├── .gitignore
├── 1.5.Dockerfile
├── 2.1.Dockerfile
├── 2.2.Dockerfile
├── 2.3.1.Dockerfile
├── 2.3.2.Dockerfile
├── 2.4.1.Dockerfile
├── 2.4.Dockerfile
├── 2.5.1.Dockerfile
├── 2.5.2.Dockerfile
├── 2.5.3-dev.Dockerfile
├── 2.5.3.Dockerfile
├── 2.5.5.Dockerfile
├── 2.5.Dockerfile
├── 2.6.1-debug.Dockerfile
├── 2.6.1.Dockerfile
├── 2.6.3-dev.Dockerfile
├── 2.6.3.Dockerfile
├── 2.6.Dockerfile
├── 3.0.0-dev.Dockerfile
├── 3.0.0.Dockerfile
├── Dockerfile
├── Makefile
├── README.md
├── common
    ├── bro_profile.sh
    ├── buildbro
    ├── buildbro-1.5
    ├── getgeo.sh
    ├── getmmdb.sh
    ├── gitbro
    └── install-caf
├── master-dev.Dockerfile
└── master.Dockerfile


/.gitignore:
--------------------------------------------------------------------------------
1 | push-stamp_*
2 | build-stamp_*
3 | 


--------------------------------------------------------------------------------
/1.5.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:squeeze
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get update && echo 2015-01-23
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates --no-install-recommends
17 | 
18 | # Bro < 2.3 needs libmagic and ./configure wants the file command
19 | RUN apt-get -y install file libmagic-dev
20 | 
21 | # Build bro
22 | ENV VER 1.5
23 | RUN cd /tmp && wget http://www.bro.org/downloads/bro-${VER}.tar.gz --no-check-certificate
24 | ADD ./common/buildbro-1.5 ${WD}/common/buildbro-1.5
25 | RUN ${WD}/common/buildbro-1.5 ${VER} http://www.bro.org/downloads/bro-${VER}.tar.gz
26 | 
27 | RUN ln -s /usr/local/bro-${VER} /bro
28 | 
29 | # Final setup stuff
30 | 
31 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
32 | RUN /usr/local/bin/getgeo.sh
33 | 
34 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
35 | 
36 | # Cleanup, so docker-squash can do it's thing
37 | 
38 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
39 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
40 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget)
41 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
42 | 
43 | env PATH /bro/bin/:$PATH
44 | 
45 | CMD /bin/bash -l
46 | 


--------------------------------------------------------------------------------
/2.1.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:squeeze
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get update && echo 2015-01-23
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates --no-install-recommends
17 | 
18 | # Bro < 2.3 needs libmagic and ./configure wants the file command
19 | RUN apt-get -y install file libmagic-dev
20 | 
21 | # Build bro
22 | ENV VER 2.1
23 | RUN cd /tmp && wget http://www.bro.org/downloads/bro-${VER}.tar.gz --no-check-certificate
24 | ADD ./common/buildbro ${WD}/common/buildbro
25 | RUN ${WD}/common/buildbro bro ${VER}
26 | RUN ln -s /usr/local/bro-${VER} /bro
27 | 
28 | # Final setup stuff
29 | 
30 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
31 | RUN /usr/local/bin/getgeo.sh
32 | 
33 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
34 | 
35 | # Cleanup, so docker-squash can do it's thing
36 | 
37 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
38 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
39 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget|grep -v curl|grep -v openssl)
40 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
41 | 
42 | env PATH /bro/bin/:$PATH
43 | 
44 | CMD /bin/bash -l
45 | 


--------------------------------------------------------------------------------
/2.2.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:wheezy
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get update && apt-get upgrade && echo 2015-06-16
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates --no-install-recommends
17 | 
18 | # Bro < 2.3 needs libmagic and ./configure wants the file command
19 | RUN apt-get -y install file libmagic-dev
20 | 
21 | # Build bro
22 | ENV VER 2.2
23 | RUN cd /tmp && wget http://www.bro.org/downloads/bro-${VER}.tar.gz --no-check-certificate
24 | ADD ./common/buildbro ${WD}/common/buildbro
25 | RUN ${WD}/common/buildbro bro ${VER}
26 | RUN ln -s /usr/local/bro-${VER} /bro
27 | 
28 | # Final setup stuff
29 | 
30 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
31 | RUN /usr/local/bin/getgeo.sh
32 | 
33 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
34 | 
35 | # Cleanup, so docker-squash can do it's thing
36 | 
37 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
38 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
39 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget)
40 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
41 | 
42 | env PATH /bro/bin/:$PATH
43 | 
44 | CMD /bin/bash -l
45 | 


