forked from secureworks/dalton
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
148 lines (133 loc) · 4.19 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
version: '3'
services:
controller:
build:
context: .
dockerfile: Dockerfile-dalton
args:
- http_proxy=${http_proxy}
- https_proxy=${https_proxy}
- no_proxy=${no_proxy}
image: dalton:latest
container_name: dalton_controller
environment:
- CONTROLLER_DEBUG=${CONTROLLER_DEBUG}
volumes:
- ./app:/opt/dalton/app
- ./rulesets:/opt/dalton/rulesets
- ./engine-configs:/opt/dalton/engine-configs
restart: always
nginx:
build:
context: .
dockerfile: Dockerfile-nginx
args:
- DALTON_EXTERNAL_PORT=${DALTON_EXTERNAL_PORT}
- DALTON_EXTERNAL_PORT_SSL=${DALTON_EXTERNAL_PORT_SSL}
image: nginx-dalton:latest
container_name: dalton_web
ports:
# external HTTP listen port
# to change, set DALTON_EXTERNAL_PORT in the '.env' file (NOT here)
# default DALTON_EXTERNAL_PORT value: 80
- "${DALTON_EXTERNAL_PORT}:80"
# uncomment below line to expose the external SSL/TLS listener
# to change port, set DALTON_EXTERNAL_PORT_SSL in the '.env' file (NOT here)
# default DALTON_EXTERNAL_PORT_SSL value: 443
# - "${DALTON_EXTERNAL_PORT_SSL}:443"
restart: always
redis:
image: redis:3.2.12
container_name: dalton_redis
restart: always
###########################
###### Dalton Agents ######
###########################
# To add a new, different, or another Agent for a
# particular Suricata or Snort version, just copy
# one of the existing specifications and change the
# version number(s) as necessary. For Suricata this
# is the "SURI_VERSION" arg value; for Snort this is
# the "SNORT_VERSION" arg value (and possibly DAQ_VERSION).
# The service and container name will also need to be
# changed to be unique.
###########################
##### Suricata Agents #####
###########################
# NOTE: Suricata version 4 supports Rust but is optional. To enable Rust
# support for a Suricata 4.x Agent, set the "ENABLE_RUST" arg
# to "--enable-rust". e.g.:
# - ENABLE_RUST=--enable-rust
# Suricata current (latest) from source
agent-suricata-current:
build:
context: ./dalton-agent
dockerfile: Dockerfiles/Dockerfile_suricata
args:
- SURI_VERSION=current
- http_proxy=${http_proxy}
- https_proxy=${https_proxy}
- no_proxy=${no_proxy}
image: suricata-current:latest
container_name: suricata-current
environment:
- AGENT_DEBUG=${AGENT_DEBUG}
restart: always
# Suricata 5.0.6 from source, with Rust support
agent-suricata-5.0.7:
build:
context: ./dalton-agent
dockerfile: Dockerfiles/Dockerfile_suricata
args:
- SURI_VERSION=5.0.7
- ENABLE_RUST=--enable-rust
- http_proxy=${http_proxy}
- https_proxy=${https_proxy}
- no_proxy=${no_proxy}
image: suricata-5.0.7:latest
container_name: suricata-5.0.7
environment:
- AGENT_DEBUG=${AGENT_DEBUG}
restart: always
###########################
###### Snort Agents #######
###########################
#
# Note: Attempting to build Snort 2.9.0 and 2.9.0.x
# will fail because Autoconf can't find the dnet files.
# This was apparently fixed in Snort > 2.9.1 so if
# you really want a Snort 2.9.0 or 2.9.0.x, feel free
# to build it yourself. The Dalton Agent should work
# fine on it.
#
# Snort 2.9.18 from source
agent-snort-2.9.18.1:
build:
context: ./dalton-agent
dockerfile: Dockerfiles/Dockerfile_snort
args:
- SNORT_VERSION=2.9.18.1
- DAQ_VERSION=2.0.7
- http_proxy=${http_proxy}
- https_proxy=${https_proxy}
- no_proxy=${no_proxy}
image: snort-2.9.18.1:latest
container_name: snort-2.9.18.1
environment:
- AGENT_DEBUG=${AGENT_DEBUG}
restart: always
###########################
####### Zeek Agents #######
###########################
# Zeek current (latest) from source
agent-zeek-current:
build:
context: ./dalton-agent
dockerfile: Dockerfiles/Dockerfile_zeek
args:
- ZEEK_VERSION=4.0.2
image: zeek-current:latest
container_name: zeek-current
volumes:
- ./rulesets/zeek:/opt/dalton-agent/zeek_scripts:ro
restart: always