Skip to content

Commit

Permalink
chore: initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
stephane-segning committed Aug 16, 2024
0 parents commit a5668a4
Show file tree
Hide file tree
Showing 20 changed files with 8,924 additions and 0 deletions.
75 changes: 75 additions & 0 deletions .github/workflows/helm-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
name: Helm Publish

on:
push:
branches:
- '*' # Matches all branches
- '!main' # Excludes the main branch
paths:
- 'charts/**/Chart.yaml'
- '.github/workflows/helm-publish.yml'

jobs:

helm-publish:
runs-on: ubuntu-latest
name: Publish Helm Chart ${{ matrix.chart }}
strategy:
matrix:
chart:
- snort-ips
include:
- chart: snort-ips
path: helm
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup Helm
uses: azure/setup-helm@v4

- name: Cache Helm dependencies
uses: actions/cache@v3
with:
path: ~/.cache/helm
key: ${{ runner.os }}-helm-${{ hashFiles('**/Chart.yaml') }}
restore-keys: |
${{ runner.os }}-helm-
- name: Add Helm repo
if: github.ref == 'refs/heads/develop'
run: helm repo add chartmuseum ${{ vars.HELM_URL }} --username ${{ secrets.HELM_USER }} --password ${{ secrets.HELM_PASS }}

- name: Helm dependency update
run: helm dependency update ${{ matrix.path }}

- name: Helm lint
run: helm lint ${{ matrix.path }}

- name: Install Helm push plugin
if: github.ref == 'refs/heads/develop'
run: helm plugin install https://github.com/chartmuseum/helm-push

- name: Fetch existing charts
if: github.ref == 'refs/heads/develop'
id: fetch-charts
run: |
helm repo update
CHART_VERSION=$(awk '/^version:/ {print $2}' ${{ matrix.path }}/Chart.yaml | tr -d '"')
echo "CHART_VERSION=${CHART_VERSION}" >> $GITHUB_ENV
helm search repo chartmuseum/${{ matrix.chart }} --version ${CHART_VERSION} --output json > search_result.json
cat search_result.json
- name: Check chart version existence
if: github.ref == 'refs/heads/develop'
id: check-version
run: |
if jq -e 'length > 0' search_result.json > /dev/null; then
echo "CHART_EXISTS=true" >> $GITHUB_ENV
else
echo "CHART_EXISTS=false" >> $GITHUB_ENV
fi
- name: Publish Helm chart
if: github.ref == 'refs/heads/develop' && env.CHART_EXISTS == 'false'
run: helm cm-push ${{ matrix.path }} chartmuseum
67 changes: 67 additions & 0 deletions .github/workflows/snort-build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: Build Snort

on:
push:
branches:
- '*'
paths:
- 'snort/**'
- '.github/workflows/snort-build.yml'

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}-snort

jobs:
docker-build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- uses: actions/checkout@v4

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to the Docker registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- id: lowercase
uses: AsZc/change-string-case-action@v6
with:
string: ${{ env.IMAGE_NAME }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ steps.lowercase.outputs.lowercase }}
tags: |
type=raw,value=latest
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build and push
uses: docker/build-push-action@v4
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
31 changes: 31 additions & 0 deletions .github/workflows/test-script.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: Test YARA Script

on: [ push, pull_request ]

jobs:
test_yara:
runs-on: ubuntu-latest
strategy:
matrix:
os: [ubuntu, debian, alpine]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: QEMU
id: qemu
uses: docker/setup-qemu-action@v3

- name: Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
with:
platforms: ${{ steps.qemu.outputs.platforms }}

- name: Build and push
uses: docker/build-push-action@v4
with:
context: ./scripts
file: ./scripts/tests/${{ matrix.os }}/Dockerfile
push: false
platforms: linux/amd64,linux/arm64,linux/arm/v7
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
.idea
111 changes: 111 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
# Use the base Ubuntu 20.04 image
FROM --platform=$BUILDPLATFORM ubuntu:20.04

# Disable interactive prompts
ENV DEBIAN_FRONTEND=noninteractive

# Install necessary dependencies and clean up in one layer
RUN apt-get update && apt-get install -y --no-install-recommends \
git libtool pkg-config autoconf gettext \
libpcap-dev g++ vim make cmake wget libssl-dev \
liblzma-dev python3-pip unzip protobuf-compiler \
golang nano net-tools automake \
&& rm -rf /var/lib/apt/lists/*

# Determine architecture and download appropriate Go version
RUN ARCH=$(dpkg --print-architecture) && \
if [ "$ARCH" = "amd64" ]; then \
GO_BIN=go1.22.4.linux-amd64.tar.gz; \
elif [ "$ARCH" = "arm64" ]; then \
GO_BIN=go1.22.4.linux-arm64.tar.gz; \
else \
echo "Unsupported architecture"; exit 1; \
fi && \
wget https://go.dev/dl/${GO_BIN} && \
tar -xvf ${GO_BIN} && \
mv go /usr/local && \
rm -rf ${GO_BIN}
ENV PATH=$PATH:/usr/local/go/bin
RUN ln -s /usr/local/go/bin/go /usr/local/bin/go

# Install protoc-gen-go and protoc-gen-go-grpc tools
RUN go install github.com/golang/protobuf/[email protected] && \
go install google.golang.org/grpc/cmd/[email protected] && \
mv /root/go/bin/protoc-gen-go /usr/local/bin/ && \
mv /root/go/bin/protoc-gen-go-grpc /usr/local/bin/