--------------------------------------------------------------------------------
/2.3.1.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:wheezy
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get update && apt-get upgrade && echo 2015-06-16
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates --no-install-recommends
17 | 
18 | # Build bro
19 | ENV VER 2.3.1
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | RUN ln -s /usr/local/bro-${VER} /bro
23 | 
24 | # Final setup stuff
25 | 
26 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
27 | RUN /usr/local/bin/getgeo.sh
28 | 
29 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
30 | 
31 | # Cleanup, so docker-squash can do it's thing
32 | 
33 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
34 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
35 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget)
36 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
37 | 
38 | env PATH /bro/bin/:$PATH
39 | 
40 | CMD /bin/bash -l
41 | 


--------------------------------------------------------------------------------
/2.3.2.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:wheezy
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get update && apt-get upgrade && echo 2015-06-16
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates --no-install-recommends
17 | 
18 | # Build bro
19 | ENV VER 2.3.2
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | RUN ln -s /usr/local/bro-${VER} /bro
23 | 
24 | # Final setup stuff
25 | 
26 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
27 | RUN /usr/local/bin/getgeo.sh
28 | 
29 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
30 | 
31 | # Cleanup, so docker-squash can do it's thing
32 | 
33 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
34 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
35 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget)
36 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
37 | 
38 | env PATH /bro/bin/:$PATH
39 | 
40 | CMD /bin/bash -l
41 | 


--------------------------------------------------------------------------------
/2.4.1.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:wheezy
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get -y update && apt-get -y upgrade && echo 2015-06-16
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates --no-install-recommends
17 | 
18 | # Build bro
19 | ENV VER 2.4.1
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro ${VER} http://www.bro.org/downloads/bro-${VER}.tar.gz
22 | RUN ln -s /usr/local/bro-${VER} /bro
23 | 
24 | # Final setup stuff
25 | 
26 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
27 | RUN /usr/local/bin/getgeo.sh
28 | 
29 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
30 | 
31 | # Cleanup, so docker-squash can do it's thing
32 | 
33 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
34 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
35 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget)
36 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
37 | 
38 | env PATH /bro/bin/:$PATH
39 | 
40 | CMD /bin/bash -l
41 | 


--------------------------------------------------------------------------------
/2.4.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:wheezy
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get update && apt-get upgrade && echo 2015-06-16
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates --no-install-recommends
17 | 
18 | # Build bro
19 | ENV VER 2.4
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | RUN ln -s /usr/local/bro-${VER} /bro
23 | 
24 | # Final setup stuff
25 | 
26 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
27 | RUN /usr/local/bin/getgeo.sh
28 | 
29 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
30 | 
31 | # Cleanup, so docker-squash can do it's thing
32 | 
33 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
34 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
35 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget)
36 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
37 | 
38 | env PATH /bro/bin/:$PATH
39 | 
40 | CMD /bin/bash -l
41 | 


--------------------------------------------------------------------------------
/2.5.1.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-03-02
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.5.1
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
27 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
28 | RUN /usr/local/bin/getgeo.sh
29 | 
30 | 
31 | # Make final image
32 | FROM debian:stretch
33 | ENV VER 2.5.1
34 | #install runtime dependencies
35 | RUN apt-get update \
36 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libgeoip1 python2.7-minimal \
37 |     && apt-get clean
38 | 
39 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
40 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
41 | RUN ln -s /usr/local/bro-${VER} /bro
42 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
43 | 
44 | env PATH /bro/bin/:$PATH
45 | CMD /bin/bash -l
46 | 


--------------------------------------------------------------------------------
/2.5.2.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-03-02
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.5.2
20 | #ADD ./common/install-caf ${WD}/common/install-caf
21 | #RUN ${WD}/common/install-caf 0.14.4
22 | ADD ./common/buildbro ${WD}/common/buildbro
23 | RUN ${WD}/common/buildbro bro ${VER}
24 | 
25 | # get geoip data
26 | 
27 | FROM debian:stretch as geogetter
28 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
29 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
30 | RUN /usr/local/bin/getgeo.sh
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER 2.5.2
36 | #install runtime dependencies
37 | RUN apt-get update \
38 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libgeoip1 python2.7-minimal \
39 |     && apt-get clean
40 | 
41 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
42 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
43 | RUN ln -s /usr/local/bro-${VER} /bro
44 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
45 | 
46 | env PATH /bro/bin/:$PATH
47 | CMD /bin/bash -l
48 | 


--------------------------------------------------------------------------------
/2.5.3-dev.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-03-02
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.5.3
20 | #ADD ./common/install-caf ${WD}/common/install-caf
21 | #RUN ${WD}/common/install-caf 0.14.4
22 | ADD ./common/buildbro ${WD}/common/buildbro
23 | RUN ${WD}/common/buildbro bro ${VER}
24 | 
25 | # get geoip data
26 | 
27 | FROM debian:stretch as geogetter
28 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
29 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
30 | RUN /usr/local/bin/getgeo.sh
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV PATH /bro/bin/:$PATH
36 | ENV VER 2.5.3
37 | #install runtime dependencies
38 | RUN apt-get update \
39 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libgeoip1 \
40 |     python2.7-minimal python-pip python-setuptools python-wheel git \
41 |     && apt-get clean
42 | 
43 | COPY --from=builder /usr/src/bro-${VER} /usr/src/bro-${VER}
44 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
45 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
46 | RUN ln -s /usr/local/bro-${VER} /bro
47 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
48 | 
49 | #install bro-pkg
50 | RUN pip install bro-pkg
51 | RUN bro-pkg autoconfig
52 | 
53 | CMD /bin/bash -l
54 | 


