Dockerfile.loki

Dockerfile

# customize Colide Fleet by adding FluentBit

####
# Buildtime container:
####

FROM debian:buster as builder

LABEL maintainer="security@acme.com"
LABEL purpose="osquery"

RUN mkdir -p /root/go
ENV GOPATH=/root/go
ENV PATH=:$GOPATH/bin:$PATH:/usr/local/go/bin

# create the gopath
RUN export GOPATH=/root/go && export PATH=:$GOPATH/bin:$PATH:/usr/local/go/bin

RUN echo $GOPATH

# Get Current
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \
  && DEBIAN_FRONTEND=noninteractive apt -y --fix-broken install \
  && DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common \
  apt-transport-https sudo libgnutls28-dev curl ca-certificates \
  gnupg nodejs npm build-essential git

# Install FluentBit package key
RUN curl -L http://packages.fluentbit.io/fluentbit.key | apt-key add -
RUN echo "deb [trusted=yes] https://packages.fluentbit.io/debian/buster buster main" >> /etc/apt/sources.list

RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list

RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \
  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends yarn td-agent-bit

# Download and extract golang
RUN curl -L https://golang.org/dl/go1.15.3.linux-amd64.tar.gz > go1.15.3.linux-amd64.tar.gz
RUN tar -xvzf go1.15.3.linux-amd64.tar.gz && chown -R root:root ./go && mv go /usr/local

# Add GOPATH
RUN echo "export GOPATH=/root/go" > ~/.profile && echo "PATH=$PATH:/usr/local/go/bin:$GOPATH/bin" > ~/.profile

# we need GO111MODULE=on to get a "go get" a specific tag
RUN GO111MODULE=on go get -d -v github.com/kolide/fleet@2.6.0 || true

# #TODO fix the below path so it doesn't break when the commit hash changes:::
RUN cd "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea" && GO111MODULE=on make deps && make generate && make build

# Build fluent-bit grafana loki plugin turn GO111MODULE=on because fleet build turned it off earlier
RUN GOPATH=/root/go GO111MODULE=off go get github.com/grafana/loki || true \
  && cd "/root/go/src/github.com/grafana/loki"  && make fluent-bit-plugin

####
# Runtime container:
####

# customize Colide Fleet by adding FluentBit
FROM debian:buster as runtime

LABEL maintainer="security@lemonaid.com"
LABEL purpose="osquery"

# Get Current
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update \
  && DEBIAN_FRONTEND=noninteractive apt -y --fix-broken install \
  && DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common \
  apt-transport-https sudo libgnutls28-dev curl ca-certificates gnupg

# Install FluentBit package key
RUN curl -L http://packages.fluentbit.io/fluentbit.key | apt-key add -
RUN echo "deb [trusted=yes] https://packages.fluentbit.io/debian/buster buster main" >> /etc/apt/sources.list

# Refresh apt and install fluentbit (td-agent-bit)
RUN DEBIAN_FRONTEND=noninteractive apt-get -y update && apt-get -y install td-agent-bit 

# Supply our FluentBit configuration to ship events to a search index
RUN rm /etc/td-agent-bit/td-agent-bit.conf
COPY td-agent-bit.conf /etc/td-agent-bit/td-agent-bit.conf 

# write a startup script:
COPY startup.sh /startup.sh

# Run fleet as fleet user via sudo
RUN useradd fleet
RUN usermod -a -G fleet fleet
RUN usermod -a -G sudo fleet
RUN echo "fleet ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
RUN usermod -a -G adm fleet
WORKDIR "/home/fleet"
RUN mkdir -p "/home/fleet/.goquery"
RUN mkdir -p "/var/log/osquery"
RUN touch "/home/fleet/.goquery/history"
RUN chown -R fleet:adm /var/log/osquery 

# Copy our fleet binaries
COPY --from=builder "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea/build/fleet" /home/fleet
COPY --from=builder "/root/go/pkg/mod/github.com/kolide/fleet@v0.0.0-20200324172605-d3849d8fe1ea/build/fleetctl" /home/fleet
COPY --from=builder "/root/go/src/github.com/grafana/loki/cmd/fluent-bit/out_loki.so" /home/fleet

#chmod our binaries & set user as fleet vs root
RUN chown -R fleet:fleet /home/fleet
USER fleet