1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-21 01:27:01 +02:00

update zeek

This commit is contained in:
kev 2024-02-29 15:20:14 +08:00
parent 6050c5f150
commit cb5cb05e15
6 changed files with 46 additions and 56 deletions

View File

@ -228,7 +228,6 @@ A collection of delicious docker recipes.
- [x] aircrack-ng-arm
- [x] amass
- [x] bro
- [x] clamav
- [x] dirsearch
- [x] dsniff
@ -508,6 +507,7 @@ A collection of delicious docker recipes.
- [x] wordpress
- [x] yourls
- [x] ghcr.io/linuxserver/wireguard
- [x] zeek/zeek :skull:
- [x] apache/zeppelin
- [x] koenkk/zigbee2mqtt
- [x] zookeeper

View File

@ -1,49 +0,0 @@
The Bro Network Security Monitor
================================
[![](https://badge.imagelayers.io/vimagick/bro:latest.svg)](https://imagelayers.io/?images=vimagick/bro:latest 'Get your own badge on imagelayers.io')
`Bro` is a powerful network analysis framework that is much different from the
typical IDS you may know.
- Adaptable
- Efficient
- Flexible
- Forensics
- Commercially Supported
- In-depth Analysis
- Highly Stateful
- Open Interfaces
- Open Source
## docker-compose.yml
```
bro:
image: vimagick/bro
command: bro -C -i eth0
volumes:
- ./logs:/opt/bro/logs
net: container:shadowsocks_shadowsocks_1
```
> We are going to monitor `shadowsocks` which is a socks5 server.
## up and running
```
$ cd ~/fig/bro/
$ docker-compose up -d
$ docker exec -it bro_bro_1 bash
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
10 www.youtube.com
3 twitter.com
2 www.google.com
1 www.baidu.com
1 www.facebook.com
>>> exit
```
> Don't be evil!

View File

@ -1,6 +0,0 @@
bro:
image: vimagick/bro
command: bro -i eth0
volumes:
- ./logs:/opt/bro/logs
net: container:shadowsocks_shadowsocks_1

36
zeek/README.md Normal file
View File

@ -0,0 +1,36 @@
zeek
====
[Zeek][1] is a passive, open-source network traffic analyzer. Many operators use
Zeek as a network security monitor (NSM) to support investigations of
suspicious or malicious activity.
- Adaptable
- Efficient
- Flexible
- Forensics
- Commercially Supported
- In-depth Analysis
- Highly Stateful
- Open Interfaces
- Open Source
## up and running
```bash
$ docker compose up -d
$ docker compose exec zeek bash
>>> cd /usr/local/zeek/logs
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
10 www.youtube.com
3 twitter.com
2 www.google.com
1 www.baidu.com
1 www.facebook.com
>>> exit
```
> Don't be evil!
[1]: https://github.com/zeek/zeek

9
zeek/docker-compose.yml Normal file
View File

@ -0,0 +1,9 @@
version: "3.8"
services:
zeek:
image: zeek/zeek:tls
command: zeek -C -i eth0
volumes:
- ./logs:/usr/local/zeek/logs
network_mode: host
restart: unless-stopped