mirror of https://github.com/infosecn1nja/HELK.git
Merge branch 'master' of https://github.com/Cyb3rWard0g/HELK into updates_os_and_scripts
commit
44338acb79
|
@ -34,7 +34,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -46,7 +46,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -35,7 +35,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -47,7 +47,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -34,7 +34,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -46,7 +46,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -35,7 +35,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -47,7 +47,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -34,7 +34,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -46,7 +46,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -35,7 +35,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -47,7 +47,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -34,7 +34,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -46,7 +46,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -35,7 +35,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
helk:
|
helk:
|
||||||
helk-logstash:
|
helk-logstash:
|
||||||
image: otrf/helk-logstash:7.5.2.1
|
image: otrf/helk-logstash:7.5.2.2
|
||||||
container_name: helk-logstash
|
container_name: helk-logstash
|
||||||
logging:
|
logging:
|
||||||
driver: "json-file"
|
driver: "json-file"
|
||||||
|
@ -47,7 +47,6 @@ services:
|
||||||
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
- ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
|
||||||
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
- ./helk-logstash/output_templates:/usr/share/logstash/output_templates
|
||||||
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
- ./helk-logstash/plugins:/usr/share/logstash/plugins
|
||||||
- ./helk-logstash/config:/usr/share/logstash/config
|
|
||||||
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
- ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
|
||||||
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
- ./helk-logstash/scripts:/usr/share/logstash/scripts
|
||||||
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh
|
||||||
|
|
|
@ -10,21 +10,18 @@ FROM docker.elastic.co/logstash/logstash:7.5.2
|
||||||
LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
|
LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
|
||||||
LABEL description="Dockerfile base for the HELK Logstash."
|
LABEL description="Dockerfile base for the HELK Logstash."
|
||||||
|
|
||||||
RUN mv /usr/share/logstash/config/logstash.yml /usr/share/logstash/config/logstash.yml.bak
|
COPY --chown=logstash:logstash config /usr/share/logstash/config
|
||||||
RUN mv /usr/share/logstash/config/pipelines.yml /usr/share/logstash/config/pipelines.yml.bak
|
|
||||||
COPY --chown=logstash:logstash config/logstash.yml /usr/share/logstash/config/logstash.yml
|
|
||||||
COPY --chown=logstash:logstash config/pipelines.yml /usr/share/logstash/config/pipelines.yml
|
|
||||||
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
|
|
||||||
|
|
||||||
# Build with plugins baked in
|
# Build with plugins baked in
|
||||||
ENV plugins_time_file="/usr/share/logstash/helk-plugins-updated-timestamp.txt"
|
ENV plugins_time_file="/usr/share/logstash/helk-plugins-updated-timestamp.txt"
|
||||||
RUN printf "%s" "$(date +"%Y-%m-%d %T")" > "${plugins_time_file}"
|
RUN printf "%s" "$(date +"%Y-%m-%d %T")" > "${plugins_time_file}"
|
||||||
RUN chown logstash:logstash "${plugins_time_file}"
|
RUN chown logstash:logstash "${plugins_time_file}"
|
||||||
#RUN echo"$(date +"%Y-%m-%d %T")" > "${plugins_time_file}"
|
|
||||||
COPY --chown=logstash:logstash plugins/helk-offline-logstash-codec_and_filter_plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
|
COPY --chown=logstash:logstash plugins/helk-offline-logstash-codec_and_filter_plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
|
||||||
COPY --chown=logstash:logstash plugins/helk-offline-logstash-input_and_output-plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
|
COPY --chown=logstash:logstash plugins/helk-offline-logstash-input_and_output-plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
|
||||||
RUN logstash-plugin update
|
RUN logstash-plugin update \
|
||||||
RUN logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
|
&& logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip \
|
||||||
RUN logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
|
&& logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip \
|
||||||
RUN rm /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
|
&& rm /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip \
|
||||||
RUN rm /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
|
&& rm /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip \
|
||||||
|
&& rm -f /usr/share/logstash/pipeline/logstash.conf
|
Loading…
Reference in New Issue