Files
Steffen Skui 7336b17f79
Build and push soc-collector / build (push) Successful in 31s
soc-collector: run-anywhere scanner that pushes reports to SOC Center
A single Docker image, configured entirely by env vars (SOC_URL + SOC_TOKEN +
targets). Runs once and exits; schedule with cron. Four self-skipping sources:
  - surface     nmap open-port/service scan (SOC_TARGETS)
  - cve         Trivy HIGH/CRITICAL scan of running images (Docker socket)
  - tls         cert-expiry / weak-TLS / missing-headers (SOC_DOMAINS)
  - config      0.0.0.0 binds, --privileged, rw docker-socket mounts (Docker socket)
Stable slugs per source so SOC Center versions/diffs/alerts. Pure stdlib;
image adds nmap + trivy. MIT, intended as a public Ethica repo.
2026-06-24 18:17:39 +02:00

36 lines
869 B
Python

"""Tiny read-only Docker Engine API client over the unix socket (stdlib only).
Used by the cve and config-drift sources. HTTP/1.0 so the daemon sends the whole
body then closes the connection (no chunked decoding needed).
"""
import json
import socket
SOCK = "/var/run/docker.sock"
def available():
try:
s = socket.socket(socket.AF_UNIX)
s.connect(SOCK)
s.close()
return True
except OSError:
return False
def get(path):
s = socket.socket(socket.AF_UNIX)
s.settimeout(30)
s.connect(SOCK)
s.sendall(f"GET {path} HTTP/1.0\r\nHost: docker\r\n\r\n".encode())
buf = b""
while True:
chunk = s.recv(65536)
if not chunk:
break
buf += chunk
s.close()
body = buf.split(b"\r\n\r\n", 1)[1] if b"\r\n\r\n" in buf else b""
return json.loads(body or b"null")