From b1f11b54803266384cf0d9e14fcb7204dbcc79a7 Mon Sep 17 00:00:00 2001
From: Laura Sofia Enriquez <lsofia.enriquez@gmail.com>
Date: Mon, 23 Apr 2018 17:15:24 -0300
Subject: Snort implementation

This PR has:
 1. Snort VNF.
 2. Documentation.

Change-Id: I5df23a1b8cdb65864aa8f432ce547d6cf5f27cde
Signed-off-by: Laura Sofia Enriquez <lsofia.enriquez@gmail.com>
---
 docs/release/userguide/snort.rst               | 33 ++++++++++++++++++++++++++
 src/vagrant/kubeadm_snort/Vagrantfile          | 29 ++++++++++++++++++++++
 src/vagrant/kubeadm_snort/deploy.sh            |  9 +++++++
 src/vagrant/kubeadm_snort/host_setup.sh        | 29 ++++++++++++++++++++++
 src/vagrant/kubeadm_snort/master_setup.sh      | 10 ++++++++
 src/vagrant/kubeadm_snort/snort/snort-setup.sh | 31 ++++++++++++++++++++++++
 src/vagrant/kubeadm_snort/snort/snort.yaml     | 32 +++++++++++++++++++++++++
 src/vagrant/kubeadm_snort/worker_setup.sh      |  4 ++++
 8 files changed, 177 insertions(+)
 create mode 100644 docs/release/userguide/snort.rst
 create mode 100644 src/vagrant/kubeadm_snort/Vagrantfile
 create mode 100755 src/vagrant/kubeadm_snort/deploy.sh
 create mode 100644 src/vagrant/kubeadm_snort/host_setup.sh
 create mode 100644 src/vagrant/kubeadm_snort/master_setup.sh
 create mode 100755 src/vagrant/kubeadm_snort/snort/snort-setup.sh
 create mode 100644 src/vagrant/kubeadm_snort/snort/snort.yaml
 create mode 100644 src/vagrant/kubeadm_snort/worker_setup.sh

