5 | 6 | RUN apt-get update && \ 7 | apt-get -y -q install wget whiptail lsb-release gnupg libelf1 && \ 8 | wget -q https://packages.ntop.org/apt/bullseye/all/apt-ntop.deb && \ 9 | apt install ./apt-ntop.deb && \ 10 | apt-get clean all 11 | 12 | RUN apt-get update && \ 13 | apt-get -y -q install apt-transport-https ca-certificates dirmngr && \ 14 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 8919F6BD2B48D754 && \ 15 | echo "deb https://packages.clickhouse.com/deb stable main" | tee /etc/apt/sources.list.d/clickhouse.list && \ 16 | apt-get update && \ 17 | apt-get -y -q install clickhouse-client 18 | 19 | RUN apt-get update && \ 20 | echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ 21 | apt-get -y install ntopng ntopng-data 22 | 23 | RUN echo '#!/bin/bash\n/etc/init.d/redis-server start\nntopng "$@" $NTOP_CONFIG' > /run.sh && \ 24 | chmod +x /run.sh 25 | 26 | EXPOSE 3000 27 | 28 | ENTRYPOINT ["/run.sh"] 29 | -------------------------------------------------------------------------------- /Dockerfile.ntopng.dev: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | ENV TZ=UTC 6 | 7 | RUN apt-get update && \ 8 | apt-get -y -q install software-properties-common wget whiptail lsb-release gnupg libelf1 tzdata && \ 9 | wget -q https://packages.ntop.org/apt/24.04/all/apt-ntop.deb && \ 10 | dpkg -i apt-ntop.deb && \ 11 | apt-get clean all 12 | 13 | RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && \ 14 | dpkg-reconfigure --frontend noninteractive tzdata 15 | 16 | RUN apt-get update && \ 17 | apt-get -y -q install apt-transport-https ca-certificates dirmngr && \ 18 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 8919F6BD2B48D754 && \ 19 | echo "deb https://packages.clickhouse.com/deb stable main" | tee /etc/apt/sources.list.d/clickhouse.list && \ 20 | apt-get update && \ 21 | apt-get -y -q install clickhouse-client 22 | 23 | RUN apt-get update && \ 24 | echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ 25 | apt-get -y install ntopng ntopng-data 26 | 27 | RUN echo '#!/bin/bash\n/etc/init.d/redis-server start\nntopng "$@" $NTOP_CONFIG' > /run.sh && \ 28 | chmod +x /run.sh 29 | 30 | EXPOSE 3000 31 | 32 | ENTRYPOINT ["/run.sh"] 33 | -------------------------------------------------------------------------------- /Dockerfile.ntopng: -------------------------------------------------------------------------------- 1 | FROM ubuntu:24.04 2 | MAINTAINER ntop.org 3 | 4 | ARG DEBIAN_FRONTEND=noninteractive 5 | ENV TZ=UTC 6 | 7 | RUN apt-get update && \ 8 | apt-get -y -q install apt-utils software-properties-common wget whiptail lsb-release gnupg libelf1 tzdata && \ 9 | wget -q https://packages.ntop.org/apt-stable/24.04/all/apt-ntop-stable.deb && \ 10 | dpkg -i apt-ntop-stable.deb && \ 11 | apt-get clean all 12 | 13 | RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone && \ 14 | dpkg-reconfigure --frontend noninteractive tzdata 15 | 16 | RUN apt-get update && \ 17 | apt-get -y -q install apt-transport-https ca-certificates dirmngr && \ 18 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 8919F6BD2B48D754 && \ 19 | echo "deb https://packages.clickhouse.com/deb stable main" | tee /etc/apt/sources.list.d/clickhouse.list && \ 20 | apt-get update && \ 21 | apt-get -y -q install clickhouse-client 22 | 23 | RUN apt-get update && \ 24 | echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \ 25 | apt-get -y install ntopng ntopng-data 26 | 27 | RUN echo '#!