This Docker-Image is meant to provide an installed version of parseDMARC
.
env | default | change recommended | description |
---|---|---|---|
IMAP_HOST | yes | IMAP host to connect to | |
IMAP_USER | yes | IMAP user to connect with to the IMAP Host | |
IMAP_PASSWORD | yes | IMAP password for IMAP user | |
AGGREGATE | "True" | no | general.save_aggregate : (Python) boolean – save aggregate report data |
FORENSIC | "True" | no | general.save_forensic : (Python) boolean – save forensic report data |
PARSE_JSON | {} | yes | JSON string, that holds hierarchical config data (general.save_aggregate would override AGGREGATE , if defined as { "general": { "save_aggregate": "False" }} e.g.) |
ELC_HOST | "http://elasticsearch" | no | part of elasticsearch.hosts : Host of Elastic Search – change if not using docker-compose.yml below. |
ELC_PORT | "9200" | no | part of elasticsearch.hosts : Port of Elastic Search – change if not using docker-compose.yml below. |
ELC_SSL | "False" | no | elasticsearch.ssl : SSL status of Elastic Search connection – change if not using docker-compose.yml below. |
GEOIP_ACCOUNTID | "" | yes | AccountID value of your MaxMind GeoIP license config |
GEOIP_LICENSEKEY | "" | yes | LicenseKey value of your MaxMind GeoIP license config |
GEOIP_EDITIONIDS | "GeoLite2-ASN GeoLite2-City GeoLite2-Country" | yes | EditionIDs value of your MaxMind GeoIP license config |
GEOIP_INSTALL | "/usr/local/bin/geoipupdate" | no | Installation path for GeoIP |
GEOIP_CONF_FILE | "/usr/local/etc/GeoIP.conf" | no | GeoIP Config file path |
---
version: '3'
services:
parsedmarc:
image: devopsansiblede/parsedmarc
restart: unless-stopped
depends_on:
elasticsearch:
condition: service_healthy
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch
environment:
- cluster.name=parsedmarc
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ./data/elasticsearch/data/:/usr/share/elasticsearch/data/:z
restart: "unless-stopped"
healthcheck:
test: ["CMD", "curl","-s" ,"-f", "http://localhost:9200/_cat/health"]
interval: 1m
timeout: 10s
retries: 3
start_period: 30s
kibana:
image: docker.elastic.co/kibana/kibana
environment:
SERVER_NAME: "parsedmarc"
SERVER_HOST: "0.0.0.0"
ELASTICSEARCH_HOSTS: "http://elasticsearch:9200"
XPACK_MONITORING_UI_CONTAINER_ELASTICSEARCH_ENABLED: "true"
ports:
- "80:5601"
restart: unless-stopped
depends_on:
elasticsearch:
condition: service_healthy
...
You need to configure the Analysing tool (parsedmarc
) container for the usage of GeoIP – and need licensing information for geoipupdate
to work.
If you are using a free licence (register here), you can use the environmental variables GEOIP_ACCOUNTID
, GEOIP_LICENSEKEY
and GEOIP_EDITIONIDS
described above.
Alternatively you can bind a config file directly into the container at the path defined by env variable GEOIP_CONF_FILE
.
An update of the GeoIP database is performed on Container (re)start.
Don't forget to import export.ndjson
– follow instructions on official documentation.
2024-05-26 23:23:50