search

ntop / docker-ntop

A collection of Dockerfile for running ntop applications on Docker
299 stars 31 forks source link

How to run fritzdump.sh in docker #8

Closed khashashin closed 2 years ago

khashashin commented 2 years ago

I've slightly changed the Dockerfile.ntopng as follows

FROM ubuntu:20.04

ENV TZ="Europe/Zurich"  # Changed by me
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN apt-get update && \
    apt-get -y -q install wget curl lsb-release gnupg libelf1 && \  # Changed by me added curl
    wget -q http://apt-stable.ntop.org/20.04/all/apt-ntop-stable.deb && \
    dpkg -i apt-ntop-stable.deb && \
    apt-get clean all

RUN apt-get update && \
    apt-get -y install ntopng ntopng-data

COPY fritzdump.sh /fritzdump.sh # Changed by me
RUN chmod +x /fritzdump.sh # Changed by me

RUN echo '#!/bin/bash\n/etc/init.d/redis-server start\n/./fritzdump.sh "$@"' > /run.sh && \  # Changed by me 
    chmod +x /run.sh

EXPOSE 3000

ENTRYPOINT ["/run.sh"]

And there is my fritzdump.sh

#!/bin/bash

# This is the address of the router
FRITZIP=http://192.168.178.1

# This is the WAN interface
IFACE="2-0"

# Lan Interface
#IFACE="1-lan"

# If you use password-only authentication use 'dslf-config' as username.
FRITZUSER=dslf-config
FRITZPWD=$1

SIDFILE="/tmp/fritz.sid"

if [ -z "$FRITZPWD" ] || [ -z "$FRITZUSER" ]  ; then echo "Username/Password empty. Usage: $0 <username> <password>" ; exit 1; fi

echo "Trying to login into $FRITZIP as user $FRITZUSER"

if [ ! -f $SIDFILE ]; then
  touch $SIDFILE
fi

SID=$(cat $SIDFILE)

# Request challenge token from Fritz!Box
CHALLENGE=$(curl -k -s $FRITZIP/login_sid.lua |  grep -o "<Challenge>[a-z0-9]\{8\}" | cut -d'>' -f 2)

# Very proprieatry way of AVM: Create a authentication token by hashing challenge token with password
HASH=$(perl -MPOSIX -e '
    use Digest::MD5 "md5_hex";
    my $ch_Pw = "$ARGV[0]-$ARGV[1]";
    $ch_Pw =~ s/(.)/$1 . chr(0)/eg;
    my $md5 = lc(md5_hex($ch_Pw));
    print $md5;
  ' -- "$CHALLENGE" "$FRITZPWD")
  curl -k -s "$FRITZIP/login_sid.lua" -d "response=$CHALLENGE-$HASH" -d 'username='${FRITZUSER} | grep -o "<SID>[a-z0-9]\{16\}" | cut -d'>' -f 2 > $SIDFILE

SID=$(cat $SIDFILE)

echo "[FRITZ!BOX]  Successfully logged in. SID: $SID"

# Check for successfull authentification
if [[ $SID =~ ^0+$ ]] ; then echo "Login failed. Did you create & use explicit Fritz!Box users?" ; exit 1 ; fi

echo "Capturing traffic on Fritz!Box interface $IFACE ..." 1>&2

# In case you want to use tshark instead of ntopng
#wget --no-check-certificate -qO- $FRITZIP/cgi-bin/capture_notimeout?ifaceorminor=$IFACE\&snaplen=\&capture=Start\&sid=$SID | /usr/bin/tshark -r -

wget --no-check-certificate -qO- $FRITZIP/cgi-bin/capture_notimeout?ifaceorminor=$IFACE\&snaplen=\&capture=Start\&sid=$SID | ntopng -i -