/bin/bash\n/etc/init.d/redis-server start\nntopng "$@" $NTOP_CONFIG' > /run.sh && \ 28 | chmod +x /run.sh 29 | 30 | EXPOSE 3000 31 | 32 | ENTRYPOINT ["/run.sh"] 33 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ntop Dockerfiles 2 | 3 | This repository contains configuration files used to generate Docker images registered on [Dockerhub](https://hub.docker.com/u/ntop). 4 | 5 | ## Prerequisites 6 | 7 | In order to use the PF_RING tools or take advantage of the PF_RING acceleration when using the ntop 8 | applications, the PF_RING kernel module and drivers need to be loaded on the host system. Please 9 | read the instructions in the [PF_RING User's Guide](http://www.ntop.org/guides/pf_ring/get_started/index.html) 10 | and [Using PF_RING with Docker](https://www.ntop.org/guides/pf_ring/containers/docker.html) 11 | 12 | ## License Note 13 | 14 | Commercial ntop tools require a license which is based on a system identifier which is computed on locally attached network interfaces and other hardware components. If you want to use within all the Docker containers the same license generated for the host OS, the containers must use [host networking](https://docs.docker.com/network/host/) and map the license file from the host. Example: 15 | 16 | ```bash 17 | docker run -it --net=host -v /etc/nprobe.license:/etc/nprobe.license nprobe -i eth1 18 | ``` 19 | 20 | For docker-compose, see the [Compose file reference](https://docs.docker.com/compose/compose-file/compose-file-v3/#network_mode). 21 | 22 | ### Cloud License 23 | 24 | When running a Cloud license, the application needs to connect to the Cloud and the cloud.conf configuration file is required. Please create it in the container or map the cloud.conf file from the host. Example: 25 | 26 | ```bash 27 | docker run -it --net=host -v /etc/nprobe.license:/etc/nprobe.license -v /etc/ntop/cloud.conf:/etc/ntop/cloud.conf:ro nprobe -i eth1 28 | ``` 29 | 30 | # Docker Compose 31 | 32 | The following is an example `compose.yml` configuration file to create containers for ntopng, 33 | an nProbe collector, and a ClickHouse server for [historic flows](https://www.ntop.org/guides/ntopng/clickhouse.html) (included with Enterprise L or better). 34 | A sample configuration file for running ntopng and ClickHouse is also available under compose/ntopng. 35 | 36 | Example `compose.yml` file: 37 | ``` 38 | services: 39 | nprobe_collector: 40 | image: ntop/nprobe:stable 41 | restart: always 42 | network_mode: "host" 43 | volumes: 44 | - /etc/nprobe.license:/etc/nprobe.license:ro 45 | command: ['nprobe', '--zmq', '"tcp://ntopng:5556"', '--interface', 'none', '-n', 'none', '--collector-port', '2055', '-T', '"@NTOPNG@"', '--collector-passthrough'] 46 | 47 | ntopng: 48 | image: ntop/ntopng:latest 49 | restart: always 50 | network_mode: "host" 51 | volumes: 52 | - /etc/ntopng.license:/etc/ntopng.license:ro 53 | command: ['--interface', 'tcp://*:5556c', '-F', 'clickhouse', '--disable-login'] # , '--insecure'] 54 | depends_on: 55 | - clickhouse 56 | - nprobe_collector 57 | 58 | clickhouse: 59 | image: clickhouse/clickhouse-server:latest 60 | network_mode: "host" 61 | restart: always 62 | volumes: 63 | - clickhouse_data:/var/lib/clickhouse 64 | - clickhouse_logs:/var/log/clickhouse-server/ 65 | 66 | volumes: 67 | clickhouse_data: 68 | clickhouse_logs: 69 | 70 | ``` 71 | 72 | # PF_RING Tools 73 | 74 | ## Install and Run 75 | 76 | ```bash 77 | docker build -t pfring -f Dockerfile.pfring . 