From 6f029d832fceb74cf40eb09acf8f7931b6464f5e Mon Sep 17 00:00:00 2001 From: psrok1 Date: Mon, 28 Oct 2024 14:54:31 +0100 Subject: [PATCH 1/2] dev: Dockerized environment for drakrun.web development --- dev/Dockerfile-web | 15 ++++++ dev/config.ini | 99 ++++++++++++++++++++++++++++++++++++++++ dev/docker-compose.yml | 18 ++++++++ drakrun/.gitignore | 4 +- drakrun/requirements.txt | 2 +- 5 files changed, 136 insertions(+), 2 deletions(-) create mode 100644 dev/Dockerfile-web create mode 100644 dev/config.ini create mode 100644 dev/docker-compose.yml diff --git a/dev/Dockerfile-web b/dev/Dockerfile-web new file mode 100644 index 000000000..48fe97019 --- /dev/null +++ b/dev/Dockerfile-web @@ -0,0 +1,15 @@ +FROM node:16-alpine AS build +WORKDIR /usr/src/app +COPY drakrun/web/frontend . + +RUN npm ci && npm run build + +FROM python:3.10 +WORKDIR /usr/src/app +COPY requirements.txt requirements.txt +RUN pip install -r requirements.txt +COPY . . +COPY --from=build /usr/src/app/build /usr/src/app/drakrun/web/frontend/build +ENV FLASK_APP=drakrun/web/app.py +CMD ["flask", "run", "-h", "0.0.0.0"] + diff --git a/dev/config.ini b/dev/config.ini new file mode 100644 index 000000000..4a5e764a5 --- /dev/null +++ b/dev/config.ini @@ -0,0 +1,99 @@ +[redis] +; Redis server +; used for task scheduling and other non-persistent data +host=redis +port=6379 + +[minio] +; MinIO server +; used to store job queue and analysis results +address=minio:9000 +bucket=karton +secure=0 +; MinIO access credentials +access_key=minioadmin +secret_key=minioadmin + +[drakrun] +; if set, drakrun dumps raw VM guest memory after finished analysis with drakvuf +; compressed dumps are stored as "post_sample.raw_memdump.gz" in analysis folder +raw_memory_dump=0 + +; whether guest VMs should have access to the Internet or no +net_enable=0 + +; through which host interface the Internet traffic from guest VMs should be routed +out_interface= + +; the address of DNS server as reported to the guest VM by DHCP +; if you want to have a DNS on a gateway IP, use this setting: +; dns_server=use-gateway-address +dns_server=8.8.8.8 + +; path to syscalls filter file for syscalls plugin +; leave empty to use no filter +syscall_filter= + +; default analysis timeout if not specified by the user +; analysis_timeout=600 + +; store analysis artifacts under root_uid of the Karton's task +; instead of storing it under the uid of actual task; +; this is more user friendly but your task trees +; won't be able to invoke DRAKVUF Sandbox more than once +; use_root_uid=1 + +; (advanced) override Karton instance name for this service: +; identity=karton.drakrun-prod + +; (advanced) override Karton input filters for this service: +; filters=[{"type": "sample", "stage": "recognized", "platform": "win32"}, {"type": "sample", "stage": "recognized", "platform": "win64"}] + +; (advanced) override Karton output headers for this service: +; headers=[{"type": "analysis", "kind": "drakrun"}] + +; (advanced) Enable testing codepaths. Test sample artifacts will not be uploaded +; to persistent storage. Their lifetime will be bound to karton tasks produced by drakrun +; sample_testing=0 +; +; (advanced) override Karton test filters for this service: +; test_filters=[ { "type": "sample-test", "platform": "win32", }, { "type": "sample-test", "platform": "win64" }] + +; (advanced) override Karton test headers for this