Merge pull request #6 from certego/zeek_ot

OT scripts
certego · Jan 12, 2024 · 9232d19 · 9232d19
2 parents b8baa8e + afcba3b
commit 9232d19
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ This is the Zeek Docker Image Certego repository.
 
 ## Dockerfiles
 
-There are two dockerfiles insied the `build` folder.
+There are two dockerfiles inside the `build` folder.
 
 1. `zeek.dockerfile` is the production ready image used to build Zeek.
 2. `zeekTcmalloc.dockerfile` is a clone of the production ready image used to build Zeek with Tcmalloc.
@@ -17,7 +17,7 @@ The entrypoint used in both the dockerfiles is:
 
 ## Versioning
 
-By default, when building Zeek image, the version used will be `5.0.9`. To provide flexibility a variable named `VER` has been added to the dockerfile. By means of this variable it's possible to provide the version to build the image against.
+By default, when building Zeek image, the version used will be `5.0.10`. To provide flexibility a variable named `VER` has been added to the dockerfile. By means of this variable it's possible to provide the version to build the image against.
 
 So for instance:
 

diff --git a/build.sh b/build.sh
@@ -6,7 +6,7 @@ unset -v IMAGE
 unset -v VERSION
 
 usage() {
-  echo "Usage: $0 [-b] [-p] -i <production-nogeo|production|tcmalloc-nogeo|tcmalloc> -v 5.0.8"
+  echo "Usage: $0 [-b] [-p] -i <production-nogeo|production-geo|tcmalloc-nogeo|tcmalloc> -v 5.0.10"
   echo ""
   echo "Options:"
   echo ""
@@ -45,7 +45,7 @@ if [[ $BUILD = true ]];
 then
     case $IMAGE in
         production-nogeo) echo "Bulding production (no GEOIP) Zeek ${VERSION}"; docker build --build-arg VER=${VERSION} -f build/zeek.dockerfile -t certego/zeek:${VERSION}-nogeo .;;
-        production) echo "Bulding production Zeek with GEOIP ${VERSION}"; docker build --build-arg VER=${VERSION} --build-arg GEOIP=true -f build/zeek.dockerfile -t certego/zeek:${VERSION}-nogeo .;;
+        production-geo) echo "Bulding production Zeek with GEOIP ${VERSION}"; docker build --build-arg VER=${VERSION} --build-arg GEOIP=true -f build/zeek.dockerfile -t certego/zeek:${VERSION}-nogeo .;;
         tcmalloc-nogeo) echo "Bulding Tcmalloc (no GEOIP) Zeek ${VERSION}"; docker build --build-arg VER=${VERSION} -f build/zeek.dockerfile -t certego/zeek:tcmalloc_${VERSION}-nogeo .;;
         tcmalloc) echo "Bulding Tcmalloc Zeek with GEOIP ${VERSION}"; docker build --build-arg VER=${VERSION} --build-arg GEOIP=true -f build/zeek.dockerfile -t certego/zeek:tcmalloc_${VERSION} .;;
     esac
@@ -55,7 +55,7 @@ if [[ $PUSH = true ]];
 then
     case $IMAGE in
         production-nogeo) echo "Pushing certego/zeek:${VERSION}-nogeo (production no GEOIP)"; docker push certego/zeek:${VERSION}-nogeo;;
-        production) echo "Pushing certego/zeek:${VERSION} (production with GEOIP)"; docker push certego/zeek:${VERSION};;
+        production-geo) echo "Pushing certego/zeek:${VERSION} (production with GEOIP)"; docker push certego/zeek:${VERSION};;
         tcmalloc-nogeo) echo "Pushing certego/zeek:tcmalloc_${VERSION}-nogeo (tcmalloc no GEOIP)"; docker push certego/zeek:tcmalloc_${VERSION}-nogeo;;
         tcmalloc) echo "Pushing certego/zeek:tcmalloc_${VERSION} (tcmalloc with GEOIP)"; docker push certego/zeek:tcmalloc_${VERSION};;
     esac

diff --git a/build/zeek.dockerfile b/build/zeek.dockerfile
@@ -5,7 +5,7 @@ LABEL mantainer="[email protected]"
 # Directory to build zeek
 ENV WD=/scratch
 # Version variable. It can be specified when building image with --build-arg otherwise it will use 5.0.9 as default value
-ARG VER=5.0.9
+ARG VER=5.0.10
 # GEOIP variable. If set to true when building image, it will copy maxmind db to correct directory. Otherwise database won't be copied
 ARG GEOIP=false
 
