summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaura Sofia Enriquez <lsofia.enriquez@gmail.com>2018-04-23 17:15:24 -0300
committerLaura Sofia Enriquez <lsofia.enriquez@gmail.com>2018-04-24 18:24:41 -0300
commitb1f11b54803266384cf0d9e14fcb7204dbcc79a7 (patch)
treec7742466d52f322caaa664f1cdc78914e3f43f3a
parent84ce45c8bf6e03f0373d9c46e0a8b7e0b3faa605 (diff)
Snort implementation
This PR has: 1. Snort VNF. 2. Documentation. Change-Id: I5df23a1b8cdb65864aa8f432ce547d6cf5f27cde Signed-off-by: Laura Sofia Enriquez <lsofia.enriquez@gmail.com>
-rw-r--r--docs/release/userguide/snort.rst33
-rw-r--r--src/vagrant/kubeadm_snort/Vagrantfile29
-rwxr-xr-xsrc/vagrant/kubeadm_snort/deploy.sh9
-rw-r--r--src/vagrant/kubeadm_snort/host_setup.sh29
-rw-r--r--src/vagrant/kubeadm_snort/master_setup.sh10
-rwxr-xr-xsrc/vagrant/kubeadm_snort/snort/snort-setup.sh31
-rw-r--r--src/vagrant/kubeadm_snort/snort/snort.yaml32
-rw-r--r--src/vagrant/kubeadm_snort/worker_setup.sh4
8 files changed, 177 insertions, 0 deletions
diff --git a/docs/release/userguide/snort.rst b/docs/release/userguide/snort.rst
new file mode 100644
index 0000000..9bb6b3b
--- /dev/null
+++ b/docs/release/userguide/snort.rst
@@ -0,0 +1,33 @@
+================
+ Snort
+================
+
+----------
+ What is Snort?
+----------
+
+`Snort <https://www.snort.org/>`_. is an open source network intrusion prevention system, capable
+of performing real-time traffic analysis and packet logging on IP
+networks. It can perform protocol analysis, content searching/matching,
+and can be used to detect a variety of attacks and probes, such as buffer
+overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
+attempts, and much more.
+
+----------
+ What can I do with Snort?
+----------
+
+Snort has three primary uses: It can be used as a straight packet sniffer
+like tcpdump, a packet logger (useful for network traffic debugging, etc),
+or as a full blown network intrusion prevention system.
+
+----------
+ How Snort works?
+----------
+
+Snort works with rules. Rules are a different methodology for performing
+detection, which bring the advantage of 0-day detection to the table.
+Unlike signatures, rules are based on detecting the actual vulnerability,
+not an exploit or a unique piece of data. Developing a rule requires an
+acute understanding of how the vulnerability actually works.
+
diff --git a/src/vagrant/kubeadm_snort/Vagrantfile b/src/vagrant/kubeadm_snort/Vagrantfile
new file mode 100644
index 0000000..9320074
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/Vagrantfile
@@ -0,0 +1,29 @@
+$num_workers=2
+
+Vagrant.require_version ">= 1.8.6"
+Vagrant.configure("2") do |config|
+
+ config.vm.box = "ceph/ubuntu-xenial"
+ config.vm.provider :libvirt do |libvirt|
+ libvirt.memory = 4096
+ libvirt.cpus = 4
+ end
+
+ config.vm.synced_folder "../..", "/src"
+ config.vm.provision "shell", path: "host_setup.sh", privileged: false
+
+ config.vm.define "master" do |config|
+ config.vm.hostname = "master"
+ config.vm.provision "shell", path: "master_setup.sh", privileged: false
+ config.vm.network :private_network, ip: "192.168.1.10"
+ end
+
+ (1 .. $num_workers).each do |i|
+ config.vm.define vm_name = "worker%d" % [i] do |config|
+ config.vm.hostname = vm_name
+ config.vm.provision "shell", path: "worker_setup.sh", privileged: false
+ config.vm.network :private_network, ip: "192.168.1.#{i+20}"
+ end
+ end
+
+end
diff --git a/src/vagrant/kubeadm_snort/deploy.sh b/src/vagrant/kubeadm_snort/deploy.sh
