Skip to content

Latest commit

 

History

History
103 lines (82 loc) · 3.91 KB

README.md

File metadata and controls

103 lines (82 loc) · 3.91 KB

📧 parsedmarc-dockerized

ℹ️ Info

This stack includes:

  • ParseDMARC image to analizing reports (builded from Dockerfile, use pypy image)
  • Elasticsearch & Kibana to store and visualize parsed data
  • Nginx to handle basic authorization and SSL offloading

🛡️ Security note

Please note that the Fail2Ban technique is not implemented, so posting this project on the Internet 🌐 can be risky.

You yourself are responsible for your actions.

The author recommends restricting Nginx access only to trusted IP addresses.

The project is delivered as is without any warranty.

To update parsedmarc:

cd parsedmarc-dockerized
docker-compose build --no-cache --pull parsedmarc
docker-compose pull
docker-compose up -d

⚙️ How-to deploy from scratch

First of all you need to have 🐳 Docker and :octocat: Docker Compose.

  1. Learn how to install Docker and Docker Compose. Quick installation for most operation systems:
  • Docker
curl -sSL https://get.docker.com/ | CHANNEL=stable sh
# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
systemctl enable docker.service
systemctl start docker.service
  • Docker-Compose
curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
  1. Clone the master branch of the repository.
git clone https://github.com/dragoangel/parsedmarc-dockerized
cd parsedmarc-dockerized
  1. Change [imap] configuration and tweak parsedmarc/parsedmarc.ini to your needs. Syntax and description avaible here
[imap]
host = imap.example.com
user = [email protected]
password = somepassword
  1. Enable IP geolocation by installing GeoIP Update software. And edit docker-compose.yml to enable access to the MaxMind databases on your host system.
volumes:
  - ./parsedmarc/parsedmarc.ini:/etc/parsedmarc.ini:z
  - /path/to/GeoIP:/usr/share/GeoIP
  1. Create nginx/htpasswd to provide Basic-Authentification for Nginx. Change dnf to your package manager and anyusername to your needs. In end you will be prompted to enter password to console.
dnf install -y httpd-tools
htpasswd -c nginx/htpasswd anyusername
  1. Generate & put your SSL keypair kibana.crt and kibana.key to nginx/ssl folder.

There are to many posible solutuins like Let's Encrypt, private PKI or self-hosted certificates.

It all up to you what to use. Note: for Let's Encrypt you need modify nginx configs to support it. You can use local ACME or modify docker-compose image.

  1. Create needed folders and configure permissions.
mkdir -p elasticsearch/data
chown 1000:0 elasticsearch/data
chmod 755 elasticsearch/data
chown -R 0:101 nginx/*
chmod 640 nginx/htpasswd
chmod 640 nginx/ssl/kibana.key
  1. Tune vm.max_map_count on your OS, original how-to avaible here.

  2. Start stack.

docker-compose up -d
  1. Download & Import Kibana Saved Objects export.ndjson.

Go to https://parsedmarc.example.com/app/management/kibana/objects click on Import.

Import downloaded export.ndjson with override.

Dashboard Sample

ParceDMARC-Sample