diff options
| -rw-r--r-- | README.md | 13 | ||||
| -rw-r--r-- | docker/couchdb/10-single-node.ini | 2 | ||||
| -rw-r--r-- | docker/couchdb/Dockerfile | 5 | ||||
| -rw-r--r-- | docker/docker-compose.yaml | 4 |
4 files changed, 15 insertions, 9 deletions
@@ -7,7 +7,7 @@ SOC staff ever: Can we have lunch now? ## The elevator pitch -Your're working as a Security Operations Center engineer and your job +You're working as a Security Operations Center engineer and your job is to, one, know when any part of your infrastructure is vulnerable and, two, if it is, do something smart about it. @@ -41,8 +41,8 @@ the full text. ## How to test it out -The collector has been tested on Debian 10 (Buster). Other Unix -systems should also be capable of hosting it. +The collector has been tested on Debian 11 (Bullseye). Other Unix +systems should also be capable of running a collector. Clone the repository. @@ -50,8 +50,7 @@ Clone the repository. Install dependencies (Debian). - sudo apt install python3 python3-pip python3-leveldb - pip3 install falcon + sudo apt install docker.io docker-compose Start CouchDB and the collector. Make sure to give it a username and password: @@ -94,10 +93,10 @@ We might also filter the data: curl -s -u user1:pw1 http://localhost:80/sc/v0/get?port=111 | json_pp -json_opt utf8,pretty -Believe it or not, but we can also get a single observation by looking up its key: +Believe it or not, but we can also get a single observation by looking up its key (_id): curl -s -u user1:pw1 http://localhost:80/sc/v0/get/1633633714355 | json_pp -json_opt utf8,pretty We can also limit the number of results and skip N results forward with the parameters limit and skip: - curl -s -u user1:pw1 http://localhost:80/sc/v0/get?limit=5&skip=2 | json_pp -json_opt utf8,pretty + curl -s -u user1:pw1 'http://localhost:80/sc/v0/get?limit=5&skip=2' | json_pp -json_opt utf8,pretty diff --git a/docker/couchdb/10-single-node.ini b/docker/couchdb/10-single-node.ini new file mode 100644 index 0000000..c85b081 --- /dev/null +++ b/docker/couchdb/10-single-node.ini @@ -0,0 +1,2 @@ +[couchdb] +single_node=true
\ No newline at end of file diff --git a/docker/couchdb/Dockerfile b/docker/couchdb/Dockerfile new file mode 100644 index 0000000..ce3d5b2 --- /dev/null +++ b/docker/couchdb/Dockerfile @@ -0,0 +1,5 @@ +FROM couchdb:latest + +COPY 10-single-node.ini /opt/couchdb/etc/local.d/10-single-node.ini + +EXPOSE 5984 diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index be09765..e89964d 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -1,4 +1,4 @@ -version: '3.8' +version: '2.3' services: collector: build: ./collector/ @@ -17,7 +17,7 @@ services: - couchdb couchdb: - image: couchdb + build: ./couchdb/ ports: - "5984:5984" environment: |