Skip to content

Latest commit

 

History

History
61 lines (43 loc) · 2.52 KB

Docker Usage.md

File metadata and controls

61 lines (43 loc) · 2.52 KB
Raw

Docker Usage

You can run RITA using Docker! You have several options depending on your specific needs.

  • Running RITA with Docker Compose - This is the simplest option and requires the least setup. You will have to provide your own Bro logs.
  • Running RITA with Docker Using External Mongo - This option is useful if you do not want to use Docker Compose or you have an external Mongo server you wish to use.
  • Using Docker to Build RITA - You can use Docker to build a standalone RITA binary that runs on any Linux 64-bit CPU. This is useful if you want a portable binary but don't want to use Docker to actually run RITA.

Obtaining the RITA Docker Image

The easiest way is to pull down the pre-built image.

docker pull quay.io/activecm/rita

You can also build the image from source.

docker build -t quay.io/activecm/rita .

Running RITA with Docker Compose

You will need a config file where you have put in your InternalSubnets. You will also need the path to your Bro/Zeek log files.

export CONIFG=/path/to/your/rita/config.yaml
export LOGS=/path/to/your/zeek/logs
docker-compose run --rm rita import /logs your-dataset

Note: If you'd like to use a different version of RITA than the default latest you can do so using the RITA_VERSION variable.

export VERSION=v3.0.6
docker-compose run --rm rita --version

Running RITA with Docker Using External Mongo

If you don't need/want the convenience of Docker Compose running the Mongo server for you, you can also use RITA without it. You will need to modify RITA's config file to point to your external Mongo server and invoke RITA like this:

docker run -it --rm \
	-v /path/to/your/bro/logs:/logs:ro \
	-v /path/to/your/rita/config.yaml:/etc/rita/config.yaml:ro \
	quay.io/activecm/rita import /logs your-dataset

Using Docker to Build RITA

You can use Docker to build a statically linked RITA binary for you. This binary should be portable between Linux 64-bit systems. Once you've obtained the RITA docker image (see the "Obtaining the RITA Docker Image" section above) you can run the following commands to copy the binary to your host system.

docker create --name rita quay.io/activecm/rita
docker cp rita:/rita ./rita
docker rm rita

Note that you will have to manually install the config.yaml files into /etc/rita/ as well as create any directories referenced inside the config.yaml file.