From e7c3fa2a8b04de190a263215d79f58572706f0f1 Mon Sep 17 00:00:00 2001 From: ziirish Date: Sun, 30 Jul 2017 18:57:00 +0200 Subject: [PATCH] remove debian based docker image --- .gitlab-ci.yml | 28 +-- contrib/gunicorn.d/burp-ui | 2 +- contrib/gunicorn/burpui_gunicorn.py | 2 +- docker/Dockerfile | 66 +++++-- docker/Dockerfile-py3.6 | 71 ------- docker/README.rst | 13 +- .../assets/config/burp-ui/burpui.cfg | 186 ------------------ .../assets/config/burp/burp-server.conf | 175 ---------------- .../assets/config/burp/burp.conf | 125 ------------ .../assets/config/gunicorn.d/burp-ui | 13 -- docker/docker-release/assets/init | 158 --------------- docker/docker-release/assets/setup/install | 115 ----------- setup.py | 4 +- 13 files changed, 77 insertions(+), 881 deletions(-) delete mode 100644 docker/Dockerfile-py3.6 delete mode 100644 docker/docker-release/assets/config/burp-ui/burpui.cfg delete mode 100644 docker/docker-release/assets/config/burp/burp-server.conf delete mode 100644 docker/docker-release/assets/config/burp/burp.conf delete mode 100644 docker/docker-release/assets/config/gunicorn.d/burp-ui delete mode 100755 docker/docker-release/assets/init delete mode 100755 docker/docker-release/assets/setup/install diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b571c90..61fefa97 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -28,17 +28,17 @@ test:py2.7: except: - tags -test:py3.4: - stage: test - image: python:3.4 - script: - - pip install tox - - tox -e py34 - tags: - - docker - except: - - tags - - demo +#test:py3.4: +# stage: test +# image: python:3.4 +# script: +# - pip install tox +# - tox -e py34 +# tags: +# - docker +# except: +# - tags +# - demo test:py3.6: stage: test @@ -85,7 +85,8 @@ build:docker:latest: script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest -f docker/Dockerfile . - - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6 -f docker/Dockerfile-py3.6 . + - docker tag $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6 +# - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6 -f docker/Dockerfile-py3.6 . - cd docker/demo/docker-pg && docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:latest . - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest-py3.6 @@ -100,7 +101,8 @@ build:docker:release: script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG -f docker/Dockerfile . - - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6 -f docker/Dockerfile-py3.6 . + - docker tag $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6 +# - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6 -f docker/Dockerfile-py3.6 . - cd docker/demo/docker-pg && docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$CI_COMMIT_TAG . - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG-py3.6 diff --git a/contrib/gunicorn.d/burp-ui b/contrib/gunicorn.d/burp-ui index 769bf5d4..5a734041 100644 --- a/contrib/gunicorn.d/burp-ui +++ b/contrib/gunicorn.d/burp-ui @@ -7,7 +7,7 @@ CONFIG = { '--group=burpui', '--workers=5', '--timeout=300', - '--worker-class=gevent', + '--worker-class=eventlet', '--access-logfile=/var/log/gunicorn/burp-ui_access.log', '--error-logfile=/var/log/gunicorn/burp-ui_error.log', 'burpui:create_app(conf="/etc/burp/burpui.cfg",logfile="/var/log/gunicorn/burp-ui_info.log")', diff --git a/contrib/gunicorn/burpui_gunicorn.py b/contrib/gunicorn/burpui_gunicorn.py index 11ec911e..4ef4c9b5 100644 --- a/contrib/gunicorn/burpui_gunicorn.py +++ b/contrib/gunicorn/burpui_gunicorn.py @@ -74,7 +74,7 @@ backlog = 2048 # workers = 5 -worker_class = 'gevent' +worker_class = 'eventlet' worker_connections = 1000 timeout = 300 keepalive = 2 diff --git a/docker/Dockerfile b/docker/Dockerfile index f0d9173e..58dfe67e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,20 +1,62 @@ -FROM debian:jessie +FROM python:3.6-alpine MAINTAINER hi+burpui@ziirish.me -RUN apt-get update \ - && DEBIAN_FRONTEND=noninteractive apt-get install -y supervisor logrotate locales gunicorn cron netcat openssl \ - && update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ - && locale-gen en_US.UTF-8 \ - && dpkg-reconfigure -f noninteractive locales \ - && echo "Europe/Paris" >/etc/timezone \ - && dpkg-reconfigure -f noninteractive tzdata \ - && rm -rf /var/lib/apt/lists/* +RUN apk add --no-cache supervisor logrotate librsync openssl tzdata nginx \ + && apk add --no-cache --virtual .fetch-deps \ + tar \ + \ + && wget -O burp.tar.gz https://github.com/grke/burp/archive/2.0.54.tar.gz \ + && wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v2.0.1.tar.gz \ + && mkdir -p /usr/src/burp /usr/src/uthash \ + && tar -xC /usr/src/burp --strip-components=1 -f burp.tar.gz \ + && tar -xC /usr/src/uthash --strip-components=1 -f uthash.tar.gz \ + && rm burp.tar.gz uthash.tar.gz \ + \ + && apk add --no-cache --virtual .build-deps \ + g++ \ + libc-dev \ + make \ + openssl-dev \ + zlib-dev \ + librsync-dev \ + pkgconfig \ + yajl-dev \ + autoconf \ + automake \ + libtool \ + \ +# add build deps before removing fetch deps in case there's overlap + && apk del .fetch-deps \ + \ + && cd /usr/src/burp \ + && autoreconf -vif \ + && CPPFLAGS="-I../uthash/src" ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/burp \ + --localstatedir=/var \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && make install \ + && make install-configs \ + \ + && runDeps="$( \ + scanelf --needed --nobanner --recursive /usr/local \ + | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ + | sort -u \ + | xargs -r apk info --installed \ + | sort -u \ + )" \ + && apk add --virtual .python-rundeps $runDeps \ + && apk del .build-deps \ +# needed for the bui-cli tool + && ln -sf /usr/bin/nc /bin/nc \ +# do some cleanup + && rm -rf /usr/src/burp /usr/src/uthash ~/.cache ADD . /burp-ui -ADD docker/docker-release/assets/setup/ /app/setup/ -ADD docker/docker-release/assets/config/ /app/setup/config/ -ADD docker/docker-release/assets/init /app/init +ADD docker/docker-alpine/assets/setup/ /app/setup/ +ADD docker/docker-alpine/assets/config/ /app/setup/config/ +ADD docker/docker-alpine/assets/init /app/init RUN chmod 755 /app/init RUN chmod 755 /app/setup/install diff --git a/docker/Dockerfile-py3.6 b/docker/Dockerfile-py3.6 deleted file mode 100644 index 58dfe67e..00000000 --- a/docker/Dockerfile-py3.6 +++ /dev/null @@ -1,71 +0,0 @@ -FROM python:3.6-alpine -MAINTAINER hi+burpui@ziirish.me - -RUN apk add --no-cache supervisor logrotate librsync openssl tzdata nginx \ - && apk add --no-cache --virtual .fetch-deps \ - tar \ - \ - && wget -O burp.tar.gz https://github.com/grke/burp/archive/2.0.54.tar.gz \ - && wget -O uthash.tar.gz https://github.com/troydhanson/uthash/archive/v2.0.1.tar.gz \ - && mkdir -p /usr/src/burp /usr/src/uthash \ - && tar -xC /usr/src/burp --strip-components=1 -f burp.tar.gz \ - && tar -xC /usr/src/uthash --strip-components=1 -f uthash.tar.gz \ - && rm burp.tar.gz uthash.tar.gz \ - \ - && apk add --no-cache --virtual .build-deps \ - g++ \ - libc-dev \ - make \ - openssl-dev \ - zlib-dev \ - librsync-dev \ - pkgconfig \ - yajl-dev \ - autoconf \ - automake \ - libtool \ - \ -# add build deps before removing fetch deps in case there's overlap - && apk del .fetch-deps \ - \ - && cd /usr/src/burp \ - && autoreconf -vif \ - && CPPFLAGS="-I../uthash/src" ./configure \ - --prefix=/usr \ - --sysconfdir=/etc/burp \ - --localstatedir=/var \ - && make -j$(getconf _NPROCESSORS_ONLN) \ - && make install \ - && make install-configs \ - \ - && runDeps="$( \ - scanelf --needed --nobanner --recursive /usr/local \ - | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ - | sort -u \ - | xargs -r apk info --installed \ - | sort -u \ - )" \ - && apk add --virtual .python-rundeps $runDeps \ - && apk del .build-deps \ -# needed for the bui-cli tool - && ln -sf /usr/bin/nc /bin/nc \ -# do some cleanup - && rm -rf /usr/src/burp /usr/src/uthash ~/.cache - -ADD . /burp-ui - -ADD docker/docker-alpine/assets/setup/ /app/setup/ -ADD docker/docker-alpine/assets/config/ /app/setup/config/ -ADD docker/docker-alpine/assets/init /app/init - -RUN chmod 755 /app/init -RUN chmod 755 /app/setup/install -RUN /app/setup/install - -EXPOSE 5000/tcp - -VOLUME ["/var/spool/burp"] -VOLUME ["/etc/burp"] - -ENTRYPOINT ["/app/init"] -CMD ["app:start"] diff --git a/docker/README.rst b/docker/README.rst index 77c43f3a..483124b5 100644 --- a/docker/README.rst +++ b/docker/README.rst @@ -9,23 +9,19 @@ It is organized like this: - `demo/ `_ contains the images used to build the demo. - `docker-alpine/ `_ contains a small but complete image based on `alpine`_ and python 3.6. -- `docker-release/ `_ contains a complete image based on - `debian`_ and python 2.7. Usage ----- -Two Dockerfiles are provided in order to help you build those images. +A Dockerfile is provided in order to help you build the release image. -Here is how to