Dockerfile.el6

# PONZU
# build lime kernel module and volatilty profiles from lime and dwarfDump source.
# change the FROM line to a different OS release if required
# also change the COPY centos-el6-vault.repo line as necessary
#
# [build ponzu]
# docker build -t ponzu:el7 .
#
# [run ponzu]
# docker run --rm -v /YourPath/rpms/:/rpms/ ponzu:el7 3.10.0-123.1.2
#
# I keep the rpms out of the ponzu directory to keep the build process compact
# [optional]
# mkdir /YourPath/rpms
# cp kernel-${KVER}*.rpm /YourPath/rpms
# cp kernel-devel-${KVER}*.rpm /YourPath/rpms
# cp kernel-firmware-${KVER}*.rpm /YourPath/rpms
#
# If you're doing el5 or el7, change the release value below and change the OSVER in build-volatility.sh

FROM centos:centos6

LABEL maintainer Dannen Harris version 3.0

RUN mkdir /lime-module /rpms

# x86_64 only
RUN rm -f /etc/yum.repos.d/*repo
COPY centos-el6-vault.repo /etc/yum.repos.d
RUN echo "exclude=*.i386 *.i586 *.i686" >> /etc/yum.conf
RUN yum -y -q -e 0 install autoconf \
 automake \
 gcc \
 gcc-c++ \
 make \
 patch \
 patchutils \
 dracut \
 dracut-kernel \
 elfutils \
 elfutils-devel \
 elfutils-libelf \
 elfutils-libelf-devel \
 git \
 grubby \
 kbd \
 kbd-misc \
 libtool \
 zip \
 zlib \
 && yum -y clean all
WORKDIR /
# pull remote legacy version of libdwarf centos6 EoL 11-30-2020
# https://www.prevanders.net/libdwarf-20200114.tar.gz
# 20201201 release+ does not built properly on el6
RUN curl https://www.prevanders.net/libdwarf-20200114.tar.gz --output libdwarf-20200114.tar.gz
RUN tar -xvzf libdwarf-20200114.tar.gz \
 && cd libdwarf-20200114/ \
 && ./configure \
 && make > /tmp/log-file 2>&1  \
 && cp -p /libdwarf-20200114/dwarfdump/dwarfdump /bin/dwarfdump \
 && cd / \
 && rm -rf /libdwarf-20200114 /libdwarf-20200114.tar.gz

RUN git clone https://github.com/504ensicsLabs/LiME.git
RUN git clone https://github.com/volatilityfoundation/volatility.git

COPY build-volatility.el6.sh /build-volatility.sh

ENTRYPOINT ["/build-volatility.sh"]