diff --git a/lkp-tests/run.sh b/lkp-tests/run.sh index e1b885b..d02e9b9 100755 --- a/lkp-tests/run.sh +++ b/lkp-tests/run.sh @@ -1,7 +1,10 @@ #!/bin/sh -lkp install ./jobs/hackbench-100.yaml +echo "Installing dependencies for hackbench..." +yes | lkp install ./jobs/hackbench-100.yaml -lkp run ./jobs/hackbench-100.yaml +echo "Running hackbench..." +yes | lkp run ./jobs/hackbench-100.yaml -lkp result hackbench +echo "Getting result from hackbench..." +lkp stat hackbench diff --git a/snort/Dockerfile b/snort/Dockerfile deleted file mode 100644 index 0d9f8dc..0000000 --- a/snort/Dockerfile +++ /dev/null @@ -1,75 +0,0 @@ -FROM debian:stretch -LABEL maintainer "Jessie Frazelle " - -RUN apt-get update && apt-get install -y \ - ca-certificates \ - libcrypt-ssleay-perl \ - libio-socket-ssl-perl \ - libpcap0.8 \ - libwww-perl \ - perl \ - zlib1g \ - --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* - -ENV DAQ_VERSION 2.0.6 -ENV LIBDNET_VERSION 1.12 -ENV SNORT_VERSION 2.9.9.0 -ENV PULLEDPORK_VERSION 0.7.2 - -RUN buildDeps=' \ - curl \ - bison \ - build-essential \ - file \ - flex \ - libpcap-dev \ - libpcre3-dev \ - zlib1g-dev \ - ' \ - && set -x \ - && apt-get update && apt-get install -y $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && curl -sSL "https://www.snort.org/downloads/snort/daq-${DAQ_VERSION}.tar.gz" -o /tmp/daq.tar.gz \ - && mkdir -p /usr/src/daq \ - && tar -xzf /tmp/daq.tar.gz -C /usr/src/daq --strip-components=1 \ - && rm /tmp/daq.tar.gz \ - && ( \ - cd /usr/src/daq \ - && ./configure \ - && make \ - && make install \ - ) \ - && curl -sSL "https://github.com/dugsong/libdnet/archive/libdnet-${LIBDNET_VERSION}.tar.gz" -o /tmp/libdnet.tar.gz \ - && mkdir -p /usr/src/libdnet \ - && tar -xzf /tmp/libdnet.tar.gz -C /usr/src/libdnet --strip-components=1 \ - && rm /tmp/libdnet.tar.gz \ - && ( \ - cd /usr/src/libdnet \ - && ./configure \ - --prefix=/usr \ - && make \ - && make install \ - ) \ - && curl -sSL "https://www.snort.org/downloads/snort/snort-${SNORT_VERSION}.tar.gz" -o /tmp/snort.tar.gz \ - && mkdir -p /usr/src/snort \ - && tar -xzf /tmp/snort.tar.gz -C /usr/src/snort --strip-components=1 \ - && rm /tmp/snort.tar.gz \ - && ( \ - cd /usr/src/snort \ - && ./configure \ - --enable-sourcefire \ - && make \ - && make install \ - ) \ - && curl -sSL "https://github.com/shirkdog/pulledpork/archive/${PULLEDPORK_VERSION}.tar.gz" -o /tmp/pulledpork.tar.gz \ - && mkdir -p /usr/src/pulledpork \ - && tar -xzf /tmp/pulledpork.tar.gz -C /usr/src/pulledpork --strip-components=1 \ - && rm /tmp/pulledpork.tar.gz \ - && apt-get purge -y --auto-remove $buildDeps - -COPY init.sh /usr/local/bin/init.sh -COPY update-rules.sh /usr/local/bin/update-rules.sh - -ENTRYPOINT ["/usr/local/bin/init.sh"] -CMD ["snort"] diff --git a/snort/init.sh b/snort/init.sh deleted file mode 100755 index c20f057..0000000 --- a/snort/init.