-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit a5668a4
Showing
20 changed files
with
8,924 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
name: Helm Publish | ||
|
||
on: | ||
push: | ||
branches: | ||
- '*' # Matches all branches | ||
- '!main' # Excludes the main branch | ||
paths: | ||
- 'charts/**/Chart.yaml' | ||
- '.github/workflows/helm-publish.yml' | ||
|
||
jobs: | ||
|
||
helm-publish: | ||
runs-on: ubuntu-latest | ||
name: Publish Helm Chart ${{ matrix.chart }} | ||
strategy: | ||
matrix: | ||
chart: | ||
- snort-ips | ||
include: | ||
- chart: snort-ips | ||
path: helm | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setup Helm | ||
uses: azure/setup-helm@v4 | ||
|
||
- name: Cache Helm dependencies | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.cache/helm | ||
key: ${{ runner.os }}-helm-${{ hashFiles('**/Chart.yaml') }} | ||
restore-keys: | | ||
${{ runner.os }}-helm- | ||
- name: Add Helm repo | ||
if: github.ref == 'refs/heads/develop' | ||
run: helm repo add chartmuseum ${{ vars.HELM_URL }} --username ${{ secrets.HELM_USER }} --password ${{ secrets.HELM_PASS }} | ||
|
||
- name: Helm dependency update | ||
run: helm dependency update ${{ matrix.path }} | ||
|
||
- name: Helm lint | ||
run: helm lint ${{ matrix.path }} | ||
|
||
- name: Install Helm push plugin | ||
if: github.ref == 'refs/heads/develop' | ||
run: helm plugin install https://github.com/chartmuseum/helm-push | ||
|
||
- name: Fetch existing charts | ||
if: github.ref == 'refs/heads/develop' | ||
id: fetch-charts | ||
run: | | ||
helm repo update | ||
CHART_VERSION=$(awk '/^version:/ {print $2}' ${{ matrix.path }}/Chart.yaml | tr -d '"') | ||
echo "CHART_VERSION=${CHART_VERSION}" >> $GITHUB_ENV | ||
helm search repo chartmuseum/${{ matrix.chart }} --version ${CHART_VERSION} --output json > search_result.json | ||
cat search_result.json | ||
- name: Check chart version existence | ||
if: github.ref == 'refs/heads/develop' | ||
id: check-version | ||
run: | | ||
if jq -e 'length > 0' search_result.json > /dev/null; then | ||
echo "CHART_EXISTS=true" >> $GITHUB_ENV | ||
else | ||
echo "CHART_EXISTS=false" >> $GITHUB_ENV | ||
fi | ||
- name: Publish Helm chart | ||
if: github.ref == 'refs/heads/develop' && env.CHART_EXISTS == 'false' | ||
run: helm cm-push ${{ matrix.path }} chartmuseum |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
name: Build Snort | ||
|
||
on: | ||
push: | ||
branches: | ||
- '*' | ||
paths: | ||
- 'snort/**' | ||
- '.github/workflows/snort-build.yml' | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }}-snort | ||
|
||
jobs: | ||
docker-build: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to the Docker registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- id: lowercase | ||
uses: AsZc/change-string-case-action@v6 | ||
with: | ||
string: ${{ env.IMAGE_NAME }} | ||
|
||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ steps.lowercase.outputs.lowercase }} | ||
tags: | | ||
type=raw,value=latest | ||
- name: Cache Docker layers | ||
uses: actions/cache@v3 | ||
with: | ||
path: /tmp/.buildx-cache | ||
key: ${{ runner.os }}-buildx-${{ github.sha }} | ||
restore-keys: | | ||
${{ runner.os }}-buildx- | ||
- name: Build and push | ||
uses: docker/build-push-action@v4 | ||
with: | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
platforms: linux/amd64,linux/arm64,linux/arm/v7 | ||
cache-from: type=local,src=/tmp/.buildx-cache | ||
cache-to: type=local,dest=/tmp/.buildx-cache-new |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
name: Test YARA Script | ||
|
||
on: [ push, pull_request ] | ||
|
||
jobs: | ||
test_yara: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
os: [ubuntu, debian, alpine] | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: QEMU | ||
id: qemu | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Docker Buildx | ||
id: buildx | ||
uses: docker/setup-buildx-action@v3 | ||
with: | ||
platforms: ${{ steps.qemu.outputs.platforms }} | ||
|
||
- name: Build and push | ||
uses: docker/build-push-action@v4 | ||
with: | ||
context: ./scripts | ||
file: ./scripts/tests/${{ matrix.os }}/Dockerfile | ||
push: false | ||
platforms: linux/amd64,linux/arm64,linux/arm/v7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.idea |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,111 @@ | ||