new file mode 100755
index 0000000..e1e16d6
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/deploy.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -ex
+DIR="$(dirname `readlink -f $0`)"
+
+cd $DIR
+../cleanup.sh
+vagrant up
+vagrant ssh master -c "/vagrant/snort/snort-setup.sh"
diff --git a/src/vagrant/kubeadm_snort/host_setup.sh b/src/vagrant/kubeadm_snort/host_setup.sh
new file mode 100644
index 0000000..524a967
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/host_setup.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -ex
+
+cat << EOF | sudo tee /etc/hosts
+127.0.0.1 localhost
+192.168.1.10 master
+192.168.1.21 worker1
+192.168.1.22 worker2
+192.168.1.23 worker3
+EOF
+
+sudo apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
+sudo apt-key adv -k 58118E89F3A912897C070ADBF76221572C52609D
+cat << EOF | sudo tee /etc/apt/sources.list.d/docker.list
+deb [arch=amd64] https://apt.dockerproject.org/repo ubuntu-xenial main
+EOF
+
+curl -s http://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+sudo apt-get update
+sudo apt-get install -y --allow-unauthenticated --allow-downgrades docker-engine=1.12.6-0~ubuntu-xenial kubelet=1.9.1-00 kubeadm=1.9.1-00 kubectl=1.9.1-00 kubernetes-cni=0.6.0-00
+
+sudo swapoff -a
+sudo systemctl daemon-reload
+sudo systemctl stop kubelet
+sudo systemctl start kubelet
diff --git a/src/vagrant/kubeadm_snort/master_setup.sh b/src/vagrant/kubeadm_snort/master_setup.sh
new file mode 100644
index 0000000..972768f
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/master_setup.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -ex
+
+sudo kubeadm init --apiserver-advertise-address=192.168.1.10 --service-cidr=10.96.0.0/16 --pod-network-cidr=10.32.0.0/12 --token 8c5adc.1cec8dbf339093f0
+mkdir ~/.kube
+sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+
+kubectl apply -f https://raw.githubusercontent.com/weaveworks/weave/master/prog/weave-kube/weave-daemonset-k8s-1.6.yaml
diff --git a/src/vagrant/kubeadm_snort/snort/snort-setup.sh b/src/vagrant/kubeadm_snort/snort/snort-setup.sh
new file mode 100755
index 0000000..08ae663
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/snort/snort-setup.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -ex
+
+kubectl create -f /vagrant/snort/snort.yaml
+kubectl get nodes
+kubectl get services
+kubectl get pods
+kubectl get rc
+
+r="0"
+while [ $r -ne "2" ]
+do
+ r=$(kubectl get pods | grep Running | wc -l)
+ sleep 60
+done
diff --git a/src/vagrant/kubeadm_snort/snort/snort.yaml b/src/vagrant/kubeadm_snort/snort/snort.yaml
new file mode 100644
index 0000000..60dede2
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/snort/snort.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: snort-service
+ labels:
+ app: snort
+spec:
+ type: NodePort
+ ports:
+ - port: 80
+ protocol: TCP
+ name: http
+ selector:
+ app: snort
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+ name: snort-pod
+spec:
+ replicas: 2
+ template:
+ metadata:
+ labels:
+ app: snort
+ spec:
+ containers:
+ - name: snort
+ image: frapsoft/snort
+ args: ["-v"]
+ ports:
+ - containerPort: 80
diff --git a/src/vagrant/kubeadm_snort/worker_setup.sh b/src/vagrant/kubeadm_snort/worker_setup.sh
new file mode 100644
index 0000000..74e4178
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/worker_setup.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+set -ex
+sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token 8c5adc.1cec8dbf339093f0 192.168.1.10:6443 || true