--------------------------------------------------------------------------------
/2.5.3.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-03-02
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.5.3
20 | #ADD ./common/install-caf ${WD}/common/install-caf
21 | #RUN ${WD}/common/install-caf 0.14.4
22 | ADD ./common/buildbro ${WD}/common/buildbro
23 | RUN ${WD}/common/buildbro bro ${VER}
24 | 
25 | # get geoip data
26 | 
27 | FROM debian:stretch as geogetter
28 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
29 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
30 | RUN /usr/local/bin/getgeo.sh
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER 2.5.3
36 | #install runtime dependencies
37 | RUN apt-get update \
38 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libgeoip1 python2.7-minimal \
39 |     && apt-get clean
40 | 
41 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
42 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
43 | RUN ln -s /usr/local/bro-${VER} /bro
44 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
45 | 
46 | env PATH /bro/bin/:$PATH
47 | CMD /bin/bash -l
48 | 


--------------------------------------------------------------------------------
/2.5.5.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-03-02
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.5.5
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
27 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
28 | RUN /usr/local/bin/getgeo.sh
29 | 
30 | 
31 | # Make final image
32 | FROM debian:stretch
33 | ENV VER 2.5.5
34 | #install runtime dependencies
35 | RUN apt-get update \
36 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libgeoip1 python2.7-minimal \
37 |     && apt-get clean
38 | 
39 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
40 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
41 | RUN ln -s /usr/local/bro-${VER} /bro
42 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
43 | 
44 | env PATH /bro/bin/:$PATH
45 | CMD /bin/bash -l
46 | 


--------------------------------------------------------------------------------
/2.5.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN dpkg -l | awk '{print $2}' | sort > old.txt
14 | 
15 | RUN apt-get update && apt-get upgrade -y && echo 2017-05-11
16 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libgeoip-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
17 | 
18 | #Checkout bro
19 | 
20 | # Build bro
21 | ENV VER 2.5
22 | ADD ./common/install-caf ${WD}/common/install-caf
23 | RUN ${WD}/common/install-caf 0.14.4
24 | ADD ./common/buildbro ${WD}/common/buildbro
25 | RUN ${WD}/common/buildbro bro ${VER}
26 | RUN ln -s /usr/local/bro-${VER} /bro
27 | 
28 | # Final setup stuff
29 | 
30 | ADD ./common/getgeo.sh /usr/local/bin/getgeo.sh
31 | RUN /usr/local/bin/getgeo.sh
32 | 
33 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
34 | 
35 | # Cleanup, so docker-squash can do it's thing
36 | 
37 | RUN dpkg -l | awk '{print $2}' | sort > new.txt
38 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -- -dev)
39 | RUN apt-get -y remove --purge $(comm -13 old.txt  new.txt|grep -v lib|grep -v ca-certificates|grep -v wget)
40 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /scratch/*
41 | 
42 | env PATH /bro/bin/:$PATH
43 | 
44 | CMD /bin/bash -l
45 | 


--------------------------------------------------------------------------------
/2.6.1-debug.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-11-29
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.6.1
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER} Debug
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
27 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
28 | RUN mkdir -p /usr/share/GeoIP
29 | RUN /usr/local/bin/getmmdb.sh
30 | RUN touch /usr/share/GeoIP/.notempty
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER 2.6.1
36 | #install runtime dependencies
37 | RUN apt-get update \
38 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 python2.7-minimal \
39 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
40 | 
41 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
42 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
43 | RUN ln -s /usr/local/bro-${VER} /bro
44 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
45 | 
46 | env PATH /bro/bin/:$PATH
47 | CMD /bin/bash -l
48 | 


--------------------------------------------------------------------------------
/2.6.1.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-11-29
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.6.1
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
27 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
28 | RUN mkdir -p /usr/share/GeoIP
29 | RUN /usr/local/bin/getmmdb.sh
30 | RUN touch /usr/share/GeoIP/.notempty
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER 2.6.1
36 | #install runtime dependencies
37 | RUN apt-get update \
38 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 python2.7-minimal \
39 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
40 | 
41 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
42 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
43 | RUN ln -s /usr/local/bro-${VER} /bro
44 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
45 | 
46 | env PATH /bro/bin/:$PATH
47 | CMD /bin/bash -l
48 | 