@@ -55,11 +55,70 @@ RUN echo "===> Compiling af_packet plugin..." \
     && make -j 4\
     && make install
 
+## Compiling OT parsers
+
+RUN echo "===> Compiling ICSNPP-Bacnet plugin" \
+    cd /usr/src \
+    && git clone https://github.com/cisagov/icsnpp-bacnet \
+    && cd icsnpp-bacnet \
+    && ./configure --zeek-dist=/usr/src/zeek-${VER} \
+    && make \
+    && make install
+
+RUN echo "===> Compiling ICSNPP-BSAP plugin" \
+    cd /usr/src \
+    && git clone https://github.com/cisagov/icsnpp-bsap.git \
+    && cd icsnpp-bsap \
+    && ./configure --zeek-dist=/usr/src/zeek-${VER} \
+    && make \
+    && make install
+
+RUN echo "===> Compiling ICSNPP-Ethercat plugin" \
+    cd /usr/src \
+    && git clone https://github.com/cisagov/icsnpp-ethercat \
+    && cd icsnpp-ethercat \
+    && ./configure --zeek-dist=/usr/src/zeek-${VER} \
+    && make \
+    && make install
+
+RUN echo "===> Compiling ICSNPP-ENIP plugin" \
+    cd /usr/src \
+    && git clone https://github.com/cisagov/icsnpp-enip \
+    && cd icsnpp-enip \
+    && ./configure --zeek-dist=/usr/src/zeek-${VER} \
+    && make \
+    && make install
+
+# To be activated if necessary
+# RUN echo "===> Compiling ICSNPP-OPCUA plugin" \
+#     cd /usr/src \
+#     && git clone https://github.com/cisagov/icsnpp-opcua-binary \
+#     && cd icsnpp-opcua-binary \
+#     && ./configure --zeek-dist=/usr/src/zeek-${VER} \
+#     && make \
+#     && make install
+
+RUN echo "===> Compiling Profinet plugin" \
+    cd /usr/src \
+    && git clone https://github.com/amzn/zeek-plugin-profinet \
+    && cd zeek-plugin-profinet \
+    && ./configure --zeek-dist=/usr/src/zeek-${VER} \
+    && make \
+    && make install
+
+RUN echo "===> Compiling ICSNPP-S7COMM plugin" \
+    cd /usr/src \
+    && git clone https://github.com/cisagov/icsnpp-s7comm \
+    && cd icsnpp-s7comm \
+    && ./configure --zeek-dist=/usr/src/zeek-${VER} \
+    && make \
+    && make install
+
 
 # Make final image
 # Final Image reference https://github.com/zeek/zeek/blob/master/docker/final.Dockerfile
 FROM debian:bullseye-slim
-ARG VER=5.0.9
+ARG VER=5.0.10
 ARG GEOIP=false
 
 # Install run time dependencies

diff --git a/build/zeekTcmalloc.dockerfile b/build/zeekTcmalloc.dockerfile
@@ -5,7 +5,7 @@ LABEL mantainer="[email protected]"
 # Directory to build zeek
 ENV WD=/scratch
 # Version variable. It can be specified when building image with --build-arg otherwise it will use 5.0.9 as default value
-ARG VER=5.0.9
+ARG VER=5.0.10
 # GEOIP variable. If set to true when building image, it will copy maxmind db to correct directory. Otherwise database won't be copied
 ARG GEOIP=false
 
@@ -61,7 +61,7 @@ RUN echo "===> Compiling af_packet plugin..." \
 # Make final image
 # Final Image reference https://github.com/zeek/zeek/blob/master/docker/final.Dockerfile
 FROM debian:bullseye-slim
-ARG VER=5.0.9
+ARG VER=5.0.10
 ARG GEOIP=false
 
 # Install run time dependencies