Skip to content

Instantly share code, notes, and snippets.

@MisterDaniels

MisterDaniels/Dockerfile

Last active September 18, 2022 00:12
Show Gist options
  • Save MisterDaniels/764bf2ac96ff4dc266da6f42eb2bb4e1 to your computer and use it in GitHub Desktop.
Save MisterDaniels/764bf2ac96ff4dc266da6f42eb2bb4e1 to your computer and use it in GitHub Desktop.
Download ZIP
Wordpress security malwares
Raw
companies.json
{
"companies": [
{
"docker": "ecommerce-auryn",
"wordpress": {
"domain": "wp.auryn.com.br"
},
"shop": {
"domain": "fotogea.photobookfinal.com/app_dev.php"
}
},
{
"docker": "ecommerce-auryn-2",
"wordpress": {
"domain": "wp2.auryn.com.br"
},
"shop": {
"domain": "fotogea.photobookfinal.com/app_dev.php"
}
}
]
}
Raw
Dockerfile
FROM python:3
WORKDIR /usr/src/app
ENV CHECKSUM_RSA_KEY_FILE /usr/src/app/rsa_key
COPY requirements.txt ./
RUN pip install --no-cache-dir -r requirements.txt
RUN apt update
RUN apt install libmagic-dev
RUN curl -o /tmp/yara_v4.2.2.tar.gz --location --remote-name https://github.com/VirusTotal/yara/archive/refs/tags/v4.2.2.tar.gz && \
tar --directory /tmp --gzip --extract --verbose --file /tmp/yara_v4.2.2.tar.gz && \
cd /tmp/yara-4.2.2 && \
./bootstrap.sh && \
./configure --prefix=/root/yara --enable-magic && make && make install
RUN export LD_LIBRARY_PATH=$HOME/yara/lib
RUN cd /tmp/yara-4.2.2 && make check
RUN rm -rf /tmp/yara-4.2.2 && rm /tmp/yara_v4.2.2.tar.gz
RUN python -m venv ~/yara
ENV PATH="/root/yara/bin:${PATH}"
Raw
env.example
RSA_KEY_FILE=PATH
REMOTE_SERVER=HOST
REMOTE_USER=USERNAME
PHP_MALWARE_FINDER=PATH
WORDPRESS_MOUNT_LOCATION=PATH
WORDPRESS_BACKUP_LOCATION=PATH
WORDPRESS_SERVER_LOCATION=PATH
DISCORD_SCRIPT_LOCATION=PATH
DISCORD_WEBHOOK=URL
AURYN_LOGIN=EMAIL
AURYN_PASSWORD=PASSWORD
Raw
Makefile
include .env
include $(WORDPRESS_SERVER_LOCATION)/.env
export
SHELL := /bin/bash
CURRENT_DIR = $(shell pwd)
build/environment:
docker build -t malware-finder .
generate/checksum:
@@mkdir -p result && touch result/$(companyName)
docker run \
-it \
--rm \
--name checksum-checker \
--mount type=bind,source=$(CURRENT_DIR)/wordpress_checksum_checks.py,target=/usr/src/app/wordpress_checksum_checks.py \
--mount type=bind,source=$(RSA_KEY_FILE),target=/usr/src/app/rsa_key \
--mount type=bind,source=$(CURRENT_DIR)/result/$(companyName),target=/usr/src/app/$(companyName) \
-e CHECKSUM_REMOTE_SERVER=$(REMOTE_SERVER) \
-e CHECKSUM_REMOTE_USERNAME=$(REMOTE_USER) \
-e COMPANY_NAME=$(companyName) \
-w /usr/src/app \
malware-finder:latest \
python /usr/src/app/wordpress_checksum_checks.py --mode sum /usr/src/app/$(companyName);
check/wordpress:
@docker cp $(companyName):/var/www/html/. $(WORDPRESS_MOUNT_LOCATION);
mkdir -p result && touch result/$(companyName);
docker run \
-t \
--rm \
--name vulnerability-checker \
--mount type=bind,source=$(WORDPRESS_MOUNT_LOCATION),target=/usr/src/app/wordpress \
-v "$(PHP_MALWARE_FINDER):/usr/src/app/php-malware-finder" \
-e COMPANY_NAME=$(companyName) \
-w /usr/src/app \
malware-finder:latest \
/usr/src/app/php-malware-finder/php-malware-finder/phpmalwarefinder /usr/src/app/wordpress > $(CURRENT_DIR)/result/$(companyName);
rm -rf $(WORDPRESS_MOUNT_LOCATION);
backup/wordpress:
@rm -rf $(WORDPRESS_MOUNT_LOCATION);
docker cp $(companyName):/var/www/html/. $(WORDPRESS_MOUNT_LOCATION);
cd $(WORDPRESS_MOUNT_LOCATION) && zip -r $(companyName).zip . && mv $(companyName).zip $(WORDPRESS_BACKUP_LOCATION);
rm -rf $(WORDPRESS_MOUNT_LOCATION);
recover/wordpress:
@rm -rf $(WORDPRESS_MOUNT_LOCATION);
unzip $(WORDPRESS_BACKUP_LOCATION)/$(companyName).zip -d $(WORDPRESS_MOUNT_LOCATION);
docker exec -i $(companyName) bash -c "find /var/www/html ! -path /var/www/html/wp-content/uploads ! -path '/var/www/html/wp-content/uploads/*' ! -name '.htaccess' -type f -exec rm -rf {} +";
rm -rf $(WORDPRESS_MOUNT_LOCATION)/wp-content/uploads;
mv $(WORDPRESS_MOUNT_LOCATION)/.htaccess $(WORDPRESS_SERVER_LOCATION)/configurations/$(companyDomain)/