--------------------------------------------------------------------------------
/2.6.3-dev.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-03-02
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.6.3
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
27 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
28 | RUN mkdir -p /usr/share/GeoIP
29 | RUN /usr/local/bin/getmmdb.sh
30 | RUN touch /usr/share/GeoIP/.notempty
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER 2.6.3
36 | ENV PATH /bro/bin/:$PATH
37 | #install runtime dependencies
38 | RUN apt-get update \
39 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 \
40 |     python2.7-minimal python-pip python-setuptools python-wheel git \
41 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
42 | 
43 | COPY --from=builder /usr/src/bro-${VER} /usr/src/bro-${VER}
44 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
45 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
46 | RUN ln -s /usr/local/bro-${VER} /bro
47 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
48 | 
49 | #install bro-pkg
50 | RUN pip install bro-pkg
51 | RUN bro-pkg autoconfig
52 | 
53 | CMD /bin/bash -l
54 | 


--------------------------------------------------------------------------------
/2.6.3.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-11-29
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 2.6.3
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro bro ${VER}
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
27 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
28 | RUN mkdir -p /usr/share/GeoIP
29 | RUN /usr/local/bin/getmmdb.sh
30 | RUN touch /usr/share/GeoIP/.notempty
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER 2.6.3
36 | #install runtime dependencies
37 | RUN apt-get update \
38 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 python2.7-minimal \
39 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
40 | 
41 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
42 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
43 | RUN ln -s /usr/local/bro-${VER} /bro
44 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
45 | 
46 | env PATH /bro/bin/:$PATH
47 | CMD /bin/bash -l
48 | 


--------------------------------------------------------------------------------
/2.6.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | # Checkout and build Zeek
 6 | FROM debian:stretch as builder
 7 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 8 | 
 9 | ENV WD /scratch
10 | 
11 | RUN mkdir ${WD}
12 | WORKDIR /scratch
13 | 
14 | RUN apt-get update && apt-get upgrade -y && echo 2018-11-29
15 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
16 | 
17 | # Build bro
18 | ENV VER 2.6
19 | ADD ./common/buildbro ${WD}/common/buildbro
20 | RUN ${WD}/common/buildbro bro ${VER}
21 | 
22 | # get geoip data
23 | FROM debian:stretch as geogetter
24 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
25 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
26 | RUN /usr/local/bin/getmmdb.sh
27 | 
28 | 
29 | # Make final image
30 | FROM debian:stretch
31 | ENV VER 2.6
32 | #install runtime dependencies
33 | RUN apt-get update \
34 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 python2.7-minimal \
35 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
36 | 
37 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-${VER}
38 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
39 | RUN ln -s /usr/local/bro-${VER} /bro
40 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
41 | 
42 | env PATH /bro/bin/:$PATH
43 | CMD /bin/bash -l
44 | 


--------------------------------------------------------------------------------
/3.0.0-dev.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-03-02
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 3.0.0
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro zeek ${VER} Debug
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
27 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
28 | RUN /usr/local/bin/getmmdb.sh
29 | 
30 | 
31 | # Make final image
32 | FROM debian:stretch
33 | ENV VER 3.0.0
34 | ENV PATH /zeek/bin/:$PATH
35 | #install runtime dependencies
36 | RUN apt-get update \
37 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 \
38 |     python2.7-minimal python-pip python-setuptools python-wheel git \
39 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
40 | 
41 | COPY --from=builder /usr/local/zeek-${VER} /usr/local/zeek-${VER}
42 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
43 | RUN ln -s /usr/local/zeek-${VER} /bro
44 | RUN ln -s /usr/local/zeek-${VER} /zeek
45 | ADD ./common/bro_profile.sh /etc/profile.d/zeek.sh
46 | 
47 | #install bro-pkg
48 | RUN pip install bro-pkg
49 | RUN bro-pkg autoconfig
50 | 
51 | CMD /bin/bash -l
52 | 


