Merge pull request #1339 from m-1-k-3/ubuntu_docker

Improve docker installation (includes Ubuntu 24.04 support)

config/bin_version_strings.cfg

@@ -584,8 +584,10 @@ rp-pppoe;;GPL-2.0-only;"PPPoE-Server\ Version\ [0-9](\.[0-9]+)+?,\ Copyright\ \(
 pptp;;unknown;"^pptp\ version\ [0-9](\.[0-9]+)+?$";"sed -r 's/pptp\ version\ ([0-9](\.[0-9]+)+?)$/::pptp:\1/'";
 pptp;;unknown;"^pptp-linux\ version [0-9](\.[0-9]+)+?$";"sed -r 's/pptp-linux\ version\ ([0-9](\.[0-9]+)+?)$/::pptp:\1/'";
 accel-pptpd;;unknown;"accel-pptpd\ v[0-9](\.[0-9]+)+?\ \ compiled";"sed -r 's/accel-pptpd\ v([0-9](\.[0-9]+)+?)\ \ .*/:accel:pptp:\1/'";
-procps-ng;;unknown;"procps-ng\ [0-9](\.[0-9]+)+?$";"sed -r 's/procps-ng\ ([0-9](\.[0-9]+)+?)$/:procps-ng_project:procps-ng:\1/'";
 procps;;unknown;"procps\ version\ [0-9](\.[0-9]+)+?";"sed -r 's/procps\ version\ ([0-9](\.[0-9]+)+?)/:procps_project:procps:\1/'";
+# procps is under the hood maintained as procps-ng/procps -> in cpe we have different identifiers we need to match:
+procps-ng;;unknown;"procps-ng\ [0-9](\.[0-9]+)+?$";"sed -r 's/procps-ng\ ([0-9](\.[0-9]+)+?)$/:procps-ng_project:procps-ng:\1/'";
+procps-ng;;unknown;"procps-ng\ [0-9](\.[0-9]+)+?$";"sed -r 's/procps-ng\ ([0-9](\.[0-9]+)+?)$/:procps-ng_project:procps:\1/'";
 proftpd;;GPL-2.0-or-later;"^ProFTPD\ Version\ [0-9](\.[0-9]+)+[a-zA-Z]?$";"sed -r 's/ProFTPD\ Version\ ([0-9](\.[0-9]+)+[a-zA-Z]?)$/:proftpd:proftpd:\1/'";
 proftpd;;GPL-2.0-or-later;"^ProFTPD\ Version\ [0-9](\.[0-9]+)+[a-zA-Z]?$";"sed -r 's/ProFTPD\ Version\ ([0-9](\.[0-9]+)+[a-zA-Z]?)$/:proftpd_project:proftpd:\1/'";
 prol2tp;;unknown;"^ProL2TP\ v[\.0-9]+\ ";"sed -r 's/ProL2TP\ v([0-9](\.[0-9]+)+?)\ .*/::prol2tp:\1/'";

installer.sh

@@ -180,8 +180,8 @@ if ! grep -Eq "ID(_LIKE)?=(\")?(ubuntu)?( )?(debian)?" /etc/os-release 2>/dev/nu
   print_help
   exit 1
 elif ! grep -q "kali" /etc/debian_version 2>/dev/null ; then
-  if grep -q "VERSION_ID=\"22.04\"" /etc/os-release 2>/dev/null ; then
-  # How to handle sub-versioning ? if grep -q -E "PRETTY_NAME=\"Ubuntu\ 22\.04(\.[0-9]+)?\ LTS\"" /etc/os-release 2>/dev/null ; then
+  if grep -q "VERSION_ID=\"22.04\"\|VERSION_ID=\"24.04\"" /etc/os-release 2>/dev/null ; then
+    # How to handle sub-versioning ? if grep -q -E "PRETTY_NAME=\"Ubuntu\ 22\.04(\.[0-9]+)?\ LTS\"" /etc/os-release 2>/dev/null ; then
     OTHER_OS=1
     UBUNTU_OS=1
   elif grep -q "PRETTY_NAME=\"Ubuntu 20.04 LTS\"" /etc/os-release 2>/dev/null ; then
@@ -286,12 +286,40 @@ apt-get -y install python3-venv
 create_pipenv "./external/emba_venv"
 activate_pipenv "./external/emba_venv"
 