service: +; test_headers={ "type": "analysis-test", "kind": "drakrun" } + +; (advanced) maximum number of times a trap can be triggered within 10 seconds period +; protects against API hammering techniques, default 0 (means: off) +; anti_hammering_threshold=0 + +; (advanced) Attach DLL profiles to analyses +; attach_profiles=0 +; (advanced) Attach static ApiScout profile to analyses +; attach_apiscout_profile=0 + +[drakvuf_plugins] +; Pick DRAKVUF plugins that you want to use by default. +; _all_=apimon,bsodmon,clipboardmon,cpuidmon,crashmon,debugmon,delaymon,exmon,filedelete,librarymon,memdump,procdump,procmon,regmon,rpcmon,ssdtmon,tlsmon,windowmon,wmimon + +; uncomment this to override plugins used for tasks with quality=low +; (you can override plugins for other priorities too) +; low=apimon,memdump + +[capa] +; configure whether to analyze the dynamic output of DRAKVUF (apimon.log all syscall.log) +analyze_drakmon_log=true + +; configure whether to analyze the memory dumps extracted by DRAKVUF +analyze_memdumps=false + +; choose whether to analyze the malware process and its children only +analyze_only_malware_pids=false + +; how many processes should be used for processing parallelization +worker_pool_processes=4 + +[draktestd] +; path to the extraction modules for +; https://github.com/CERT-Polska/malduck +modules=/opt/extractor-modules/ + diff --git a/dev/docker-compose.yml b/dev/docker-compose.yml new file mode 100644 index 000000000..18cc780dc --- /dev/null +++ b/dev/docker-compose.yml @@ -0,0 +1,18 @@ +services: + web: + build: + context: ../drakrun + dockerfile: ../dev/Dockerfile-web + ports: + - '5000:5000' + volumes: + - './config.ini:/etc/drakrun/config.ini' + redis: + image: "redis:latest" + minio: + image: "minio/minio:latest" + entrypoint: sh + command: -c "mkdir -p /data/drakrun && minio server --address 0.0.0.0:9000 --console-address :9001 /data" + ports: + - '9000:9000' + - '9001:9001' diff --git a/drakrun/.gitignore b/drakrun/.gitignore index 6007cdb6c..e46a185c8 100644 --- a/drakrun/.gitignore +++ b/drakrun/.gitignore @@ -1,3 +1,5 @@ build/ -drakrun.egg-info/ +*.egg-info/ dist/ +__pycache__/ + diff --git a/drakrun/requirements.txt b/drakrun/requirements.txt index 3e723291b..d7175d76b 100644 --- a/drakrun/requirements.txt +++ b/drakrun/requirements.txt @@ -24,5 +24,5 @@ pathvalidate==3.2.0 configupdater==3.2 # drak-web dependencies Flask==2.2.5 -uwsgi==2.0.22 +uwsgi==2.0.28 drakpdb==0.2.2 From 536510366d549911fa2d2bc2cd0e5a79d58a2163 Mon Sep 17 00:00:00 2001 From: psrok1 Date: Mon, 28 Oct 2024 15:07:14 +0100 Subject: [PATCH 2/2] Small improvements --- dev/Dockerfile-web | 2 +- dev/docker-compose.yml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/dev/Dockerfile-web b/dev/Dockerfile-web index 48fe97019..579ea5233 100644 --- a/dev/Dockerfile-web +++ b/dev/Dockerfile-web @@ -11,5 +11,5 @@ RUN pip install -r requirements.txt COPY . . COPY --from=build /usr/src/app/build /usr/src/app/drakrun/web/frontend/build ENV FLASK_APP=drakrun/web/app.py -CMD ["flask", "run", "-h", "0.0.0.0"] +CMD ["flask", "run", "-h", "0.0.0.0", "--with-threads"] diff --git a/dev/docker-compose.yml b/dev/docker-compose.yml index 18cc780dc..fefad26d8 100644 --- a/dev/docker-compose.yml +++ b/dev/docker-compose.yml @@ -16,3 +16,8 @@ services: ports: - '9000:9000' - '9001:9001' + volumes: + - minio-storage:/data + +volumes: + minio-storage: