Dockerfile Improvements

Dockerfile

@@ -1,44 +1,46 @@
-FROM ubuntu:focal
+FROM ubuntu:latest
+SHELL ["/bin/bash", "-c"]
 
 ARG TZ="UTC"
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \
     echo $TZ > /etc/timezone
 
 WORKDIR /usr/src/app
 
+# Make sure user cloned caldera recursively before installing anything.
+ADD . .
+RUN if [ -z "$(ls plugins/stockpile)" ]; then echo "stockpile plugin not downloaded - please ensure you recursively cloned the caldera git repository and try again."; exit 1; fi
+
 RUN apt-get update && \
-    apt-get -y install python3 python3-pip golang git
+    apt-get -y install python3 python3-pip git curl
 
 #WIN_BUILD is used to enable windows build in sandcat plugin
 ARG WIN_BUILD=false
 RUN if [ "$WIN_BUILD" = "true" ] ; then apt-get -y install mingw-w64; fi
 
 # Install pip requirements
-ADD requirements.txt .
-
 RUN pip3 install --no-cache-dir -r requirements.txt
 
-ADD . .
+# Set up config file and disable atomic by default
+RUN grep -v "\- atomic" conf/default.yml > conf/local.yml
 
-# Download golang dependencies
-RUN go get github.com/grandcat/zeroconf       \
-           github.com/google/go-github/github \
-           github.com/grandcat/zeroconf       \
-           github.com/miekg/dns               \
-           golang.org/x/oauth2                \
-           gopkg.in/natefinch/npipe.v2
+# Install golang
+RUN curl -L https://go.dev/dl/go1.17.6.linux-amd64.tar.gz -o go1.17.6.linux-amd64.tar.gz
+RUN rm -rf /usr/local/go && tar -C /usr/local -xzf go1.17.6.linux-amd64.tar.gz;
+ENV PATH="${PATH}:/usr/local/go/bin"
+RUN go version;
 
-# Update default sandcat agent binaries
+# Compile default sandcat agent binaries, which will download basic golang dependencies.
 WORKDIR /usr/src/app/plugins/sandcat
 
 RUN ./update-agents.sh
 
-# Check if we can compile the sandcat extensions
+# Check if we can compile the sandcat extensions, which will download golang dependencies for agent extensions
 RUN mkdir /tmp/gocatextensionstest
 
-RUN cp -R ./gocat-extensions /tmp/gocatextensionstest/gocat
+RUN cp -R ./gocat /tmp/gocatextensionstest/gocat
+RUN cp -R ./gocat-extensions/* /tmp/gocatextensionstest/gocat/
 
-RUN cp -R ./gocat /tmp/gocatextensionstest/
 RUN cp ./update-agents.sh /tmp/gocatextensionstest/update-agents.sh
 
 WORKDIR /tmp/gocatextensionstest

README.md

@@ -14,8 +14,8 @@ It is built on the [MITRE ATT&CK™ framework](https://attack.mitre.org/) and is
 
 The framework consists of two components:
 
-1) **The core system**. This is the framework code, consisting of what is available in this repository. Included is 
-an asynchronous command-and-control (C2) server with a REST API and a web interface. 
+1) **The core system**. This is the framework code, consisting of what is available in this repository. Included is
+an asynchronous command-and-control (C2) server with a REST API and a web interface.
 2) **Plugins**. These repositories expand the core framework capabilities and providing additional functionality. Examples include agents, reporting, collections of TTPs and more.
 
 ## Plugins
@@ -77,19 +77,44 @@ pip3 install -r requirements.txt
 ```
 **Super-power your CALDERA server installation! [Install GoLang (1.17+)](https://go.dev/doc/install)**
 
-Finally, start the server. 
+Finally, start the server.
 ```Bash
 python3 server.py --insecure
 ```
 
 Once started, log into http://localhost:8888 using the default credentials red/admin. Then go into Plugins -> Training and complete the capture-the-flag style training course to learn how to use CALDERA.
 
+## Docker Deployment
+To build a CALDERA docker image, ensure you have docker installed and perform the following actions:
+```Bash
+# Recursively clone the CALDERA repository if you have not done so
+git clone https://github.com/mitre/caldera.git --recursive
+
+# Build the docker image. Change image tagging as desired.
+# WIN_BUILD is set to true to allow CALDERA installation to compile windows-based agents.
+# Alternatively, you can use the docker compose YML file via "docker-compose build"
+cd caldera
+docker build . --build-arg WIN_BUILD=true -t caldera:latest
+
+# Run the image. Change port forwarding configuration as desired.
+docker run -p 8888:8888 caldera:latest
+```
+
+To gracefully terminate your docker container, do the following:
+```Bash
+# Find the container ID for your docker container running CALDERA
+docker ps
+
+# Send interrupt signal, e.g. "docker kill --signal=SIGINT 5b9220dd9c0f"
+docker kill --signal=SIGINT [container ID]
+```
+
 ## Contributing
 
 Refer to our [contributor documentation](CONTRIBUTING.md).
 
 ## Licensing
 
-In addition to CALDERA™'s open source capabilities, MITRE maintains several in-house CALDERA™ plugins that offer 
-more advanced functionality. For more information, or to discuss licensing opportunities, please reach out to 
+In addition to CALDERA™'s open source capabilities, MITRE maintains several in-house CALDERA™ plugins that offer
+more advanced functionality. For more information, or to discuss licensing opportunities, please reach out to
 [email protected] or directly to [MITRE's Technology Transfer Office](https://www.mitre.org/about/corporate-overview/contact-us#technologycontact).

docker-compose.yml

@@ -20,4 +20,4 @@ services:
       - "2222:2222"
     volumes:
       - ./:/usr/src/app
-    command: --fresh --insecure --log DEBUG
+    command: --log DEBUG