From 7ab4c0417e0240d185d756bb250886c0ba659d35 Mon Sep 17 00:00:00 2001 From: matta Date: Wed, 2 Oct 2024 19:00:05 -0300 Subject: [PATCH 1/3] Improved environment for npm, asdf, go. Using src working dir, and installed several tools with pipx and git. --- Dockerfile | 66 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index 14aa707..ea5e3e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,8 +29,7 @@ RUN apt-get update && apt-get install -y \ zsh \ pipx \ sudo \ - # # Does this make sense with asdf installing nodejs? - npm \ + make \ vim \ && rm -rf /var/lib/apt/lists/* @@ -47,35 +46,42 @@ RUN usermod -aG sudo $USERNAME # Switch to the new user USER $USERNAME +# Explicitly setting user home +ENV HOME="/home/wanderer" + # Set the default shell to zsh ENV SHELL=/usr/bin/zsh # Running everything under zsh SHELL ["/usr/bin/zsh", "-c"] -RUN git clone https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch v0.14.1 \ - && echo '. $HOME/.asdf/asdf.sh' >> $HOME/.zshrc \ +# Building everything inside /src +WORKDIR /src + +ENV ASDF_DIR="$HOME/.asdf" +RUN git clone https://github.com/asdf-vm/asdf.git $ASDF_DIR --branch v0.14.1 +RUN echo '. $ASDF_DIR/asdf.sh' >> $HOME/.zshrc \ && echo 'fpath=(${ASDF_DIR}/completions $fpath)' >> $HOME/.zshrc \ && echo 'autoload -Uz compinit && compinit' >> $HOME/.zshrc \ - && . $HOME/.asdf/asdf.sh + && . $ASDF_DIR/asdf.sh + +ENV PATH="${ASDF_DIR}/bin:${ASDF_DIR}/shims:$PATH" # Install Node.js and Go using asdf -RUN . $HOME/.asdf/asdf.sh \ +RUN . $ASDF_DIR/asdf.sh \ && asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git \ && asdf install nodejs latest \ - && asdf global nodejs latest \ - && sudo npm install -g pnpm + && asdf global nodejs latest -RUN . $HOME/.asdf/asdf.sh \ +RUN . $ASDF_DIR/asdf.sh \ && asdf plugin add golang https://github.com/asdf-community/asdf-golang.git \ && asdf install golang latest \ && asdf global golang latest # # Install pnpm using npm installed via asdf Node.js -# RUN sudo npm install -g pnpm - +RUN npm install -g pnpm ENV PNPM_HOME="/home/${USERNAME}/.local/share/pnpm" -ENV PATH="$PNPM_HOME:$PNPM_HOME/global/node_modules/.bin:${PATH}" +ENV PATH="${PNPM_HOME}:${PNPM_HOME}/global/node_modules/.bin:${PATH}" # Install ESLint and plugins using pnpm RUN pnpm install -g eslint \ @@ -91,32 +97,50 @@ RUN pnpm install -g node-version-audit \ # Set GOBIN to /usr/local/bin for Go binaries ENV GOBIN=/usr/local/bin +ENV PATH="${GOBIN}:${PATH}" # Install gitxray RUN . $HOME/.asdf/asdf.sh \ go install github.com/kulkansecurity/gitxray@latest # Install git-secrets -RUN git clone https://github.com/awslabs/git-secrets.git $HOME/secrets \ - && cd $HOME/secrets \ +RUN git clone https://github.com/awslabs/git-secrets.git git-secrets +RUN cd git-secrets \ && sudo make install \ - && rm -rf $HOME/secrets + && rm -rf secrets # Install detect-secrets RUN pipx install detect-secrets -# Install pmapper -RUN pipx install pmapper +# Install gitleaks +RUN git clone https://github.com/gitleaks/gitleaks.git gitleaks \ + && cd gitleaks \ + && make build + +# Install gitxray +RUN pipx install gitxray # Install gh-fake-analyzer -RUN cd $HOME \ - && git clone https://github.com/shortdoom/gh-fake-analyzer.git \ - && cd gh-fake-analyzer \ +RUN git clone https://github.com/shortdoom/gh-fake-analyzer.git +RUN cd gh-fake-analyzer \ + && mv .env.example .env \ && python3 -m venv gfa \ && source gfa/bin/activate \ && pip install -r requirements.txt \ && exit + +# Create a script to run the gh-fake-analyzer +USER root +RUN echo '#!