Merge branch 'master' of https://github.com/Cyb3rWard0g/HELK into updates_os_and_scripts

updates_os_and_scripts
neu5ron 2020-02-12 11:40:19 -05:00
commit 44338acb79
9 changed files with 16 additions and 27 deletions

View File

@ -34,7 +34,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -46,7 +46,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -35,7 +35,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -47,7 +47,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -34,7 +34,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -46,7 +46,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -35,7 +35,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -47,7 +47,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -34,7 +34,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -46,7 +46,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -35,7 +35,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -47,7 +47,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -34,7 +34,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -46,7 +46,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -35,7 +35,7 @@ services:
networks: networks:
helk: helk:
helk-logstash: helk-logstash:
image: otrf/helk-logstash:7.5.2.1 image: otrf/helk-logstash:7.5.2.2
container_name: helk-logstash container_name: helk-logstash
logging: logging:
driver: "json-file" driver: "json-file"
@ -47,7 +47,6 @@ services:
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
- ./helk-logstash/plugins:/usr/share/logstash/plugins - ./helk-logstash/plugins:/usr/share/logstash/plugins
- ./helk-logstash/config:/usr/share/logstash/config
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
- ./helk-logstash/scripts:/usr/share/logstash/scripts - ./helk-logstash/scripts:/usr/share/logstash/scripts
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

View File

@ -10,21 +10,18 @@ FROM docker.elastic.co/logstash/logstash:7.5.2
LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g" LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
LABEL description="Dockerfile base for the HELK Logstash." LABEL description="Dockerfile base for the HELK Logstash."
RUN mv /usr/share/logstash/config/logstash.yml /usr/share/logstash/config/logstash.yml.bak COPY --chown=logstash:logstash config /usr/share/logstash/config
RUN mv /usr/share/logstash/config/pipelines.yml /usr/share/logstash/config/pipelines.yml.bak
COPY --chown=logstash:logstash config/logstash.yml /usr/share/logstash/config/logstash.yml
COPY --chown=logstash:logstash config/pipelines.yml /usr/share/logstash/config/pipelines.yml
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
# Build with plugins baked in # Build with plugins baked in
ENV plugins_time_file="/usr/share/logstash/helk-plugins-updated-timestamp.txt" ENV plugins_time_file="/usr/share/logstash/helk-plugins-updated-timestamp.txt"
RUN printf "%s" "$(date +"%Y-%m-%d %T")" > "${plugins_time_file}" RUN printf "%s" "$(date +"%Y-%m-%d %T")" > "${plugins_time_file}"
RUN chown logstash:logstash "${plugins_time_file}" RUN chown logstash:logstash "${plugins_time_file}"
#RUN echo"$(date +"%Y-%m-%d %T")" > "${plugins_time_file}"
COPY --chown=logstash:logstash plugins/helk-offline-logstash-codec_and_filter_plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip COPY --chown=logstash:logstash plugins/helk-offline-logstash-codec_and_filter_plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
COPY --chown=logstash:logstash plugins/helk-offline-logstash-input_and_output-plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip COPY --chown=logstash:logstash plugins/helk-offline-logstash-input_and_output-plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
RUN logstash-plugin update RUN logstash-plugin update \
RUN logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip && logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip \
RUN logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip && logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip \
RUN rm /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip && rm /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip \
RUN rm /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip && rm /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip \
&& rm -f /usr/share/logstash/pipeline/logstash.conf