Skip to content

Zeek 3.1.3 #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mbaker-97 wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Zeek 3.1.3 #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
7b80fb3
Updated Dockerfile
mbaker97 May 28, 2020
86874ec
Updated Dockerfile
mbaker97 May 28, 2020
782cdb4
Updated Dockerfile
invalid-email-address May 31, 2020
2783dd5
Added variable for Zeek Version
invalid-email-address Jun 2, 2020
58866d5
Modified star and supervisord scripts
mbaker-97 Jun 4, 2020
322436f
Updated Dockerfile
mbaker-97 Jun 6, 2020
40b0cb2
Updated Dockerfile for sane Defaults
mbaker-97 Jun 13, 2020
c34ce79
Changed permissions in Dockerfile
mbaker-97 Aug 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 31 additions & 26 deletions container/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,51 +1,56 @@
FROM centos:latest AS build
RUN yum -y install epel-release

FROM centos:8.1.1911 AS build

#Version Number of Zeek
ENV VERSION="3.1.3"
RUN yum -y install epel-release dnf-plugins-core
RUN yum -y update && \
yum -y install sudo supervisor git cmake make gcc gcc-c++ flex bison libpcap-devel openssl-devel python-devel swig zlib-devel GeoIP-devel libpcap gperftools vim-minimal wget kernel-headers kernel-devel kernel hiredis-devel git python-pip cmake librdkafka librdkafka-devel sendmail
RUN pip install bro-pkg
RUN wget https://www.bro.org/downloads/bro-2.5.5.tar.gz && \
tar xzf bro-2.5.5.tar.gz && \
cd bro-2.5.5 && \
yum config-manager --set-enabled PowerTools && \
yum -y install sudo supervisor git cmake make gcc gcc-c++ flex bison libpcap-devel openssl-devel python2-devel swig zlib-devel GeoIP-devel libpcap gperftools vim-minimal wget kernel-headers kernel-devel kernel hiredis-devel git python2-pip cmake librdkafka librdkafka-devel sendmail
RUN python2 -m pip install zkg
RUN wget https://download.zeek.org/zeek-$VERSION.tar.gz && \
tar xzf zeek-$VERSION.tar.gz && \
cd zeek-$VERSION && \
#split the configure and make \
./configure && \
make install

make install
# Add location of zeek config-file to path
ENV PATH="${PATH}:/usr/local/zeek/bin/"
#here is where you can add all your packages. Note that some packages require different build tools and therefore may require additional packages not otherwise found. Some packages require configuration as well. If this is the case it is best to modify the configurations maps accordingly.
RUN PATH="${PATH}:/usr/local/bro/bin/"; bro-pkg autoconfig && \
bro-pkg install --force bro-af_packet-plugin
#bro-pkg install --force bro/sethhall/unknown-mime-type-discovery && \
#bro-pkg install --force bro/apache/metron-bro-plugin-kafka
RUN zkg autoconfig && \
git clone https://github.com/J-Gras/zeek-af_packet-plugin.git && cd zeek-af_packet-plugin && ./configure --with-kernel=/usr/src/kernels/4.18.0-147.8.1.el8_1.x86_64 && make && make install && cd ..
#zkg install --force zeek/sethhall/unknown-mime-type-discovery
#zkg install --force zeek/apache/metron-bro-plugin-kafka || true

RUN echo "********Log files for Bro Packages*********" && \
if [ -d /root/.bro-pkg/logs/ ];then for i in $(find /root/.bro-pkg/logs/); do echo "***Bro Log file: $i"; cat $i; done;fi
RUN echo "********Log files for Zeek Packages*********" && \
if [ -d /usr/.zkg/logs/ ];then for i in $(find /usr/.zkg/logs/); do echo "***Zeek Log file: $i"; cat $i; done;fi

FROM centos:latest
FROM centos:8.1.1911
RUN yum -y install epel-release
RUN yum -y install supervisor git wget libpcap GeoIP gperftools tcpdump cmake librdkafka iproute sendmail && \
yum -y clean all && \
mkdir -p /conf/{plugins,site}

