diff --git a/Dockerfile.smb b/Dockerfile.smb new file mode 100644 index 00000000..3e5e1324 --- /dev/null +++ b/Dockerfile.smb @@ -0,0 +1,23 @@ +FROM debian:stable + +# Download cache lists and install minimal versions +RUN apt-get update && apt-get -yq install --no-install-recommends \ + # Required linux dependencies + sudo vim samba samba-vfs-modules smbclient rsyslog && \ + # Remove cache lists and clean up anything not needed to minimize image size + apt-get autoremove -yq && apt-get clean && rm -rf /var/lib/apt/lists/* + +RUN mkdir /samba +COPY data/smb /samba/ +RUN touch /var/log/samba/audit.log +RUN echo "local7.* /var/log/samba/audit.log" >> /etc/rsyslog.conf + +# Create and set the working directory +WORKDIR /srv + +# Copy only the files needed to install dependencies +COPY run-smb.sh . + +# Set the default application we are running +ENTRYPOINT [ "/srv/run-smb.sh" ] + diff --git a/data/.opencanary.conf b/data/.opencanary.conf index 164a25ab..76c33af7 100644 --- a/data/.opencanary.conf +++ b/data/.opencanary.conf @@ -77,7 +77,7 @@ "portscan.nmaposrate": 5, "portscan.lorate": 3, "portscan.ignore_ports": [ ], - "smb.auditfile": "/var/log/samba-audit.log", + "smb.auditfile": "/var/log/samba/audit.log", "smb.enabled": false, "mysql.enabled": false, "mysql.port": 3306, diff --git a/data/smb.conf b/data/smb.conf new file mode 100644 index 00000000..1f19cfe8 --- /dev/null +++ b/data/smb.conf @@ -0,0 +1,28 @@ +[global] + workgroup = WORKGROUP + server string = NBDocs + netbios name = SRV01 + dns proxy = no + log file = /var/log/samba/log.all + log level = 0 + max log size = 100 + panic action = /usr/share/samba/panic-action %d + server role = standalone + passdb backend = tdbsam + obey pam restrictions = yes + unix password sync = no + map to guest = bad user + usershare allow guests = yes + load printers = no + vfs object = full_audit + full_audit:prefix = %U|%I|%i|%m|%S|%L|%R|%a|%T|%D + full_audit:success = flistxattr + full_audit:failure = none + full_audit:facility = local7 + full_audit:priority = notice +[myshare] + comment = All the stuff! + path = /samba + guest ok = yes + read only = yes + browseable = yes \ No newline at end of file diff --git a/data/smb/README.txt b/data/smb/README.txt new file mode 100644 index 00000000..9ad2308a --- /dev/null +++ b/data/smb/README.txt @@ -0,0 +1 @@ +All files in this directory are copied and shared via Samba. Keep in mind that this share will allow guest access. \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 12ee7fa9..d50695e2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,10 @@ -version: "3.4" x-common: &common restart: unless-stopped volumes: - ./data/.opencanary.conf:/root/.opencanary.conf # uncomment below if running Samba - # - /var/log/samba-audit.log:/var/log/samba-audit.log + # - audit-log:/var/log/samba image: "opencanary" network_mode: "host" ports: @@ -44,7 +43,7 @@ x-common: &common # - "9418:9418" services: - latest: # docker-compose up --build -d latest + latest: # docker compose up --build -d latest <<: *common container_name: opencanary_latest image: thinkst/opencanary @@ -52,9 +51,29 @@ services: context: . dockerfile: Dockerfile.latest - stable: # docker-compose up --build -d stable + # Uncomment if smb is to be enabled + # samba: # docker compose up --build -d samba + # <<: *common + # container_name: opencanary_samba + # image: thinkst/opencanary_samba + # restart: unless-stopped + # volumes: + # - audit-log:/var/log/samba/ + # - ./data/smb.conf:/etc/samba/smb.conf + # network_mode: host + # ports: + # # SMB + # - "445:445" + # build: + # context: . + # dockerfile: Dockerfile.smb + + stable: # docker compose up --build -d stable <<: *common container_name: opencanary_stable build: context: . dockerfile: Dockerfile.stable + +volumes: + audit-log: \ No newline at end of file diff --git a/run-smb.sh b/run-smb.sh new file mode 100755 index 00000000..c127ed74 --- /dev/null +++ b/run-smb.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +rsyslogd & +smbd & +sleep infinity \ No newline at end of file