build them: +Here is how to build it: :: cd .. - # build the debian-based docker image: - docker build -t $USER/burp-ui:latest -f docker/Dockerfile . - # if you prefer the alpine-based docker image: - docker build -t $USER/burp-ui:alpine -f docker/Dockerfile-py3.6 . + # alpine-based docker image: + docker build -t $USER/burp-ui:alpine -f docker/Dockerfile . Alternatively, images are built by the CI and you can freely use them thanks to @@ -40,4 +36,3 @@ the provided `docker-compose`_ config: .. _docker-compose: https://docs.docker.com/compose/ .. _Burp-UI: https://git.ziirish.me/ziirish/burp-ui .. _alpine: https://alpinelinux.org/ -.. _debian: https://www.debian.org/ diff --git a/docker/docker-release/assets/config/burp-ui/burpui.cfg b/docker/docker-release/assets/config/burp-ui/burpui.cfg deleted file mode 100644 index b6ec277f..00000000 --- a/docker/docker-release/assets/config/burp-ui/burpui.cfg +++ /dev/null @@ -1,186 +0,0 @@ -[Global] -# On which port is the application listening -port = 5000 -# On which address is the application listening -# '::' is the default for all IPv6 -bind = :: -# enable SSL -ssl = false -# ssl cert -sslcert = /etc/burp/ssl_cert-server.pem -# ssl key -sslkey = /etc/burp/ssl_cert-server.key -# burp server version 1 or 2 -version = 2 -# Handle multiple bui-servers or not -# If set to 'false', you will need to declare at least one 'Agent' section (see -# bellow) -standalone = true -# authentication plugin (mandatory) -# list the misc/auth directory to see the available backends -# to disable authentication you can set "auth: none" -# you can also chain multiple backends. Example: "auth: ldap,basic" -# the order will be respected unless you manually set a higher backend priority -auth = basic -# acl plugin -# list misc/acl directory to see the available backends -# default is no ACL -acl = basic -# You can change the prefix if you are behind a reverse-proxy under a custom -# root path. For example: /burpui -# You can also configure your reverse-proxy to announce the prefix through the -# 'X-Script-Name' header. In this case, the bellow prefix will be ignored in -# favour of the one announced by your reverse-proxy -prefix = none - -[UI] -# refresh interval of the pages in seconds -refresh = 180 -# refresh interval of the live-monitoring page in seconds -liverefresh = 5 - -[Production] -# storage backend (only used with gunicorn) for session and cache -# may be either 'default' or 'redis' -storage = redis -# redis server to connect to -redis = 127.0.0.1:6379 - -[Security] -## This section contains some security options. Make sure you understand the -## security implications before changing these. -# list of 'root' paths allowed when sourcing files in the configuration. -# Set this to 'none' if you don't want any restrictions, keeping in mind this -# can lead to accessing sensible files. Defaults to '/etc/burp'. -# Note: you can have several paths separated by comas. -# Example: /etc/burp,/etc/burp.d -includes = /etc/burp -# remember_cookie duration in days -cookietime = 14 -# whether to use a secure cookie for https or not. If set to false, cookies -# won't have the 'secure' flag. -# This setting is only useful when HTTPS is detected -scookie = true -# application secret to secure cookies. If you don't set anything, the default -# value is 'random' which will generate a new secret after every restart of your -# application. You can also set it to 'none' although this is not recommended. -# /!\ YOU CANNOT USE THE MAGIC 'random' VALUE WHEN USING GUNICORN /!\ -appsecret = random - -## burp1 backend specific options -#[Burp1] -## burp status address (can only be '127.0.0.1' or '::1') -#bhost = ::1 -## burp status port -#bport = 4972 -## burp binary -#burpbin = /usr/sbin/burp -## vss_strip binary -#stripbin = /usr/sbin/vss_strip -## burp client configuration file used for the restoration (Default: None) -#bconfcli = /etc/burp/burp.conf -## burp server configuration file used for the setting page -#bconfsrv = /etc/burp/burp-server.conf -## temporary directory to use for restoration -#tmpdir = /tmp/bui - -## burp2 backend specific options -[Burp2] -## burp binary -#burpbin = /usr/sbin/burp -## vss_strip binary -stripbin = /usr/bin/vss_strip -## burp client configuration file used for the restoration (Default: None) -#bconfcli = /etc/burp/burp.conf -## burp server configuration file used for the setting page -#bconfsrv = /etc/burp/burp-server.conf -## temporary directory to use for restoration -tmpdir = /tmp/bui - -## ldapauth specific options -#[LDAP] -## Backend priority. Higher is first -#priority = 1 -## LDAP host -#host = 127.0.0.1 -## LDAP port -#port = 389 -## Encryption type to LDAP server (none, ssl or tls) -## - try tls if unsure, otherwise ssl on port 636 -#encryption = ssl -## specifies if the server certificate must be validated, values can be: -## - none (certificates are ignored) -## - optional (not required, but validated if provided) -## - required (required and validated) -#validate = none -## SSL or TLS version to use, can be one of the following: -## - SSLv2 -## - SSLv3 -## - SSLv23 -## - TLSv1 -## - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher) -#version = TLSv1 -## the file containing the certificates of the certification authorities -#cafile = none -## Attribute to use when searching the LDAP repository -##searchattr = sAMAccountName -#searchattr = uid -## LDAP filter to find users in the LDAP repository -## - {0} will be replaced by the search attribute -## - {1} will be replaced by the login name -##filter = (&({0}={1})(burpui=1)) -##filter = (&({0}={1})(|(userAccountControl=512)(userAccountControl=66048))) -## LDAP base -#base = ou=users,dc=example,dc=com -## Binddn to list existing users -#binddn = cn=admin,dc=example,dc=com -## Bindpw to list existing users -#bindpw = Sup3rS3cr3tPa$$w0rd - -## basicauth specific options -## Note: in case you leave this section commented, the default login/password -## is admin/admin -## Please DO NOT touch the following line -## @salted@ -#[BASIC] -## Backend priority. Higher is first -#priority = 2 -#admin = password -#user1 = otherpassword - -## basicacl specific options -## Note: in case you leave this section commented, the user 'admin' will have -## access to all clients whereas other users will only see the client that have -## the same name -#[BASIC:ACL] -## Please note the double-quote around the username on the admin line are -## mandatory! -#admin = user1,user2 -## You can also overwrite the default behavior by specifying which clients a -## user can access -#user3 = '["client4", "client5"]' -## In case you are not in a standalone mode, you can also specify which clients -## a user can access on a specific Agent -#user4 = '{"agent1": ["client6", "client7"], "agent2": ["client8"]}' - -## If you set standalone to 'false', add at least one section like this per -## bui-agent -#[Agent:agent1] -## bui-agent address -#host = 192.168.1.1 -## bui-agent port -#port = 10000 -## bui-agent password -#password = azerty -## enable SSL -#ssl = true - -#[Agent:agent2] -## bui-agent address -#host = 192.168.2.1 -## bui-agent port -#port = 10000 -## bui-agent password -#password = ytreza -## enable SSL -#ssl = true diff --git a/docker/docker-release/assets/config/burp/burp-server.conf b/docker/docker-release/assets/config/burp/burp-server.conf deleted file mode 100644 index 178ddb5f..00000000 --- a/docker/docker-release/assets/config/burp/burp-server.conf +++ /dev/null @@ -1,175 +0,0 @@ -# This is an example config file for the burp server. - -mode = server - -# The default addresses to listen on depend upon compile time options. -# They may be overridden here. -address = 0.0.0.0 -port = 4971 -# Think carefully before changing the status port address, as it can be used -# to view the contents of backups. -status_address = 0.0.0.0 -# If you do not wish to run a status server at all, comment status_port out. -status_port = 4972 - -directory = /srv/backup -dedup_group = global -clientconfdir = /etc/burp/clientconfdir -# Choose the protocol to use. -# 0 to decide automatically, 1 to force protocol1 mode (file level granularity -# with a pseudo mirrored storage on the server and optional rsync). 2 forces -# protocol2 mode (inline deduplication with variable length blocks). -# Like many other settings, this can be set per client in the clientconfdir -# files. -protocol = 1 -pidfile = /tmp/burp.server.pid -hardlinked_archive = 1 -working_dir_recovery_method = resume -max_children = 5 -max_status_children = 10 -umask = 0022 -syslog = 1 -stdout = 0 -# The following options can restrict what the client can do. -# Restore clients can override all of these expect for force_backup. -client_can_delete = 1 -# Set client_can_force_backup to 0 to only allow timed backups. -client_can_force_backup = 1 -client_can_list = 1 -# Set client_can_restore to 0 if you want restores to only be initialised by -# the server. -client_can_restore = 1 -client_can_verify = 1 -# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s). -# ratelimit = 1.5 -# Network timeout defaults to 7200 seconds (2 hours). -network_timeout = 1800 - -# Server storage compression. Default is zlib9. Set to zlib0 to turn it off. -compression = gzip5 - -# When the client version does not match the server version, log a warning. -# Set to 0 to turn it off. -version_warn = 1 - -# More configuration files can be read, using syntax like the following -# (without the leading '# '). -# . path/to/more/conf - -# Location of autoupgrade files to serve to clients. Leave it commented out -# to not autoupgrade clients. -# autoupgrade_dir = /etc/burp/autoupgrade/server - -# You can have as many 'keep' lines as you like. -# For example, if running backups daily, setting 7, 4, 6 will keep -# 7 daily backups, 4 weekly, and 6 four-weekly backups. -keep = 7 -keep = 4 -keep = 6 - -# Run as different user/group. -user = burpui -group = burpui - -# CA options. -# If you want your server to be a certificate authority and generate its own -# certificates, uncomment the following lines. If the directory specified in -# ca_conf does not exist, the server will create, populate it, and the paths -# indicated by ssl_cert_ca, ssl_cert, ssl_key and ssl_dhfile below will be -# overwritten. See docs/burp_ca.txt for more information. -ca_conf = /etc/burp/CA.cnf -ca_name = burpCA -ca_server_name = burpserver -ca_burp_ca = /usr/sbin/burp_ca - -# Check for revoked certificates in the certificate revocation list. -# Turn this off if you use the old ssl_extra_checks_script server script. -ca_crl_check = 1 - -# SSL certificate authority - same file on both server and client -ssl_cert_ca = /etc/burp/ssl_cert_ca.pem - -# Server SSL certificate -ssl_cert = /etc/burp/ssl_cert-server.pem - -# Server SSL key -ssl_key = /etc/burp/ssl_cert-server.key - -# Server SSL ciphers -#ssl_ciphers = - -# Server SSL compression. Default is zlib5. Set to zlib0 to turn it off. -#ssl_compression = zlib5 - -# SSL key password, for loading a certificate with encryption. -#ssl_key_password = password - -# Server DH file. -ssl_dhfile = /etc/burp/dhfile.pem - -timer_script = /usr/share/burp/scripts/timer_script -# Ensure that 20 hours elapse between backups -# Available units: -# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months) -timer_arg = 1h -timer_arg = Mon,Tue,Wed,Thu,Fri,05,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20,21 -timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23 -# Allow backups to start in the evenings and nights during weekdays -# Allow more hours at the weekend. -# Note that, if you specify no timebands, the default timer script will never -# allow backups. - -# Uncomment the notify_success_* lines for email notifications of backups that -# succeeded. -# In the subject line, the following are substituted: -# %b - "backup"/"restore"/"verify" -# %c - client name -# %w - number of warnings, if any -#notify_success_script = /usr/share/burp/scripts/notify_script -#notify_success_arg = sendmail -t -#notify_success_arg = To: youremail@example.com -#notify_success_arg = From: burp -#notify_success_arg = Subject: %b succeeded: %c %w -# Uncomment the following to have success notifications only if there were -# warnings. -#notify_success_warnings_only = 1 -# Uncomment the following to have success notifications only if there were -# new or changed files. -#notify_success_changes_only = 1 - -# Uncomment the following for email notifications of backups that failed. -#notify_failure_script = /usr/share/burp/scripts/notify_script -#notify_failure_arg = sendmail -t -#notify_failure_arg = To: youremail@example.com -#notify_failure_arg = From: burp -#notify_failure_arg = Subject: %b failed: %c %w - -# The server can run scripts on each connection after authentication and before -# disconnecting. -#server_script_pre = /usr/share/burp/scripts/ssl_extra_checks_script -#server_script_pre_arg = /etc/burp/crl -#server_script_pre_arg = /etc/burp/burp-server.conf -#server_script_pre_arg = /usr/share/burp/scripts/server-pre-script.local -# Set server_script_pre_notify to 1 to have notifications on server_script_pre -# returning non-zero. Most people will want to leave this off - it could -# result in a lot of emails because