docker cp $(WORDPRESS_MOUNT_LOCATION)/. $(companyName):/var/www/html/;
docker exec -it $(companyName) bash -c "chown www-data:www-data -R *";
docker exec -it $(companyName) bash -c "find . -type d -exec chmod 755 {} \;";
docker exec -it $(companyName) bash -c "find . -type f -exec chmod 644 {} \;";
docker restart $(companyName);
rm -rf $(WORDPRESS_MOUNT_LOCATION);
recover/wordpress/clean:
@rm -rf $(WORDPRESS_MOUNT_LOCATION);
unzip $(WORDPRESS_BACKUP_LOCATION)/$(companyName).zip -d $(WORDPRESS_MOUNT_LOCATION);
mv $(WORDPRESS_MOUNT_LOCATION)/.htaccess $(WORDPRESS_SERVER_LOCATION)/configurations/$(companyDomain)/
docker exec -it $(companyName) bash -c "find /var/www/html ! -name '.htaccess' -type f -exec rm -rf {} +";
docker cp $(WORDPRESS_MOUNT_LOCATION)/. $(companyName):/var/www/html/;
docker exec -it $(companyName) bash -c "chown www-data:www-data -R *";
docker exec -it $(companyName) bash -c "find . -type d -exec chmod 755 {} \;";
docker exec -it $(companyName) bash -c "find . -type f -exec chmod 644 {} \;";
docker restart $(companyName);
rm -rf $(WORDPRESS_MOUNT_LOCATION);
healthcheck/wordpress/all:
@jq -c '.companies[]' companies.json | while read company; do \
echo "---"; \
echo "Verificando Wordpress $$companyName"; \
dockerName=`echo $$company | jq -r '.docker'`; echo "Nome: $$dockerName"; \
wordpressUrl=`echo $$company | jq -r '.wordpress.domain'`; echo "URL Wordpress: $$wordpressUrl"; \
shopUrl=`echo $$company | jq -r '.shop.domain'`; echo "URL Loja: $$shopUrl"; \
wordpressStatusCode=`curl -o /dev/null --silent --insecure --head --write-out '%{response_code}\n' https://$$wordpressUrl:$(SERVER_HTTPS_PORT)`; echo "Status code Wordpress: $$wordpressStatusCode"; \
shopBody=`wget -qO- --no-check-certificate https://$$shopUrl`; echo "Body Loja: $$shopBody" | head -c 100; \
echo ""; \
dockerStatus=`docker container inspect -f '{{.State.Running}}' $$dockerName`; echo "Status Docker: $$dockerStatus"; \
if [ $$wordpressStatusCode -eq 502 ]; then \
if [ "$$dockerStatus" = false ]; then \
echo "Reiniciando container $$dockerName"; \
docker start $$dockerName; \
curl --silent -X POST https://$$shopUrl/manager/redis/clearCompanyCache -H "Content-Type: application/json" --user "$(AURYN_LOGIN):$(AURYN_PASSWORD)"; \
if [ -z ${DISCORD_SCRIPT_LOCATION+x} ]; then \
if [ -z ${DISCORD_WEBHOOK+x} ]; then \
bash $(DISCORD_SCRIPT_LOCATION)/discord.sh --webhook-url=$(DISCORD_WEBHOOK) --text "Iniciado docker $$dockerName novamente"; \
fi; \
fi; \
exit 0; \
fi; \
echo "Wordpress nao esta funcionando, tentando reiniciar"; \
docker restart $$dockerName; \
if [ -z ${DISCORD_SCRIPT_LOCATION+x} ]; then \
if [ -z ${DISCORD_WEBHOOK+x} ]; then \
bash $(DISCORD_SCRIPT_LOCATION)/discord.sh --webhook-url=$(DISCORD_WEBHOOK) --text "Wordpress $$wordpressUrl nao esta funcionando por mais que o container esteja funcionando"; \
fi; \
fi; \
exit 1; \
fi; \
if [[ $$shopBody == *"correta? Url acessada: https://$$wordpressUrl"* ]]; then \
echo "Wordpress nao esta funcionando na loja da Auryn, recuperando ultimo backup"; \
make -C $(CURRENT_DIR) recover/wordpress companyName=$$dockerName companyDomain=$$wordpressUrl; \
curl --silent -X POST https://$$shopUrl/manager/redis/clearCompanyCache -H "Content-Type: application/json" --user "$(AURYN_LOGIN):$(AURYN_PASSWORD)"; \
if [ -z ${DISCORD_SCRIPT_LOCATION+x} ]; then \
if [ -z ${DISCORD_WEBHOOK+x} ]; then \
bash $(DISCORD_SCRIPT_LOCATION)/discord.sh --webhook-url=$(DISCORD_WEBHOOK) --text "Recuperado $$wordpressUrl"; \
fi; \
fi; \
fi; \
done
start/docker:
@docker run \
-t \
--rm \
--name vulnerability-checker \
--mount type=bind,source=$(CURRENT_DIR)/result/$(companyName),target=/usr/src/app/$(companyName) \
--mount type=bind,source=$(WORDPRESS_MOUNT_LOCATION),target=/usr/src/app/wordpress \
-v "$(PHP_MALWARE_FINDER):/usr/src/app/php-malware-finder" \
-e COMPANY_NAME=$(companyName) \
-w /usr/src/app \
malware-finder:latest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment