mirror of
https://github.com/vimagick/dockerfiles
synced 2024-06-16 03:48:44 +00:00
Compare commits
2 Commits
1c004636b6
...
9bcad4429e
Author | SHA1 | Date | |
---|---|---|---|
|
9bcad4429e | ||
|
cb5cb05e15 |
@ -228,7 +228,6 @@ A collection of delicious docker recipes.
|
|||||||
|
|
||||||
- [x] aircrack-ng-arm
|
- [x] aircrack-ng-arm
|
||||||
- [x] amass
|
- [x] amass
|
||||||
- [x] bro
|
|
||||||
- [x] clamav
|
- [x] clamav
|
||||||
- [x] dirsearch
|
- [x] dirsearch
|
||||||
- [x] dsniff
|
- [x] dsniff
|
||||||
@ -508,6 +507,7 @@ A collection of delicious docker recipes.
|
|||||||
- [x] wordpress
|
- [x] wordpress
|
||||||
- [x] yourls
|
- [x] yourls
|
||||||
- [x] ghcr.io/linuxserver/wireguard
|
- [x] ghcr.io/linuxserver/wireguard
|
||||||
|
- [x] zeek/zeek :skull:
|
||||||
- [x] apache/zeppelin
|
- [x] apache/zeppelin
|
||||||
- [x] koenkk/zigbee2mqtt
|
- [x] koenkk/zigbee2mqtt
|
||||||
- [x] zookeeper
|
- [x] zookeeper
|
||||||
|
@ -1,49 +0,0 @@
|
|||||||
The Bro Network Security Monitor
|
|
||||||
================================
|
|
||||||
|
|
||||||
[![](https://badge.imagelayers.io/vimagick/bro:latest.svg)](https://imagelayers.io/?images=vimagick/bro:latest 'Get your own badge on imagelayers.io')
|
|
||||||
|
|
||||||
`Bro` is a powerful network analysis framework that is much different from the
|
|
||||||
typical IDS you may know.
|
|
||||||
|
|
||||||
- Adaptable
|
|
||||||
- Efficient
|
|
||||||
- Flexible
|
|
||||||
- Forensics
|
|
||||||
- Commercially Supported
|
|
||||||
- In-depth Analysis
|
|
||||||
- Highly Stateful
|
|
||||||
- Open Interfaces
|
|
||||||
- Open Source
|
|
||||||
|
|
||||||
## docker-compose.yml
|
|
||||||
|
|
||||||
```
|
|
||||||
bro:
|
|
||||||
image: vimagick/bro
|
|
||||||
command: bro -C -i eth0
|
|
||||||
volumes:
|
|
||||||
- ./logs:/opt/bro/logs
|
|
||||||
net: container:shadowsocks_shadowsocks_1
|
|
||||||
```
|
|
||||||
|
|
||||||
> We are going to monitor `shadowsocks` which is a socks5 server.
|
|
||||||
|
|
||||||
## up and running
|
|
||||||
|
|
||||||
```
|
|
||||||
$ cd ~/fig/bro/
|
|
||||||
|
|
||||||
$ docker-compose up -d
|
|
||||||
|
|
||||||
$ docker exec -it bro_bro_1 bash
|
|
||||||
>>> cat dns.log | bro-cut query | sort | uniq -c | sort -nr | head -5
|
|
||||||
10 www.youtube.com
|
|
||||||
3 twitter.com
|
|
||||||
2 www.google.com
|
|
||||||
1 www.baidu.com
|
|
||||||
1 www.facebook.com
|
|
||||||
>>> exit
|
|
||||||
```
|
|
||||||
|
|
||||||
> Don't be evil!
|
|
@ -1,6 +0,0 @@
|
|||||||
bro:
|
|
||||||
image: vimagick/bro
|
|
||||||
command: bro -i eth0
|
|
||||||
volumes:
|
|
||||||
- ./logs:/opt/bro/logs
|
|
||||||
net: container:shadowsocks_shadowsocks_1
|
|
36
zeek/README.md
Normal file
36
zeek/README.md
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
zeek
|
||||||
|
====
|
||||||
|
|
||||||
|
[Zeek][1] is a passive, open-source network traffic analyzer. Many operators use
|
||||||
|
Zeek as a network security monitor (NSM) to support investigations of
|
||||||
|
suspicious or malicious activity.
|
||||||
|
|
||||||
|
- Adaptable
|
||||||
|
- Efficient
|
||||||
|
- Flexible
|
||||||
|
- Forensics
|
||||||
|
- Commercially Supported
|
||||||
|
- In-depth Analysis
|
||||||
|
- Highly Stateful
|
||||||
|
- Open Interfaces
|
||||||
|
- Open Source
|
||||||
|
|
||||||
|
## up and running
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ docker compose up -d
|
||||||
|
|
||||||
|
$ docker compose exec zeek bash
|
||||||
|
>>> cd /usr/local/zeek/logs
|
||||||
|
>>> cat dns.log | zeek-cut query | sort | uniq -c | sort -nr | head -5
|
||||||
|
10 www.youtube.com
|
||||||
|
3 twitter.com
|
||||||
|
2 www.google.com
|
||||||
|
1 www.baidu.com
|
||||||
|
1 www.facebook.com
|
||||||
|
>>> exit
|
||||||
|
```
|
||||||
|
|
||||||
|
> Don't be evil!
|
||||||
|
|
||||||
|
[1]: https://github.com/zeek/zeek
|
9
zeek/docker-compose.yml
Normal file
9
zeek/docker-compose.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
zeek:
|
||||||
|
image: zeek/zeek:tls
|
||||||
|
command: zeek -C -i eth0
|
||||||
|
volumes:
|
||||||
|
- ./logs:/usr/local/zeek/logs
|
||||||
|
network_mode: host
|
||||||
|
restart: unless-stopped
|
Loading…
Reference in New Issue
Block a user