An updated version of the CRITS docker file with crits_services installed.
Credit to the REMnux team! They provided the base docker image that allowed this to happen :)
This sequence is a first time install of CRITS and CRITS services, in order for the Database sequence to be correctly installed ( and users created ) please follow the below.
- Pull the mongodb container
docker pull mongo
- Create a new directory to store your mongodb data
mkdir -p /data/crits
- Assign the correct selinux context to the data directory
chcon -Rt svirt_sandbox_file_t /data/crits
- Create and save the data outside the mongodb container
docker run --name docker_mongo -p 27017:27017 -v /data/crits:/data/db -d mongo:latest
- Create a mongo client
docker run -it mongo mongo --host $hostWhere $host is the external NIC IP address of the machine hosting the docker container
- Copy and paste the below code into the terminal after changing the tokens - please be aware that the below gives excessive permissions
use crits
db.createUser({ user : "$some_user_name$", pwd : "$password$", roles : [ { "role": "readWrite", "db" : "crits" } ] })
-
Ensure the above returns a success code. Exit the container by running
exitor until you see the normal command prompt -
(Optional) Create an admin user and role to manage MongoDB
Refer to vendor documentation
- Rerun the mongodb container, this will enable authentication
docker stop docker_mongo && docker rm docker_mongo && docker run --name docker_mongo -p 27017:27017 -v /data/crits:/data/db -d mongo:latest --auth
- Perform the following command to pull the crits_services container
docker pull auxsec/crits_services
- First time run of the container
docker run --name crits --link docker_mongo:mongo -p 8443:8443 -e FIRST_BOOT=true -e MONGO_USER=$mongo_user -e MONGO_PASSWORD=$mongo_password -d auxsec/crits_servicesThis will build the relevant database collections and configuration
- Grab the username and password
docker logs critsThis should return a username and password that can be used to access and administrate the crits instance.
To stop the container
docker stop crits && docker rm crits
To start the container
docker run --name crits --link docker_mongo:mongo -p 8443:8443 -e MONGO_USER=$mongo_user -e MONGO_PASSWORD=$mongo_password -d auxsec/crits_services
Notice the lack of the first boot parameter!
| Service | Compatible | Included in Docker File |
|---|---|---|
| taxii_service | yes | yes |
| virustotal_service | yes | yes |
| zip_meta_service | yes | yes |
| pdfinfo_service | yes | No |
| peinfo_service | yes | yes |
| stix_validator_service | yes | yes |
| office_meta_service | yes | yes |
| fireeye_service | yes | yes |
| diffie_service | yes | yes |
| crits_scripts | yes | yes |
| cf1app_service | yes | yes |
| chminfo_service | yes | yes |
| chopshop | yes | yes |
| clamd_service | yes | yes |
| cuckoo_service | yes | yes |
| exiftool_service | yes | yes |
| farsight_service | yes | yes |
| impfuzzy_service | yes | yes |
| macro_extract_service | yes | yes |
| metacap_service | yes | yes |
| pdf2txt_service | yes | yes |
| preview_service | yes | yes |
| pyew | yes | yes |
| pyinstaller_service | yes | yes |
| ratdecoder_service | yes | yes |
| shodan_service | yes | yes |
| snugglefish_service | No | No |
| ssdeep_service | yes | yes |
| totalhash_service | yes | yes |
| unswf_service | yes | yes |
| whois_service | yes | yes |
| Upgrade | Description | Status |
|---|---|---|
| Map SSL parameters | Allow custom ssl cert to be mapped into the crits container | Not implemented |