Vlad Grigorescu grigorescu

Deploy EC2 Instance

AMI: Ubuntu Server 20.04 LTS (HVM), SSD Volume Type - ami-04505e74c0741db8d (64-bit x86)
Instance Type: c5n.large
Network interfaces: Add a second interface for eth1.
Increase storage to 16 GB
Associate an Elastic IP with the primary network interface.

Install Zeek

Following the instructions here: https://software.opensuse.org//download.html?project=security%3Azeek&package=zeek

echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list

We're tripling down on acronyms, by using the VFIO driver, with IOMMU and SR-IOV.

Boot parameters

intel_iommu=on iommu=pt default_hugepagesz=1G hugepagesz=1G hugepages=16

Enable hugepages

echo 4096 | sudo tee /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages
mkdir -p /tmp/mnt/huge
mount -t hugetlbfs nodev /tmp/mnt/huge

	# Test 1
	########
	# Fails: Incompatible type for set of ID 'DPD::ignore_violations': got 'table', need 'table' (Option::set(Config::ID, Config::val, Config::location))

	# @TEST-EXEC: zeek -b %INPUT

	@load base/frameworks/config
	@load base/frameworks/dpd

	event zeek_init()

	# Test 1
	########
	# Fails: warning: Value '{}' for stream 'configuration' is not a valid enum.
	# internal error: null value given to CompositeHash::ComputeHash
	# @TEST-EXEC: btest-bg-run zeek zeek %INPUT
	# @TEST-EXEC: btest-bg-wait 10

	@TEST-START-FILE configfile1
	DPD::ignore_violations {}
	@TEST-END-FILE

	@load base/protocols/http/entities

	module HTTP;

	redef record HTTP::Info += {
	potential_fname: string &optional;
	};

	event http_request(c: connection, method: string, original_URI: string,
	unescaped_URI: string, version: string) &priority=5