diff --git a/config/config.go b/config/config.go index 8aa2a3b4..8fa1b79b 100644 --- a/config/config.go +++ b/config/config.go @@ -104,7 +104,7 @@ type HomerSettingServer struct { } DECODER_SHARK struct { - Bin string `default:"/usr/local/bin/tshark"` + Bin string `default:"/usr/bin/tshark"` Param string `default:""` Protocols []string `default:""` UID uint32 `default:"0"` diff --git a/data/service/search.go b/data/service/search.go index 773e1746..ca2fd9bb 100644 --- a/data/service/search.go +++ b/data/service/search.go @@ -1638,13 +1638,13 @@ func (ss *SearchService) ImportPcapData(buf *bytes.Buffer, now bool) (int, int, logger.Debug(fmt.Sprintf("Decoder to [%s, %s, %v]\n", config.Setting.DECODER_SHARK.Bin, config.Setting.DECODER_SHARK.Param, config.Setting.DECODER_SHARK.Protocols)) rootExecute := false cmd := exec.Command(config.Setting.DECODER_SHARK.Bin, "-Q", "-T", "json", "-o", "rtp.heuristic_rtp:TRUE", "-l", "-i", "-", config.Setting.DECODER_SHARK.Param) - /*check if we root under root - changing to an user */ + /* check if we are root under root - change to a configured user */ uid, gid := os.Getuid(), os.Getgid() if uid == 0 || gid == 0 { - logger.Info(fmt.Sprintf("running under root/wheel: UID: [%d], GID: [%d] - [%d] - [%d]. Changing to user...", uid, gid, config.Setting.DECODER_SHARK.UID, config.Setting.DECODER_SHARK.GID)) + logger.Info(fmt.Sprintf("running under root/wheel: UID: [%d], GID: [%d]. Configured: UID: [%d] GID: [%d].", uid, gid, config.Setting.DECODER_SHARK.UID, config.Setting.DECODER_SHARK.GID)) if config.Setting.DECODER_SHARK.UID != 0 && config.Setting.DECODER_SHARK.GID != 0 { - logger.Info(fmt.Sprintf("Changing to: UID: [%d], GID: [%d]", uid, gid)) + logger.Info(fmt.Sprintf("Attempting to change user to: UID: [%d], GID: [%d]", config.Setting.DECODER_SHARK.UID, config.Setting.DECODER_SHARK.GID)) cmd.SysProcAttr = &syscall.SysProcAttr{ Credential: &syscall.Credential{ Uid: config.Setting.DECODER_SHARK.UID, Gid: config.Setting.DECODER_SHARK.GID, @@ -1829,7 +1829,7 @@ func (ss *SearchService) ImportPcapData(buf *bytes.Buffer, now bool) (int, int, } if err != nil { - logger.Error(fmt.Sprintf("Error commmit transaction Error: %s", err.Error())) + logger.Error(fmt.Sprintf("Commit transaction Error: %s", err.Error())) return goodCounter, badCounter, err } @@ -1837,5 +1837,5 @@ func (ss *SearchService) ImportPcapData(buf *bytes.Buffer, now bool) (int, int, return goodCounter, badCounter, err } - return 0, 0, fmt.Errorf("tshark has been not enabled") + return 0, 0, fmt.Errorf("tshark has not been enabled") } diff --git a/docker/docker-entrypoint.d/1 b/docker/docker-entrypoint.d/1 index bc00808d..94612c85 100755 --- a/docker/docker-entrypoint.d/1 +++ b/docker/docker-entrypoint.d/1 @@ -9,6 +9,10 @@ INFLUX_DB=${INFLUX_DB:-localhost} PROM_HOST=${PROM_HOST:-localhost} LOKI_HOST=${LOKI_HOST:-localhost} GRAFANA_HOST=${GRAFANA_HOST:-localhost} +TSHARK_ACTIVE=${TSHARK_ACTIVE:-false} +TSHARK_BIN=${TSHARK_BIN:-/usr/bin/tshark} +TSHARK_UID=${TSHARK_UID:-0} +TSHARK_GID=${TSHARK_GID:-0} if [ -f /usr/local/homer/etc/webapp_config.json ]; then @@ -73,6 +77,11 @@ if [ -f /usr/local/homer/etc/webapp_config.json ]; then if [ -n "$LDAP_ANONYMOUS" ]; then sed -i "/anonymous/ s/false/${LDAP_ANONYMOUS}/g" /usr/local/homer/etc/webapp_config.json; fi if [ -n "$LDAP_USER_DN" ]; then sed -i "/userdn/ s/uid=%s,ou=People,dc=example,dc=com/${LDAP_USER_DN}/g" /usr/local/homer/etc/webapp_config.json; fi + if [ -n "$TSHARK_UID" ]; then sed -i "s/tshark_uid/${TSHARK_UID}/g" /usr/local/homer/etc/webapp_config.json; fi + if [ -n "$TSHARK_GID" ]; then sed -i "s/tshark_gid/${TSHARK_GID}/g" /usr/local/homer/etc/webapp_config.json; fi + if [ -n "$TSHARK_ACTIVE" ]; then sed -i "s/tshark_active/${TSHARK_ACTIVE}/g" /usr/local/homer/etc/webapp_config.json; fi + if [ -n "$TSHARK_BIN" ]; then sed -i "s/tshark_bin/${TSHARK_BIN}/g" /usr/local/homer/etc/webapp_config.json; fi + echo "Pre-Flight provisioning completed!" else diff --git a/docker/webapp_config.json b/docker/webapp_config.json index 2429ec8e..091e6f1f 100644 --- a/docker/webapp_config.json +++ b/docker/webapp_config.json @@ -88,5 +88,17 @@ "skipverify": true, "anonymous": false, "userdn": "uid=%s,ou=People,dc=example,dc=com" + }, + "decoder_shark": { + "_comment": "Here you can do packet decoding using tshark application. Please define uid, gid if you run the app under root", + "active": tshark_active, + "uid": tshark_uid, + "gid": tshark_gid, + "bin": "tshark_bin", + "protocols": [ + "1_call", + "1_registration", + "1_default" + ] } }