Move away from crontabs

CERN-CERT · Sep 14, 2023 · 609c872 · 609c872
1 parent 2f1e3f2
commit 609c872
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 35 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -51,5 +51,4 @@ jobs:
  labels: ${{ steps.meta.outputs.labels }}
  build-args: |
  GO_DNSCOLLECTOR_VERSION=0.35.0
- SUPERCRONIC_VERSION=v0.2.26
  PDNSSOC_CLI_VERSION=0.0.2.dev5
diff --git a/.github/workflows/release_rolling.yml b/.github/workflows/release_rolling.yml
@@ -43,5 +43,4 @@ jobs:
  labels: ${{ steps.meta.outputs.labels }}
  build-args: |
  GO_DNSCOLLECTOR_VERSION=0.35.0
- SUPERCRONIC_VERSION=v0.2.26
- PDNSSOC_CLI_VERSION=0.0.2.dev7
+ PDNSSOC_CLI_VERSION=0.0.2.dev8
diff --git a/README.md b/README.md
@@ -152,8 +152,7 @@ All of the previous steps for the server part can be automated using the dockeri
 In case you need to re-build the image, please use the following (after adjusting the tags to match the latest dependency versions):
 ```sh
 cd files/docker
-docker build . -t pdnssoc --build-arg GO_DNSCOLLECTOR_VERSION="0.35.0" --build-arg PDNSSOC_CLI_VERSION="v0.0.2" --build-arg SUPERCRONIC_VERSION=
-"v0.2.26"
+docker build . -t pdnssoc --build-arg GO_DNSCOLLECTOR_VERSION="0.35.0" --build-arg PDNSSOC_CLI_VERSION="v0.0.2"
 ```
 
 

diff --git a/files/configuration/pdnssoccli/pdnssoccli.yml b/files/configuration/pdnssoccli/pdnssoccli.yml
@@ -3,10 +3,21 @@ logging_level: "INFO"
 misp_servers:
  - domain: "https://misp1.myserver.org/"
  api_key: "API_KEY_1"
- args: {}
+ args:
+ enforce_warninglist: True
 
 correlation:
+ input_dir: /var/dnscollector/queries
  output_dir: /var/dnscollector/alerts
  malicious_domains_file: /var/dnscollector/misp_domains.txt
  malicious_ips_file: /var/dnscollector/misp_ips.txt
- last_correlation_pointer_file: /var/dnscollector/correlation.last
+ last_correlation_pointer_file: /var/dnscollector/correlation.last
+ last_retro_pointer_file: /var/dnscollector/repo.last
+
+schedules:
+ fetch_iocs:
+ interval: 10 # minutes
+ correlation:
+ interval: 1 # minutes
+ retro:
+ interval: 1440 # minutes
diff --git a/files/docker/Dockerfile b/files/docker/Dockerfile
@@ -2,11 +2,6 @@ FROM python:3.11-alpine
 
 ARG GO_DNSCOLLECTOR_VERSION
 ARG PDNSSOC_CLI_VERSION
-ARG SUPERCRONIC_VERSION
-
-ENV SUPERCRONIC_URL="https://github.com/aptible/supercronic/releases/download/$SUPERCRONIC_VERSION/supercronic-linux-amd64" \
- SUPERCRONIC=supercronic-linux-amd64 \
- SUPERCRONIC_SHA1SUM=7a79496cf8ad899b99a719355d4db27422396735
 
 RUN apk add --no-cache --update \
  bash \
@@ -36,13 +31,6 @@ RUN curl -LO "https://github.com/dmachard/go-dnscollector/releases/download/v${
 
 RUN mkdir /etc/dnscollector
 
-# Install supercronic
-RUN curl -fsSLO "$SUPERCRONIC_URL" \
- && echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
- && chmod +x "$SUPERCRONIC" \
- && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
- && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
-
 RUN pip install superfsmon
 
 # Setup supervisord

diff --git a/files/docker/crontab b/files/docker/crontab
diff --git a/files/docker/docker-compose.yml b/files/docker/docker-compose.yml
@@ -11,5 +11,4 @@ services:
  - "6000:6000"
  volumes:
  - ./logs:/var/dnscollector/ # Logging destination
- - ./crontab:/etc/crontab
  - ./pdnssoccli.yml:/etc/pdnssoccli.yml
diff --git a/files/docker/pdnssoccli.yml b/files/docker/pdnssoccli.yml
@@ -6,7 +6,17 @@ misp_servers:
  args: {}
 
 correlation:
+ input_dir: /var/dnscollector/queries
  output_dir: /var/dnscollector/alerts
  malicious_domains_file: /var/dnscollector/misp_domains.txt
  malicious_ips_file: /var/dnscollector/misp_ips.txt
- last_correlation_pointer_file: /var/dnscollector/correlation.last
+ last_correlation_pointer_file: /var/dnscollector/correlation.last
+ last_retro_pointer_file: /var/dnscollector/repo.last
+
+schedules:
+ fetch_iocs:
+ interval: 10 # minutes
+ correlation:
+ interval: 1 # minutes
+ retro:
+ interval: 1440 # minutes
diff --git a/files/docker/supervisord.conf b/files/docker/supervisord.conf
@@ -15,11 +15,11 @@ stdout_logfile_maxbytes=0
 redirect_stderr=true
 command=/bin/bash -c "go-dnscollector -config /etc/dnscollector/config.yml"
 
-[program:supercronic]
+[program:pdnssoccli]
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
-command=/bin/bash -c "supercronic /etc/crontab"
+command=/bin/bash -c "pdnssoc-cli -c /etc/pdnssoccli.yml daemonize"
 
 [program:superfsmon]
 command=/bin/bash -c "superfsmon /var/dnscollector dnscollector -r *.txt"