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# -# Entry point script to make sure external volumes are properly prepped. -# Expects: -# -e INTERFACE - sniffing interface ON THE HOST -# -e INSTANCE - the name of the per-interface instance to support multiple configs per interface -# -e SENSOR_IP - the IP of the HOST -# -e OPTS - additional options to pass to snort -# -e HOMENET - to override HOME_NET setting in snort.conf -set -e -set -o pipefail - -if [[ "$1" == "snort" ]]; then - LOGDIR=/data/$INSTANCE/logs/$HOSTNAME - [ -d $LOGDIR ] || mkdir -p $LOGDIR - - CONFDIR=/usr/src/snort/etc - CONFIG=$CONFDIR/snort.conf - RULES=$CONFDIR/rules - - if [[ -z "$DISABLE_PULLEDPORK" ]]; then - /usr/local/bin/update-rules.sh - OPTS="$OPTS -S RULES_FILE=snort.$HOSTNAME.rules" - fi - - [[ -z "$HOMENET" ]] || OPTS="$OPTS -S HOME_NET=$HOMENET" - [[ -z "$SENSOR_IP" ]] || OPTS="$OPTS -S SENSOR_IP=$SENSOR_IP" - - exec snort -m 027 -d -l $LOGDIR $OPTS -c $CONFIG -i $INTERFACE -fi - -exec "$@" diff --git a/snort/update-rules.sh b/snort/update-rules.sh deleted file mode 100755 index 09448df..0000000 --- a/snort/update-rules.sh +++ /dev/null @@ -1,59 +0,0 @@ -#! /bin/bash -# -# Wrapper script around pulledpork to update rules. -set -e -set -o pipefail - -PULLEDPORK_CONF="/usr/src/pulledpork/etc/pulledpork.conf" -ENABLESID_CONF="/usr/src/pulledpork/etc/enablesid.conf" -DISABLESID_CONF="/usr/src/pulledpork/etc/disablesid.conf" -DROPSID_CONF="/usr/src/pulledpork/etc/dropsid.conf" -MODIFYSID_CONF="/usr/src/pulledpork/etc/modifysid.conf" - -BLACKLIST_URL="http://www.talosintelligence.com/feeds/ip-filter.blf" -mkdir -p /usr/local/etc/snort/rules/iplists - -VRT_RULE_URL="https://www.snort.org/rules/|snortrules-snapshot.tar.gz" -ET_OPEN_RULE_URL="https://rules.emergingthreatspro.com/|emerging.rules.tar.gz" - -PP_ARGS="/usr/src/pulledpork/pulledpork.pl -c ${PULLEDPORK_CONF} -P" -PP_ARGS="${PP_ARGS} -u ${BLACKLIST_URL}|IPBLACKLIST|open" - -check_for_file() { - echo -n "Checking for file $1: " - if [[ -e "$1" ]]; then - echo "found." - return 0 - else - echo "not found." - return 1 - fi -} - -if [[ -z "${OINKCODE}" ]]; then - echo "warning: OINKCODE variable not set: using ET open rules." - RULE_URL=${ET_OPEN_RULE_URL} - OINKCODE="open" -else - RULE_URL=${VRT_RULE_URL} -fi -PP_ARGS="${PP_ARGS} -u ${RULE_URL}|${OINKCODE}" - -if check_for_file ${ENABLESID_CONF}; then - PP_ARGS="${PP_ARGS} -e ${ENABLESID_CONF}" -fi - -if check_for_file ${DISABLESID_CONF}; then - PP_ARGS="${PP_ARGS} -i ${DISABLESID_CONF}" -fi - -if check_for_file ${DROPSID_CONF}; then - PP_ARGS="${PP_ARGS} -b ${DROPSID_CONF}" -fi - -if check_for_file ${MODIFYSID_CONF}; then - PP_ARGS="${PP_ARGS} -M ${MODIFYSID_CONF}" -fi - -echo "Running ${PP_ARGS}." -${PP_ARGS}