# Use the base Ubuntu 20.04 image | ||
FROM --platform=$BUILDPLATFORM ubuntu:20.04 | ||
|
||
# Disable interactive prompts | ||
ENV DEBIAN_FRONTEND=noninteractive | ||
|
||
# Install necessary dependencies and clean up in one layer | ||
RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
git libtool pkg-config autoconf gettext \ | ||
libpcap-dev g++ vim make cmake wget libssl-dev \ | ||
liblzma-dev python3-pip unzip protobuf-compiler \ | ||
golang nano net-tools automake \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# Determine architecture and download appropriate Go version | ||
RUN ARCH=$(dpkg --print-architecture) && \ | ||
if [ "$ARCH" = "amd64" ]; then \ | ||
GO_BIN=go1.22.4.linux-amd64.tar.gz; \ | ||
elif [ "$ARCH" = "arm64" ]; then \ | ||
GO_BIN=go1.22.4.linux-arm64.tar.gz; \ | ||
else \ | ||
echo "Unsupported architecture"; exit 1; \ | ||
fi && \ | ||
wget https://go.dev/dl/${GO_BIN} && \ | ||
tar -xvf ${GO_BIN} && \ | ||
mv go /usr/local && \ | ||
rm -rf ${GO_BIN} | ||
ENV PATH=$PATH:/usr/local/go/bin | ||
RUN ln -s /usr/local/go/bin/go /usr/local/bin/go | ||
|
||
# Install protoc-gen-go and protoc-gen-go-grpc tools | ||
RUN go install github.com/golang/protobuf/[email protected] && \ | ||
go install google.golang.org/grpc/cmd/[email protected] && \ | ||
mv /root/go/bin/protoc-gen-go /usr/local/bin/ && \ | ||
mv /root/go/bin/protoc-gen-go-grpc /usr/local/bin/ | ||
|
||
# Create working directories | ||
RUN mkdir /work /packages | ||
|
||
# Copy Snort rules | ||
COPY rules/snort3.rules /work/ | ||
|
||
# build libdaq | ||
ENV LIBDAQ_VERSION=3.0.15 | ||
RUN cd /work && wget https://github.com/snort3/libdaq/archive/refs/tags/v${LIBDAQ_VERSION}.tar.gz | ||
RUN cd /work && tar -xvf v${LIBDAQ_VERSION}.tar.gz | ||
RUN cd /work/libdaq-${LIBDAQ_VERSION} && ./bootstrap && ./configure && make && make install | ||
RUN cd /work && rm -rf v${LIBDAQ_VERSION}.tar.gz | ||
|
||
# Install libdnet | ||
ENV LIBDNET_VERSION=1.14 | ||
RUN cd /work && wget https://github.com/ofalk/libdnet/archive/refs/tags/libdnet-${LIBDNET_VERSION}.tar.gz && \ | ||
tar -xvf libdnet-${LIBDNET_VERSION}.tar.gz && \ | ||
cd libdnet-libdnet-${LIBDNET_VERSION} && \ | ||
wget -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD' && \ | ||
wget -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD' && \ | ||
./configure && make && make install && \ | ||
cd /work && rm -rf libdnet-libdnet-${LIBDNET_VERSION} libdnet-${LIBDNET_VERSION}.tar.gz | ||
|
||
# Install flex | ||
ENV FLEX_VERSION=2.6.4 | ||
RUN cd /work && wget https://github.com/westes/flex/files/981163/flex-${FLEX_VERSION}.tar.gz && \ | ||
tar -xvf flex-${FLEX_VERSION}.tar.gz && \ | ||
cd flex-${FLEX_VERSION} && ./configure && make && make install && \ | ||
cd /work && rm -rf flex-${FLEX_VERSION} flex-${FLEX_VERSION}.tar.gz | ||
|
||
# Install hwloc | ||
ENV HWLOC_VERSION=2.5.0 | ||
RUN cd /work && wget https://download.open-mpi.org/release/hwloc/v2.5/hwloc-${HWLOC_VERSION}.tar.gz && \ | ||
tar -xvf hwloc-${HWLOC_VERSION}.tar.gz && \ | ||
cd hwloc-${HWLOC_VERSION} && ./configure && make && make install && \ | ||
cd /work && rm -rf hwloc-${HWLOC_VERSION} hwloc-${HWLOC_VERSION}.tar.gz | ||
|
||
# Install LuaJIT | ||
ENV LUAJIT_VERSION=2.1.0-beta3 | ||
RUN cd /work && wget https://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz && \ | ||
tar -xvf LuaJIT-${LUAJIT_VERSION}.tar.gz && \ | ||
cd LuaJIT-${LUAJIT_VERSION} && make && make install && \ | ||
cd /work && rm -rf LuaJIT-${LUAJIT_VERSION} LuaJIT-${LUAJIT_VERSION}.tar.gz | ||
|
||
# Install PCRE | ||
ENV PCRE_VERSION=8.45 | ||
RUN cd /work && wget https://sourceforge.net/projects/pcre/files/pcre/${PCRE_VERSION}/pcre-${PCRE_VERSION}.tar.gz && \ | ||
tar -xvf pcre-${PCRE_VERSION}.tar.gz && \ | ||
cd pcre-${PCRE_VERSION} && ./configure && make && make install && \ | ||
cd /work && rm -rf pcre-${PCRE_VERSION} pcre-${PCRE_VERSION}.tar.gz | ||
|
||
# Install zlib | ||
ENV ZLIB_VERSION=1.2.13 | ||
RUN cd /work && wget https://github.com/madler/zlib/releases/download/v${ZLIB_VERSION}/zlib-${ZLIB_VERSION}.tar.gz && \ | ||
tar -xvf zlib-${ZLIB_VERSION}.tar.gz && \ | ||
cd zlib-${ZLIB_VERSION} && ./configure && make && make install && \ | ||
