Bro IDS Dockerfile
Switch branches/tags
Clone or download
Latest commit 9c94717 Aug 29, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci fix circleci Dec 2, 2017
2.4 fix version numbers Dec 9, 2017
2.5 bump to 2.5.5 Aug 29, 2018
docs add kafka docker-compose Dec 4, 2017
elastic ref #10 Feb 4, 2018
geodata pull geoip db into it's own tag Dec 24, 2016
geoip bump to 2.5.5 Aug 29, 2018
kafka fix kafka local.bro #11 May 12, 2018
master maintainer deprecated Jan 21, 2017
pcap Adding HeartBleed Pcap May 15, 2014
pkg update to 2.5.3 Feb 15, 2018
redis update to 2.5.3 Feb 15, 2018
scripts working on pkg tag Jun 28, 2017
tests should fix #11 May 12, 2018
.gitignore add kafka test Dec 4, 2017
.gitmodules fix subs Feb 19, 2017
CHANGELOG.md update CHANGELOG Sep 3, 2017
LATEST adding redis plugin Sep 3, 2017
LICENSE update LICENSE Sep 3, 2017
Makefile add kafka test Dec 4, 2017
README.md update to 2.5.3 Feb 15, 2018
docker-compose.ci.yml working on pkg tag Jun 28, 2017
docker-compose.elastic.yml add kafka docker-compose Dec 4, 2017
docker-compose.kafka.yml don't use localhost Dec 4, 2017
docker-compose.redis.yml fix redis compose Dec 4, 2017
docker-compose.yml update scripts Nov 1, 2015

README.md

bro-logo

Bro IDS Dockerfile

CircleCI License Docker Stars Docker Pulls Docker Image

This repository contains a Dockerfile of Bro-IDS blacktop/bro.

Table of Contents

Dependencies

Image Tags

$ docker images

REPOSITORY          TAG           SIZE
blacktop/bro        latest        22.2MB
blacktop/bro        2.5           22.2MB
blacktop/bro        pkg           107MB
blacktop/bro        elastic       67.4MB
blacktop/bro        redis         60.1MB
blacktop/bro        geoip         55.97MB
blacktop/bro        kafka         30.6MB
blacktop/bro        2.4.1         16.68MB
blacktop/bro        2.4           16.68MB

NOTE:

  • tag pkg is the same as tag 2.5, but includes the Bro Package Manager
  • tag elastic is the same as tag 2.5, but includes the elasticsearch plugin and the GeoIP database
  • tag redis is the same as tag 2.5, but includes the redis plugin and the GeoIP database
  • tag geoip is the same as tag 2.5, but includes the GeoIP database
  • tag kafka is the same as tag 2.5, but includes the kafka plugin
  • all tags include the af_packet plugin

Installation

  1. Install Docker.
  2. Download trusted build from public Docker Registry: docker pull blacktop/bro

Getting Started

$ wget https://github.com/blacktop/docker-bro/raw/master/pcap/heartbleed.pcap
$ wget https://github.com/blacktop/docker-bro/raw/master/scripts/local.bro
$ docker run --rm \
         -v `pwd`:/pcap \
         -v `pwd`/local.bro:/usr/local/share/bro/site/local.bro \  # All default modules loaded
         blacktop/bro -r heartbleed.pcap local "Site::local_nets += { 192.168.11.0/24 }"
$ ls -l

-rw-r--r--  1 blacktop  staff   635B Jul 30 12:11 conn.log
-rw-r--r--  1 blacktop  staff   754B Jul 30 12:11 files.log
-rw-r--r--  1 blacktop  staff   384B Jul 30 12:11 known_certs.log
-rw-r--r--  1 blacktop  staff   239B Jul 30 12:11 known_hosts.log
-rw-r--r--  1 blacktop  staff   271B Jul 30 12:11 known_services.log
-rw-r--r--  1 blacktop  staff    17K Jul 30 12:11 loaded_scripts.log
-rw-r--r--  1 blacktop  staff   1.9K Jul 30 12:11 notice.log <====== NOTICE
-rw-r--r--  1 blacktop  staff   253B Jul 30 12:11 packet_filter.log
-rw-r--r--  1 blacktop  staff   1.2K Jul 30 12:11 ssl.log
-rw-r--r--  1 blacktop  staff   901B Jul 30 12:11 x509.log
$ cat notice.log | awk '{ print $11 }' | tail -n4

Heartbleed::SSL_Heartbeat_Attack
Heartbleed::SSL_Heartbeat_Odd_Length
Heartbleed::SSL_Heartbeat_Attack_Success

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

Credits

Alpine conversion heavily (if not entirely) influenced by https://github.com/nizq/docker-bro

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2015-2018 blacktop