STRLCPY/LogonTracer

Added files for docker compose with Elasticsearch
shusei tomonaga committed 4 years ago

0611d49c

1 parent 394bbc17

■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/LogonTracer/build/Dockerfile

1	+	FROM python:3.7.8-slim-buster
2	+
3	+	RUN set -ex \
4	+	\
5	+	&& savedAptMark="$(apt-mark showmanual)" \
6	+	&& apt-get update \
7	+	&& apt-get install -y --no-install-recommends git \
8	+	dpkg-dev \
9	+	gcc \
10	+	libssl-dev \
11	+	make
12	+
13	+	## LogonTracer install
14	+	WORKDIR /usr/local/src
15	+
16	+	RUN git clone https://github.com/JPCERTCC/LogonTracer.git \
17	+	&& chmod 777 LogonTracer \
18	+	&& chmod 777 LogonTracer/static \
19	+	&& cd LogonTracer \
20	+	&& pip install cython \
21	+	&& pip install numpy \
22	+	&& pip install scipy==1.2.1 \
23	+	&& pip install statsmodels==0.10.2 \
24	+	&& pip install -r requirements.txt \
25	+	&& sed -i 's/\" -s \" + NEO4J_SERVER/\" -s neo4j\"/g' logontracer.py \
26	+	&& sed -i 's/+ NEO4J_SERVER +/+ \"neo4j\" +/g' logontracer.py \
27	+	&& sed -i 's/host=NEO4J_SERVER/host=\"neo4j\"/g' logontracer.py
28	+
29	+	## Create setup file
30	+	WORKDIR /usr/local/src
31	+
32	+	RUN echo "#!/bin/bash" > run.sh \
33	+	&& echo "sleep 60" >> run.sh \
34	+	&& echo "cd /usr/local/src/LogonTracer" >> run.sh \
35	+	&& echo "python logontracer.py -r -o 8080 -u neo4j -p password -s \${LTHOSTNAME}" >> run.sh \
36	+	&& chmod 755 run.sh
37	+
38	+	EXPOSE 8080
39	+
40	+	CMD ["/usr/local/src/run.sh"]
41	+

■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/README.md

1	+	# Docker Compose for LogonTracer
2	+
3	+	Please check the wiki for more details.
4	+	https://github.com/JPCERTCC/LogonTracer/wiki/setup-with-docker-compose
5	+
6	+	## Usage
7	+	```shell
8	+	$ docker-compose build
9	+	$ docker-compose up -d
10	+	```
11	+

■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/docker-compose.yml

1	+	version: "3"
2	+	services:
3	+	neo4j:
4	+	container_name: neo4j
5	+	image: neo4j:4.1.1
6	+	# Using volumes slows down the container.
7	+	#volumes:
8	+	# - ./neo4j/data:/data
9	+	# - ./neo4j/logs:/logs
10	+	# - ./neo4j/conf:/conf
11	+	# Set when sync container and local time
12	+	# - /etc/localtime:/etc/localtime:ro
13	+	ports:
14	+	- "7474:7474"
15	+	- "7687:7687"
16	+	environment:
17	+	- NEO4J_dbms_default__database=neo4j
18	+	- NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:7687
19	+	- NEO4J_dbms_connector_http_listen__address=0.0.0.0:7474
20	+	# Performance tuning for JVM neo4j
21	+	# See more details: https://neo4j.com/developer/guide-performance-tuning/
22	+	# - NEO4J_dbms_memory_heap_max__size=4G
23	+	# - NEO4J_dbms_memory_heap_initial__size=2G
24	+	# - NEO4j_dbms_memory_pagecache_size=20G
25	+	# set default neo4j password
26	+	- NEO4J_AUTH=neo4j/password
27	+	networks:
28	+	- neo4j-network
29	+
30	+	logontracer:
31	+	container_name: logontracer
32	+	build: ./LogonTracer/build
33	+	image: logontracer:latest
34	+	depends_on:
35	+	- neo4j
36	+	#volumes:
37	+	# Set when sync container and local time
38	+	# - /etc/localtime:/etc/localtime:ro
39	+	ports:
40	+	- "8080:8080"
41	+	environment:
42	+	- LTHOSTNAME=localhost
43	+	networks:
44	+	- neo4j-network
45	+
46	+	elasticsearch:
47	+	container_name: elasticsearch
48	+	image: docker.elastic.co/elasticsearch/elasticsearch:7.9.0
49	+	volumes:
50	+	- ./elasticsearch/data:/usr/share/elasticsearch/data
51	+	- ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
52	+	environment:
53	+	- bootstrap.memory_lock=true
54	+	- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
55	+	ports:
56	+	- 9200:9200
57	+	expose:
58	+	- 9300
59	+	ulimits:
60	+	memlock:
61	+	soft: -1
62	+	hard: -1
63	+	nofile:
64	+	soft: 65536
65	+	hard: 65536
66	+	networks:
67	+	- neo4j-network
68	+
69	+	kibana:
70	+	container_name: kibana
71	+	image: docker.elastic.co/kibana/kibana:7.9.0
72	+	volumes:
73	+	- ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
74	+	ports:
75	+	- 5601:5601
76	+	networks:
77	+	- neo4j-network
78	+
79	+	networks:
80	+	neo4j-network:
81	+	external: true
82	+

■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/elasticsearch/config/elasticsearch.yml

1	+	node.name: node-1
2	+	network.host: 0.0.0.0
3	+	http.port: 9200
4	+	cluster.initial_master_nodes: ["node-1"]
5	+	xpack.ml.enabled: false
6	+	xpack.security.enabled: false
7	+	xpack.security.transport.ssl.enabled: true
8	+	xpack.security.audit.enabled: true
9	+

■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/elasticsearch/data/.gitkeep

1 +

All occurrences
■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/kibana/config/kibana.yml

1 + server.port: 5601
2 + server.host: "0.0.0.0"
3 + elasticsearch.hosts: ["http://elasticsearch:9200"]
4 + elasticsearch.username: elastic
5 + elasticsearch.password: password
6 +

All occurrences
■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/neo4j/conf/.gitkeep

1 +

All occurrences
■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/neo4j/data/.gitkeep

1 +

All occurrences
■ ■ ■ ■ ■ ■

docker-compose-with-elasticstack/neo4j/logs/.gitkeep

1 +

All occurrences

1	+	server.port: 5601
2	+	server.host: "0.0.0.0"
3	+	elasticsearch.hosts: ["http://elasticsearch:9200"]
4	+	elasticsearch.username: elastic
5	+	elasticsearch.password: password
6	+

Added files for docker compose with Elasticsearch