CSEC_PUBLIC/intelmq-docker
1
0
Fork 0
mirror of https://github.com/certat/intelmq-docker.git synced 2025-12-06 01:02:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #27 from certat/fix_image

Browse Source 
Fix IntelMQ 3.2.0 image
This commit is contained in:
kamil-certat
2023-07-27 17:16:37 +02:00
committed by GitHub
parent a54eb8b845 3972be906d
commit 4309530173
6 changed files with 3 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.docker/intelmq-full-dev/entrypoint-dev.sh
View File

@@ -26,6 +26,6 @@ then
export INTELMQ_TEST_EXOTIC=1 export INTELMQ_TEST_EXOTIC=1
pytest-3 /etc/intelmq/intelmq/tests pytest-3 /etc/intelmq/intelmq/tests
else else
cd /etc/intelmq-api && uvicorn intelmq_api.main:app -p8080 cd /etc/intelmq-api && uvicorn intelmq_api.main:app --port 8080 --host 0.0.0.0
fi fi

2
.docker/intelmq-full/Dockerfile
View File

@@ -56,7 +56,7 @@ RUN useradd -d /opt/intelmq -U -s /bin/bash intelmq \
&& sudo chown -R intelmq:intelmq /opt/intelmq_persistence && sudo chown -R intelmq:intelmq /opt/intelmq_persistence
### Install IntelMQ ### Install IntelMQ
RUN pip3 install url-normalize geolib imbox jinja2 pyasn textx tld time-machine otxv2 \ RUN pip3 install url-normalize geolib imbox jinja2 pyasn textx tld time-machine otxv2 pendulum \
&& pip3 install --force pymisp[fileobjects,openioc,virustotal] && pip3 install --force pymisp[fileobjects,openioc,virustotal]
RUN cd /opt/intelmq \ RUN cd /opt/intelmq \

2
entrypoint.sh
View File

@@ -16,5 +16,5 @@ then
export INTELMQ_TEST_EXOTIC=1 export INTELMQ_TEST_EXOTIC=1
pytest-3 /opt/intelmq/intelmq/tests pytest-3 /opt/intelmq/intelmq/tests
else else
cd /opt/intelmq-api && uvicorn intelmq_api.main:app -p8080 cd /opt/intelmq-api && uvicorn intelmq_api.main:app --port 8080 --host 0.0.0.0
fi fi

54
example_config/intelmq/etc/feeds.yaml
View File

@@ -628,60 +628,6 @@ providers:
revision: 2018-01-20 revision: 2018-01-20
documentation: https://project.turris.cz/en/greylist documentation: https://project.turris.cz/en/greylist
public: yes public: yes
Malc0de:
Bind Format:
description: This feed includes FQDN's of malicious hosts, the file format is
in Bind file format.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://malc0de.com/bl/ZONES
rate_limit: 10800
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.malc0de.parser
parameters:
revision: 2018-01-20
documentation: http://malc0de.com/dashboard/
public: yes
Windows Format:
description: This feed includes FQDN's of malicious hosts, the file format is
in Windows Hosts file format.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://malc0de.com/bl/BOOT
rate_limit: 10800
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.malc0de.parser
parameters:
revision: 2018-01-20
documentation: http://malc0de.com/dashboard/
public: yes
IP Blacklist:
description: This feed includes IP Addresses of malicious hosts.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://malc0de.com/bl/IP_Blacklist.txt
rate_limit: 10800
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.malc0de.parser
parameters:
revision: 2018-01-20
documentation: http://malc0de.com/dashboard/
public: yes
University of Toulouse: University of Toulouse:
Blacklist: Blacklist:
description: Various blacklist feeds description: Various blacklist feeds

8
example_config/intelmq/etc/manager/positions.conf
View File

@@ -27,14 +27,6 @@
"x": -252, "x": -252,
"y": 243 "y": 243
}, },
"malc0de-parser": {
"x": 297,
"y": 24
},
"malc0de-windows-format-collector": {
"x": 433,
"y": 121
},
"malware-domain-list-collector": { "malware-domain-list-collector": {
"x": 465, "x": 465,
"y": -198 "y": -198

32
example_config/intelmq/etc/runtime.yaml
View File

@@ -118,38 +118,6 @@ gethostbyname-2-expert:
global: {destination_pipeline_broker: redis, process_manager: intelmq, source_pipeline_broker: redis, global: {destination_pipeline_broker: redis, process_manager: intelmq, source_pipeline_broker: redis,
ssl_ca_certificate: null, statistics_database: 3, statistics_host: 127.0.0.1, statistics_password: null, ssl_ca_certificate: null, statistics_database: 3, statistics_host: 127.0.0.1, statistics_password: null,
statistics_port: 6379, destination_pipeline_host: redis, source_pipeline_host: redis} statistics_port: 6379, destination_pipeline_host: redis, source_pipeline_host: redis}
malc0de-parser:
bot_id: malc0de-parser
description: Malc0de Parser is the bot responsible to parse the IP Blacklist and
either Windows Format or Bind Format reports and sanitize the information.
enabled: true
group: Parser
groupname: parsers
module: intelmq.bots.parsers.malc0de.parser
name: Malc0de
parameters:
destination_queues:
_default: [deduplicator-expert-queue]
run_mode: continuous
malc0de-windows-format-collector:
bot_id: malc0de-windows-format-collector
description: ''
enabled: true
group: Collector
groupname: collectors
module: intelmq.bots.collectors.http.collector_http
name: Malc0de Windows Format
parameters:
destination_queues:
_default: [malc0de-parser-queue]
http_password: null
http_url: https://malc0de.com/bl/BOOT
http_username: null
name: Windows Format
provider: Malc0de
rate_limit: 10800
ssl_client_certificate: null
run_mode: continuous
spamhaus-drop-collector: spamhaus-drop-collector:
bot_id: spamhaus-drop-collector bot_id: spamhaus-drop-collector
description: '' description: ''