d469e39da7
Services: - ja4sentinel: TLS/JA4 fingerprint capture daemon (Go, libpcap) - logcorrelator: JA4 log correlation engine (Go, ClickHouse) - mod_reqin_log: Apache module (C, JSON request logging) - bot_detector: ML bot detection pipeline (Python) - dashboard: FastAPI/Streamlit analytics UI (Python) Shared libraries: - shared/go/ja4common: logger, config, shutdown, ipfilter (Go module) - shared/python/ja4_common: ClickHouseClient, ClickHouseSettings (Python package) - shared/clickhouse/: canonical SQL migrations (10 files) Build & packaging: - Unified 3-stage Dockerfile.package for Go RPMs (el8/el9/el10) - go.work workspace linking sentinel, correlator, ja4common - Makefile with test-all, build-all, rpm-* targets Fixes applied: - go.work: 1.21 → 1.24.6 (required by sentinel) - correlator Dockerfiles: golang:1.21 → golang:1.24 - replace directives in go.mod for ja4common local path - pyproject.toml: setuptools.backends → setuptools.build_meta - Removed static libpcap linking (unavailable on Rocky 9) - Fixed data races in output/writers_test.go (sync.Mutex + atomic.Int32) - Rewrote corrupted test files (logger_test.go × 2) Test coverage: - correlator: 67.1% total (unixsocket 80.5%, config 91.7%, app 83.3%, multi 87.7%, stdout 100%) - sentinel: all 10 packages pass (api, capture, config, fingerprint, ipfilter, logging, output, tlsparse) Documentation: - README.md + docs/ (architecture, development, 5 services, shared libs, DB schema & migrations) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
177 lines
7.4 KiB
Docker
177 lines
7.4 KiB
Docker
# syntax=docker/dockerfile:1
|
|
# =============================================================================
|
|
# mod_reqin_log - Dockerfile de packaging RPM
|
|
# Builds RPMs for multiple RHEL-compatible versions:
|
|
# - Rocky Linux 8 (el8) - RHEL 8 compatible
|
|
# - Rocky Linux 9 (el9) - RHEL 9 compatible
|
|
# - AlmaLinux 10 (el10) - RHEL 10 compatible
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# Stage 1a: Builder Rocky Linux 8
|
|
# =============================================================================
|
|
FROM rockylinux:8 AS builder-el8
|
|
|
|
RUN dnf install -y epel-release && \
|
|
dnf install -y --allowerasing \
|
|
gcc \
|
|
make \
|
|
httpd \
|
|
httpd-devel \
|
|
apr-devel \
|
|
apr-util-devel \
|
|
python3 \
|
|
curl \
|
|
redhat-rpm-config \
|
|
&& dnf clean all
|
|
|
|
WORKDIR /build
|
|
COPY services/mod-reqin-log/src/ src/
|
|
COPY services/mod-reqin-log/Makefile Makefile
|
|
COPY services/mod-reqin-log/conf/ conf/
|
|
RUN make APXS=/usr/bin/apxs
|
|
RUN ls -la modules/mod_reqin_log.so
|
|
|
|
# =============================================================================
|
|
# Stage 1b: Builder Rocky Linux 9
|
|
# =============================================================================
|
|
FROM rockylinux:9 AS builder-el9
|
|
|
|
RUN dnf install -y epel-release && \
|
|
dnf install -y --allowerasing \
|
|
gcc \
|
|
make \
|
|
httpd \
|
|
httpd-devel \
|
|
apr-devel \
|
|
apr-util-devel \
|
|
python3 \
|
|
curl \
|
|
redhat-rpm-config \
|
|
&& dnf clean all
|
|
|
|
WORKDIR /build
|
|
COPY services/mod-reqin-log/src/ src/
|
|
COPY services/mod-reqin-log/Makefile Makefile
|
|
COPY services/mod-reqin-log/conf/ conf/
|
|
RUN make APXS=/usr/bin/apxs
|
|
RUN ls -la modules/mod_reqin_log.so
|
|
|
|
# =============================================================================
|
|
# Stage 1c: Builder AlmaLinux 10 (RHEL 10 compatible)
|
|
# =============================================================================
|
|
FROM almalinux:10 AS builder-el10
|
|
|
|
RUN dnf install -y epel-release && \
|
|
dnf install -y --allowerasing \
|
|
gcc \
|
|
make \
|
|
httpd \
|
|
httpd-devel \
|
|
apr-devel \
|
|
apr-util-devel \
|
|
python3 \
|
|
curl \
|
|
redhat-rpm-config \
|
|
&& dnf clean all
|
|
|
|
WORKDIR /build
|
|
COPY services/mod-reqin-log/src/ src/
|
|
COPY services/mod-reqin-log/Makefile Makefile
|
|
COPY services/mod-reqin-log/conf/ conf/
|
|
RUN make APXS=/usr/bin/apxs
|
|
RUN ls -la modules/mod_reqin_log.so
|
|
|
|
# =============================================================================
|
|
# Stage 2: Package builder - rpmbuild pour RPM
|
|
# =============================================================================
|
|
FROM rockylinux:9 AS package-builder
|
|
|
|
WORKDIR /package
|
|
|
|
# Install rpm-build and dependencies
|
|
RUN dnf install -y rpm-build rpmdevtools && \
|
|
dnf clean all
|
|
|
|
# Create rpmbuild directory structure
|
|
RUN rpmdev-setuptree
|
|
|
|
