Improve docker components.

corelight · May 19, 2022 · 67c6ca8 · 67c6ca8
1 parent b4913fa
commit 67c6ca8
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,4 @@ build/
 *.so
 *.c
 .DS_Store
+docker/data
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -67,6 +67,7 @@ services:
       interval: 1s
       timeout: 5s
       retries: 120
+    container_name: "setup"
 
   es01:
     depends_on:
@@ -112,6 +113,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "es01"
 
   es02:
     depends_on:
@@ -153,6 +155,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "es02"
 
   es03:
     depends_on:
@@ -194,6 +197,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "es03"
 
   kibana:
     depends_on:
@@ -231,6 +235,7 @@ services:
       interval: 10s
       timeout: 10s
       retries: 120
+    container_name: "kibana"
 
   zeek2es:
     build:
@@ -244,10 +249,16 @@ services:
         condition: service_healthy
       es03:
         condition: service_healthy
+    command: >
+      bash -c '
+        chmod 755 /entrypoint.sh;
+        /entrypoint.sh
+      '
     volumes:
+      - ./zeek2es/entrypoint.sh:/entrypoint.sh
       - ${VOLUME_MOUNT}/data/logs:/logs
-    entrypoint: /entrypoint.sh
     tty: true
+    container_name: "zeek2es"
 
 volumes:
   certs:

diff --git a/docker/zeek2es/Dockerfile b/docker/zeek2es/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal
+FROM ubuntu:jammy
 
 RUN apt-get -q update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -9,6 +9,7 @@ RUN apt-get -q update && \
       iproute2 \
       jq \
       less \
+      netcat \
       net-tools \
       parallel \
       python3 \
@@ -22,14 +23,16 @@ RUN apt-get -q update && \
       termshark \
       tshark \
       vim \
-      wget && \
-    pip3 install --no-cache-dir pre-commit requests
-
-# Clean up files
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* && rm -rf ~/.cache/pip
+      wget \
+      zeek-aux && \
+    pip3 install --no-cache-dir pre-commit requests && \
+    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.2.0-amd64.deb && \
+    dpkg -i filebeat-8.2.0-amd64.deb && \
+    rm filebeat-8.2.0-amd64.deb && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* && rm -rf ~/.cache/pip
 
 # Install zeek2es
 RUN cd / && git clone https://github.com/corelight/zeek2es.git
 
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod 755 /entrypoint.sh
+#COPY entrypoint.sh /entrypoint.sh
+#RUN chmod 755 /entrypoint.sh
diff --git a/docker/zeek2es/entrypoint.sh b/docker/zeek2es/entrypoint.sh