mirror of
https://github.com/jessfraz/dockerfiles.git
synced 2024-11-27 04:16:45 +01:00
cleanup
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
This commit is contained in:
parent
bef9274fae
commit
3af9cb6a35
|
@ -1,7 +1,10 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
lkp install ./jobs/hackbench-100.yaml
|
echo "Installing dependencies for hackbench..."
|
||||||
|
yes | lkp install ./jobs/hackbench-100.yaml
|
||||||
|
|
||||||
lkp run ./jobs/hackbench-100.yaml
|
echo "Running hackbench..."
|
||||||
|
yes | lkp run ./jobs/hackbench-100.yaml
|
||||||
|
|
||||||
lkp result hackbench
|
echo "Getting result from hackbench..."
|
||||||
|
lkp stat hackbench
|
||||||
|
|
|
@ -1,75 +0,0 @@
|
||||||
FROM debian:stretch
|
|
||||||
LABEL maintainer "Jessie Frazelle <jess@linux.com>"
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y \
|
|
||||||
ca-certificates \
|
|
||||||
libcrypt-ssleay-perl \
|
|
||||||
libio-socket-ssl-perl \
|
|
||||||
libpcap0.8 \
|
|
||||||
libwww-perl \
|
|
||||||
perl \
|
|
||||||
zlib1g \
|
|
||||||
--no-install-recommends \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
ENV DAQ_VERSION 2.0.6
|
|
||||||
ENV LIBDNET_VERSION 1.12
|
|
||||||
ENV SNORT_VERSION 2.9.9.0
|
|
||||||
ENV PULLEDPORK_VERSION 0.7.2
|
|
||||||
|
|
||||||
RUN buildDeps=' \
|
|
||||||
curl \
|
|
||||||
bison \
|
|
||||||
build-essential \
|
|
||||||
file \
|
|
||||||
flex \
|
|
||||||
libpcap-dev \
|
|
||||||
libpcre3-dev \
|
|
||||||
zlib1g-dev \
|
|
||||||
' \
|
|
||||||
&& set -x \
|
|
||||||
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
|
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
|
||||||
&& curl -sSL "https://www.snort.org/downloads/snort/daq-${DAQ_VERSION}.tar.gz" -o /tmp/daq.tar.gz \
|
|
||||||
&& mkdir -p /usr/src/daq \
|
|
||||||
&& tar -xzf /tmp/daq.tar.gz -C /usr/src/daq --strip-components=1 \
|
|
||||||
&& rm /tmp/daq.tar.gz \
|
|
||||||
&& ( \
|
|
||||||
cd /usr/src/daq \
|
|
||||||
&& ./configure \
|
|
||||||
&& make \
|
|
||||||
&& make install \
|
|
||||||
) \
|
|
||||||
&& curl -sSL "https://github.com/dugsong/libdnet/archive/libdnet-${LIBDNET_VERSION}.tar.gz" -o /tmp/libdnet.tar.gz \
|
|
||||||
&& mkdir -p /usr/src/libdnet \
|
|
||||||
&& tar -xzf /tmp/libdnet.tar.gz -C /usr/src/libdnet --strip-components=1 \
|
|
||||||
&& rm /tmp/libdnet.tar.gz \
|
|
||||||
&& ( \
|
|
||||||
cd /usr/src/libdnet \
|
|
||||||
&& ./configure \
|
|
||||||
--prefix=/usr \
|
|
||||||
&& make \
|
|
||||||
&& make install \
|
|
||||||
) \
|
|
||||||
&& curl -sSL "https://www.snort.org/downloads/snort/snort-${SNORT_VERSION}.tar.gz" -o /tmp/snort.tar.gz \
|
|
||||||
&& mkdir -p /usr/src/snort \
|
|
||||||
&& tar -xzf /tmp/snort.tar.gz -C /usr/src/snort --strip-components=1 \
|
|
||||||
&& rm /tmp/snort.tar.gz \
|
|
||||||
&& ( \
|
|
||||||
cd /usr/src/snort \
|
|
||||||
&& ./configure \
|
|
||||||
--enable-sourcefire \
|
|
||||||
&& make \
|
|
||||||
&& make install \
|
|
||||||
) \
|
|
||||||
&& curl -sSL "https://github.com/shirkdog/pulledpork/archive/${PULLEDPORK_VERSION}.tar.gz" -o /tmp/pulledpork.tar.gz \
|
|
||||||
&& mkdir -p /usr/src/pulledpork \
|
|
||||||
&& tar -xzf /tmp/pulledpork.tar.gz -C /usr/src/pulledpork --strip-components=1 \
|
|
||||||
&& rm /tmp/pulledpork.tar.gz \
|
|
||||||
&& apt-get purge -y --auto-remove $buildDeps
|
|
||||||
|
|
||||||
COPY init.sh /usr/local/bin/init.sh
|
|
||||||
COPY update-rules.sh /usr/local/bin/update-rules.sh
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/local/bin/init.sh"]
|
|
||||||
CMD ["snort"]
|
|
|
@ -1,32 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# Entry point script to make sure external volumes are properly prepped.
