so-domainstats via socks proxy, how I got it to work...

[Roy]

Not sure if this was the optimal way but I was able to modify the image to allow me to use socks 5 proxy for the whois lookups by doing the following:

Create a folder to capture all the files and Dockerfile on the SO server:
mkdir ~/domainstats
cd ~/domainstats

Start domainstats container:
so-domainstats-start

Copy the whois.py file to the domainstats folder from the container:
docker cp so-domainstats:/lib/python2.7/site-packages/whois/whois.py .

Modify the whois.py module to use socks to for a socket connection to your socks proxy:

Add:
import socks

Add and comment out this info in the whois funcion functions section:

#comment out
#s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#add
s = socks.socksocket()
s.set_proxy(socks.SOCKS5, "socksproxy.someplace.net", 1080)

Create the a Dockerfile with the following info:

FROM securityonionsolutions/so-domainstats
USER root
RUN pip --proxy http://proxy.someplace.net:8080 install --upgrade pip
RUN pip --proxy http://proxy.someplace.net:8080 install PySocks
COPY whois.py /lib/python2.7/site-packages/whois

Build the image with the updates:
sudo docker build -t my-domainstats .

Stop the so-domainstats container:
so-domainstats-stop

Run your custom image and set the network to use it:
sudo docker run --name=my-domainstats --detach --volume /var/log/domain_stats:/var/log/domain_stats --disable-content-trust my-domainstats

sudo docker network connect --alias domainstats so-elastic-net my-domainstats

If you have access to the proxy logs you should see the whois lookup going through your proxy if it allows port 43 out...

You could update the following scripts but not sure how often they get updated:
/usr/sbin/so-domainstats-start
/usr/sbin/so-domainstats-restart
/usr/sbin/so-domainstats-stop