fix installation and porting to github

notdodo · Jul 23, 2019 · 7bca6e1 · 7bca6e1
1 parent 8eb1863
commit 7bca6e1
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 21 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,20 @@
 FROM alpine:latest
-LABEL version 1.0
+LABEL version 1.1
 LABEL description "Mutillidae Container with NGINX"
 MAINTAINER Edoardo Rosa <edoardo [dot] rosa90 [at] gmail [dot] com> (edoz90)
 
+ENV MUTILLIDAE_VERSION 2.7.11
+
 # == BASIC SOFTWARE ============================================================
 
-RUN sed -i -e 's/v[[:digit:]]\.[[:digit:]]/edge/g' /etc/apk/repositories
+RUN sed -i -e 's/v[[:digit:]]\.[[:digit:]]*/edge/g' /etc/apk/repositories
 RUN apk update && apk upgrade
 
 RUN apk add logrotate rsyslog supervisor goaccess \
-            nginx php mariadb mariadb-client pwgen php-fpm \
-            vim bash-completion nginx-vim tmux wget unzip
+            nginx php mariadb mariadb-client pwgen \
+            wget bash unzip --no-cache
 
-RUN apk add php-mysqli php-mbstring php-session php-simplexml php-curl php-json
+RUN apk add php-fpm php-mysqli php-mbstring php-session php-simplexml php-curl php-json --no-cache
 
 # == NGINX CONFIGURATION ========================================================
 
@@ -21,18 +23,12 @@ RUN mkdir -p /usr/share/nginx/html
 RUN mkdir -p /run/nginx
 RUN chown -R http:http /usr/share/nginx/html
 
-# == MYSQL CONFIGURATION =========================================================
-
-RUN chown -R mysql:mysql /var/lib/mysql
-RUN mkdir -p /run/mysqld
-RUN chown -R mysql:mysql /run/mysqld
-RUN chmod 777 /var/tmp/
-ADD dist/install_db.sh /tmp/install_db.sh
-
 # == INSTALLATION ================================================================
 
-RUN wget -q https://sourceforge.net/projects/mutillidae/files/latest/download -O mutillidae.zip
+RUN wget -q https://github.com/webpwnized/mutillidae/archive/v${MUTILLIDAE_VERSION}.zip -O mutillidae.zip
 RUN unzip -q mutillidae.zip -d /usr/share/nginx/html/
+RUN mv /usr/share/nginx/html/mutillidae* /usr/share/nginx/html/mutillidae
+ADD dist/install_db.sh /tmp/install_db.sh
 RUN bash /tmp/install_db.sh
 RUN rm /tmp/install_db.sh
 RUN sed -i 's/^error_reporting = .*/error_reporting = E_ALL \& ~E_NOTICE \& ~E_DEPRECATED/' /etc/php7/php.ini
@@ -46,6 +42,7 @@ ADD dist/goaccess.conf /etc/goaccess.conf
 ADD dist/logrotate.conf /etc/logrotate.d/nginx
 ADD dist/rsyslog.conf /etc/rsyslog.d/90.nginx.conf
 ADD dist/supervisord.ini /etc/supervisor.d/supervisord.ini
+RUN apk del wget unzip bash
 
 # == ENTRYPOINT ================================================================
 

diff --git a/dist/install_db.sh b/dist/install_db.sh
@@ -1,5 +1,6 @@
 #!/bin/sh
-mysql_install_db --user=mysql > /dev/null
+DATA_PATH="/var/lib/mysql"
+/usr/bin/mysql_install_db --user=root --datadir="${DATA_PATH}" > /dev/null
 
 MYSQL_ROOT_PASSWORD=$(pwgen -c -n -s -B 15 1)
 printf "\e[32m[!!!] MySQL 'root' password is: %s\e[0m\n" ${MYSQL_ROOT_PASSWORD}
@@ -13,14 +14,20 @@ tfile=$(mktemp)
 cat << EOF > $tfile
 USE mysql;
 FLUSH PRIVILEGES;
-GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' identified by '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION;
-UPDATE user SET password=PASSWORD("${MYSQL_ROOT_PASSWORD}") WHERE user='root' AND host='localhost';
-CREATE DATABASE IF NOT EXISTS ${MYSQL_DATABASE} CHARACTER SET utf8 COLLATE utf8_general_ci;
-GRANT ALL ON ${MYSQL_DATABASE}.* to '${MYSQL_USER}'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}';
+GRANT ALL ON *.* TO 'root'@'127.0.0.1' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION;
+GRANT ALL ON *.* TO 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION;
+GRANT ALL ON *.* TO 'root'@'::1' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION;
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'127.0.0.1' IDENTIFIED BY '${MYSQL_PASSWORD}' WITH GRANT OPTION;
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'localhost' IDENTIFIED BY '${MYSQL_PASSWORD}' WITH GRANT OPTION;
+GRANT ALL ON ${MYSQL_DATABASE}.* TO '${MYSQL_USER}'@'::1' IDENTIFIED BY '${MYSQL_PASSWORD}' WITH GRANT OPTION;
+DELETE FROM mysql.user WHERE User='';
+UPDATE user set plugin='' where User='root';
+UPDATE user set plugin='' where User='${MYSQL_USER}';
+DROP DATABASE test;
 FLUSH PRIVILEGES;
 EOF
 
-cat << EOF > /usr/share/nginx/html/mutillidae/includes/database-config.php
+cat << EOF > /usr/share/nginx/html/mutillidae/includes/database-config.inc
 <?php
 define('DB_HOST', 'localhost');
 define('DB_USERNAME', '${MYSQL_USER}');
@@ -29,5 +36,19 @@ define('DB_NAME', '${MYSQL_DATABASE}');
 ?>
 EOF
 
-/usr/bin/mysqld --user=mysql --bootstrap --verbose=0 < $tfile
+# Disable unix sockets and start mysql_safe with root user
+cat << EOF > /etc/my.cnf
+[client]
+port		= 3306
+
+[mysqld]
+user 		= root
+port		= 3306
+
+binlog_format=mixed
+symbolic-links=0
+!includedir /etc/my.cnf.d
+EOF
+
+/usr/bin/mysqld --datadir="${DATA_PATH}" --user=root --bootstrap --verbose=1 < $tfile
 rm -f $tfile