/bin/zsh\n\ +source /src/gh-fake-analyzer/gfa/bin/activate\n\ +python3 /src/gh-fake-analyzer/analyze.py "$@"\n\ +deactivate' > /usr/local/bin/gh-fake-analyzer \ + && chmod +x /usr/local/bin/gh-fake-analyzer \ + && chown -R wanderer:trg /usr/local/bin/gh-fake-analyzer + +USER wanderer + # Install Trivy RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null \ && echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee -a /etc/apt/sources.list.d/trivy.list \ @@ -131,4 +155,4 @@ RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/* # Set working directory WORKDIR /home/${USERNAME} -CMD ["/bin/bash"] +CMD ["/bin/zsh"] From 613b0d184d5c8134e2a29481bad64ecbcce5176c Mon Sep 17 00:00:00 2001 From: matta Date: Wed, 2 Oct 2024 19:52:36 -0300 Subject: [PATCH 2/3] Added 2ms tool and improved zsh prompt style --- Dockerfile | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Dockerfile b/Dockerfile index ea5e3e2..8266428 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,6 +31,7 @@ RUN apt-get update && apt-get install -y \ sudo \ make \ vim \ + unzip \ && rm -rf /var/lib/apt/lists/* # Create a user group named trg and a user named wanderer with specified UID and GID @@ -55,6 +56,10 @@ ENV SHELL=/usr/bin/zsh # Running everything under zsh SHELL ["/usr/bin/zsh", "-c"] +# Set the prompt +RUN echo "autoload -U colors && colors" >> $HOME/.zshrc +RUN echo 'export "PS1=%F{green}%n@%m %F{blue}%1~ %F{yellow}➜ %f "' >> $HOME/.zshrc + # Building everything inside /src WORKDIR /src @@ -150,6 +155,14 @@ RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg -- RUN wget -qO - https://github.com/trufflesecurity/trufflehog/releases/download/v3.82.6/trufflehog_3.82.6_linux_$(dpkg --print-architecture).tar.gz | \ sudo tar -xzf - trufflehog -C /usr/local/bin + +# Install 2ms +RUN mkdir 2ms \ + && cd 2ms \ + && wget https://github.com/checkmarx/2ms/releases/latest/download/linux-amd64.zip \ + && unzip linux-amd64.zip \ + && sudo ln -s /src/2ms/2ms /usr/local/bin/2ms + # Clean up RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/* From f29dca62d582bc7c47aac479149e4f1f46575fd1 Mon Sep 17 00:00:00 2001 From: matta Date: Wed, 2 Oct 2024 20:12:36 -0300 Subject: [PATCH 3/3] Added a motd to greet users upon login --- Dockerfile | 4 ++++ motd | 15 +++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 motd diff --git a/Dockerfile b/Dockerfile index 8266428..2af19b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -166,6 +166,10 @@ RUN mkdir 2ms \ # Clean up RUN sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/* +# Configure MOTD +COPY --link --chown=root:root motd /etc/motd +RUN echo '\ncat /etc/motd\n' >> ~/.zshrc + # Set working directory WORKDIR /home/${USERNAME} CMD ["/bin/zsh"] diff --git a/motd b/motd new file mode 100644 index 0000000..8f0ea3f --- /dev/null +++ b/motd @@ -0,0 +1,15 @@ + __ __ _ + \ \ / /__| | ___ ___ _ __ ___ ___ + \ \ /\ / / _ \ |/ __/ _ \| '_ ` _ \ / _ \ + \ V V / __/ | (_| (_) | | | | | | __/ + __ \_/\_/ \___|_|\___\___/|_| |_| |_|\___| + \ \ / /_ _ _ __ __| | ___ _ __ ___ _ __ + \ \ /\ / / _` | '_ \ / _` |/ _ \ '__/ _ \ '__| + \ V V / (_| | | | | (_| | __/ | | __/ | + \_/\_/ \__,_|_| |_|\__,_|\___|_| \___|_| + + Welcome to the container sec oss tools by The Red Guild + + This container was created as a resource for a workshop, + which intends to spread awareness, help people protect themselves + and the repos they interact with. \ No newline at end of file