Compare commits
5 Commits
1c004636b6
...
9bcad4429e
Author | SHA1 | Date | |
---|---|---|---|
Lucien | 9bcad4429e | ||
kev | cb5cb05e15 | ||
Lucien | fe16052056 | ||
Lucien | f21ffd6bfa | ||
ImgBotApp | 1c434b2d2e |
|
@ -228,7 +228,6 @@ A collection of delicious docker recipes.
|
|||
|
||||
- [x] aircrack-ng-arm
|
||||
- [x] amass
|
||||
- [x] bro
|
||||
- [x] clamav
|
||||
- [x] dirsearch
|
||||
- [x] dsniff
|
||||
|
@ -508,6 +507,7 @@ A collection of delicious docker recipes.
|
|||
- [x] wordpress
|
||||
- [x] yourls
|
||||
- [x] ghcr.io/linuxserver/wireguard
|
||||
- [x] zeek/zeek :skull:
|
||||
- [x] apache/zeppelin
|
||||
- [x] koenkk/zigbee2mqtt
|
||||
- [x] zookeeper
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
The Bro Network Security Monitor
|
||||
================================
|
||||
|
||||
[![](https://badge.imagelayers.io/vimagick/bro:latest.svg)](https://imagelayers.io/?images=vimagick/bro:latest 'Get your own badge on imagelayers.io')
|
||||
|
||||
`Bro` is a powerful network analysis framework that is much different from the
|
||||
typical IDS you may know.
|
||||
|
||||
- Adaptable
|
||||
- Efficient
|
||||
- Flexible
|
||||
- Forensics
|
||||
- Commercially Supported
|
||||
- In-depth Analysis
|
||||
- Highly Stateful
|
||||
- Open Interfaces
|
||||
- Open Source
|
||||
|
||||
## docker-compose.yml
|
||||
|
||||
```
|
||||
bro:
|
||||
image: vimagick/bro
|
||||
command: bro -C -i eth0
|
||||
volumes:
|
||||
- ./logs:/opt/bro/logs
|
||||
net: container:shadowsocks_shadowsocks_1
|
||||
```
|
||||
|
||||
> We are going to monitor `shadowsocks` which is a socks5 server.
|
||||
|
||||
## up and running
|
||||
|
||||
```
|
||||
$ cd ~/fig/bro/
|
||||
|
||||
$ docker-compose up -d
|
||||
|
||||
$ docker exec -it bro_bro_1 bash
|
||||
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
|
||||
10 www.youtube.com
|
||||
3 twitter.com
|
||||
2 www.google.com
|
||||
1 www.baidu.com
|
||||
1 www.facebook.com
|
||||
>>> exit
|
||||
```
|
||||
|
||||
> Don't be evil!
|
|
@ -1,6 +0,0 @@
|
|||
bro:
|
||||
image: vimagick/bro
|
||||
command: bro -i eth0
|
||||
volumes:
|
||||
- ./logs:/opt/bro/logs
|
||||
net: container:shadowsocks_shadowsocks_1
|
Before Width: | Height: | Size: 32 KiB After Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 81 KiB After Width: | Height: | Size: 62 KiB |
Before Width: | Height: | Size: 60 KiB After Width: | Height: | Size: 59 KiB |
Before Width: | Height: | Size: 7.8 KiB After Width: | Height: | Size: 7.7 KiB |
|
@ -10,6 +10,7 @@ RUN set -xe \
|
|||
&& sed -i -e '/^Allow /s/^/#/' \
|
||||
-e '/^ConnectPort /s/^/#/' \
|
||||
-e '/^#DisableViaHeader /s/^#//' \
|
||||
-e 's/^Timeout.*/Timeout 10/' \
|
||||
/etc/tinyproxy/tinyproxy.conf
|
||||
|
||||
VOLUME /etc/tinyproxy
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
zeek
|
||||
====
|
||||
|
||||
[Zeek][1] is a passive, open-source network traffic analyzer. Many operators use
|
||||
Zeek as a network security monitor (NSM) to support investigations of
|
||||
suspicious or malicious activity.
|
||||
|
||||
- Adaptable
|
||||
- Efficient
|
||||
- Flexible
|
||||
- Forensics
|
||||
- Commercially Supported
|
||||
- In-depth Analysis
|
||||
- Highly Stateful
|
||||
- Open Interfaces
|
||||
- Open Source
|
||||
|
||||
## up and running
|
||||
|
||||
```bash
|
||||
$ docker compose up -d
|
||||
|
||||
$ docker compose exec zeek bash
|
||||
>>> cd /usr/local/zeek/logs
|
||||
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
|
||||
10 www.youtube.com
|
||||
3 twitter.com
|
||||
2 www.google.com
|
||||
1 www.baidu.com
|
||||
1 www.facebook.com
|
||||
>>> exit
|
||||
```
|
||||
|
||||
> Don't be evil!
|
||||
|
||||
[1]: https://github.com/zeek/zeek
|
|
@ -0,0 +1,9 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
zeek:
|
||||
image: zeek/zeek:tls
|
||||
command: zeek -C -i eth0
|
||||
volumes:
|
||||
- ./logs:/usr/local/zeek/logs
|
||||
network_mode: host
|
||||
restart: unless-stopped
|