forked from tatsuiman/rpot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
86 lines (76 loc) · 2.45 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
version: '3.4'
volumes:
es-data: # elasticsearch data
json-data: # suricata json input
rules-data: # scirius rules
networks:
frontend:
backend:
services:
bro:
image: tatsui/bro
build: ./bro
environment:
#MODE: "quick"
MODE: "standard"
volumes:
- ./pcap:/pcap
- ./extract_files/:/extract_files/
- ./bro/bro_config:/bro_config
depends_on: [ 'elasticsearch' , 'logstash', 'kafka']
networks: ['backend']
manager:
image: tatsui/rpot-manager
build: manager
volumes:
- ./manager/kibana-dashboards:/kibana-dashboards
depends_on: [ 'elasticsearch' , 'kibana' ,'kafka', 'logstash']
networks: ['backend']
command: bash -c "/entrypoint-import.sh"
#command: bash -c "/entrypoint-export.sh"
zookeeper:
image: wurstmeister/zookeeper
networks: ['backend']
kafka:
image: wurstmeister/kafka
ports: [ '127.0.01:9092:9092' ]
environment:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_ADVERTISED_HOST_NAME: kafka
depends_on: ['zookeeper']
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks: ['backend']
logstash:
image: tatsui/logstash-kafka-bro
build: logstash
volumes:
- ./logstash/pipeline/logstash-bro.conf:/usr/share/logstash/pipeline/logstash.conf # client -> server
#- ./logstash/pipeline/logstash-bro-quick.conf:/usr/share/logstash/pipeline/logstash.conf # client -> server (blacklist)
#- ./logstash/pipeline/logstash-bro-honeypot.conf:/usr/share/logstash/pipeline/logstash.conf # server -> client
#- ./logstash/pipeline/logstash-bro-honeypot-quick.conf:/usr/share/logstash/pipeline/logstash.conf # server -> client (blacklist)
depends_on: [ 'elasticsearch' ,'kafka']
environment:
LOG_LEVEL: error
ES_JAVA_OPTS: '-Xms4G -Xmx4G'
networks: ['backend']
kibana:
image: docker.elastic.co/kibana/kibana-oss:6.3.0
ports: [ '5601:5601' ]
depends_on: [ 'elasticsearch' ]
environment:
SERVER_NAME: kibana.docker.selks
ELASTICSEARCH_URL: http://elasticsearch:9200
networks: ['backend', 'frontend']
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.0
volumes: [ 'es-data:/usr/share/elasticsearch/data' ]
container_name: elasticsearch
networks: ['backend']
environment:
bootstrap.memory_lock: 'true'
ES_JAVA_OPTS: '-Xms1G -Xmx1G'
ulimits:
memlock:
soft: -1
hard: -1