FROM debian:stretch
LABEL maintainer="Evgenii Protsenko <procenkoeg@yandex-team.ru>"

# Dependencies
RUN sed -i 's/ main/ main non-free/' /etc/apt/sources.list
RUN echo "deb http://deb.debian.org/debian stretch-backports main" >> /etc/apt/sources.list
RUN apt-get update
RUN apt-get -y install python-crypto python-setuptools \
    python-future python-bottle ca-certificates tar wget

# Py2neo
# RUN wget https://github.com/nigelsmall/py2neo/tarball/py2neo-3.0.0 -O py2neo.tar.gz && \
#     tar zxf ./py2neo.tar.gz && rm ./py2neo.tar.gz && \
#     mv nigelsmall-py2neo-* py2neo && cd py2neo && \
#     python setup.py build && python setup.py install && \
#     cd ../ && rm -rf py2neo/

# Tools
## non-free: s3270
RUN apt-get update
## openssl: IVRE depends on openssl exec + libssl needed for Nmap
## libfreetype6 libfontconfig1 fonts-dejavu: screenshots w/ phantomjs
RUN apt-get -y install p0f rsync screen ipython openssl tesseract-ocr \
    libfreetype6 libfontconfig1 fonts-dejavu imagemagick ffmpeg s3270 \
    patch bash-completion bzip2 bro python-pil

# Install Nmap. Use included libpcap because to use the workaround for
# Nmap issue #34 (https://github.com/nmap/nmap/issues/34) since we do
# not know which kernel version will be used
# ADD https://github.com/nmap/nmap/tarball/master ./nmap.tar.gz
# Use 7.25BETA2 to have Lua 5.3
RUN apt-get -y install gcc g++ make patch
COPY patches/nmap_7_70_port_timestamp.patch /tmp/nmap_7_70_port_timestamp.patch
RUN wget https://nmap.org/dist/nmap-7.70.tgz -O nmap.tar.gz && \
    apt-get -y install build-essential libssl-dev && \
    tar zxf nmap.tar.gz && \
    mv nmap-* nmap && \
    cd nmap && \
    patch -p1 < /tmp/nmap_7_70_port_timestamp.patch && \
    ./configure --without-ndiff --without-zenmap --without-nping \
                --without-ncat --without-nmap-update \
                --with-libpcap=included && \
    make && make install && \
    cd ../ && rm -rf nmap nmap.tar.gz && \
    apt-get -y --purge autoremove build-essential libssl-dev
# Add our *-screenshot NSE scripts
# RUN for d in /usr /usr/local; do \
#         d="$d/share/ivre/nmap_scripts"; \
#         [ -d "$d" ] && ( \
#         cp $d/*.nse /usr/local/share/nmap/scripts; \
#         cd /usr/local/share/nmap/; \
#         for p in $d/patches/*.patch; do \
#              patch -p0 < $p; \
#             done \
#     ) \
#     done; true
# RUN nmap --script-update


# "Install" phantomjs for our http-screenshot NSE script replacement
# RUN wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2 -O phantomjs-1.9.8-linux-x86_64.tar.bz2 && \
#     tar jxf phantomjs-1.9.8-linux-x86_64.tar.bz2 phantomjs-1.9.8-linux-x86_64/bin/phantomjs && \
#     mv phantomjs-1.9.8-linux-x86_64/bin/phantomjs /usr/local/bin/ && \
#     rm -rf phantomjs-1.9.8-linux-x86_64*


# RUN mkdir /var/lib/ivre-share
# VOLUME /var/lib/ivre-share

# Neo4j
# http://debian.neo4j.org/
# ADD https://debian.neo4j.org/neotechnology.gpg.key /neotechnology.gpg.key
# RUN apt-key add /neotechnology.gpg.key && rm /neotechnology.gpg.key
# RUN echo 'deb http://debian.neo4j.org/repo stable/' > /etc/apt/sources.list.d/neo4j.list
# RUN apt-get -q update && apt-get -qy install neo4j=2.3.3

# RUN sed -ri 's/^(dbms\.security\.auth_enabled=)true/\1false/;s/^# *(org\.neo4j\.server\.webserver\.address=0\.0\.0\.0)/\1/' /etc/neo4j/neo4j-server.properties

# IVRE
# RUN apt-get -qy install python python-dev python-pip && \
#     pip install ivre sqlalchemy psycopg2-binary && \
#     apt-get -qy autoremove python-dev python-pip


# --------------------
# --- DEPENDENCIES ---
# --------------------

RUN apt-get -y install python-pip python-dev git libpcap-dev build-essential \
    supervisor redis-server cmake libgmp3-dev gengetopt libpcap-dev clang \
    nginx flex byacc libjson-c-dev pkg-config libunistring-dev tar && \
    mkdir -p /var/log/supervisor

RUN wget https://github.com/robertdavidgraham/masscan/archive/1.0.5.tar.gz && \
    mkdir masscan-src && tar xf 1.0.5.tar.gz -C masscan-src && \
    cd masscan-src/masscan-1.0.5 && make && \
    cp bin/masscan /usr/local/bin/masscan && cd ../..

RUN wget https://github.com/zmap/zmap/archive/v2.1.1.tar.gz && \
    mkdir zmap-src && tar xf v2.1.1.tar.gz -C zmap-src && \
    cd zmap-src/zmap-2.1.1 && cmake . && make -j4 && make install && cd ../..

ADD src/requirements.txt requirements_debby.txt
RUN pip install -r requirements_debby.txt

RUN apt-get install -y libsnmp-base libsnmp30 ipmitool
RUN apt-get install -y kmod


# ------------
# --- IVRE ---
# ------------

# --- IVRE: OPTION 1 --- #
# ADD ivre.tar ivre-src
# RUN cd ivre-src/ivre && python setup.py build && python setup.py install
# ADD requirements_postgres.txt requirements_postgres.txt
# RUN pip install -r requirements_postgres.txt

# --- IVRE: OPTION 2 --- #
# RUN wget https://github.com/cea-sec/ivre/archive/v0.9.11.tar.gz
# RUN tar -xf v0.9.11.tar.gz
# ADD patches/ivre-0.9.11-ipv6-and-noinfos.patch /ivre.patch
# RUN cd ivre-0.9.11 && patch -p1 < /ivre.patch && \
#     python setup.py build && \
#     python setup.py install && pip install -r requirements-postgres.txt

# Config
# ADD ivre.conf /etc/ivre.conf

# -------------
# --- DEBBY ---
# -------------

ADD ./src /usr/lib/debby
# RUN pip install -r /usr/lib/debby/requirements.txt

# -------------
# --- REDIS ---
# -------------

RUN sed -i "s/port 6379/port 6378/g" /etc/redis/redis.conf

# ------------------
# --- SUPERVISOR ---
# ------------------

COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

# -------------
# --- NGINX ---
# -------------

ADD config/nginx.conf /etc/nginx/sites-available/default

# ------------------------
# --- IMPITOOL MODULES ---

RUN echo ipmi_devintf >> /etc/modules
RUN echo ipmi_si >> /etc/modules

EXPOSE 8080

ADD run.sh /
RUN chmod 777 /run.sh
CMD /run.sh
