Initial working commit

53c70r · Mar 12, 2019 · c69033d · c69033d
commit c69033d
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+repos/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,48 @@
+FROM openjdk:11-jdk
+
+# Install necessary packages: wget, unzip, and ed (used by ghidraSvr script)
+RUN apt-get update && apt-get install -y wget unzip ed && rm -rf /var/lib/apt/lists/*
+
+# Download Ghidra, verify checksum, extract to /ghidra, delete zip
+WORKDIR /tmp
+RUN wget -q https://www.ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip -O ghidra.zip && \
+	echo '3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2 ghidra.zip' | sha256sum -c
+RUN unzip -q ghidra.zip && mv ghidra_9.0 /ghidra && rm ghidra.zip
+
+# Setup directory structure
+WORKDIR /repos
+WORKDIR /ghidra
+
+# Create unprivileged ghidra user and give it full access to contents of /ghidra and /repos
+RUN groupadd -r ghidra && useradd --no-log-init -r -g ghidra -d /ghidra -s /bin/bash ghidra && \
+	chown -R ghidra:ghidra /ghidra && \
+	chown root:ghidra /ghidra && \
+	chmod g+w /ghidra && \
+	chown root:ghidra /repos && \
+	chmod g+w /repos
+
+# Set the repositories dir to /repos, the account name to ghidra, and add
+# the -u parameter, which means users are prompted for their usernames.
+RUN sed -i \
+	-e 's/^ghidra\.repositories\.dir=.*$/ghidra.repositories.dir=\/repos/g' \
+	-e 's/^wrapper\.app\.parameter\.2=/wrapper.app.parameter.4=/g' \
+	-e 's/^wrapper\.app\.parameter\.1=-a0$/wrapper.app.parameter.2=-a0/g' \
+	server/server.conf && \
+	echo 'wrapper.app.account=ghidra' >> server/server.conf && \
+	echo 'wrapper.app.parameter.3=-u' >> server/server.conf && \
+	echo 'wrapper.app.parameter.1=-ip0.0.0.0' >> server/server.conf
+	# -e 's/^wrapper\.console\.loglevel=INFO$/wrapper.console.loglevel=DEBUG/g' \
+	# -e 's/^#wrapper\.debug=.*$/wrapper.debug=true/g' \
+	# -e 's/^wrapper\.logfile\.loglevel=.*$/wrapper.logfile.loglevel=DEBUG/g' \
+
+# Switch to unprivileged ghidra user for running the Ghidra server
+USER ghidra
+
+# Allow option of mounting /repos as a volume so that the repos can live outside of the container
+VOLUME /repos
+
+# These ports are exposed by Ghidra server
+EXPOSE 13100 13101 13102
+
+# Actually start Ghidra server
+CMD ["/ghidra/server/ghidraSvr", "console"]
diff --git a/addUsers.py b/addUsers.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+import sys
+import subprocess
+
+def main():
+	while True:
+		# Easy Python 2 & 3 compatibility
+		sys.stdout.write("Add a user account? [Y/n] ")
+		choice = sys.stdin.readline().strip()
+
+		# Check if the input was something like "n" or "no"
+		if choice.lstrip().lower().startswith("n"):
+			break
+
+		# Prompt for user name
+		sys.stdout.write("Name of user account: ")
+		name = sys.stdin.readline().strip()
+
+		# Actually add the user account within the docker container
+		status = subprocess.call(["docker", "exec", "-it", "ghidra-server", "/ghidra/server/svrAdmin", "-add", name])
+		if status != 0:
+			print("Command exited abnormally")
+			break
+
+		print("User '%s' added!" % (name,))
+
+
+if __name__ == "__main__":
+	main()
diff --git a/deploy.sh b/deploy.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# Build the docker image
+docker build -t ghidra-server .
+
+# Remove (and stop if running) the docker container
+docker rm -f ghidra-server 2>/dev/null
+
+# Run the docker container, mounting the repos directory, the timezone file, and mapping server ports
+docker run -itd --name ghidra-server -v $(pwd)/repos:/repos -p 13100:13100 -p 13101:13101 -p 13102:13102 ghidra-server
+
+# Enter interactive user adding interface
+python addUsers.py