mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-21 01:27:01 +02:00
update zeek
This commit is contained in:
parent
6050c5f150
commit
cb5cb05e15
@ -228,7 +228,6 @@ A collection of delicious docker recipes.
|
||||
|
||||
- [x] aircrack-ng-arm
|
||||
- [x] amass
|
||||
- [x] bro
|
||||
- [x] clamav
|
||||
- [x] dirsearch
|
||||
- [x] dsniff
|
||||
@ -508,6 +507,7 @@ A collection of delicious docker recipes.
|
||||
- [x] wordpress
|
||||
- [x] yourls
|
||||
- [x] ghcr.io/linuxserver/wireguard
|
||||
- [x] zeek/zeek :skull:
|
||||
- [x] apache/zeppelin
|
||||
- [x] koenkk/zigbee2mqtt
|
||||
- [x] zookeeper
|
||||
|
@ -1,49 +0,0 @@
|
||||
The Bro Network Security Monitor
|
||||
================================
|
||||
|
||||
[![](https://badge.imagelayers.io/vimagick/bro:latest.svg)](https://imagelayers.io/?images=vimagick/bro:latest 'Get your own badge on imagelayers.io')
|
||||
|
||||
`Bro` is a powerful network analysis framework that is much different from the
|
||||
typical IDS you may know.
|
||||
|
||||
- Adaptable
|
||||
- Efficient
|
||||
- Flexible
|
||||
- Forensics
|
||||
- Commercially Supported
|
||||
- In-depth Analysis
|
||||
- Highly Stateful
|
||||
- Open Interfaces
|
||||
- Open Source
|
||||
|
||||
## docker-compose.yml
|
||||
|
||||
```
|
||||
bro:
|
||||
image: vimagick/bro
|
||||
command: bro -C -i eth0
|
||||
volumes:
|
||||
- ./logs:/opt/bro/logs
|
||||
net: container:shadowsocks_shadowsocks_1
|
||||
```
|
||||
|
||||
> We are going to monitor `shadowsocks` which is a socks5 server.
|
||||
|
||||
## up and running
|
||||
|
||||
```
|
||||
$ cd ~/fig/bro/
|
||||
|
||||
$ docker-compose up -d
|
||||
|
||||
$ docker exec -it bro_bro_1 bash
|
||||
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
|
||||
10 www.youtube.com
|
||||
3 twitter.com
|
||||
2 www.google.com
|
||||
1 www.baidu.com
|
||||
1 www.facebook.com
|
||||
>>> exit
|
||||
```
|
||||
|
||||
> Don't be evil!
|
@ -1,6 +0,0 @@
|
||||
bro:
|
||||
image: vimagick/bro
|
||||
command: bro -i eth0
|
||||
volumes:
|
||||
- ./logs:/opt/bro/logs
|
||||
net: container:shadowsocks_shadowsocks_1
|
36
zeek/README.md
Normal file
36
zeek/README.md
Normal file
@ -0,0 +1,36 @@
|
||||
zeek
|
||||
====
|
||||
|
||||
[Zeek][1] is a passive, open-source network traffic analyzer. Many operators use
|
||||
Zeek as a network security monitor (NSM) to support investigations of
|
||||
suspicious or malicious activity.
|
||||
|
||||
- Adaptable
|
||||
- Efficient
|
||||
- Flexible
|
||||
- Forensics
|
||||
- Commercially Supported
|
||||
- In-depth Analysis
|
||||
- Highly Stateful
|
||||
- Open Interfaces
|
||||
- Open Source
|
||||
|
||||
## up and running
|
||||
|
||||
```bash
|
||||
$ docker compose up -d
|
||||
|
||||
$ docker compose exec zeek bash
|
||||
>>> cd /usr/local/zeek/logs
|
||||
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
|
||||
10 www.youtube.com
|
||||
3 twitter.com
|
||||
2 www.google.com
|
||||
1 www.baidu.com
|
||||
1 www.facebook.com
|
||||
>>> exit
|
||||
```
|
||||
|
||||
> Don't be evil!
|
||||
|
||||
[1]: https://github.com/zeek/zeek
|
9
zeek/docker-compose.yml
Normal file
9
zeek/docker-compose.yml
Normal file
@ -0,0 +1,9 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
zeek:
|
||||
image: zeek/zeek:tls
|
||||
command: zeek -C -i eth0
|
||||
volumes:
|
||||
- ./logs:/usr/local/zeek/logs
|
||||
network_mode: host
|
||||
restart: unless-stopped
|
Loading…
Reference in New Issue
Block a user