-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathdocker-compose.yml
66 lines (61 loc) · 2.24 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# Copyright (C) 2024 ANSSI
# SPDX-License-Identifier: CC0-1.0
services:
suricata:
build: ./suricata
image: anssi/shovel-suricata:dev
volumes:
- "./input_pcaps:/input_pcaps:ro"
- "./suricata/rules:/suricata/rules:ro"
- "./suricata/output:/suricata/output:rw"
# Mode A: pcap replay mode (slower, for archives replay or rootless CTF)
# Add `--pcap-file-continuous` to watch for new pcap in folder.
command: -r /input_pcaps
# Mode B: capture interface (fast, requires root on vulnbox and in Docker)
# Drastically reduces ingest delay, but requires to setup traffic mirroring
# between the vulnbox game interface and a team server.
#command: -i tun5
#cap_add:
# - NET_ADMIN
#network_mode: "host"
# Mode C: PCAP-over-IP (fast, requires root on vulnbox)
# Connects to a PCAP-over-IP server, such as pcap-broker to read PCAP data.
#command: -r /dev/stdin
#restart: always
#depends_on:
# - pcap-broker
#environment:
# - PCAP_OVER_IP=pcap-broker:4242
webapp:
build: ./webapp
image: anssi/shovel-webapp:dev
restart: always
volumes:
# You may remove the next line to prevent users from downloading pcaps.
- "./input_pcaps:/input_pcaps:ro"
# Write access is required in SQLite `mode=ro` as readers need to record
# a mark in the WAL file. If you need to make the volume read-only, then
# use `immutable=1` parameter in SQLite databases URI. In immutable mode,
# SQLite doesn't follow changes made to the database.
- "./suricata/output:/suricata/output:rw"
ports:
- 127.0.0.1:8000:8000
env_file:
- .env
#pcap-broker:
# container_name: pcap-broker
# build:
# context: .
# dockerfile_inline: |
# FROM golang:alpine
# RUN apk add --no-cache build-base libpcap-dev openssh-client tcpdump
# RUN go install github.com/fox-it/pcap-broker@latest
# ENTRYPOINT ["pcap-broker"]
# restart: always
# volumes:
# - "~/.ssh/id_ed25519:/root/.ssh/id_ed25519:ro"
# environment:
# PCAP_COMMAND: |-
# ssh root@vulnbox -oStrictHostKeyChecking=no
# tcpdump -U --immediate-mode -ni game -s 65535 -w - not tcp port 22
# LISTEN_ADDRESS: 0.0.0.0:4242