78 | docker run --net=host pfring pfcount -i eno1 79 | ``` 80 | 81 | If you want to use a ZC interface, you need to access the license file from the container, 82 | you can use the -v|--volume option for this: 83 | 84 | ```bash 85 | docker run --net=host -v 001122334455:/etc/pf_ring/001122334455 pfring pfcount -i zc:eth1 86 | ``` 87 | 88 | For additional info please read the [PF_RING User's Guide](http://www.ntop.org/guides/pf_ring/containers/docker.html) 89 | 90 | # ntopng 91 | 92 | ## Install and Run 93 | 94 | ```bash 95 | docker build -t ntopng -f Dockerfile.ntopng . 96 | docker run -it --net=host ntopng -i eno1 97 | ``` 98 | 99 | # nProbe 100 | 101 | ## Install and Run 102 | 103 | ```bash 104 | docker build -t nprobe -f Dockerfile.nprobe . 105 | docker run -it --net=host nprobe -i eno1 106 | ``` 107 | 108 | # nTap 109 | 110 | ## Install and Run 111 | 112 | ```bash 113 | docker build -t nprobe -f Dockerfile.ntap.dev . 114 | docker run -it --net=host ntap -i eth0 -c :1234 -k my_pwd 115 | ``` 116 | # nProbe Cento 117 | 118 | ## Install and Run 119 | 120 | ```bash 121 | docker build -t cento -f Dockerfile.cento . 122 | docker run -it --net=host cento -i eno1 123 | ``` 124 | 125 | # n2disk 126 | 127 | ## Install and Run 128 | 129 | ```bash 130 | docker build -t n2disk -f Dockerfile.n2disk . 131 | docker run -it --cap-add IPC_LOCK --net=host n2disk -i eno1 -o /tmp 132 | ``` 133 | 134 | Note: IPC_LOCK is required to use the Direct IO support in n2disk, which required mlock. 135 | 136 | # nScrub 137 | 138 | ## Install and Run 139 | 140 | ```bash 141 | docker build -t nscrub -f Dockerfile.nscrub . 142 | docker run -it --net=host nscrub -i eth1 -o eth2 143 | ``` 144 | 145 | Note: you can configure the application license sharing the license file with the container, 146 | you can do this using the -v|--volume option. This applies to all the applications. 147 | 148 | ```bash 149 | docker run -it --net=host -v $(pwd)/nscrub.license:/etc/nscrub.license nscrub -i eth1 -o eth2 150 | ``` 151 | 152 | # `NTOP_CONFIG` environment variable 153 | 154 | You can pass configuration options also via the `NTOP_CONFIG` environment variable, using the `-e` option. This applies to all the applications. 155 | 156 | ```bash 157 | docker run -it -e NTOP_CONFIG="-i eno1" --net=host ntopng 158 | ``` 159 | 160 | ## ARM 161 | Whenever the verion of the OS changes, please make sure the docker file for ARM64 is updated 162 | -------------------------------------------------------------------------------- /install_geoipupdate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # ======================= RUNTIME VARIABLES ======================= 4 | 5 | # Modify these variables with your credentials. 6 | # The GitHub credentials are not strictly necessary, if you're within 60 daily API requests limit. 7 | # Leave empty or as default placeholders if that is the case. 8 | # GeoIP credentials are mandatory. You need at least MaxMind GeoLite2 free account to generate license keys. 9 | # If these are not specified here, you'd have to manually modify the /usr/local/etc/GeoIP.conf file before 10 | # running geoipupdate to download / update database(s). 