|
|
||||||
# Expects:
|
|
||||||
# -e INTERFACE - sniffing interface ON THE HOST
|
|
||||||
# -e INSTANCE - the name of the per-interface instance to support multiple configs per interface
|
|
||||||
# -e SENSOR_IP - the IP of the HOST
|
|
||||||
# -e OPTS - additional options to pass to snort
|
|
||||||
# -e HOMENET - to override HOME_NET setting in snort.conf
|
|
||||||
set -e
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
if [[ "$1" == "snort" ]]; then
|
|
||||||
LOGDIR=/data/$INSTANCE/logs/$HOSTNAME
|
|
||||||
[ -d $LOGDIR ] || mkdir -p $LOGDIR
|
|
||||||
|
|
||||||
CONFDIR=/usr/src/snort/etc
|
|
||||||
CONFIG=$CONFDIR/snort.conf
|
|
||||||
RULES=$CONFDIR/rules
|
|
||||||
|
|
||||||
if [[ -z "$DISABLE_PULLEDPORK" ]]; then
|
|
||||||
/usr/local/bin/update-rules.sh
|
|
||||||
OPTS="$OPTS -S RULES_FILE=snort.$HOSTNAME.rules"
|
|
||||||
fi
|
|
||||||
|
|
||||||
[[ -z "$HOMENET" ]] || OPTS="$OPTS -S HOME_NET=$HOMENET"
|
|
||||||
[[ -z "$SENSOR_IP" ]] || OPTS="$OPTS -S SENSOR_IP=$SENSOR_IP"
|
|
||||||
|
|
||||||
exec snort -m 027 -d -l $LOGDIR $OPTS -c $CONFIG -i $INTERFACE
|
|
||||||
fi
|
|
||||||
|
|
||||||
exec "$@"
|
|
|
@ -1,59 +0,0 @@
|
||||||
#! /bin/bash
|
|
||||||
#
|
|
||||||
# Wrapper script around pulledpork to update rules.
|
|
||||||
set -e
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
PULLEDPORK_CONF="/usr/src/pulledpork/etc/pulledpork.conf"
|
|
||||||
ENABLESID_CONF="/usr/src/pulledpork/etc/enablesid.conf"
|
|
||||||
DISABLESID_CONF="/usr/src/pulledpork/etc/disablesid.conf"
|
|
||||||
DROPSID_CONF="/usr/src/pulledpork/etc/dropsid.conf"
|
|
||||||
MODIFYSID_CONF="/usr/src/pulledpork/etc/modifysid.conf"
|
|
||||||
|
|
||||||
BLACKLIST_URL="http://www.talosintelligence.com/feeds/ip-filter.blf"
|
|
||||||
mkdir -p /usr/local/etc/snort/rules/iplists
|
|
||||||
|
|
||||||
VRT_RULE_URL="https://www.snort.org/rules/|snortrules-snapshot.tar.gz"
|
|
||||||
ET_OPEN_RULE_URL="https://rules.emergingthreatspro.com/|emerging.rules.tar.gz"
|
|
||||||
|
|
||||||
PP_ARGS="/usr/src/pulledpork/pulledpork.pl -c ${PULLEDPORK_CONF} -P"
|
|
||||||
PP_ARGS="${PP_ARGS} -u ${BLACKLIST_URL}|IPBLACKLIST|open"
|
|
||||||
|
|
||||||
check_for_file() {
|
|
||||||
echo -n "Checking for file $1: "
|
|
||||||
if [[ -e "$1" ]]; then
|
|
||||||
echo "found."
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
echo "not found."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
if [[ -z "${OINKCODE}" ]]; then
|
|
||||||
echo "warning: OINKCODE variable not set: using ET open rules."
|
|
||||||
RULE_URL=${ET_OPEN_RULE_URL}
|
|
||||||
OINKCODE="open"
|
|
||||||
else
|
|
||||||
RULE_URL=${VRT_RULE_URL}
|
|
||||||
fi
|
|
||||||
PP_ARGS="${PP_ARGS} -u ${RULE_URL}|${OINKCODE}"
|
|
||||||
|
|
||||||
if check_for_file ${ENABLESID_CONF}; then
|
|
||||||
PP_ARGS="${PP_ARGS} -e ${ENABLESID_CONF}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if check_for_file ${DISABLESID_CONF}; then
|
|
||||||
PP_ARGS="${PP_ARGS} -i ${DISABLESID_CONF}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if check_for_file ${DROPSID_CONF}; then
|
|
||||||
PP_ARGS="${PP_ARGS} -b ${DROPSID_CONF}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if check_for_file ${MODIFYSID_CONF}; then
|
|
||||||
PP_ARGS="${PP_ARGS} -M ${MODIFYSID_CONF}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Running ${PP_ARGS}."
|
|
||||||
${PP_ARGS}
|
|
Loading…
Reference in New Issue
Block a user