COPY --from=build /usr/local/bro/ /usr/local/bro
COPY --from=build /usr/local/zeek/ /usr/local/zeek

ADD startbro.sh /startbro.sh
ADD reset-network.sh /reset-network.sh
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf

ENV PATH="/usr/local/bro/bin/:${PATH}"
ENV PATH="/usr/local/zeek/bin/:${PATH}"
ENV INTERFACE=eth0

RUN chmod +x /startbro.sh
RUN chmod +x /reset-network.sh

#Used for allowing Bro to run as a regular user
RUN /usr/local/bro/bin/broctl deploy
RUN groupadd -g 2001 bro && \
useradd -u 2001 -g bro bro -d /usr/local/bro/logs/ && \
chown -R bro:bro /usr/local/bro/logs/ /usr/local/bro/lib/bro/plugins /usr/local/bro/share/bro/site /usr/local/bro/etc/
RUN /usr/local/zeek/bin/zeekctl deploy
RUN sed -i "s/eth0/${INTERFACE}/g" /usr/local/zeek/etc/node.cfg
RUN groupadd -g 2001 zeek && \
useradd -u 2001 -g zeek zeek -d /usr/local/zeek/logs/ && \
chown -R zeek:zeek /usr/local/zeek/logs/ /usr/local/zeek/lib/zeek/plugins /usr/local/zeek/share/zeek/site /usr/local/zeek/etc/ /usr/local/zeek/share/zeekctl/scripts/zeekctl-config.sh

#Needed to run as a non-privileged user
RUN setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/bro
RUN setcap cap_net_raw,cap_net_admin=eip /usr/local/zeek/bin/zeek
RUN setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

WORKDIR /usr/local/bro/logs/
WORKDIR /usr/local/zeek/logs/
CMD ["/usr/bin/supervisord","-c","/etc/supervisor/conf.d/supervisord.conf"]
14 changes: 7 additions & 7 deletions container/startbro.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,14 @@
#CONTAINERINT is the interface within the Container
CONTAINERINT=$INTERFACE

sed -i 's/${INTERFACE}/'$INTERFACE' /g' /usr/local/bro/etc/node.cfg
sed -i 's/${INTERFACE}/'$INTERFACE' /g' /usr/local/zeek/etc/node.cfg

sudo chgrp $USER $(bro-config --site_dir) $(bro-config --plugin_dir)
sudo chmod g+rwX $(bro-config --site_dir) $(bro-config --plugin_dir)
sudo chgrp $USER $(zeek-config --site_dir) $(zeek-config --plugin_dir)
sudo chmod g+rwX $(zeek-config --site_dir) $(zeek-config --plugin_dir)

sudo chgrp $USER $(bro-config --site_dir) $(bro-config --plugin_dir)
sudo chmod g+rwX $(bro-config --site_dir) $(bro-config --plugin_dir)
sudo chgrp $USER $(zeek-config --site_dir) $(zeek-config --plugin_dir)
sudo chmod g+rwX $(zeek-config --site_dir) $(zeek-config --plugin_dir)

sed -i "/const fanout_id/c\ \tconst fanout_id = $RANDOM &redef;" /usr/local/bro/lib/bro/plugins/Bro_AF_Packet/scripts/init.bro
sed -i "/const fanout_id/c\ \tconst fanout_id = $RANDOM &redef;" /usr/local/zeek/lib/zeek/plugins/Zeek_AF_Packet/scripts/init.zeek

/usr/local/bro/bin/bro -i $CONTAINERINT -e 'redef LogAscii::use_json=T;'
/usr/local/zeek/bin/zeek -i $CONTAINERINT -e 'redef LogAscii::use_json=T;'
4 changes: 2 additions & 2 deletions container/supervisord.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[supervisord]
nodaemon=true

[program:bro]
command=/bin/bash -c "sed -i 's/${INTERFACE}/'$INTERFACE' /g' /usr/local/bro/etc/node.cfg && /usr/local/bro/bin/broctl deploy"
[program:zeek]
command=/bin/bash -c "sed -i 's/${INTERFACE}/'$INTERFACE' /g' /usr/local/zeek/etc/node.cfg && /usr/local/zeek/bin/zeekctl deploy"