11 | # More details here: 12 | # https://dev.maxmind.com/geoip/geolite2-free-geolocation-data#accessing-geolite2-free-geolocation-data 13 | GITHUB_USERNAME=your_github_username_here 14 | GITHUB_TOKEN=your_github_token_here 15 | GEOIP_ACCOUNT_ID=your_geoip_account_here 16 | GEOIP_LICENSE_KEY=your_geoip_license_here 17 | 18 | # ======================= RUNTIME CONSTANTS ======================= 19 | 20 | # Runtime constants for text formatting 21 | RED='\033[0;31m' 22 | RED_X='\033[0;31mx\033[0m' 23 | GREEN='\033[0;32m' 24 | GREEN_TICK='\033[0;32m*\033[0m' 25 | NC='\033[0m' 26 | 27 | # ===================== FUNCTION DECLARATIONS ===================== 28 | 29 | # FUNCTION: Download geoipupdate package from GitHub 30 | geoip_download () { 31 | if [ ! -f "/$GITHUB_ASSET_FILE" ]; then 32 | echo "[i] Downloading file $GITHUB_ASSET_FILE"; 33 | if wget --quiet --show-progress $GITHUB_ASSSET_URL; then 34 | echo -e "[${GREEN_TICK}] File downloaded."; 35 | else 36 | echo -e "[${RED_X}] Download ${RED}failed.${NC} Exiting."; 37 | exit 126; 38 | fi 39 | fi 40 | } 41 | 42 | # FUNCTION: Download checksums and validate downloaded archive file. Exit if unable to validate. 43 | geoip_checksum () { 44 | if [ ! -f "/checksums-darwin-linux.txt" ]; then 45 | echo "[i] Downloading checksums"; 46 | if wget --quiet --show-progress $GITHUB_XSUM_URL; then 47 | echo -e "[${GREEN_TICK}] File downloaded."; 48 | if grep -q `shasum -a 256 $GITHUB_ASSET_FILE` checksums-darwin-linux.txt; then 49 | echo -e "[${GREEN_TICK}] Checksum validated."; 50 | else 51 | echo -e "[${RED_X}] ${RED}Invalid${NC} checksum. ${RED}Unable${NC} to validate downloaded file. Exiting."; 52 | cleanup 53 | exit 126; 54 | fi 55 | else 56 | echo -e "[${RED_X}] Download ${RED}failed. Unable${NC} to validate checksums. Exiting."; 57 | exit 126; 58 | fi 59 | fi 60 | } 61 | 62 | # FUNCTION: Create missing directory structure 63 | create_dirs () { 64 | if [ ! -d /usr/share/GeoIP ]; then 65 | printf "[i] "; 66 | mkdir -pv /usr/share/GeoIP; 67 | fi 68 | } 69 | 70 | # FUNCTION: Install geoipupdate executable into recommended /usr/local/bin 71 | install_exec () { 72 | # Detect if geoipupdate already installed and which version 73 | if [ -x "/usr/local/bin/geoipupdate" ]; then 74 | GEOIP_VERSION=`geoipupdate -V 2>&1 | grep -i geoipupdate | sed -e 's/geoipupdate //gi'`; fi 75 | # note: 2>&1 necessary, because -V outputs to stderr instead of stdout for some reason 76 | # No version installed => install 77 | if [ -z ${GEOIP_VERSION:+x} ]; then 78 | echo -e "[i] geoipupdate not detected or version not found. Getting it."; 79 | else 80 | # Same version installed => skip 81 | if [ $GITHUB_LATEST_VERSION = $GEOIP_VERSION ]; then 82 | echo -e "[${RED_X}] geoipupdate ${GREEN}$GITHUB_LATEST_VERSION${NC} already ${RED}installed.${NC} Skipping."; 83 | return 1; 84 | # Other version installed => replace 85 | else 86 | echo -e "[i] Installed geoipupdate version is ${RED}$GEOIP_VERSION${NC}, will update binary to ${GREEN}$GITHUB_LATEST_VERSION${NC}."; 87 | fi 88 | fi 89 | geoip_download 90 | geoip_checksum 91 | echo -e "[i] Installing geoipupdate ${GREEN}$GITHUB_LATEST_VERSION${NC} executable..." 