-
Notifications
You must be signed in to change notification settings - Fork 258
Expand file tree
/
Copy pathentrypoint
More file actions
130 lines (114 loc) · 3.49 KB
/
entrypoint
File metadata and controls
130 lines (114 loc) · 3.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
ES_HOSTNAME=elasticsearch
CONFIG_SECRET=1
CONFIG_ES=1
CONFIG=1
CONFIG_FILE=/cortex/application.conf
ANALYZER_PATH=/Cortex-Analyzers/analyzers
ANALYZER_URLS=()
RESPONDER_PATH=/Cortex-Analyzers/responders
RESPONDER_URLS=()
START_DOCKER=0
SHOW_SECRET=0
ES_CORTEX_URL=$ES_URL
if [ -z "$ES_CORTEX_URL" ]; then
echo "ES_URL environment is not defined or set"
else
echo "ES_URL configured using elasticsearch uri: $ES_CORTEX_URL"
fi
function usage {
cat <<- _EOF_
Available options:
--no-config | do not try to configure TheHive (add secret and elasticsearch)
--no-config-secret | do not add random secret to configuration
--no-config-es | do not add elasticsearch hosts to configuration
--es-uri <uri> | use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
--es-hostname <host> | resolve this hostname to find elasticseach instances
--secret <secret> | secret to secure sessions
--show-secret | show the generated secret
--analyzer-url <url> | where analyzers are located (url or path)
--responder-url <url> | where responders are located (url or path)
--start-docker | start a internal docker (inside container) to run analyzers/responders
_EOF_
exit 1
}
STOP=0
while test $# -gt 0 -o $STOP = 1
do
case "$1" in
"--no-config") CONFIG=0;;
"--no-config-secret") CONFIG_SECRET=0;;
"--no-config-es") CONFIG_ES=0;;
"--es-hosts") echo "--es-hosts is deprecated, please use --es-uri"
usage;;
"--es-uri") shift; ES_URI=$1;;
"--es-hostname") shift; ES_HOSTNAME=$1;;
"--secret") shift; SECRET=$1;;
"--show-secret") SHOW_SECRET=1;;
"--analyzer-path") shift; ANALYZER_PATH=$1;;
"--responder-path") shift; RESPONDER_PATH=$1;;
"--analyzer-url") shift; ANALYZER_URLS+=$1;;
"--responder-url") shift; RESPONDER_URLS+=$1;;
"--start-docker") START_DOCKER=1;;
"--") STOP=1;;
*) echo "unrecognized option: $1"; usage;;
esac
shift
done
if test $CONFIG = 1
then
CONFIG_FILE=$(mktemp).conf
if test $CONFIG_SECRET = 1
then
if test -z "$SECRET"
then
SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
test $SHOW_SECRET = 1 && echo Using secret: $SECRET
fi
echo play.http.secret.key=\"$SECRET\" >> $CONFIG_FILE
fi
if test $CONFIG_ES = 1
then
if test -z "$ES_URI"
then
function join_es_hosts {
echo -n $1:9200
shift
printf "%s," "${@/#/:9200}"
}
ES=$(getent ahostsv4 $ES_HOSTNAME | awk '{ print $1 }' | sort -u)
if test -z "$ES"
then
echo "Warning automatic elasticsearch host config fails"
else
ES_URI=http://$(join_es_hosts $ES)
fi
fi
if test -n "$ES_URI"
then
echo Using elasticsearch uri: $ES_URI
echo search.uri=\"$ES_URI\" >> $CONFIG_FILE
else
echo "elasticsearch host not configured as an image argument (Ignore if ES_URL configured)"
fi
fi
function join_urls {
echo -n \"$1\"
shift
for U do echo -n ,\"$U\"; done
# printf ",\"%s\"" $@
}
test ${#ANALYZER_URLS} = 0 && ANALYZER_URLS+=$ANALYZER_PATH
test ${#RESPONDER_URLS} = 0 && RESPONDER_URLS+=$RESPONDER_PATH
echo analyzer.urls=\[$(join_urls ${ANALYZER_URLS[@]})\] >> $CONFIG_FILE
echo responder.urls=\[$(join_urls ${RESPONDER_URLS[@]})\] >> $CONFIG_FILE
echo 'include file("/cortex/application.conf")' >> $CONFIG_FILE
fi
echo config file is:
cat $CONFIG_FILE
echo "XMS and XMS defined : $XMX and $XMS"
/bin/sh -c "/cortex/bin/cortex \
-Dconfig.file=$CONFIG_FILE \
-J-$XMX -J-$XMS \
-Dlogger.file=/cortex/conf/logback.xml \
-Dpidfile.path=/dev/null \
$@" daemon