--------------------------------------------------------------------------------
/3.0.0.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2018-11-29
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | ENV VER 3.0.0
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro zeek ${VER}
22 | 
23 | # get geoip data
24 | 
25 | FROM debian:stretch as geogetter
26 | ARG MAXMIND_LICENSE_KEY
27 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
28 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
29 | RUN mkdir -p /usr/share/GeoIP
30 | RUN /usr/local/bin/getmmdb.sh ${MAXMIND_LICENSE_KEY}
31 | # This is a workaround for the case where getmmdb.sh does not create any files.
32 | RUN touch /usr/share/GeoIP/.notempty
33 | 
34 | 
35 | # Make final image
36 | FROM debian:stretch
37 | ENV VER 3.0.0
38 | #install runtime dependencies
39 | RUN apt-get update \
40 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 python2.7-minimal \
41 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
42 | 
43 | COPY --from=builder /usr/local/zeek-${VER} /usr/local/zeek-${VER}
44 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
45 | RUN rm -f /usr/share/GeoIP/.notempty
46 | RUN ln -s /usr/local/zeek-${VER} /bro
47 | RUN ln -s /usr/local/zeek-${VER} /zeek
48 | ADD ./common/bro_profile.sh /etc/profile.d/zeek.sh
49 | 
50 | env PATH /zeek/bin/:$PATH
51 | CMD /bin/bash -l
52 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | # Checkout and build Zeek
 6 | FROM debian:bullseye as builder
 7 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 8 | 
 9 | ENV WD /scratch
10 | 
11 | RUN mkdir ${WD}
12 | WORKDIR /scratch
13 | 
14 | RUN apt-get update && apt-get upgrade -y && echo 2021-03-01
15 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl-dev libmaxminddb-dev libpcap-dev python3.9-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
16 | 
17 | ARG ZEEK_VER=4.2.0
18 | ARG BUILD_TYPE=Release
19 | ENV VER ${ZEEK_VER}
20 | ADD ./common/buildbro ${WD}/common/buildbro
21 | RUN ${WD}/common/buildbro zeek ${VER} ${BUILD_TYPE}
22 | 
23 | # For testing
24 | ADD ./common/getmmdb.sh /usr/local/getmmdb.sh
25 | ADD ./common/bro_profile.sh /usr/local/bro_profile.sh
26 | 
27 | # Get geoip data
28 | FROM debian:bullseye as geogetter
29 | ARG MAXMIND_LICENSE_KEY
30 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
31 | 
32 | # For testing
33 | #ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
34 | COPY --from=builder /usr/local/getmmdb.sh /usr/local/bin/getmmdb.sh
35 | RUN mkdir -p /usr/share/GeoIP
36 | RUN /usr/local/bin/getmmdb.sh ${MAXMIND_LICENSE_KEY}
37 | # This is a workaround for the case where getmmdb.sh does not create any files.
38 | RUN touch /usr/share/GeoIP/.notempty
39 | 
40 | # Make final image
41 | FROM debian:bullseye
42 | ARG ZEEK_VER=4.2.0
43 | ENV VER ${ZEEK_VER}
44 | #install runtime dependencies
45 | RUN apt-get update \
46 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.1 libmaxminddb0 python3.9-minimal \
47 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
48 | 
49 | COPY --from=builder /usr/local/zeek-${VER} /usr/local/zeek-${VER}
50 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
51 | RUN rm -f /usr/share/GeoIP/.notempty
52 | RUN ln -s /usr/local/zeek-${VER} /bro
53 | RUN ln -s /usr/local/zeek-${VER} /zeek
54 | 
55 | # For testing
56 | #ADD ./common/bro_profile.sh /etc/profile.d/zeek.sh
57 | COPY --from=builder /usr/local/bro_profile.sh /etc/profile.d/zeek.sh
58 | 
59 | env PATH /zeek/bin/:$PATH
60 | CMD /bin/bash -l
61 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | all: $(patsubst %.Dockerfile,build-stamp_%,$(wildcard *.Dockerfile))
 2 | 
 3 | push-stamp_%: build-stamp_%
 4 | 	docker push broplatform/bro:$(*)
 5 | 	touch $@
 6 | 
 7 | push_all: $(patsubst %.Dockerfile,push-stamp_%,$(wildcard *.Dockerfile))
 8 | 
 9 | # For older versions from 1.5 to 2.x.x, we will use the old Dockerfile
10 | build-stamp_1.%: 1.%.Dockerfile
11 | 	docker build --build-arg MAXMIND_LICENSE_KEY -t broplatform/bro:1.$(*) -f $< . 
12 | 	touch $@
13 | 
14 | build-stamp_2.%: 2.%.Dockerfile
15 | 	docker build --build-arg MAXMIND_LICENSE_KEY -t broplatform/bro:2.$(*) -f $< . 
16 | 	touch $@
17 | 
18 | # Starting from 3.0.0, we will use a single Dockerfile by passing more build-args
19 | build-stamp_%: 
20 | 	docker build --build-arg MAXMIND_LICENSE_KEY --build-arg ZEEK_VER=$(*) --build-arg BUILD_TYPE=$(BUILD_TYPE) -t broplatform/bro:$(*) -f Dockerfile . 
21 | 	touch $@
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Zeek Docker
  2 | 
  3 | ## Overview
  4 | 