# =============================================================================
|
|
# Copy spec file and source files
|
|
# =============================================================================
|
|
COPY services/mod-reqin-log/mod_reqin_log.spec /package/mod_reqin_log.spec
|
|
|
|
# =============================================================================
|
|
# Copy binaries from each builder stage into pkgroot directories
|
|
# =============================================================================
|
|
|
|
# Rocky Linux 8 (el8)
|
|
COPY --from=builder-el8 /build/modules/mod_reqin_log.so /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so
|
|
COPY --from=builder-el8 /build/conf/mod_reqin_log.conf /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf
|
|
RUN chmod 755 /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so && \
|
|
chmod 644 /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf
|
|
|
|
# Rocky Linux 9 (el9)
|
|
COPY --from=builder-el9 /build/modules/mod_reqin_log.so /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so
|
|
COPY --from=builder-el9 /build/conf/mod_reqin_log.conf /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf
|
|
RUN chmod 755 /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so && \
|
|
chmod 644 /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf
|
|
|
|
# AlmaLinux 10 (el10)
|
|
COPY --from=builder-el10 /build/modules/mod_reqin_log.so /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so
|
|
COPY --from=builder-el10 /build/conf/mod_reqin_log.conf /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf
|
|
RUN chmod 755 /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so && \
|
|
chmod 644 /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf
|
|
|
|
# =============================================================================
|
|
# Build RPM packages for each distribution using rpmbuild
|
|
# =============================================================================
|
|
|
|
# Create packages directory
|
|
RUN mkdir -p /tmp/packages/el8 /tmp/packages/el9 /tmp/packages/el10
|
|
|
|
# Build for el8
|
|
RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
|
|
mkdir -p /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el8-rpm/etc/httpd/conf.d && \
|
|
cp /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules/ && \
|
|
cp /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el8-rpm/etc/httpd/conf.d/ && \
|
|
rpmbuild -bb /package/mod_reqin_log.spec \
|
|
--define "_topdir /tmp/rpmbuild-el8" \
|
|
--define "_pkgroot /tmp/pkgroot-el8-rpm" \
|
|
--define "dist .el8" && \
|
|
cp /tmp/rpmbuild-el8/RPMS/x86_64/*.rpm /tmp/packages/el8/
|
|
|
|
# Build for el9
|
|
RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
|
|
mkdir -p /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el9-rpm/etc/httpd/conf.d && \
|
|
cp /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules/ && \
|
|
cp /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el9-rpm/etc/httpd/conf.d/ && \
|
|
rpmbuild -bb /package/mod_reqin_log.spec \
|
|
--define "_topdir /tmp/rpmbuild-el9" \
|
|
--define "_pkgroot /tmp/pkgroot-el9-rpm" \
|
|
--define "dist .el9" && \
|
|
cp /tmp/rpmbuild-el9/RPMS/x86_64/*.rpm /tmp/packages/el9/
|
|
|
|
# Build for el10
|
|
RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
|
|
mkdir -p /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el10-rpm/etc/httpd/conf.d && \
|
|
cp /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules/ && \
|
|
cp /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el10-rpm/etc/httpd/conf.d/ && \
|
|
rpmbuild -bb /package/mod_reqin_log.spec \
|
|
--define "_topdir /tmp/rpmbuild-el10" \
|
|
--define "_pkgroot /tmp/pkgroot-el10-rpm" \
|
|
--define "dist .el10" && \
|
|
cp /tmp/rpmbuild-el10/RPMS/x86_64/*.rpm /tmp/packages/el10/
|
|
|
|
# =============================================================================
|
|
# Stage 3: Output - Image finale avec les packages RPM
|
|
# =============================================================================
|
|
FROM alpine:latest AS output
|
|
|
|
WORKDIR /packages
|
|
COPY --from=package-builder /tmp/packages/el8/*.rpm /packages/rpm/el8/
|
|
COPY --from=package-builder /tmp/packages/el9/*.rpm /packages/rpm/el9/
|
|
COPY --from=package-builder /tmp/packages/el10/*.rpm /packages/rpm/el10/
|
|
|
|
CMD ["sh", "-c", "echo '=== RPM Packages (el8) ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Packages (el9) ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Packages (el10) ===' && ls -la /packages/rpm/el10/"]
|