tweak cyberchef image for better security, prep citrixhoneypot for rebuild

2025-07-01 04:22:11 +00:00 · 2021-09-20 14:29:42 +00:00 · 2021-09-20 14:29:42 +00:00 · ed224215a4
commit ed224215a4
parent e9c03e512c
3 changed files with 23 additions and 23 deletions
--- a/docker/citrixhoneypot/Dockerfile
+++ b/docker/citrixhoneypot/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.13
+FROM alpine:3.14
 #
 # Install packages
 RUN apk -U add \
@ -29,7 +29,7 @@ RUN apk -U add \
    addgroup -g 2000 citrixhoneypot && \
    adduser -S -H -s /bin/ash -u 2000 -D -g 2000 citrixhoneypot && \
    chown -R citrixhoneypot:citrixhoneypot /opt/citrixhoneypot && \
-    setcap cap_net_bind_service=+ep /usr/bin/python3.8 && \
+    setcap cap_net_bind_service=+ep /usr/bin/python3.9 && \
 #
 # Clean up
    apk del --purge git \
--- a/docker/citrixhoneypot/docker-compose.yml
+++ b/docker/citrixhoneypot/docker-compose.yml
@ -14,7 +14,7 @@ services:
     - citrixhoneypot_local
    ports:
     - "443:443"
-    image: "ghcr.io/telekom-security/citrixhoneypot:2006"
+    image: "dtagdevsec/citrixhoneypot:2006"
    read_only: true
    volumes:
     - /data/citrixhoneypot/logs:/opt/citrixhoneypot/logs
--- a/docker/cyberchef/Dockerfile
+++ b/docker/cyberchef/Dockerfile
@ -1,30 +1,30 @@
-FROM alpine:3.10
-#
-# Get and install dependencies & packages
-RUN apk -U --no-cache add \
-            curl \
-            git \
-            npm \
-            nodejs && \
-    npm install npm@latest -g && \
-    npm install -g grunt-cli http-server && \
+FROM node:10.24.1-alpine3.11 as builder
 #
 # Install CyberChef 
-    cd /root && \
-    git clone https://github.com/gchq/cyberchef -b v9.32.3 && \
-    cd cyberchef && \
-    npm install && \
-    grunt prod && \
-    mkdir -p /opt/cyberchef && \
-    mv build/prod/* /opt/cyberchef && \
-    cd / && \
+RUN apk -U --no-cache add git
+RUN chown -R node:node /srv
+RUN npm install -g grunt-cli
+WORKDIR /srv
+USER node
+RUN git clone https://github.com/gchq/cyberchef -b v9.32.3 .
+ENV NODE_OPTIONS=--max_old_space_size=2048
+RUN npm install
+RUN grunt prod
+#
+# Move from builder
+FROM alpine:3.14
+#
+RUN apk -U --no-cache add \
+      curl \
+      npm && \
+      npm install -g http-server && \
 #
 # Clean up
-    apk del --purge git \
-                    npm && \
    rm -rf /root/* && \
    rm -rf /var/cache/apk/*
 #
+COPY --from=builder /srv/build/prod /opt/cyberchef
+#
 # Healthcheck
 HEALTHCHECK --retries=10 CMD curl -s -XGET 'http://127.0.0.1:8000'
 #