7336b17f79
Build and push soc-collector / build (push) Successful in 31s
A single Docker image, configured entirely by env vars (SOC_URL + SOC_TOKEN + targets). Runs once and exits; schedule with cron. Four self-skipping sources: - surface nmap open-port/service scan (SOC_TARGETS) - cve Trivy HIGH/CRITICAL scan of running images (Docker socket) - tls cert-expiry / weak-TLS / missing-headers (SOC_DOMAINS) - config 0.0.0.0 binds, --privileged, rw docker-socket mounts (Docker socket) Stable slugs per source so SOC Center versions/diffs/alerts. Pure stdlib; image adds nmap + trivy. MIT, intended as a public Ethica repo.
36 lines
869 B
Python
36 lines
869 B
Python
"""Tiny read-only Docker Engine API client over the unix socket (stdlib only).
|
|
|
|
Used by the cve and config-drift sources. HTTP/1.0 so the daemon sends the whole
|
|
body then closes the connection (no chunked decoding needed).
|
|
"""
|
|
import json
|
|
import socket
|
|
|
|
SOCK = "/var/run/docker.sock"
|
|
|
|
|
|
def available():
|
|
try:
|
|
s = socket.socket(socket.AF_UNIX)
|
|
s.connect(SOCK)
|
|
s.close()
|
|
return True
|
|
except OSError:
|
|
return False
|
|
|
|
|
|
def get(path):
|
|
s = socket.socket(socket.AF_UNIX)
|
|
s.settimeout(30)
|
|
s.connect(SOCK)
|
|
s.sendall(f"GET {path} HTTP/1.0\r\nHost: docker\r\n\r\n".encode())
|
|
buf = b""
|
|
while True:
|
|
chunk = s.recv(65536)
|
|
if not chunk:
|
|
break
|
|
buf += chunk
|
|
s.close()
|
|
body = buf.split(b"\r\n\r\n", 1)[1] if b"\r\n\r\n" in buf else b""
|
|
return json.loads(body or b"null")
|