tpotce/docker/fatt/Dockerfile

FROM alpine:3.18
#
# Get and install dependencies & packages
RUN apk -U --no-cache add \
              git \
	      libcap \
              py3-libxml2 \
              py3-lxml \
	      py3-pip \
              python3 \
              python3-dev \
              tshark && \
#
# Setup user
    addgroup -g 2000 fatt && \
    adduser -S -s /bin/ash -u 2000 -D -g 2000 fatt && \
#
# Install fatt
    mkdir -p /opt && \
    cd /opt && \
    git clone https://github.com/0x4D31/fatt && \
    cd fatt && \
    git checkout c29e553514281e50781f86932b82337a5ada5640 && \
    mkdir -p log && \
    pip3 install pyshark==0.6 && \
#
# Setup configs
    chgrp fatt /usr/bin/dumpcap && \
    setcap cap_net_raw,cap_net_admin=+eip /usr/bin/dumpcap && \
    chown fatt:fatt -R /opt/fatt/* && \
#
# Clean up
    apk del --purge git \
                    python3-dev && \
    rm -rf /root/* /var/cache/apk/* /opt/fatt/.git
#
# Workaround issue fatt/#9
COPY dist/fatt.py /opt/fatt/
#
# Start fatt
STOPSIGNAL SIGINT
ENV PYTHONPATH /opt/fatt
WORKDIR /opt/fatt
USER fatt:fatt
CMD python3 fatt.py -i $(/sbin/ip address show | /usr/bin/awk '/inet.*brd/{ print $NF; exit }') --print_output --json_logging -o log/fatt.log