-export DOCKER_COMPOSE=("docker-compose")
-# if we do not have the docker command it probably is a more modern system and we need to install the docker-cli package
-if ! command -v docker > /dev/null; then
-  echo -e "\n${ORANGE}WARNING: No docker command available -> we check for docker-cli package${NC}"
-  if [[ "$(apt-cache search docker-cli | wc -l)" -gt 0 ]]; then
-    apt-get install docker-cli -y
+if ! command -v docker > /dev/null || ! command -v docker compose > /dev/null ; then
+  # OS debian is for Kali Linux
+  OS="debian"
+  [[ "${UBUNTU_OS}" -eq 1 ]] && OS="ubuntu"
+  # Add Docker's official GPG key:
+  apt-get install -y ca-certificates curl gnupg
+  install -m 0755 -d /etc/apt/keyrings
+  curl -fsSL https://download.docker.com/linux/${OS}/gpg -o /etc/apt/keyrings/docker.asc
+  chmod a+r /etc/apt/keyrings/docker.asc
+  # Add the repository to Apt sources:
+  if [[ "${UBUNTU_OS}" -eq 1 ]]; then
+    # shellcheck source=/dev/null
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/${OS} \
+    $(. /etc/os-release && echo "${VERSION_CODENAME}") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+  else
+    # probably a kali linux
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/${OS} \
+    bookworm stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+  fi
+  apt-get update -y
+  apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+  export DOCKER_COMPOSE=("docker" "compose")
+elif command -v docker-compose > /dev/null ; then
+  echo -e "\n${ORANGE}""${BOLD}""WARNING: Old docker-compose installation found""${NC}"
+  echo -e "${ORANGE}""${BOLD}""It is recommend to remove the current installation and restart the EMBA installation afterwards!""${NC}"
+  read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r
+  export DOCKER_COMPOSE=("docker-compose")
+  # if we do not have the docker command it probably is a more modern system and we need to install the docker-cli package
+  if ! command -v docker > /dev/null; then
+    echo -e "\n${ORANGE}WARNING: No docker command available -> we check for docker-cli package${NC}"
+    if [[ "$(apt-cache search docker-cli | wc -l)" -gt 0 ]]; then
+      echo -e "\n${ORANGE}Info: No docker command available -> we install the docker-cli package now${NC}"
+      apt-get install docker-cli -y
+    fi
   fi
 fi
 

installer/I05_emba_docker_image_dl.sh

@@ -20,7 +20,7 @@ I05_emba_docker_image_dl() {
   module_title "${FUNCNAME[0]}"
 
   if [[ "${LIST_DEP}" -eq 1 ]] || [[ "${IN_DOCKER}" -eq 0 ]] || [[ "${DOCKER_SETUP}" -eq 1 ]] || [[ "${FULL}" -eq 1 ]]; then
-    print_tool_info "docker.io" 1
+    # print_tool_info "docker.io" 1
 
     echo -e "\\n""${ORANGE}""${BOLD}""embeddedanalyzer/emba docker image""${NC}"
     echo -e "Description: EMBA docker images used for firmware analysis."

installer/ID1_ubuntu_os.sh

@@ -25,7 +25,8 @@ ID1_ubuntu_os() {
     print_tool_info "notification-daemon" 1
     print_tool_info "dbus" 1
     print_tool_info "dbus-x11" 1
-    print_tool_info "libnotify-cil-dev" 1
+    # is not available in Ubuntu 24.04 -> need to check on this:
+    # print_tool_info "libnotify-cil-dev" 1
 
     if [[ -f /etc/apt/apt.conf.d/20auto-upgrades ]]; then
       echo "[*] Testing for unattended update settings"

modules/S18_capa_checker.sh

@@ -68,6 +68,7 @@ S18_capa_checker() {
           # print_output "[*] ${ORANGE}${lBIN_TO_CHECK}${NC} already tested with capa" "no_log"
           continue
         fi
+        echo "${lBIN_MD5}" >> "${TMP_DIR}"/s18_checked.tmp
 
         if [[ "${THREADED}" -eq 1 ]]; then
           capa_runner_fct "${lBIN_TO_CHECK}" &
@@ -125,10 +126,6 @@ capa_runner_fct() {
       sed -i "/\ ${lATTACK_CODE}\ /a\[REF\] https://attack.mitre.org/techniques/${lATTACK_CODE/\./\/}" "${LOG_PATH_MODULE}/capa_${lBIN_NAME}.log" || true
     done
     sed -i '/\ MBC Objective/a \[REF\] https://github.com/MBCProject/mbc-markdown' "${LOG_PATH_MODULE}/capa_${lBIN_NAME}.log" || true
-    lBIN_MD5="$(md5sum "${lBIN_TO_CHECK}" | awk '{print $1}')"
-    if ( ! grep -q "${lBIN_MD5}" "${TMP_DIR}"/s18_checked.tmp 2>/dev/null); then
-      echo "${lBIN_MD5}" >> "${TMP_DIR}"/s18_checked.tmp
-    fi
   else
     print_output "[*] No capa results for $(print_path "${lBINARY}")" "no_log"
     rm "${LOG_PATH_MODULE}/capa_${lBIN_NAME}.log" || true