# Create working directories
RUN mkdir /work /packages

# Copy Snort rules
COPY rules/snort3.rules /work/

# build libdaq
ENV LIBDAQ_VERSION=3.0.15
RUN cd /work && wget https://github.com/snort3/libdaq/archive/refs/tags/v${LIBDAQ_VERSION}.tar.gz
RUN cd /work && tar -xvf v${LIBDAQ_VERSION}.tar.gz
RUN cd /work/libdaq-${LIBDAQ_VERSION} && ./bootstrap && ./configure && make && make install
RUN cd /work && rm -rf v${LIBDAQ_VERSION}.tar.gz

# Install libdnet
ENV LIBDNET_VERSION=1.14
RUN cd /work && wget https://github.com/ofalk/libdnet/archive/refs/tags/libdnet-${LIBDNET_VERSION}.tar.gz && \
tar -xvf libdnet-${LIBDNET_VERSION}.tar.gz && \
cd libdnet-libdnet-${LIBDNET_VERSION} && \
wget -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD' && \
wget -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD' && \
./configure && make && make install && \
cd /work && rm -rf libdnet-libdnet-${LIBDNET_VERSION} libdnet-${LIBDNET_VERSION}.tar.gz

# Install flex
ENV FLEX_VERSION=2.6.4
RUN cd /work && wget https://github.com/westes/flex/files/981163/flex-${FLEX_VERSION}.tar.gz && \
tar -xvf flex-${FLEX_VERSION}.tar.gz && \
cd flex-${FLEX_VERSION} && ./configure && make && make install && \
cd /work && rm -rf flex-${FLEX_VERSION} flex-${FLEX_VERSION}.tar.gz

# Install hwloc
ENV HWLOC_VERSION=2.5.0
RUN cd /work && wget https://download.open-mpi.org/release/hwloc/v2.5/hwloc-${HWLOC_VERSION}.tar.gz && \
tar -xvf hwloc-${HWLOC_VERSION}.tar.gz && \
cd hwloc-${HWLOC_VERSION} && ./configure && make && make install && \
cd /work && rm -rf hwloc-${HWLOC_VERSION} hwloc-${HWLOC_VERSION}.tar.gz

# Install LuaJIT
ENV LUAJIT_VERSION=2.1.0-beta3
RUN cd /work && wget https://luajit.org/download/LuaJIT-${LUAJIT_VERSION}.tar.gz && \
tar -xvf LuaJIT-${LUAJIT_VERSION}.tar.gz && \
cd LuaJIT-${LUAJIT_VERSION} && make && make install && \
cd /work && rm -rf LuaJIT-${LUAJIT_VERSION} LuaJIT-${LUAJIT_VERSION}.tar.gz

# Install PCRE
ENV PCRE_VERSION=8.45
RUN cd /work && wget https://sourceforge.net/projects/pcre/files/pcre/${PCRE_VERSION}/pcre-${PCRE_VERSION}.tar.gz && \
tar -xvf pcre-${PCRE_VERSION}.tar.gz && \
cd pcre-${PCRE_VERSION} && ./configure && make && make install && \
cd /work && rm -rf pcre-${PCRE_VERSION} pcre-${PCRE_VERSION}.tar.gz

# Install zlib
ENV ZLIB_VERSION=1.2.13
RUN cd /work && wget https://github.com/madler/zlib/releases/download/v${ZLIB_VERSION}/zlib-${ZLIB_VERSION}.tar.gz && \
tar -xvf zlib-${ZLIB_VERSION}.tar.gz && \
cd zlib-${ZLIB_VERSION} && ./configure && make && make install && \
cd /work && rm -rf zlib-${ZLIB_VERSION} zlib-${ZLIB_VERSION}.tar.gz

# Install Snort 3
ENV SNORT_VER=3.2.2.0
RUN cd /work && wget https://github.com/snort3/snort3/archive/refs/tags/${SNORT_VER}.tar.gz && \
tar -xvf ${SNORT_VER}.tar.gz && \
cd snort3-${SNORT_VER} && export my_path=/usr/local && ./configure_cmake.sh --prefix=$my_path && \
cd build && make -j$(nproc) install && \
cd /work && rm -rf snort3-${SNORT_VER} ${SNORT_VER}.tar.gz

# Move Snort rules to appropriate directory
RUN mv /work/snort3.rules /usr/local/etc/snort

# Create tar archives of libraries and Snort
RUN tar -zcvpf /packages/libpcre.tar.gz /usr/local/lib/libpcre.so* && \
tar -zcvpf /packages/libluajit.tar.gz /usr/local/lib/libluajit*.so* && \
tar -zcvpf /packages/libhwloc.tar.gz /usr/local/lib/libhwloc.so* && \
tar -zcvpf /packages/libdnet.tar.gz /usr/local/lib/libdnet.so* && \
tar -zcvpf /packages/snort3.tar.gz /usr/local/bin/snort /usr/local/lib/daq /usr/local/etc/snort /usr/local/lib/libdaq.so*
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# Wazuh Snort
24 changes: 24 additions & 0 deletions helm/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v2
name: snort-ips
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.1

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"
74 changes: 74 additions & 0 deletions helm/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "snort-ips.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "snort-ips.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "snort-ips.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "snort-ips.labels" -}}
helm.sh/chart: {{ include "snort-ips.chart" . }}
{{ include "snort-ips.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "snort-ips.selectorLabels" -}}
app.kubernetes.io/name: {{ include "snort-ips.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "snort-ips.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "snort-ips.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Volume name. Choose externalPvcName if set, otherwise use the default PVC name
*/}}
{{- define "snort-ips.volumeName" -}}
{{- if .Values.externalPvcName }}
{{- .Values.externalPvcName }}
{{- else }}
{{- $fullName := (include "snort-ips.fullname" .) }}
{{- printf "%s-%s" $fullName "pvc" }}
{{- end }}
{{- end }}
Loading

0 comments on commit a5668a4

Please sign in to comment.