  5 | The automation in this repo provides a convenient and reproducible way for
  6 | to standup a clean Zeek environment in a docker container.
  7 | 
  8 | The automation compiles Zeek from source code and installs it within a
  9 | Docker container.
 10 | 
 11 | > **NOTE**
 12 | >
 13 | > These are not the official Zeek project Docker images. If you're
 14 | > looking for these, please grab them from `zeek/zeek`
 15 | > [in Docker Hub](https://hub.docker.com/r/zeek/zeek), see
 16 | > [our documentation](https://docs.zeek.org/en/master/install.html#docker-images) for more information,
 17 | > and go [here](https://github.com/zeek/zeek/tree/master/docker) for the Docker build setup.
 18 | 
 19 | ## Install pre-requisites
 20 | 
 21 | If installing on Mac OSX, you will require the following.
 22 | 
 23 | * [Docker Desktop for Mac](https://docs.docker.com/docker-for-mac/) ([install](https://docs.docker.com/docker-for-mac/install/))
 24 | * [Homebrew](https://brew.sh/) ([install](https://brew.sh/))
 25 | 
 26 | Important! Docker Desktop for Mac uses a VM behind the scenes to host the
 27 | Docker runtime environment. By default it allocates 2 GB of RAM to the
 28 | VM. This is not enough to compile Zeek! If you try with the default RAM
 29 | allocation, you will hit a compile error that looks something like this:
 30 | 
 31 |     c++: internal compiler error: Killed (program cc1plus)
 32 |     Please submit a full bug report,
 33 |     with preprocessed source if appropriate.
 34 |     See <file:///usr/share/doc/gcc-7/README.Bugs> for instructions.
 35 | 
 36 | This is due to the VM hitting an Out Of Memory condition. To avoid this
 37 | you will need to allocate more RAM to the VM. Click on the Docker Icon in
 38 | your menubar and select "Preferences". Click on the "Advanced" tab and then
 39 | use the slider to select 8 GB of RAM (6 also works, but use 8 just in case).
 40 | Docker Desktop will restart and then you will be ready to go.
 41 | 
 42 | Due to recent changes in the way Maxmind supplies their
 43 | GeoLite2 Databases a (free) license is required to download them.
 44 | The steps to obtain the license are described in the blog post
 45 | [here](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/):
 46 | 
 47 | 1. [Sign up for a MaxMind account](https://www.maxmind.com/en/geolite2/signup) (no purchase required)
 48 | 2. Set your password and create a [license key](https://www.maxmind.com/en/accounts/current/license-key)
 49 | 3. Setup your download mechanism by using our GeoIP Update program or
 50 |    creating a [direct download script](https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads)
 51 | 
 52 | Once you have gone through all of these steps, set the MAXMIND\_LICENSE\_KEY
 53 | variable in your environment to enable direct download of the databases:
 54 | 
 55 |     $ export MAXMIND_LICENSE_KEY=<value of your license key>
 56 |     
 57 | ## Check out the code
 58 | 
 59 | Use the following command to clone this repo:
 60 | 
 61 |     git clone git@github.com:zeek/zeek-docker.git
 62 | 
 63 | ## Build your Zeek container
 64 | 
 65 | To build your Zeek container, type in the commands below:
 66 | 
 67 |     $ cd zeek-docker
 68 |     $ make build-stamp_4.2.0
 69 | 
 70 | Note: If you want to build a Debug build, you can specify BUILD_TYPE=Debug (default is Release)
 71 | 
 72 | That's it! Now watch as the wonders of automation unfold, and your
 73 | Zeek container is built. You should see something like this on your
 74 | terminal console:
 75 | 
 76 |     ...
 77 |     Step 24/24 : CMD /bin/bash -l
 78 |     ---> Running in c1263b7d2ea3
 79 |     Removing intermediate container c1263b7d2ea3
 80 |     ---> 5bc774250a9a
 81 |     Successfully built 5bc774250a9a
 82 |     Successfully tagged broplatform/bro:4.2.0
 83 |     touch build-stamp_4.2.0
 84 |     $
 85 | 
 86 | Once the container has been built, check to make sure the container image
 87 | is available in your local docker registry:
 88 | 
 89 |     $ docker images  | grep -e broplatform -e REPO
 90 |     REPOSITORY       TAG   IMAGE ID     CREATED        SIZE
 91 |     broplatform/bro  4.2.0 5bc774250a9a 8 minutes ago  215MB
 92 | 
 93 | Great! Let's fire it up!
 94 | 
 95 | ## Use your container
 96 | 
 97 | Run the following command to start your container and access it via an
 98 | interactive bash shell:
 99 | 
100 |     $ docker run -it -v `pwd`:/pcap broplatform/bro:4.2.0 /bin/bash
101 |     root@3535953ccd99:/# which zeek
102 |     /zeek/bin//zeek
103 | 
104 | Congratulations! You are up and running with Zeek!
105 | 