Then I start the container using comman

docker run -it --net=host ntopng SomePasswoRd

After that I get following log output

Starting redis-server: redis-server.
Trying to login into http://192.168.178.1 as user dslf-config
[FRITZ!BOX]  Successfully logged in. SID: 2cdc35f568d8c370
Capturing traffic on Fritz!Box interface 2-0 ...
19/Nov/2021 18:25:02 [Ntop.cpp:2478] Setting local networks to 127.0.0.0/8,fe80::/10
19/Nov/2021 18:25:02 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0
19/Nov/2021 18:25:02 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0
19/Nov/2021 18:25:02 [NtopPro.cpp:320] [LICENSE] No license file found /etc/ntopng.license: reading license from redis
19/Nov/2021 18:25:02 [NtopPro.cpp:469] [LICENSE] Unable to validate license [Empty license file]
19/Nov/2021 18:25:02 [NtopPro.cpp:538] WARNING: [LICENSE] Invalid license [Empty license file]
19/Nov/2021 18:25:02 [NtopPro.cpp:555] WARNING: [LICENSE] ntopng will now run in Enterprise L edition for 10 minutes
19/Nov/2021 18:25:02 [NtopPro.cpp:557] WARNING: [LICENSE] before returning to community mode
19/Nov/2021 18:25:02 [NtopPro.cpp:559] WARNING: [LICENSE] You can buy a permanent license at http://shop.ntop.org
19/Nov/2021 18:25:02 [NtopPro.cpp:561] WARNING: [LICENSE] or run ntopng in community mode starting
19/Nov/2021 18:25:02 [NtopPro.cpp:562] WARNING: [LICENSE] ntopng --community
19/Nov/2021 18:25:03 [NetworkInterface.cpp:3186] Cleanup interface stdin
19/Nov/2021 18:25:03 [main.cpp:234] Unable to open interface stdin [97]: PF_RING not loaded. Falling back to pcap.
19/Nov/2021 18:25:03 [Ntop.cpp:2586] Registered interface stdin [id: 0]
19/Nov/2021 18:25:03 [main.cpp:331] PID stored in file /var/run/ntopng.pid
19/Nov/2021 18:25:03 [Geolocation.cpp:149] Loaded database dbip-asn-lite.mmdb [/usr/share/ntopng/httpdocs/geoip//dbip-asn-lite.mmdb][ip_version: 6]
19/Nov/2021 18:25:03 [Geolocation.cpp:149] Loaded database dbip-city-lite.mmdb [/usr/share/ntopng/httpdocs/geoip//dbip-city-lite.mmdb][ip_version: 6]
19/Nov/2021 18:25:03 [Geolocation.cpp:95] Using geolocation provided by DB-IP (https://db-ip.com)
19/Nov/2021 18:25:03 [HTTPserver.cpp:1691] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
19/Nov/2021 18:25:03 [HTTPserver.cpp:1694] HTTP server listening on 3000
19/Nov/2021 18:25:03 [Utils.cpp:737] WARNING: Unable to retain privileges for privileged file writing
19/Nov/2021 18:25:03 [Utils.cpp:781] User changed to ntopng
19/Nov/2021 18:25:03 [NetworkInterface.cpp:2971] Started flow user script hooks loop on interface stdin [id: 0]...
19/Nov/2021 18:25:03 [NetworkInterface.cpp:3002] Started host user script hooks loop on interface stdin [id: 0]...
19/Nov/2021 18:25:03 [main.cpp:401] Working directory: /var/lib/ntopng
19/Nov/2021 18:25:03 [main.cpp:403] Scripts/HTML pages directory: /usr/share/ntopng
19/Nov/2021 18:25:03 [Ntop.cpp:469] Welcome to ntopng x86_64 v.5.0.211117 - (C) 1998-21 ntop.org
19/Nov/2021 18:25:03 [Ntop.cpp:479] Built on Ubuntu 20.04.3 LTS
19/Nov/2021 18:25:03 [NtopPro.cpp:763] [LICENSE] System Id: L1203060376076A90--U120306035F37E239--OL
19/Nov/2021 18:25:03 [NtopPro.cpp:764] [LICENSE] Edition:   Enterprise L (Bundle)
19/Nov/2021 18:25:03 [NtopPro.cpp:765] [LICENSE] License Type:  Time-Limited [Empty license file] License
19/Nov/2021 18:25:03 [NtopPro.cpp:785] [LICENSE] Validity:  Until Fri Nov 19 18:35:02 2021
19/Nov/2021 18:25:03 [PeriodicActivities.cpp:106] Started periodic activities loop...
19/Nov/2021 18:25:04 [startup.lua:37] Processing startup.lua: please hold on...
19/Nov/2021 18:25:04 [startup.lua:169] [lists_utils.lua:784] Refreshing category lists...
19/Nov/2021 18:25:04 [startup.lua:169] [lists_utils.lua:420] Updating list 'Abuse.ch URLhaus' [https://urlhaus.abuse.ch/downloads/hostfile/]... OK
19/Nov/2021 18:25:05 [startup.lua:169] [lists_utils.lua:420] Updating list 'Emerging Threats' [https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt]... OK
19/Nov/2021 18:25:05 [startup.lua:169] [lists_utils.lua:420] Updating list 'Feodo Tracker Botnet C2 IP Blocklist' [https://feodotracker.abuse.ch/downloads/ipblocklist.txt]... OK
19/Nov/2021 18:25:05 [startup.lua:169] [lists_utils.lua:420] Updating list 'NoCoin Filter List' [https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt]... OK
19/Nov/2021 18:25:06 [startup.lua:169] [lists_utils.lua:420] Updating list 'SSLBL Botnet C2 IP Blacklist' [https://sslbl.abuse.ch/blacklist/sslipblacklist.txt]... OK
19/Nov/2021 18:25:06 [startup.lua:169] [lists_utils.lua:420] Updating list 'SSLBL JA3' [https://sslbl.abuse.ch/blacklist/ja3_fingerprints.csv]... OK
19/Nov/2021 18:25:07 [startup.lua:169] [lists_utils.lua:420] Updating list 'Snort IP Block List' [https://snort.org/downloads/ip-block-list]... OK
19/Nov/2021 18:25:07 [startup.lua:169] [lists_utils.lua:717] Category Lists (1894 hosts, 3242 IPs, 100 JA3) loaded in 0 sec
19/Nov/2021 18:25:07 [startup.lua:288] Completed startup.lua
19/Nov/2021 18:25:07 [PeriodicActivities.cpp:167] Each periodic activity script will use 2 threads
19/Nov/2021 18:25:07 [NetworkInterface.cpp:3153] Started packet polling on interface stdin [id: 0]...

It seems that it can start without problems but if I open 127.0.0.1:3000 the is no webserver accessible Since there is --net=host I've also tried to use my local IP: 192.168.178.32:3000

Have you guys tried something like this before and could someone help me and guide how run the script fritzdump.sh for ntopng running under a docker container?

khashashin commented 2 years ago

In the logs I see that the script was able to get Session id and start webserver

[FRITZ!BOX]  Successfully logged in. SID: 2cdc35f568d8c370

and

19/Nov/2021 18:25:03 [HTTPserver.cpp:1694] HTTP server listening on 3000
khashashin commented 2 years ago

The problem is that fritzdump.sh last line can not be executed since the ntopng at this time already starten and cannot be started second time