Public Repository

Last pushed: 4 months ago
Short Description
Moloch Capture and Viewer applications
Full Description

Image contains Moloch capture, Moloch viewer, and ElasticSearch binaries.

Entrypoint:

#!/bin/bash
set -e

set_capture_iface() {
  echo "Setting capture interface to $1"
  sed -ri "s/^#?(interface\s*=\s*)\S+/\1$1/" "/data/moloch/etc/config.ini"
  sed -i  "s/{{IFACE}}/$1/" "/data/moloch/bin/moloch_config_interfaces.sh"
}

set_password() {
  echo "Setting password to $1"
  sed -ri "s/^#?(passwordSecret\s*=\s*)\S+/\1$1/" "/data/moloch/etc/config.ini"
}

: ${IFACE:=eth1}
: ${PASWD:=foobar}

if [ "$1" = 'elasticsearch' ]; then
  mkdir -p /usr/share/elasticsearch/{data,logs}
  mkdir -p /usr/share/elasticsearch/config/scripts

  chown elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs}

  exec gosu elasticsearch "$@"
fi

if [ "$1" = 'moloch-capture' ]; then
  if [ ! -s "/data/moloch/MOLOCH_VERSION" ]; then
    echo "INITIALIZING MOLOCH"

    tar xzf /moloch-data.tgz -C /data

    mkdir -p /data/moloch/raw
    chown nobody:daemon /data/moloch/raw

    set_password "$PASWD"

    /data/moloch/db/db.pl http://localhost:9200 init
    /data/moloch/bin/moloch_add_user.sh admin "Admin User" foobar --admin

    echo "v0.18.3" > /data/moloch/MOLOCH_VERSION

    echo "DONE INITIALIZING MOLOCH"
  fi

  set_capture_iface "$IFACE"

  /data/moloch/bin/moloch_config_interfaces.sh
fi

exec "$@"

Default viewer creds are admin/foobar, set in entrypoint script. The secret used for encrypting data in ElasticSearch defaults to foobar but can be set via the PASWD env variable. The interface for Moloch capture to listen on can be set via the IFACE env variable.

As of now, three separate containers have to be run, one for ElasticSearch, one for Moloch capture, and one for Moloch viewer. The must share a network namespace so they can all be reached via localhost, and the capture and viewer pods must share the /data directory.

docker run -d --name es --net host activeshadow/moloch elasticsearch
docker run -d --name capture --net host -e IFACE=eth0 -v $(pwd)/data:/data activeshadow/moloch moloch-capture
docker run -d --name capture --net host -e IFACE=eth0 -v $(pwd)/data:/data activeshadow/moloch node /data/moloch/viewer/viewer.js

Docker Pull Command
Owner
activeshadow

Comments (0)