--------------------------------------------------------------------------------
/common/bro_profile.sh:
--------------------------------------------------------------------------------
1 | export PATH=$PATH:/bro/bin
2 | 
3 | bro-grep() {
4 |     grep -E "(^#)|$1" $2;
5 | }
6 | alias bro-column="sed \"s/fields.//;s/types.//\" | column -s $'\t' -t"
7 | 


--------------------------------------------------------------------------------
/common/buildbro:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | BRO=$1
 3 | VER=$2
 4 | BUILD_TYPE=${3-Release}
 5 | 
 6 | URL=https://download.zeek.org/${BRO}-${VER}.tar.gz
 7 | 
 8 | echo VER is $VER
 9 | echo URL is $URL
10 | echo BUILD_TYPE is $BUILD_TYPE
11 | 
12 | cd /usr/src/
13 | if [ ! -e ${BRO}-${VER}.tar.gz ] ; then 
14 |     wget -c $URL
15 | fi
16 | if [ ! -d ${BRO}-${VER} ]; then
17 |     tar xvzf ${BRO}-${VER}.tar.gz
18 | fi
19 | cd ${BRO}-${VER}
20 | ./configure --prefix=/usr/local/${BRO}-${VER} --build-type="${BUILD_TYPE}"
21 | make -j $(nproc) install
22 | 


--------------------------------------------------------------------------------
/common/buildbro-1.5:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | VER=$1
 3 | URL=$2
 4 | 
 5 | echo VER is $VER
 6 | echo URL is $URL
 7 | 
 8 | cd /tmp/
 9 | if [ ! -e bro-${VER}.tar.gz ] ; then 
10 |     wget -c $URL
11 | fi
12 | if [ ! -d bro-${VER} ]; then
13 |     tar xvzf bro-${VER}.tar.gz
14 | fi
15 | cd bro-${VER}
16 | ./configure --prefix=/usr/local/bro-${VER} --disable-broctl
17 | #This seems to fail sometimes, so retry a few times
18 | make || true
19 | make || true
20 | make || true
21 | make || true
22 | make || true
23 | make
24 | make install
25 | 


--------------------------------------------------------------------------------
/common/getgeo.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh -e 
 2 | echo "2015-01-23"
 3 | 
 4 | mkdir -p /usr/share/GeoIP/
 5 | 
 6 | wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
 7 | zcat GeoLiteCity.dat.gz > GeoIP.dat.new
 8 | mv GeoIP.dat.new /usr/share/GeoIP/GeoIPCity.dat
 9 | rm GeoLiteCity.dat.gz
10 | 
11 | wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz
12 | zcat GeoLiteCityv6.dat.gz > GeoIPCityv6.dat
13 | mv GeoIPCityv6.dat /usr/share/GeoIP/GeoIPCityv6.dat
14 | rm GeoLiteCityv6.dat.gz
15 | 
16 | #wget -N http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
17 | #zcat GeoIPASNum.dat.gz > GeoIPASNum.dat
18 | #mv GeoIPASNum.dat /usr/share/GeoIP/GeoIPASNum.dat
19 | 


--------------------------------------------------------------------------------
/common/getmmdb.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh -e 
 2 | echo "2018-09-21"
 3 | 
 4 | get_geoip_db () {
 5 |     # Fetches specified EDITION_ID db from maxmind using
 6 |     # active LICENSE_KEY.
 7 |     # 
 8 |     # This gets the latest version of the db. To get db corresponding to a
 9 |     # particular date, add the following URL paramater:
10 |     #
11 |     #   date=YYYYMMDD (e.g. 20200107)
12 |     #
13 |     # As described in [2] below, this requires an active user account
14 |     # and an associated LICENSE_KEY (free).
15 |     #
16 |     # References:
17 |     #
18 |     # [1] https://dev.maxmind.com/geoip/geoipupdate/#Direct_Downloads
19 |     # [2] https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
20 | 
21 |     EDITION_ID=$1
22 |     SUFFIX=$2
23 |     LICENSE_KEY=$3
24 | 
25 |     BASE_URL="https://download.maxmind.com/app/geoip_download"
26 |     wget "$BASE_URL?edition_id=$EDITION_ID&license_key=$LICENSE_KEY&suffix=$SUFFIX" \
27 |         -O $EDITION_ID.$SUFFIX
28 | }
29 | 
30 | 
31 | main () {
32 |     # Entry point for the script.
33 |     #
34 |     # Relies on build time environment variable: MAXMIND_LICENSE_KEY
35 |     # to be set.
36 | 
37 |     LICENSE_KEY=$1
38 | 
39 |     MD5_FILE=checksums.md5
40 |     rm -f $MD5_FILE
41 |     for DB in GeoLite2-ASN GeoLite2-City
42 |     do
43 |         get_geoip_db $DB tar.gz  $LICENSE_KEY
44 |         get_geoip_db $DB tar.gz.md5  $LICENSE_KEY
45 | 
46 |         # Create MD5 sum file for cehcking
47 |         cat $DB.tar.gz.md5 >> $MD5_FILE
48 |         echo " $DB.tar.gz" >> $MD5_FILE
49 |     done
50 | 
51 |     md5sum -c $MD5_FILE
52 | 
53 |     for DB in GeoLite2-ASN GeoLite2-City
54 |     do
55 |         tar xvzf $DB.tar.gz
56 |         rm $DB.tar.gz
57 |         mv */*.mmdb /usr/share/GeoIP
58 |     done
59 | }
60 | 
61 | # First argument to this script is the MAXMIND_LICENSE_KEY, otherwise
62 | # do nothing.
63 | if [ -z "$1" ]
64 |     then
65 |         echo "MAXMIND_LICENSE_KEY not supplied. Skipping DB download."
66 |     exit 0
67 | fi
68 | 
69 | main $1
70 | 