clients normally connect once every 20 -# minutes. Requires notify_failure_script to be set above. -#server_script_pre_notify = 0 -#server_script_post = -#server_script_post_arg = -#server_script_post_arg = -#server_script_post_run_on_fail=0 -# As for server_script_pre_notify, but for post. -#server_script_post_notify = 0 - -# Clients that are able to list and restore files belonging to any other -# client. If this is too permissive, you may set a restore_client for -# individual original clients in the individual clientconfdir files. -# restore_client = someclient -# restore_client = someotherclient -restore_client = agent - -# Whether or not the server process should cache the tree when a monitor client -# is browsing a backup. Advantage: speed. Disadvantage: more memory is used. -monitor_browse_cache = 1 - diff --git a/docker/docker-release/assets/config/burp/burp.conf b/docker/docker-release/assets/config/burp/burp.conf deleted file mode 100644 index 0d7b792e..00000000 --- a/docker/docker-release/assets/config/burp/burp.conf +++ /dev/null @@ -1,125 +0,0 @@ -# This is an example config file for the burp client. - -mode = client -port = 4971 -status_port = 4972 -server = 127.0.0.1 -password = abcdefgh -cname = agent -# Choose the protocol to use. -# 0 to decide automatically, 1 to force protocol1 mode (file level granularity -# with a pseudo mirrored storage on the server and optional rsync). 2 forces -# protocol2 mode (inline deduplication with variable length blocks). -protocol = 1 -pidfile = /tmp/burp.client.pid -syslog = 1 -stdout = 0 -progress_counter = 1 -# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s). -# ratelimit = 1.5 -# Network timeout defaults to 7200 seconds (2 hours). -network_timeout = 72000 -# The directory to which autoupgrade files will be downloaded. -# To never autoupgrade, leave it commented out. -# autoupgrade_dir=/opt/burp2/etc/autoupgrade/client -# OS path component for the autoupgrade directory on the server. -# autoupgrade_os=test_os -# Wait a random number of seconds between 0 and the given number before -# contacting the server on a timed backup. -# randomise = 1200 - -# Set server_can_restore to 0 if you do not want the server to be able to -# initiate a restore. -server_can_restore = 0 - -# Set an encryption password if you do not trust the server with your data. -# Note that this will mean that network deltas will not be possible. Each time -# a file changes, the whole file will be transferred on the next backup. -# encryption_password = My^$pAsswIrD%@ - -# More configuration files can be read, using syntax like the following -# (without the leading '# '). -# . path/to/more/conf - -# Run as different user/group. -# user=graham -# group=nogroup - -cross_filesystem=/home -cross_all_filesystems=0 - -# Uncomment the following lines to automatically generate a certificate signing -# request and send it to the server. -ca_burp_ca = /usr/sbin/burp_ca -ca_csr_dir = /etc/burp/CA-client - -# SSL certificate authority - same file on both server and client -ssl_cert_ca = /etc/burp/ssl_cert_ca.pem - -# Client SSL certificate -ssl_cert = /etc/burp/ssl_cert-client.pem - -# Client SSL key -ssl_key = /etc/burp/ssl_cert-client.key - -# Client SSL ciphers -#ssl_ciphers = - -# Client SSL compression. Default is zlib5. Set to zlib0 to turn it off. -#ssl_compression = zlib5 - -# SSL key password -ssl_key_password = password - -# Common name in the certificate that the server gives us -ssl_peer_cn = burpserver - -# Example syntax for pre/post scripts -#backup_script_pre=/path/to/a/script -#backup_script_post=/path/to/a/script -#restore_script_pre=/path/to/a/script -#restore_script_post=/path/to/a/script - -# The following options specify exactly what to backup. -# The server will override them if there is at least one 'include=' line on -# the server side. -include = /etc -include = /home -#exclude = /home/graham/testdir/librsync-0.9.7/testsuite -#include = /home/graham/testdir/librsync-0.9.7/testsuite/deep -#include = /home/graham/xdir -#exclude = /home/graham/testdir/libr -# Exclude file names ending in '.vdi' or '.vmdk' (case insensitive) -#exclude_ext = vdi -#exclude_ext = vmd -# Exlude file path matching a regular expression -# (note that 'include_regex' is not yet implemented) -#exclude_regex = \.cache -# Exclude various temporary file systems. You may want to add devfs, devpts, -# proc, ramfs, etc. -exclude_fs = sysfs -exclude_fs = tmpfs -# Exclude files based on size. Defaults are 0, which means no limit. -#min_file_size = 0 Mb -#max_file_size = 0 Mb -# The content of directories containing a filesystem entry named like this -# will not be backed up. -nobackup = .nobackup -# By default, burp backups up the fifos themselves, rather than reading from -# them. These two options let you choose a particular fifo to read, or read -# from all fifos. -#read_fifo=/path/to/a/fifo -#read_all_fifos=0 -# The same for block device nodes. -#read_blockdev=/path/to/a/blockdev -#read_all_blockdevs=0 -# Exclude files from compression by extension. -exclude_comp=bz2 -exclude_comp=gz -# When backing up, whether to enable O_NOATIME when opening files and -# directories. The default is atime=0, which enables O_NOATIME. -#atime=1 -# When enabled, this causes problems in the phase1 scan (such as an 'include' -# being missing) to be treated as fatal errors. The default is 0. -#scan_problem_raises_error=1 - diff --git a/docker/docker-release/assets/config/gunicorn.d/burp-ui b/docker/docker-release/assets/config/gunicorn.d/burp-ui deleted file mode 100644 index 2749c5c8..00000000 --- a/docker/docker-release/assets/config/gunicorn.d/burp-ui +++ /dev/null @@ -1,13 +0,0 @@ -CONFIG = { - 'args': ( - '--bind=0.0.0.0:5000', - '--user=burpui', - '--group=burpui', - '--workers=5', -# '--preload', - '--worker-class=gevent', - '--access-logfile=/var/log/gunicorn/burp-ui_access.log', - '--error-logfile=/var/log/gunicorn/burp-ui_error.log', - 'burpui:create_app("@BURPUI_CONFIG@",logfile="/var/log/gunicorn/burp-ui_info.log",verbose=@BURPUI_VERBOSE@)', - ), -} diff --git a/docker/docker-release/assets/init b/docker/docker-release/assets/init deleted file mode 100755 index 5c7a8650..00000000 --- a/docker/docker-release/assets/init +++ /dev/null @@ -1,158 +0,0 @@ -#!/bin/bash -set -e - -trap appStop SIGINT SIGTERM - -appStart () { - - BURPUI_CONFIG=${BURPUI_CONFIG:-/etc/burp/burpui.cfg} - BURPUI_CLIENT_NAME=${BURPUI_CLIENT_NAME:-bui} - BURPUI_VERBOSE=${BURPUI_VERBOSE:-0} - BURPUI_UID=${BURPUI_UID:-5337} - BURPUI_GID=${BURPUI_GID:-5337} - BURPUI_PLUGINS=${BURPUI_PLUGINS:-none} - BURP_CLIENT_CONFIG=${BURP_CLIENT_CONFIG:-/tmp/burp.conf} - BURP_SERVER_CONFIG=${BURP_SERVER_CONFIG:-/etc/burp/burp-server.conf} - BURP_SERVER_ADDR=${BURP_SERVER_ADDR:-auto} - REDIS_SERVER=${REDIS_SERVER:-redis:6379} - DATABASE_URL=${DATABASE_URL:-sqlite:////var/lib/burpui/store.db} - TIMEZONE=${TIMEZONE:-Europe/Paris} - - [ -e /usr/share/zoneinfo/$TIMEZONE ] && { - cp /usr/share/zoneinfo/$TIMEZONE /etc/localtime - echo "$TIMEZONE" >/etc/timezone - } - - # Create burp-ui User - getent group | grep -q burpui || groupadd -g $BURPUI_GID burpui - getent passwd | grep -q burpui || useradd -r -m -d /var/lib/burpui -c 'Burp-UI daemon user' -u $BURPUI_UID -g $BURPUI_GID burpui - chown -R burpui: /var/log/gunicorn - - [ -e /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown ] && { - chown -R burpui: /etc/burp - rm /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown - } - - [ "$BURP_SERVER_ADDR" == "auto" ] && { - BURP_SERVER_ADDR=$(ip route sh | grep default | awk '{print $3;}') - } - - [ -e "$BURPUI_CONFIG" ] || { - cp /usr/local/share/burpui/etc/burpui.sample.cfg $BURPUI_CONFIG - chown burpui: $BURPUI_CONFIG - } - - # wait for redis to be up - sleep 3 - - LOGFILE=$(mktemp) - bui-manage -c $BURPUI_CONFIG setup_burp -b $BURP_CLIENT_CONFIG \ - -s $BURP_SERVER_CONFIG -h $BURP_SERVER_ADDR -c $BURPUI_CLIENT_NAME \ - -r $REDIS_SERVER -d $DATABASE_URL -p $BURPUI_PLUGINS 2>&1 | tee $LOGFILE - - CELERY="True" - grep -q "Unable to contact the redis server" $LOGFILE && CELERY="" - rm $LOGFILE - - [ "$DATABASE_URL" != "none" ] && { - su -l burpui -c "/usr/local/bin/bui-manage -c $BURPUI_CONFIG db upgrade" - } - - # You can change log verbosity at runtime - [ -e /etc/gunicorn.d/burp-ui.example ] || cp -a /etc/gunicorn.d/burp-ui /etc/gunicorn.d/burp-ui.example - perl -pe "s#\@BURPUI_CONFIG\@#$BURPUI_CONFIG#" /etc/gunicorn.d/burp-ui.example >/etc/gunicorn.d/burp-ui - perl -i -pe "s#\@BURPUI_VERBOSE\@#$BURPUI_VERBOSE#" /etc/gunicorn.d/burp-ui - - ssl_cert_ca=$(grep -E "^\s*ssl_cert_ca\s*=" $BURP_CLIENT_CONFIG | cut -d= -f2 | sed -e "s/\s*//g") - ssl_cert=$(grep -E "^\s*ssl_cert\s*=" $BURP_CLIENT_CONFIG | cut -d= -f2 | sed -e "s/\s*//g") - ssl_key=$(grep -E "^\s*ssl_key\s*=" $BURP_CLIENT_CONFIG | cut -d= -f2 | sed -e "s/\s*//g") - - [ -z "$ssl_cert_ca" ] && { - echo "Unable to locate ssl_cert_ca in $BURP_CLIENT_CONFIG" - exit 1 - } - [ -z "$ssl_cert" ] && { - echo "Unable to locate ssl_cert in $BURP_CLIENT_CONFIG" - exit 1 - } - [ -z "$ssl_key" ] && { - echo "Unable to locate ssl_key in $BURP_CLIENT_CONFIG" - exit 1 - } - - [ ! -e "$ssl_cert_ca" -a ! -e "$ssl_cert" -a ! -e "$ssl_key" ] && { - # pre-generate burp certs because of https://github.com/grke/burp/issues/512 - TMPFILE=$(mktemp) - /usr/sbin/burp -c $BURP_CLIENT_CONFIG -a l 2>&1 >$TMPFILE - for file in $(grep "Could not find ssl" $TMPFILE | cut -d' ' -f8 | sed "s/:$//") - do - chgrp burpui $file - chmod g+rw $file - done - rm $TMPFILE - } - - # start supervisord - /usr/bin/supervisord -c /etc/supervisor/supervisord.conf - - echo "Starting crond..." - supervisorctl start cron >/dev/null - - echo "Starting burp..." - supervisorctl start burp >/dev/null - - [ -n "$CELERY" ] && { - echo "Starting bui-celery..." - supervisorctl start bui-celery >/dev/null - } - - echo "Starting gunicorn..." - /etc/init.d/gunicorn restart >/dev/null - - # wait a bit for the logs to be populated - sleep 2 - - # watch the access logs - tail -F /var/log/gunicorn/burp-ui_info.log -} - -appStop() { - echo "" - echo "Stopping gunicorn..." - /etc/init.d/gunicorn stop >/dev/null - echo "Stopping burp..." - supervisorctl stop burp >/dev/null - echo "Stopping crond..." - supervisorctl stop cron >/dev/null - echo "Stopping supervisord..." - kill -15 $(cat /var/run/supervisord.pid) - exit -} - -appHelp () { - echo "Available options:" - echo " app:start - Starts the burp-ui server (default)" - echo " app:help - Displays the help" - echo " [command] - Execute the specified linux command eg. bash." -} - -case "$1" in - app:start) - appStart - ;; - *) - if [ -x $1 ]; then - $1 - else - prog=$(which $1) - if [ -n "${prog}" ] ; then - shift 1 - su -l burpui -c "$prog $@" - else - appHelp - fi - fi - ;; -esac - -exit 0 diff --git a/docker/docker-release/assets/setup/install b/docker/docker-release/assets/setup/install deleted file mode 100755 index 1b62ef84..00000000 --- a/docker/docker-release/assets/setup/install +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash -# Build: @build@ -set -e - -SETUP_DIR="/app/setup" -CONFIG_DIR="${SETUP_DIR}/config" - -apt-get update -DEBIAN_FRONTEND=noninteractive apt-get install -y wget python2.7-dev git python-pip libffi-dev libmysqlclient-dev libpq-dev libpq5 - -echo "deb http://ziirish.info/repos/debian/jessie zi-stable main" >/etc/apt/sources.list.d/ziirish.list -wget https://ziirish.info/repos/debian.gpg -O- | apt-key add - -apt-get update - -DEBIAN_FRONTEND=noninteractive apt-get remove -y python-cffi -DEBIAN_FRONTEND=noninteractive apt-get install -y libssl-dev burp-client - -# Install burp-ui -pip install --upgrade pip -cd /burp-ui -git submodule update --init -pip install -r requirements.txt -python setup.py sdist -pip install ujson -pip install gevent -pip install redis -pip install mysqlclient -pip install psycopg2 -pip install flask-limiter -pip install Flask-Session -pip install Flask-SQLAlchemy -pip install Flask-Migrate -pip install sqlalchemy-utils -pip install celery -pip install dist/*.tar.gz - -cffi=$(grep cffi requirements.txt) -cd -rm -rf /burp-ui - -mkdir -p /var/log/gunicorn - -# configure supervisord log rotation -cat > /etc/logrotate.d/supervisord < /etc/logrotate.d/gunicorn < /etc/supervisor/conf.d/cron.conf < /etc/supervisor/conf.d/bui-celery.conf </etc/burp/burp.conf -cat ${CONFIG_DIR}/burp/burp-server.conf >/etc/burp/burp-server.conf -rm -rf /etc/burp/clientconfdir/* -echo "password = abcdefgh" >/etc/burp/clientconfdir/agent - -touch /etc/burp/this_is_a_decoy_file_to_know_if_we_can_chown - -# cleanup -apt-get remove -y python2.7-dev git python-pip libffi-dev libssl-dev wget libpq-dev -apt-get clean -apt-get autoclean -apt-get -y autoremove -# cffi breaks after the cleanup -/usr/local/bin/pip install $cffi -rm -rf /var/lib/apt/lists/* diff --git a/setup.py b/setup.py index 6548c3c7..adaf08b2 100755 --- a/setup.py +++ b/setup.py @@ -275,8 +275,8 @@ setup( extras_require={ 'ldap_authentication': ['ldap3'], 'extra': ['ujson'], - 'gunicorn': ['gevent', 'gunicorn'], - 'gunicorn-extra': ['redis', 'Flask-Session==0.3.0'], + 'gunicorn': ['eventlet', 'gunicorn'], + 'gunicorn-extra': ['redis', 'Flask-Session==0.3.1'], 'agent': ['gevent'], 'ci': test_requires, 'dev': dev_requires,