cd /work && rm -rf zlib-${ZLIB_VERSION} zlib-${ZLIB_VERSION}.tar.gz | ||
|
||
# Install Snort 3 | ||
ENV SNORT_VER=3.2.2.0 | ||
RUN cd /work && wget https://github.com/snort3/snort3/archive/refs/tags/${SNORT_VER}.tar.gz && \ | ||
tar -xvf ${SNORT_VER}.tar.gz && \ | ||
cd snort3-${SNORT_VER} && export my_path=/usr/local && ./configure_cmake.sh --prefix=$my_path && \ | ||
cd build && make -j$(nproc) install && \ | ||
cd /work && rm -rf snort3-${SNORT_VER} ${SNORT_VER}.tar.gz | ||
|
||
# Move Snort rules to appropriate directory | ||
RUN mv /work/snort3.rules /usr/local/etc/snort | ||
|
||
# Create tar archives of libraries and Snort | ||
RUN tar -zcvpf /packages/libpcre.tar.gz /usr/local/lib/libpcre.so* && \ | ||
tar -zcvpf /packages/libluajit.tar.gz /usr/local/lib/libluajit*.so* && \ | ||
tar -zcvpf /packages/libhwloc.tar.gz /usr/local/lib/libhwloc.so* && \ | ||
tar -zcvpf /packages/libdnet.tar.gz /usr/local/lib/libdnet.so* && \ | ||
tar -zcvpf /packages/snort3.tar.gz /usr/local/bin/snort /usr/local/lib/daq /usr/local/etc/snort /usr/local/lib/libdaq.so* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
# Wazuh Snort |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
apiVersion: v2 | ||
name: snort-ips | ||
description: A Helm chart for Kubernetes | ||
|
||
# A chart can be either an 'application' or a 'library' chart. | ||
# | ||
# Application charts are a collection of templates that can be packaged into versioned archives | ||
# to be deployed. | ||
# | ||
# Library charts provide useful utilities or functions for the chart developer. They're included as | ||
# a dependency of application charts to inject those utilities and functions into the rendering | ||
# pipeline. Library charts do not define any templates and therefore cannot be deployed. | ||
type: application | ||
|
||
# This is the chart version. This version number should be incremented each time you make changes | ||
# to the chart and its templates, including the app version. | ||
# Versions are expected to follow Semantic Versioning (https://semver.org/) | ||
version: 0.1.1 | ||
|
||
# This is the version number of the application being deployed. This version number should be | ||
# incremented each time you make changes to the application. Versions are not expected to | ||
# follow Semantic Versioning. They should reflect the version the application is using. | ||
# It is recommended to use it with quotes. | ||
appVersion: "1.16.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "snort-ips.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "snort-ips.fullname" -}} | ||
{{- if .Values.fullnameOverride }} | ||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} | ||
{{- else }} | ||
{{- $name := default .Chart.Name .Values.nameOverride }} | ||
{{- if contains $name .Release.Name }} | ||
{{- .Release.Name | trunc 63 | trimSuffix "-" }} | ||
{{- else }} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "snort-ips.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Common labels | ||
*/}} | ||
{{- define "snort-ips.labels" -}} | ||
helm.sh/chart: {{ include "snort-ips.chart" . }} | ||
{{ include "snort-ips.selectorLabels" . }} | ||
{{- if .Chart.AppVersion }} | ||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||
{{- end }} | ||
app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
{{- end }} | ||
|
||
{{/* | ||
Selector labels | ||
*/}} | ||
{{- define "snort-ips.selectorLabels" -}} | ||
app.kubernetes.io/name: {{ include "snort-ips.name" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create the name of the service account to use | ||
*/}} | ||
{{- define "snort-ips.serviceAccountName" -}} | ||
{{- if .Values.serviceAccount.create }} | ||
{{- default (include "snort-ips.fullname" .) .Values.serviceAccount.name }} | ||
{{- else }} | ||
{{- default "default" .Values.serviceAccount.name }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
{{/* | ||
Volume name. Choose externalPvcName if set, otherwise use the default PVC name | ||
*/}} | ||
{{- define "snort-ips.volumeName" -}} | ||
{{- if .Values.externalPvcName }} | ||
{{- .Values.externalPvcName }} | ||
{{- else }} | ||
{{- $fullName := (include "snort-ips.fullname" .) }} | ||
{{- printf "%s-%s" $fullName "pvc" }} | ||
{{- end }} | ||
{{- end }} |
Oops, something went wrong.