--------------------------------------------------------------------------------
/common/gitbro:
--------------------------------------------------------------------------------
 1 | #!/bin/bash -e
 2 | VER=$1
 3 | BUILD_TYPE=${2-Release}
 4 | 
 5 | cd bro
 6 | git pull
 7 | git checkout $VER
 8 | git reset --hard
 9 | git submodule foreach --recursive git reset --hard
10 | git checkout .
11 | git submodule foreach --recursive git submodule update
12 | git submodule foreach --recursive git checkout .
13 | ./configure --prefix=/usr/local/bro-master --build-type="${BUILD_TYPE}"
14 | make -j $(nproc)
15 | make install
16 | 


--------------------------------------------------------------------------------
/common/install-caf:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | ver=$1
 3 | 
 4 | wget github.com/actor-framework/actor-framework/archive/${ver}.tar.gz -O caf-${ver}.tar.gz
 5 | tar xzf caf-${ver}.tar.gz
 6 | rm caf-${ver}.tar.gz
 7 | 
 8 | cd actor-framework-${ver} && ./configure --prefix=/usr/local && make install
 9 | cd ..
10 | rm -rf actor-framework-${ver}
11 | 


--------------------------------------------------------------------------------
/master-dev.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2019-09-21
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | RUN git clone --recursive git://git.bro.org/bro
20 | ADD ./common/gitbro ${WD}/common/gitbro
21 | RUN ${WD}/common/gitbro 1dd0b2e2923f52d5c436df95e7cbcbb789bb33fa Debug
22 | RUN ln -s /usr/local/bro-master /bro
23 | 
24 | 
25 | # get geoip data
26 | 
27 | FROM debian:stretch as geogetter
28 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
29 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
30 | RUN /usr/local/bin/getmmdb.sh
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER master
36 | ENV PATH /bro/bin/:$PATH
37 | #install runtime dependencies
38 | RUN apt-get update \
39 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 python2.7-minimal \
40 |     python2.7-minimal python-pip python-setuptools python-wheel git \
41 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
42 | 
43 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-master
44 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
45 | RUN ln -s /usr/local/bro-${VER} /bro
46 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
47 | 
48 | 
49 | #install bro-pkg
50 | RUN pip install bro-pkg
51 | RUN bro-pkg autoconfig
52 | 
53 | CMD /bin/bash -l
54 | 


--------------------------------------------------------------------------------
/master.Dockerfile:
--------------------------------------------------------------------------------
 1 | # bro
 2 | #
 3 | # VERSION               0.1
 4 | 
 5 | FROM debian:stretch as builder
 6 | MAINTAINER Justin Azoff <justin.azoff@gmail.com>
 7 | 
 8 | ENV WD /scratch
 9 | 
10 | RUN mkdir ${WD}
11 | WORKDIR /scratch
12 | 
13 | RUN apt-get update && apt-get upgrade -y && echo 2019-09-21
14 | RUN apt-get -y install build-essential git bison flex gawk cmake swig libssl1.0-dev libmaxminddb-dev libpcap-dev python-dev libcurl4-openssl-dev wget libncurses5-dev ca-certificates zlib1g-dev --no-install-recommends
15 | 
16 | #Checkout bro
17 | 
18 | # Build bro
19 | RUN git clone --recursive git://git.bro.org/bro
20 | ADD ./common/gitbro ${WD}/common/gitbro
21 | RUN ${WD}/common/gitbro 1dd0b2e2923f52d5c436df95e7cbcbb789bb33fa
22 | RUN ln -s /usr/local/bro-master /bro
23 | 
24 | 
25 | # get geoip data
26 | 
27 | FROM debian:stretch as geogetter
28 | RUN apt-get update && apt-get -y install wget ca-certificates --no-install-recommends
29 | ADD ./common/getmmdb.sh /usr/local/bin/getmmdb.sh
30 | RUN /usr/local/bin/getmmdb.sh
31 | 
32 | 
33 | # Make final image
34 | FROM debian:stretch
35 | ENV VER master
36 | ENV PATH /bro/bin/:$PATH
37 | #install runtime dependencies
38 | RUN apt-get update \
39 |     && apt-get -y install --no-install-recommends libpcap0.8 libssl1.0.2 libmaxminddb0 python2.7-minimal \
40 |     && apt-get clean && rm -rf /var/lib/apt/lists/*
41 | 
42 | COPY --from=builder /usr/local/bro-${VER} /usr/local/bro-master
43 | COPY --from=geogetter /usr/share/GeoIP/* /usr/share/GeoIP/
44 | RUN ln -s /usr/local/bro-${VER} /bro
45 | ADD ./common/bro_profile.sh /etc/profile.d/bro.sh
46 | 
47 | CMD /bin/bash -l
48 | 


--------------------------------------------------------------------------------