Bro Live! A Bro training/learning environment.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
configs
dockerfiles
README.md
sample-exercises.sh

README.md

Official repository of the Bro Live! scripts.

Bro Live! is a Bro training system that is built upon Jon Schipp's Linux-based sandbox training system.

Installation

Must have at least Docker 1.2+ to run our official Brolive Docker image because it requires adding extra capabilities(7) to the container (NET_RAW).

If you're using a recent Ubuntu then the entire process is taken care of in the following example:

apt-get install sqlite make
git clone https://github.com/jonschipp/islet
cd islet
make bro-training

Manual

If you're not running Debian/Ubuntu then you will have to either

  • Install latest Docker from source
  • Install distribution's Docker package and build your own image

after install sqlite3 and make and then run the following commands

git clone https://github.com/jonschipp/islet
cd islet
make install
make user-config
make security-config

If you're running Docker 1.2+ then use the following command to install the Brolive image with network capabilities for Bro.

cd islet
make install-brolive-config

Exercises

Place exercises e.g. PCAP's, bro scripts, etc. in the /exercises directory on the host. The /exercises directory is mounted read only in the container as /exercises and changes to the files, or contents of the directory, are immediately available to all container users.

Sample Exercises

To install the BroCon14 exercise set run the following command:

./sample-exercises.sh

Administration

Referring you to the documentation

Use

Give your students the host IP or domain to ssh to. Default password is demo.

ssh demo@islet.server.org

Demo

Here's a brief demonstration:

        $ ssh demo@live.bro.org

        Welcome to Bro Live!
        ====================

            -----------
          /             \
         |  (   (0)   )  |
         |            // |
          \     <====// /
            -----------

        A place to try out Bro.

        Are you a new or existing user? [new/existing]: new

        A temporary account will be created so that you can resume your session. Account is valid for the length of the event.

        Choose a username [a-zA-Z0-9]: jon
        Your username is jon
        Choose a password:
        Verify your password:
        Your account will expire on Fri 29 Aug 2014 07:40:11 PM UTC

        Enjoy yourself!
        Training materials are located in /exercises.
        e.g. $ bro -r /exercises/beginner/http.pcap

        demo@bro:~$ pwd
        /home/demo
        demo@bro:~$ which bro
        /usr/local/bro/bin/bro

BroLive! Image Usability Notes

  • Bro is installed in /opt/bro
  • /home/demo/exercises is a symlink to /exercises
  • screen, tmux, gawk, nano, vim, and emacs are installed
  • Bro helper shell functions are in the environment
  • To use broctl, edit /opt/bro/etc/node.cfg with the correct interface. Probably lo since networking is disabled by default.