Merge pull request #616 from Security-Onion-Solutions/jertel/v2models

upgrade python; upgrade SOC deps; refactor package install; more
Security-Onion-Solutions · Aug 15, 2024 · 63f47a9 · 63f47a9
2 parents 3017f96 + b579dfb
commit 63f47a9
Show file tree

Hide file tree

Showing 34 changed files with 194 additions and 169 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-FROM ghcr.io/security-onion-solutions/golang:1.22-alpine as builder
+FROM ghcr.io/security-onion-solutions/golang:1.22.6-alpine as builder
 ARG VERSION=0.0.0
 RUN apk update && apk add libpcap-dev bash git musl-dev gcc npm python3 py3-pip py3-virtualenv python3-dev openssl-dev linux-headers
 COPY . /build
@@ -22,25 +22,22 @@ RUN if [ "$VERSION" != "0.0.0" ]; then mkdir gitdocs && cd gitdocs && \
 RUN npm install jest jest-environment-jsdom --global
 RUN ./build.sh "$VERSION"
 
-RUN pip3 install sigma-cli pysigma-backend-elasticsearch pysigma-pipeline-windows --break-system-packages
-RUN sed -i 's/#!\/usr\/bin\/python3/#!\/usr\/bin\/env python/g' /usr/bin/sigma
-
-# Build specific version of yara-python - needs to be pinned to Strelka's version.
-FROM ghcr.io/security-onion-solutions/python:3-slim as stage_2
-RUN apt-get update && apt-get install -y gcc python3-dev libssl-dev
-RUN pip3 install yara-python==4.3.1
 
-FROM ghcr.io/security-onion-solutions/python:3-slim
+FROM ghcr.io/security-onion-solutions/python:3.12.5-slim
 
 ARG UID=939
 ARG GID=939
 ARG VERSION=0.0.0
 ARG ELASTIC_VERSION=0.0.0
 ARG WAZUH_VERSION=0.0.0
 
-RUN apt update -y
-RUN apt install -y --no-install-recommends bash tzdata ca-certificates wget curl tcpdump unzip git && \
+RUN apt update -y && apt upgrade -y
+RUN apt install -y --no-install-recommends bash tzdata ca-certificates wget curl tcpdump unzip git gcc python3-dev libssl-dev && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
+RUN pip3 install sigma-cli pysigma-backend-elasticsearch pysigma-pipeline-windows --break-system-packages
+RUN pip3 install yara-python==4.3.1
+RUN apt-get -y remove gcc python3-dev libssl-dev && apt-get -y autoremove
+
 RUN update-ca-certificates
 RUN addgroup --gid "$GID" socore
 RUN adduser --disabled-password --uid "$UID" --ingroup socore --gecos '' socore
@@ -55,10 +52,6 @@ COPY --from=builder /build/LICENSE .
 COPY --from=builder /build/README.md .
 COPY --from=builder /build/sensoroni.json .
 COPY --from=builder /build/gitdocs/_build/html ./html/docs
-COPY --from=builder /usr/lib/python3.11/site-packages /usr/local/lib/python3.9/site-packages
-COPY --from=builder /usr/bin/sigma /usr/bin/sigma
-COPY --from=stage_2 /usr/local/lib/python3.9/site-packages/yara_python-4.3.1.dist-info /usr/local/lib/python3.9/site-packages/
-COPY --from=stage_2 /usr/local/lib/python3.9/site-packages/yara.cpython-39-x86_64-linux-gnu.so /usr/local/lib/python3.9/site-packages/
 RUN find html/js -name "*test*.js" -delete
 RUN chmod u+x scripts/*
 RUN chown 939:939 scripts/*

diff --git a/Dockerfile.kratos b/Dockerfile.kratos
@@ -4,7 +4,7 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-FROM ghcr.io/security-onion-solutions/golang:1.22 AS builder
+FROM ghcr.io/security-onion-solutions/golang:1.22.6 AS builder
 
 ARG OWNER=ory
 ARG VERSION=v1.2.0
@@ -32,7 +32,9 @@ RUN go mod download
 RUN go build -tags sqlite -ldflags="-X 'github.com/ory/kratos/driver/config.Version=${VERSION}' -X 'github.com/ory/kratos/driver/config.Date=$(date -I)' -X 'github.com/ory/kratos/driver/config.Commit=$(git rev-parse --short HEAD)'"
 
 
-FROM ghcr.io/security-onion-solutions/ubuntu:23.04
+FROM ghcr.io/security-onion-solutions/ubuntu:24.10
+
+RUN apt-get update && apt-get upgrade -y
 
 ENV DSN=sqlite:///kratos-data/db.sqlite?_fk=true
 

diff --git a/go.mod b/go.mod
@@ -4,18 +4,18 @@ go 1.22
 
 require (
 	github.com/apex/log v1.9.0
-	github.com/elastic/go-elasticsearch/v8 v8.11.1
-	github.com/go-chi/chi/v5 v5.0.10
+	github.com/elastic/go-elasticsearch/v8 v8.14.0
+	github.com/go-chi/chi/v5 v5.1.0
 	github.com/google/gopacket v1.1.19
-	github.com/google/uuid v1.5.0
-	github.com/gorilla/websocket v1.5.1
-	github.com/influxdata/influxdb-client-go/v2 v2.13.0
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/websocket v1.5.3
+	github.com/influxdata/influxdb-client-go/v2 v2.14.0
 	github.com/kennygrant/sanitize v1.2.4
 	github.com/stretchr/testify v1.9.0
-	github.com/tidwall/gjson v1.17.0
-	golang.org/x/crypto v0.23.0
-	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
+	github.com/tidwall/gjson v1.17.3
+	golang.org/x/crypto v0.26.0
+	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/sys v0.24.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -24,37 +24,42 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/pierrec/lz4/v4 v4.1.21
 	github.com/pkg/errors v0.9.1
-	github.com/samber/lo v1.39.0
+	github.com/samber/lo v1.47.0
 	github.com/tj/assert v0.0.3
-	go.uber.org/mock v0.3.0
-	golang.org/x/mod v0.17.0
+	go.uber.org/mock v0.4.0
+	golang.org/x/mod v0.20.0
 )
 
 require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
-	github.com/cloudflare/circl v1.3.8 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
+	github.com/cloudflare/circl v1.3.9 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/elastic/elastic-transport-go/v8 v8.3.0 // indirect
+	github.com/elastic/elastic-transport-go/v8 v8.6.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/oapi-codegen/runtime v1.0.0 // indirect
+	github.com/oapi-codegen/runtime v1.1.1 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
-	github.com/skeema/knownhosts v1.2.2 // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/exp v0.0.0-20231214170342-aacd6d4b4611 // indirect
+	go.opentelemetry.io/otel v1.28.0 // indirect
+	go.opentelemetry.io/otel/metric v1.28.0 // indirect
+	go.opentelemetry.io/otel/trace v1.28.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )