telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Continue cleaning up and update documentation

Browse Source
This commit is contained in:
Marco Ochse
2017-10-23 14:56:37 +02:00
parent 50d1c212ad
commit fb37cb6152
21 changed files with 94 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docker/suricata/README.md
View File

@ -1,31 +1,15 @@
[![](https://images.microbadger.com/badges/version/dtagdevsec/suricata:1706.svg)](https://microbadger.com/images/dtagdevsec/suricata:1706 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/suricata:1706.svg)](https://microbadger.com/images/dtagdevsec/suricata:1706 "Get your own image badge on microbadger.com")
[![](https://images.microbadger.com/badges/version/dtagdevsec/suricata:1710.svg)](https://microbadger.com/images/dtagdevsec/suricata:1710 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/dtagdevsec/suricata:1710.svg)](https://microbadger.com/images/dtagdevsec/suricata:1710 "Get your own image badge on microbadger.com")
# dockerized suricata
[suricata](http://suricata-ids.org/) is a Network IDS, IPS and Network Security Monitoring engine.
This repository contains the necessary files to create a *dockerized* version of suricata.
This dockerized version is part of the **[T-Pot community honeypot](http://dtag-dev-sec.github.io/)** of Deutsche Telekom AG.
The `Dockerfile` contains the blueprint for the dockerized suricata and will be used to setup the docker image.
The `suricata.yaml` is tailored to fit the T-Pot environment.
The `supervisord.conf` is used to start suricata under supervision of supervisord.
Using systemd, copy the `systemd/suricata.service` to `/etc/systemd/system/suricata.service` and start using
```
systemctl enable suricata
systemctl start suricata
```
This will make sure that the docker container is started with the appropriate permissions and port mappings. Further, it autostarts during boot.
By default all data will be stored in `/data/suricata/` until the service will be restarted which is by default every 24 hours. If you want to keep data persistently simply edit the ``service`` file, find the line that contains ``clean.sh`` and set the option from ``off`` to ``on``. Be advised to establish some sort of log management if you wish to do so.
The `docker-compose.yml` contains the necessary settings to test suricata using `docker-compose`. This will ensure to start the docker container with the appropriate permissions.
# Suricata Dashboard
![Suricata Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/suricata/master/doc/dashboard.png)
![Suricata Dashboard](https://raw.githubusercontent.com/dtag-dev-sec/tpotce/master/docker/suricata/doc/dashboard.png)

BIN
docker/suricata/doc/dashboard.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 781 KiB

After

Width:  |  Height:  |  Size: 542 KiB

18
docker/suricata/docker-compose.yml Normal file
View File

@ -0,0 +1,18 @@
# T-Pot (Standard)
# For docker-compose ...
version: '2.1'
services:
# Suricata service
suricata:
container_name: suricata
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
image: "dtagdevsec/suricata:1710"
volumes:
- /data/suricata/log:/var/log/suricata