diff --git a/docs/release/userguide/snort.rst b/docs/release/userguide/snort.rst
new file mode 100644
index 0000000..9bb6b3b
--- /dev/null
+++ b/docs/release/userguide/snort.rst
@@ -0,0 +1,33 @@
+================
+ Snort
+================
+
+----------
+ What is Snort?
+----------
+
+`Snort <https://www.snort.org/>`_. is an open source network intrusion prevention system, capable
+of performing real-time traffic analysis and packet logging on IP
+networks. It can perform protocol analysis, content searching/matching,
+and can be used to detect a variety of attacks and probes, such as buffer
+overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
+attempts, and much more.
+
+----------
+ What can I do with Snort?
+----------
+
+Snort has three primary uses: It can be used as a straight packet sniffer
+like tcpdump, a packet logger (useful for network traffic debugging, etc),
+or as a full blown network intrusion prevention system.
+
+----------
+ How Snort works?
+----------
+
+Snort works with rules. Rules are a different methodology for performing
+detection, which bring the advantage of 0-day detection to the table.
+Unlike signatures, rules are based on detecting the actual vulnerability,
+not an exploit or a unique piece of data. Developing a rule requires an
+acute understanding of how the vulnerability actually works.
+
diff --git a/src/vagrant/kubeadm_snort/Vagrantfile b/src/vagrant/kubeadm_snort/Vagrantfile
new file mode 100644
index 0000000..9320074
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/Vagrantfile
@@ -0,0 +1,29 @@
+$num_workers=2
+
+Vagrant.require_version ">= 1.8.6"
+Vagrant.configure("2") do |config|
+
+  config.vm.box = "ceph/ubuntu-xenial"
+  config.vm.provider :libvirt do |libvirt|
+    libvirt.memory = 4096
+    libvirt.cpus = 4
+  end
+
+  config.vm.synced_folder "../..", "/src"
+  config.vm.provision "shell", path: "host_setup.sh", privileged: false
+
+  config.vm.define "master" do |config|
+    config.vm.hostname = "master"
+    config.vm.provision "shell", path: "master_setup.sh", privileged: false
+    config.vm.network :private_network, ip: "192.168.1.10"
+  end
+
+  (1 .. $num_workers).each do |i|
+    config.vm.define vm_name = "worker%d" % [i] do |config|
+      config.vm.hostname = vm_name
+      config.vm.provision "shell", path: "worker_setup.sh", privileged: false
+      config.vm.network :private_network, ip: "192.168.1.#{i+20}"
+    end
+  end
+
+end
diff --git a/src/vagrant/kubeadm_snort/deploy.sh b/src/vagrant/kubeadm_snort/deploy.sh
new file mode 100755
index 0000000..e1e16d6
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/deploy.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -ex
+DIR="$(dirname `readlink -f $0`)"
+
+cd $DIR
+../cleanup.sh
+vagrant up
+vagrant ssh master -c "/vagrant/snort/snort-setup.sh"
diff --git a/src/vagrant/kubeadm_snort/host_setup.sh b/src/vagrant/kubeadm_snort/host_setup.sh
new file mode 100644
index 0000000..524a967
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/host_setup.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -ex
+
+cat << EOF | sudo tee /etc/hosts
+127.0.0.1    localhost
+192.168.1.10 master
+192.168.1.21 worker1
+192.168.1.22 worker2
+192.168.1.23 worker3
+EOF
+
+sudo apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
+sudo apt-key adv -k 58118E89F3A912897C070ADBF76221572C52609D
+cat << EOF | sudo tee /etc/apt/sources.list.d/docker.list
+deb [arch=amd64] https://apt.dockerproject.org/repo ubuntu-xenial main
+EOF
+
+curl -s http://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+sudo apt-get update
+sudo apt-get install -y --allow-unauthenticated --allow-downgrades docker-engine=1.12.6-0~ubuntu-xenial kubelet=1.9.1-00 kubeadm=1.9.1-00 kubectl=1.9.1-00 kubernetes-cni=0.6.0-00
+
+sudo swapoff -a
+sudo systemctl daemon-reload
+sudo systemctl stop kubelet
+sudo systemctl start kubelet
diff --git a/src/vagrant/kubeadm_snort/master_setup.sh b/src/vagrant/kubeadm_snort/master_setup.sh
new file mode 100644
index 0000000..972768f
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/master_setup.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -ex
+
+sudo kubeadm init --apiserver-advertise-address=192.168.1.10  --service-cidr=10.96.0.0/16 --pod-network-cidr=10.32.0.0/12 --token 8c5adc.1cec8dbf339093f0
+mkdir ~/.kube
+sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+
+kubectl apply -f https://raw.githubusercontent.com/weaveworks/weave/master/prog/weave-kube/weave-daemonset-k8s-1.6.yaml
diff --git a/src/vagrant/kubeadm_snort/snort/snort-setup.sh b/src/vagrant/kubeadm_snort/snort/snort-setup.sh
new file mode 100755
index 0000000..08ae663
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/snort/snort-setup.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Copyright (c) 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set -ex
+
+kubectl create -f /vagrant/snort/snort.yaml
+kubectl get nodes
+kubectl get services
+kubectl get pods
+kubectl get rc
+
+r="0"
+while [ $r -ne "2" ]
+do
+   r=$(kubectl get pods | grep Running | wc -l)
+   sleep 60
+done
diff --git a/src/vagrant/kubeadm_snort/snort/snort.yaml b/src/vagrant/kubeadm_snort/snort/snort.yaml
new file mode 100644
index 0000000..60dede2
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/snort/snort.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: snort-service
+  labels:
+    app: snort
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    protocol: TCP
+    name: http
+  selector:
+    app: snort
+---
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: snort-pod
+spec:
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: snort
+    spec:
+      containers:
+      - name: snort
+        image: frapsoft/snort
+        args: ["-v"]
+        ports:
+        - containerPort: 80
diff --git a/src/vagrant/kubeadm_snort/worker_setup.sh b/src/vagrant/kubeadm_snort/worker_setup.sh
new file mode 100644
index 0000000..74e4178
--- /dev/null
+++ b/src/vagrant/kubeadm_snort/worker_setup.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+set -ex
+sudo kubeadm join --discovery-token-unsafe-skip-ca-verification --token 8c5adc.1cec8dbf339093f0 192.168.1.10:6443 || true
-- 
cgit 1.2.3-korg