From b1f11b54803266384cf0d9e14fcb7204dbcc79a7 Mon Sep 17 00:00:00 2001 From: Laura Sofia Enriquez Date: Mon, 23 Apr 2018 17:15:24 -0300 Subject: Snort implementation This PR has: 1. Snort VNF. 2. Documentation. Change-Id: I5df23a1b8cdb65864aa8f432ce547d6cf5f27cde Signed-off-by: Laura Sofia Enriquez --- docs/release/userguide/snort.rst | 33 ++++++++++++++++++++++++++ src/vagrant/kubeadm_snort/Vagrantfile | 29 ++++++++++++++++++++++ src/vagrant/kubeadm_snort/deploy.sh | 9 +++++++ src/vagrant/kubeadm_snort/host_setup.sh | 29 ++++++++++++++++++++++ src/vagrant/kubeadm_snort/master_setup.sh | 10 ++++++++ src/vagrant/kubeadm_snort/snort/snort-setup.sh | 31 ++++++++++++++++++++++++ src/vagrant/kubeadm_snort/snort/snort.yaml | 32 +++++++++++++++++++++++++ src/vagrant/kubeadm_snort/worker_setup.sh | 4 ++++ 8 files changed, 177 insertions(+) create mode 100644 docs/release/userguide/snort.rst create mode 100644 src/vagrant/kubeadm_snort/Vagrantfile create mode 100755 src/vagrant/kubeadm_snort/deploy.sh create mode 100644 src/vagrant/kubeadm_snort/host_setup.sh create mode 100644 src/vagrant/kubeadm_snort/master_setup.sh create mode 100755 src/vagrant/kubeadm_snort/snort/snort-setup.sh create mode 100644 src/vagrant/kubeadm_snort/snort/snort.yaml create mode 100644 src/vagrant/kubeadm_snort/worker_setup.sh diff --git a/docs/release/userguide/snort.rst b/docs/release/userguide/snort.rst new file mode 100644 index 0000000..9bb6b3b --- /dev/null +++ b/docs/release/userguide/snort.rst @@ -0,0 +1,33 @@ +================ + Snort +================ + +---------- + What is Snort? +---------- + +`Snort `_. is an open source network intrusion prevention system, capable +of performing real-time traffic analysis and packet logging on IP +networks. It can perform protocol analysis, content searching/matching, +and can be used to detect a variety of attacks and probes, such as buffer +overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting +attempts, and much more. + +---------- + What can I do with Snort? +---------- + +Snort has three primary uses: It can be used as a straight packet sniffer +like tcpdump, a packet logger (useful for network traffic debugging, etc), +or as a full blown network intrusion prevention system. + +---------- + How Snort works? +---------- + +Snort works with rules. Rules are a different methodology for performing +detection, which bring the advantage of 0-day detection to the table. +Unlike signatures, rules are based on detecting the actual vulnerability, +not an exploit or a unique piece of data. Developing a rule requires an +acute understanding of how the vulnerability actually works. + diff --git a/src/vagrant/kubeadm_snort/Vagrantfile b/src/vagrant/kubeadm_snort/Vagrantfile new file mode 100644 index 0000000..9320074 --- /dev/null +++ b/src/vagrant/kubeadm_snort/Vagrantfile @@ -0,0 +1,29 @@ +$num_workers=2 + +Vagrant.require_version ">= 1.8.6" +Vagrant.configure("2") do |config| + + config.vm.box = "ceph/ubuntu-xenial" + config.vm.provider :libvirt do |libvirt| + libvirt.memory = 4096 + libvirt.cpus = 4 + end + + config.vm.synced_folder "../..", "/src" + config.vm.provision "shell", path: "host_setup.sh", privileged: false + + config.vm.define "master" do |config| + config.vm.hostname = "master" + config.vm.provision "shell", path: "master_setup.sh", privileged: false + config.vm.network :private_network, ip: "192.168.1.10" + end + + (1 .. $num_workers).each do |i| + config.vm.define vm_name = "worker%d" % [i] do |config| + config.vm.hostname = vm_name + config.vm.provision "shell", path: "worker_setup.sh", privileged: false + config.vm.network :private_network, ip: "192.168.1.#{i+20}" + end + end + +end diff --git a/src/vagrant/kubeadm_snort/deploy.sh b/src/vagrant/kubeadm_snort/deploy.sh new file mode 100755 index 0000000..e1e16d6 --- /dev/null +++ b/src/vagrant/kubeadm_snort/deploy.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +set -ex +DIR="$(dirname `readlink -f $0`)" + +cd $DIR +../cleanup.sh +vagrant up +vagrant ssh master -c "/vagrant/snort/snort-setup.sh" diff --git a/src/vagrant/kubeadm_snort/host_setup.sh b/src/vagrant/kubeadm_snort/host_setup.sh new file mode 100644 index 0000000..524a967 --- /dev/null +++ b/src/vagrant/kubeadm_snort/host_setup.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +set -ex + +cat << EOF | sudo tee /etc/hosts +127.0.0.1 localhost +192.168.1.10 master +192.168.1.21 worker1 +192.168.1.22 worker2 +192.168.1.23 worker3 +EOF + +sudo apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D +sudo apt-key adv -k 58118E89F3A912897C070ADBF76221572C52609D +cat << EOF | sudo tee /etc/apt/sources.list.d/docker.list +deb [arch=amd64] https://apt.dockerproject.org/repo ubuntu-xenial main +EOF + +curl -s http://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - +cat <