92 | tar -zxf $GITHUB_ASSET_FILE \ 93 | -C /usr/local/bin --wildcards --strip-components 1 --no-anchored '*geoipupdate' 94 | RESULT=$? 95 | if [ $RESULT = "0" ]; then 96 | echo -e "[${GREEN_TICK}] Done."; 97 | return 0; 98 | else 99 | echo -e "[${RED_X}] geoipupdate executable ${RED}could not${NC} be installed. Exiting."; 100 | cleanup; 101 | exit 126; 102 | fi 103 | } 104 | 105 | # FUNCTION: install GeoIP.conf config file into recommended /usr/local/etc 106 | install_conf () { 107 | if [ ! -f "/usr/local/etc/GeoIP.conf" ]; then 108 | echo -e "[i] GeoIP.conf config file not detected. Getting it."; 109 | geoip_download; 110 | geoip_checksum; 111 | echo "[i] Installing GeoIP.conf config file..."; 112 | tar -zxf $GITHUB_ASSET_FILE \ 113 | -C /usr/local/etc --wildcards --strip-components 1 --no-anchored '*GeoIP.conf' 114 | RESULT=$? 115 | if [ $RESULT = "0" ]; then 116 | echo -e "[${GREEN_TICK}] Done."; 117 | modify_conf; 118 | return 0; 119 | else 120 | echo -e "[${RED_X}] GeoIP.conf ${RED}could not${NC} be installed. Exiting."; 121 | cleanup; 122 | exit 126; 123 | fi 124 | else 125 | echo -e "[${RED_X}] GeoIP.conf config file ${RED}detected,${NC} will leave it as it is."; 126 | fi 127 | } 128 | 129 | # FUNCTION: Modify default GeoIP.conf with user credentials and recommended settings 130 | modify_conf () { 131 | echo "[i] Setting up /usr/local/etc/GeoIP.conf..." 132 | sed -i -e '/^EditionIDs/s/$/ GeoLite2-ASN/' \ 133 | -e '/^# DatabaseDirectory/s/^# //' \ 134 | -e '/^DatabaseDirectory/s+/usr/local/share/GeoIP+/usr/share/GeoIP+' /usr/local/etc/GeoIP.conf 135 | if [ -z ${GEOIP_ACCOUNT_ID:+x} ] || [ $GEOIP_ACCOUNT_ID = "your_geoip_account_here" ] || \ 136 | [ -z ${GEOIP_LICENSE_KEY:+x} ] || [ $GEOIP_LICENSE_KEY = "your_geoip_license_here" ]; then 137 | echo -e "[${RED_X}] MaxMind GeoIP credentials ${RED}not found${NC}, manually modify /usr/local/etc/GeoIP.conf before"; 138 | echo "downloading and updating database."; 139 | else 140 | echo -e "[${GREEN_TICK}] MaxMind GeoIP credentials found, modifying /usr/local/etc/GeoIP.conf..."; 141 | sed -i -e "/AccountID/s/YOUR_ACCOUNT_ID_HERE/$GEOIP_ACCOUNT_ID/" \ 142 | -e "/^LicenseKey/s/YOUR_LICENSE_KEY_HERE/$GEOIP_LICENSE_KEY/" /usr/local/etc/GeoIP.conf 143 | 144 | fi 145 | } 146 | 147 | # FUNCTION: Cleanup - remove temporary files 148 | cleanup () { 149 | echo "[i] Cleaning up..." 150 | if [ -a $GITHUB_ASSET_FILE ]; then rm $GITHUB_ASSET_FILE; fi 151 | if [ -a github_api.json ]; then rm github_api.json; fi 152 | if [ -a checksums-darwin-linux.txt ]; then rm checksums-darwin-linux.txt; fi 153 | echo -e "[${GREEN_TICK}] Done." 154 | } 155 | 156 | # =========================== MAIN CODE =========================== 157 | 158 | # Install dependencies for the script. curl (GitHub API calls), wget (download repo), 159 | # tar (unpack x.tar.gz), jq (JSON parser) and nano (config/script editing) 160 | echo "[i] Installing few script dependencies if needed (curl, wget, tar, jq, nano)..." 161 | apt-get -qq install curl wget tar jq nano &>/dev/null 162 | RESULT=$? 