da_667 da667
da667
/ rule-updater
Created
March 27, 2025 17:17
runs suricata-update, and provides ETOPEN rules to /opt/dalton/rulesets/suricata, and renames the .rules file to make it more descriptive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| #rule updater script | |
| #runs suricata-update, drops a rule file in | |
| #/opt/dalton/rulesets/suricata | |
| #Then renames the rule file to reflect | |
| #that it's the full ETOPEN ruleset, the date the | |
| #rules were updated, and that its suricata 7.0.3 | |
| #drop this file into /etc/cron.daily|weekly|monthly | |
| #as desired, and run chmod u+x rule-updater | |
| #or cron (or the systemd equivlent) won't run it. |
da667
/ docker-compose.yml
Last active
March 21, 2025 18:52
Streamlined docker-compose.yml for Dalton
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| services: | |
| controller: | |
| build: | |
| context: . | |
| dockerfile: Dockerfile-dalton | |
| args: | |
| - http_proxy=${http_proxy} | |
| - https_proxy=${https_proxy} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #updater.sh - Weekly update script | |
| #checks for updates, downloads them, then reboots the system. | |
| #place this script in /etc/cron.weekly, ensure it is owned by root (chown root:root /etc/cron.weekly/updater) | |
| #ensure the script has execute permissions (chmod 700 /etc/cron.weekly/updater) | |
| #if you want updates to run once daily or monthly, you could also place this script into cron.daily, or cron.weekly. | |
| #alternatively, edit /etc/crontab to create a crontab entry. | |
| export DEBIAN_FRONTEND=noninteractive | |
| apt-get -q update |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Snort Daemon | |
| After=syslog.target network.target | |
| [Service] | |
| Type=simple | |
| ProtectHome=true | |
| ProtectKernelTunables=true | |
| ProtectKernelModules=true | |
| ProtectControlGroups=true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --These configuration lines will perform the following tasks: | |
| --enables the built-in preproc rules, and snort.rules file | |
| --enables hyperscan as the search engine for pattern matching | |
| --enables the IP reputation blocklist | |
| --enables JSON alerting for snort alerts | |
| --enables appid, the appid listener, and logging appid events. | |
| ips = | |
| { | |
| enable_builtin_rules = true, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LightSPD_ruleset = true | |
| oinkcode = [your oinkcode here] | |
| snort_blocklist = true | |
| et_blocklist = true | |
| blocklist_path = /usr/local/etc/lists/default.blocklist | |
| pid_path = /var/log/snort/snort.pid | |
| ips_policy = security | |
| rule_mode = simple | |
| rule_path = /usr/local/etc/rules/snort.rules | |
| local_rules = /usr/local/etc/rules/local.rules |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host siem | |
| Hostname 172.16.1.3 | |
| User ayy | |
| Host siemroot | |
| Hostname 172.16.1.3 | |
| User root | |
| Host ips | |
| HostName 172.16.1.4 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host bastion_host | |
| Hostname 10.0.0.162 | |
| User ayy | |
| LocalForward 9000 172.16.1.3:22 | |
| LocalForward 9001 172.16.1.4:22 | |
| LocalForward 9002 172.16.2.2:22 | |
| DynamicForward 9003 | |
| Host bastion_host_root | |
| Hostname 10.0.0.162 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host bastion_host | |
| Hostname 10.0.0.163 | |
| User ayy | |
| LocalFoward 9000 172.16.1.3:22 | |
| LocalFoward 9001 172.16.1.4:22 | |
| LocalFoward 9002 172.16.2.2:22 | |
| DynamicFoward 9003 | |
| Host siem | |
| Hostname 127.0.0.1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host siem | |
| Hostname 172.16.1.3 | |
| User ayy | |
| Host ips | |
| HostName 172.16.1.4 | |
| User ayy | |
| Host kali | |
| HostName 172.16.2.2 |
NewerOlder