网站分析>> docker-bro>> 返回
项目作者: blacktop

项目描述 :
Bro IDS Dockerfile
高级语言: Zeek
项目地址: git://github.com/blacktop/docker-bro.git
创建时间: 2014-04-30T21:06:00Z
项目社区:https://github.com/blacktop/docker-bro
开源协议:MIT License
下载


bro-logo

Bro IDS Dockerfile (also see :new: blacktop/docker-zeek)

CircleCI License Docker Stars Docker Pulls Docker Image

This repository contains a Dockerfile of Bro-IDS blacktop/bro.

Table of Contents

Dependencies

Image Tags

  1. $ docker images
  3. REPOSITORY          TAG           SIZE
  4. blacktop/bro        latest        22.2MB
  5. blacktop/bro        2.5           22.2MB
  6. blacktop/bro        pkg           107MB
  7. blacktop/bro        elastic       67.4MB
  8. blacktop/bro        redis         60.1MB
  9. blacktop/bro        geoip         55.97MB
  10. blacktop/bro        kafka         30.6MB
  11. blacktop/bro        2.4.1         16.68MB
  12. blacktop/bro        2.4           16.68MB

NOTE:

  • tag pkg is the same as tag 2.5, but includes the Bro Package Manager
  • tag elastic is the same as tag 2.5, but includes the elasticsearch plugin and the GeoIP database
  • tag redis is the same as tag 2.5, but includes the redis plugin and the GeoIP database
  • tag geoip is the same as tag 2.5, but includes the GeoIP database
  • tag kafka is the same as tag 2.5, but includes the kafka plugin
  • all tags include the af_packet plugin

Installation

  1. Install Docker.
  2. Download trusted build from public Docker Registry: docker pull blacktop/bro

Getting Started

  1. $ wget https://github.com/blacktop/docker-bro/raw/master/pcap/heartbleed.pcap
  2. $ wget https://github.com/blacktop/docker-bro/raw/master/scripts/local.bro
  3. $ docker run --rm \
  4.          -v `pwd`:/pcap \
  5.          -v `pwd`/local.bro:/usr/local/share/bro/site/local.bro \  # All default modules loaded
  6.          blacktop/bro -r heartbleed.pcap local "Site::local_nets += { 192.168.11.0/24 }"
  1. $ ls -l
  3. -rw-r--r--  1 blacktop  staff   635B Jul 30 12:11 conn.log
  4. -rw-r--r--  1 blacktop  staff   754B Jul 30 12:11 files.log
  5. -rw-r--r--  1 blacktop  staff   384B Jul 30 12:11 known_certs.log
  6. -rw-r--r--  1 blacktop  staff   239B Jul 30 12:11 known_hosts.log
  7. -rw-r--r--  1 blacktop  staff   271B Jul 30 12:11 known_services.log
  8. -rw-r--r--  1 blacktop  staff    17K Jul 30 12:11 loaded_scripts.log
  9. -rw-r--r--  1 blacktop  staff   1.9K Jul 30 12:11 notice.log <====== NOTICE
  10. -rw-r--r--  1 blacktop  staff   253B Jul 30 12:11 packet_filter.log
  11. -rw-r--r--  1 blacktop  staff   1.2K Jul 30 12:11 ssl.log
  12. -rw-r--r--  1 blacktop  staff   901B Jul 30 12:11 x509.log
  1. $ cat notice.log | awk '{ print $11 }' | tail -n4
  3. Heartbleed::SSL_Heartbeat_Attack
  4. Heartbleed::SSL_Heartbeat_Odd_Length
  5. Heartbleed::SSL_Heartbeat_Attack_Success

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don’t hesitate to file an issue and I’ll get right on it.

Credits

Alpine conversion heavily (if not entirely) influenced by https://github.com/nizq/docker-bro

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015-2018 blacktop