From c69033d425060e9b343c5f901757f9d92b45a23d Mon Sep 17 00:00:00 2001 From: Kevin Colley Date: Mon, 11 Mar 2019 22:50:10 -0700 Subject: [PATCH] Initial working commit --- .gitignore | 1 + Dockerfile | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ addUsers.py | 30 ++++++++++++++++++++++++++++++ deploy.sh | 13 +++++++++++++ 4 files changed, 92 insertions(+) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100755 addUsers.py create mode 100755 deploy.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f0c7ae4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +repos/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..da55d26 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,48 @@ +FROM openjdk:11-jdk + +# Install necessary packages: wget, unzip, and ed (used by ghidraSvr script) +RUN apt-get update && apt-get install -y wget unzip ed && rm -rf /var/lib/apt/lists/* + +# Download Ghidra, verify checksum, extract to /ghidra, delete zip +WORKDIR /tmp +RUN wget -q https://www.ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip -O ghidra.zip && \ + echo '3b65d29024b9decdbb1148b12fe87bcb7f3a6a56ff38475f5dc9dd1cfc7fd6b2 ghidra.zip' | sha256sum -c +RUN unzip -q ghidra.zip && mv ghidra_9.0 /ghidra && rm ghidra.zip + +# Setup directory structure +WORKDIR /repos +WORKDIR /ghidra + +# Create unprivileged ghidra user and give it full access to contents of /ghidra and /repos +RUN groupadd -r ghidra && useradd --no-log-init -r -g ghidra -d /ghidra -s /bin/bash ghidra && \ + chown -R ghidra:ghidra /ghidra && \ + chown root:ghidra /ghidra && \ + chmod g+w /ghidra && \ + chown root:ghidra /repos && \ + chmod g+w /repos + +# Set the repositories dir to /repos, the account name to ghidra, and add +# the -u parameter, which means users are prompted for their usernames. +RUN sed -i \ + -e 's/^ghidra\.repositories\.dir=.*$/ghidra.repositories.dir=\/repos/g' \ + -e 's/^wrapper\.app\.parameter\.2=/wrapper.app.parameter.4=/g' \ + -e 's/^wrapper\.app\.parameter\.1=-a0$/wrapper.app.parameter.2=-a0/g' \ + server/server.conf && \ + echo 'wrapper.app.account=ghidra' >> server/server.conf && \ + echo 'wrapper.app.parameter.3=-u' >> server/server.conf && \ + echo 'wrapper.app.parameter.1=-ip0.0.0.0' >> server/server.conf + # -e 's/^wrapper\.console\.loglevel=INFO$/wrapper.console.loglevel=DEBUG/g' \ + # -e 's/^#wrapper\.debug=.*$/wrapper.debug=true/g' \ + # -e 's/^wrapper\.logfile\.loglevel=.*$/wrapper.logfile.loglevel=DEBUG/g' \ + +# Switch to unprivileged ghidra user for running the Ghidra server +USER ghidra + +# Allow option of mounting /repos as a volume so that the repos can live outside of the container +VOLUME /repos + +# These ports are exposed by Ghidra server +EXPOSE 13100 13101 13102 + +# Actually start Ghidra server +CMD ["/ghidra/server/ghidraSvr", "console"] diff --git a/addUsers.py b/addUsers.py new file mode 100755 index 0000000..590112c --- /dev/null +++ b/addUsers.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python + +import sys +import subprocess + +def main(): + while True: + # Easy Python 2 & 3 compatibility + sys.stdout.write("Add a user account? [Y/n] ") + choice = sys.stdin.readline().strip() + + # Check if the input was something like "n" or "no" + if choice.lstrip().lower().startswith("n"): + break + + # Prompt for user name + sys.stdout.write("Name of user account: ") + name = sys.stdin.readline().strip() + + # Actually add the user account within the docker container + status = subprocess.call(["docker", "exec", "-it", "ghidra-server", "/ghidra/server/svrAdmin", "-add", name]) + if status != 0: + print("Command exited abnormally") + break + + print("User '%s' added!" % (name,)) + + +if __name__ == "__main__": + main() diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..3fe9c0e --- /dev/null +++ b/deploy.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# Build the docker image +docker build -t ghidra-server . + +# Remove (and stop if running) the docker container +docker rm -f ghidra-server 2>/dev/null + +# Run the docker container, mounting the repos directory, the timezone file, and mapping server ports +docker run -itd --name ghidra-server -v $(pwd)/repos:/repos -p 13100:13100 -p 13101:13101 -p 13102:13102 ghidra-server + +# Enter interactive user adding interface +python addUsers.py