This stack includes:
- ParseDMARC image to analizing reports (builded from Dockerfile, use pypy image)
- Elasticsearch & Kibana to store and visualize parsed data
- Nginx to handle basic authorization and SSL offloading
Please note that the Fail2Ban technique is not implemented, so posting this project on the Internet 🌐 can be risky.
You yourself are responsible for your actions.
The author recommends restricting Nginx access only to trusted IP addresses.
The project is delivered as is without any warranty.
To update parsedmarc:
cd parsedmarc-dockerized
docker-compose build --no-cache --pull parsedmarc
docker-compose pull
docker-compose up -d
First of all you need to have 🐳 Docker and Docker Compose.
- Learn how to install Docker and Docker Compose. Quick installation for most operation systems:
- Docker
curl -sSL https://get.docker.com/ | CHANNEL=stable sh
# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
systemctl enable docker.service
systemctl start docker.service
- Docker-Compose
curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64 > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
- Clone the master branch of the repository.
git clone https://github.com/dragoangel/parsedmarc-dockerized
cd parsedmarc-dockerized
- Change
[imap]
configuration and tweakparsedmarc/parsedmarc.ini
to your needs. Syntax and description avaible here
[imap]
host = imap.example.com
user = parsedmarc@example.com
password = somepassword
- Enable IP geolocation by installing GeoIP Update software. And edit
docker-compose.yml
to enable access to the MaxMind databases on your host system.
volumes:
- ./parsedmarc/parsedmarc.ini:/etc/parsedmarc.ini:z
- /path/to/GeoIP:/usr/share/GeoIP
- Create
nginx/htpasswd
to provide Basic-Authentification for Nginx. Changednf
to your package manager andanyusername
to your needs. In end you will be prompted to enter password to console.
dnf install -y httpd-tools
htpasswd -c nginx/htpasswd anyusername
- Generate & put your SSL keypair
kibana.crt
andkibana.key
tonginx/ssl
folder.
There are to many posible solutuins like Let's Encrypt, private PKI or self-hosted certificates.
It all up to you what to use. Note: for Let's Encrypt you need modify nginx configs to support it. You can use local ACME or modify docker-compose image.
- Create needed folders and configure permissions.
mkdir -p elasticsearch/data
chown 1000:0 elasticsearch/data
chmod 755 elasticsearch/data
chown -R 0:101 nginx/*
chmod 640 nginx/htpasswd
chmod 640 nginx/ssl/kibana.key
-
Tune
vm.max_map_count
on your OS, original how-to avaible here. -
Start stack.
docker-compose -up d
- Download & Import Kibana Saved Objects export.ndjson.
Go to https://parsedmarc.example.com/app/management/kibana/objects
click on Import
.
Import downloaded export.ndjson with override.