163 | if [ $RESULT = "0" ]; then 164 | echo -e "[${GREEN_TICK}] Dependencies installed."; 165 | else 166 | echo -e "[${RED_X}] Dependencies ${RED}could not${NC} be installed. Script wouldn't work. Exiting."; 167 | exit 126; 168 | fi 169 | 170 | # Detect system architecture to select correct GitHub asset download 171 | SYS_ARCH=`uname -sm` 172 | case $SYS_ARCH in 173 | "Linux aarch64" | "Linux armv8b" | "Linux armv8l") 174 | DL_ARCH="linux_arm64" 175 | ;; 176 | "Linux armv7l" | "Linux armv6l") 177 | DL_ARCH="linux_armv6" 178 | ;; 179 | "Linux x86_64") 180 | DL_ARCH="linux_amd64" 181 | ;; 182 | "Linux i386" | "Linux i686") 183 | DL_ARCH="linux_386" 184 | ;; 185 | "Darwin arm64") 186 | DL_ARCH="darwin_arm64" 187 | ;; 188 | "Darwin x86_64") 189 | DL_ARCH="darwin_amd64" 190 | ;; 191 | *) 192 | echo -e "[${RED_X}] Supported system architecture ${RED}not detected.${NC} Exiting." 193 | exit 126 194 | ;; 195 | esac 196 | echo -e "[${GREEN_TICK}] Detected system architecture is ${GREEN}$SYS_ARCH${NC}" 197 | 198 | # Get the latest repo release assets info from GitHub's API 199 | if [ -z ${GITHUB_USERNAME:+x} ] || [ $GITHUB_USERNAME = "your_github_username_here" ] || \ 200 | [ -z ${GITHUB_TOKEN:+x} ] || [ $GITHUB_TOKEN = "your_github_token_here" ]; then 201 | echo -e "[${RED_X}] GitHub credentials ${RED}not found${NC}, using rate limited API call..."; 202 | curl --fail --silent -H "Accept: application/vnd.github.v3+json" \ 203 | https://api.github.com/repos/maxmind/geoipupdate/releases/latest > github_api.json; 204 | RESULT=$?; 205 | else 206 | echo -e "[${GREEN_TICK}] GitHub credentials found, using authenticated API call..."; 207 | curl --fail --silent -u $GITHUB_USERNAME:$GITHUB_TOKEN -H "Accept: application/vnd.github.v3+json" \ 208 | https://api.github.com/repos/maxmind/geoipupdate/releases/latest > github_api.json; 209 | RESULT=$?; 210 | fi 211 | if [ $RESULT = "0" ]; then 212 | echo -e "[${GREEN_TICK}] GitHub connected. Repo JSON captured."; 213 | else 214 | echo -e "[${RED_X}] GitHub ${RED}could not${NC} be contacted. Exiting."; 215 | cleanup; 216 | exit 126; 217 | fi 218 | 219 | # Parse resulting JSON through jq tool and assign results to variables to facilitate download 220 | GITHUB_LATEST_VERSION=`jq -r '.name' < github_api.json` 221 | GITHUB_ASSSET_URL=`jq -r '.assets[].browser_download_url | scan(".*_'$DL_ARCH'.tar.gz")' < github_api.json` 222 | GITHUB_ASSET_FILE=`jq -r '.assets[].name | scan(".*_'$DL_ARCH'.tar.gz")' < github_api.json` 223 | GITHUB_XSUM_URL=`jq -r '.assets[].browser_download_url | scan(".*checksums-darwin-linux.txt")' < github_api.json` 224 | 225 | echo -e "[i] Latest ${GREEN}$SYS_ARCH${NC} version of maxmillian/updategeoip on GitHub is: ${GREEN}$GITHUB_LATEST_VERSION${NC}" 226 | 227 | # Initial info established, let's get installing 228 | install_exec 229 | install_conf 230 | create_dirs 231 | cleanup 232 | 233 | # All required components in place, run geoipupdate 234 | echo "[i] Running geoipupdate to download / update database files..." 235 | geoipupdate 236 | RESULT=$? 237 | if [ $RESULT = "0" ]; then 238 | echo -e "[${GREEN_TICK}] GeoIP database(s) downloaded / updated."; 239 | # Install cron job to run update database automatically 240 | echo "[i] Creating geoipupdate cron job - run update twice weekly (Mon, Thu) at 22:55"; 241 | echo "55 22 * * 1,4 root /usr/local/bin/geoipupdate" > /etc/cron.d/root; 242 | echo -e "[${GREEN_TICK}] Finished."; 243 | else 244 | echo -e "[${RED_X}] GeoIP database(s) ${RED}could not${NC} be downloaded. Check config."; 245 | fi 246 | --------------------------------------------------------------------------------